Recent Comments
- s25g5d4 on Mozilla 的提案「HTTP Immutable Responses」
- EC2 與 EBS 十月開始以秒計費 | Gea-Suan Lin's BLOG on AWS CodeDeploy 支援 BlueGreenDeployment
- Google Chrome 將 .dev 設為 HSTS Preload 名單 | Gea-Suan Lin's BLOG on 在 Google Chrome 連上因 HSTS 而無法連線的網站
- Isaac Kwan on Google Chrome 對 Symantec 全系列憑證的不信任計畫
- Matt Mullenweg 決定對 React 的專利議題投下反對票 | Gea-Suan Lin's BLOG on React 的專利授權議題
Archives
- September 2017 (36)
- August 2017 (37)
- July 2017 (41)
- June 2017 (37)
- May 2017 (59)
- April 2017 (55)
- March 2017 (55)
- February 2017 (35)
- January 2017 (42)
- December 2016 (48)
- November 2016 (32)
- October 2016 (35)
- September 2016 (78)
- August 2016 (69)
- July 2016 (19)
- June 2016 (42)
- May 2016 (61)
- April 2016 (51)
- March 2016 (74)
- February 2016 (87)
- January 2016 (31)
- December 2015 (36)
- November 2015 (61)
- October 2015 (72)
- September 2015 (53)
- August 2015 (42)
- July 2015 (38)
- June 2015 (30)
- May 2015 (18)
- April 2015 (57)
- March 2015 (41)
- February 2015 (50)
- January 2015 (35)
- December 2014 (50)
- November 2014 (56)
- October 2014 (41)
- September 2014 (37)
- August 2014 (37)
- July 2014 (28)
- June 2014 (50)
- May 2014 (32)
- April 2014 (46)
- March 2014 (38)
- February 2014 (29)
- January 2014 (52)
- December 2013 (50)
- November 2013 (45)
- October 2013 (40)
- September 2013 (48)
- August 2013 (22)
- July 2013 (25)
- June 2013 (13)
- May 2013 (16)
- April 2013 (28)
- March 2013 (37)
- February 2013 (36)
- January 2013 (57)
- December 2012 (44)
- November 2012 (10)
- October 2012 (12)
- September 2012 (21)
- August 2012 (21)
- July 2012 (25)
- June 2012 (8)
- May 2012 (10)
- April 2012 (11)
- March 2012 (10)
- February 2012 (11)
- January 2012 (5)
- December 2011 (13)
- November 2011 (12)
- October 2011 (10)
- September 2011 (7)
- August 2011 (5)
- July 2011 (11)
- June 2011 (21)
- May 2011 (22)
- April 2011 (36)
- March 2011 (43)
- February 2011 (23)
- January 2011 (24)
- December 2010 (34)
- November 2010 (19)
- October 2010 (16)
- September 2010 (15)
- August 2010 (10)
- July 2010 (12)
- June 2010 (3)
- May 2010 (3)
- April 2010 (4)
- March 2010 (8)
- February 2010 (14)
- January 2010 (13)
- December 2009 (16)
- November 2009 (28)
- October 2009 (24)
- September 2009 (12)
- August 2009 (7)
- July 2009 (10)
- June 2009 (11)
- May 2009 (22)
- April 2009 (21)
- March 2009 (18)
- February 2009 (7)
- January 2009 (32)
- December 2008 (19)
- November 2008 (12)
- October 2008 (15)
- September 2008 (14)
- August 2008 (15)
- July 2008 (18)
- June 2008 (20)
- May 2008 (19)
- April 2008 (27)
- March 2008 (22)
- February 2008 (21)
- January 2008 (15)
- December 2007 (22)
- November 2007 (17)
- October 2007 (29)
- September 2007 (31)
- August 2007 (34)
- July 2007 (31)
- June 2007 (36)
- May 2007 (23)
- April 2007 (22)
- March 2007 (30)
- February 2007 (50)
- January 2007 (75)
- December 2006 (48)
- November 2006 (59)
- October 2006 (89)
- September 2006 (29)
- August 2006 (48)
- July 2006 (14)
- June 2006 (35)
- May 2006 (62)
- April 2006 (63)
- March 2006 (72)
- February 2006 (83)
- January 2006 (56)
- December 2005 (46)
- November 2005 (60)
- October 2005 (27)
- September 2005 (54)
- August 2005 (83)
Tags
Categories
- Anime (29)
- AWS (439)
- BBS (22)
- Blog (250)
- Book (31)
- Bridge (1)
- Browser (530)
- Cassandra (2)
- CDN (186)
- Cloud (587)
- CMS (58)
- Comic (19)
- Computer (4,507)
- Computer and Network Center (33)
- CSS (71)
- Database (423)
- DNS (132)
- Editor (26)
- Financial (89)
- Firefox (233)
- Food (14)
- FreeBSD (139)
- FTP (3)
- Game (63)
- GCP (8)
- Go (2)
- GoogleChrome (168)
- Hardware (386)
- IE (98)
- Joke (159)
- Lab (4)
- Library (7)
- Linux (175)
- MacOS (31)
- Mail (120)
- MariaDB (19)
- Movie (35)
- Murmuring (4,648)
- Music (49)
- MySQL (297)
- NCTU (65)
- NetBSD (7)
- Network (3,289)
- OpenBSD (8)
- Opera (26)
- OS (392)
- P2P (132)
- Photo (72)
- Political (124)
- PostgreSQL (41)
- Privacy (12)
- Programming (783)
- Recreation (536)
- RSS (79)
- Safari (38)
- Science (102)
- Search Engine (181)
- Security (1,061)
- Service (63)
- SMS (10)
- Social (220)
- Software (2,378)
- Spam (108)
- Sport (10)
- Telephone (118)
- Television (62)
- Usenet (15)
- Vim (14)
- VPN (19)
- Wiki (48)
- Windows (74)
- WWW (1,638)
Blogroll
Meta
Category Archives: Security
GitHub 明年關閉 SSH 上 SHA1 相關的 Kx (Key Exchange) 演算法
GitHub 定下落日條款了:「Weak cryptographic standards deprecation update」。 這次目標是 diffie-hellman-group1-sha1 與 diffie-hellman-group14-sha1,同時啟用了 diffie-hellman-group-exchange-sha256: Since the announcement, we have been focusing on the impact of disabling the diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1 key exchanges for SSH. As of last week, we have enabled diffie-hellman-group-exchange-sha256. This … Continue reading
Google Chrome 將 .dev 設為 HSTS Preload 名單
其實是兩件事情... 第一件是 Google Chrome 把 .dev 結尾的網域設為 HSTS Preload 名單:「Chrome to force .dev domains to HTTPS via preloaded HSTS」。 第二件事情是隨著第一件來的,HSTS Preload 必須由 domain 擁有人提出啊... 所以 .dev 是合法的 TLD (gTLD)? 文章作者給了答案,是的,而且就是 Google 擁有的: Wait, there's a legit .dev gTLD? Yes, unfortunately. … Continue reading
Imgur 上 HTTPS
Imgur 宣佈 HTTPS 化:「HTTPS on Imgur」。 Today, we deployed HTTPS by default on Imgur. All traffic is now redirected to https:// and, as of now, HTTPS is the default on all Imgur URLs. 總算是上線了... 先前是靠 HTTPS Everywhere 做。
Google 放棄對海外伺服器搜索票的抵抗了...
先前美國政府透過搜索票,要求各雲端廠商提供海外伺服器的資料而引起話題 (像是先前 Microsoft 往上打官司抵抗:「Does US have right to data on overseas servers? We’re about to find out」),而現在看起來 Google 打算放棄掙扎了:「Google stops challenging most US warrants for data on overseas servers」。 Google has quietly stopped challenging most search warrants from US judges … Continue reading
Google Chrome 對 Symantec 全系列憑證的不信任計畫
Google Chrome 前陣子整理了一份對 Symantec 憑證的不信任計畫:「Chrome’s Plan to Distrust Symantec Certificates」。 這包括了一卡車的品牌,像是 Thawte、VeriSign、GeoTrust、RapidSSL,不過 Equifax 跟 Symantec 的關係我沒查到...: Symantec’s PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous … Continue reading
現有語音控制的安全性問題:使用聽不見的高頻下令
雖然相關的理論很早就有了,但上個禮拜放出來的論文完整實做出來,叫做 DolphinAttack,取自於海豚可以聽見人類所聽不到的聲音:「DolphinAtack: Inaudible Voice Commands」(這邊的錯字是作者造成的,submit 到 arXiv 的標題有錯,但論文內描述則是對的)。 無論是 Siri 或是 Google Now,或是其他的控制軟體,都設計成能接受多種不同語調的人,而這個部份目前放的都太寬,造成人類聽不到的區段也可以下令: 也可以看到成功機率很高: 應該會有些調整...
AWS 裡 Security Group 的條件可以寫註解了...
AWS 裡 Security Group 的條件可以寫註解了:「New – Descriptions for Security Group Rules」。 這讓其他人比較好理解 (尤其不是常見的 port,或是有些特別的 IP address),另外也讓容易失憶的自己知道當初在幹什麼 XDDD
V8 對 Hash Flooding 的防禦措施
Hash Flooding 問題是指 Hash 這個資料結構是可以被預測 collision 所造成的問題,在隨機的情況下會是 的操作,在特定挑選故意讓他 collision 而變成 ,當有 個元素時,乘起來就會變成 。這算是一種阻斷攻擊 (DoS attack)。 在「About that hash flooding vulnerability in Node.js...」這邊提到了 V8 之前為了避免 Hash Flooding 的問題,關掉了 Startup snapshot 而造成的效能問題,以及後續的很多故事,最後找了長期的解法。 這個解法已經併入 Node.js 裡,預定下個包括的版本是 8.3.0: The patch to re-enable startup snapshot … Continue reading
Amazon Route 53 支援 CAA record 了
Amazon Route 53 宣佈支援 CAA record 了:「Announcement: Announcement: Amazon Route 53 now supports CAA records」、「Amazon Route 53 now supports CAA records」。 這是一個被動性的 workaround,要求 CA 本身要支援 DNS CAA,所以他沒辦法防止 CA 本身作惡誤簽,但因為負作用與技術債的可能性不高,在 CA/Browser Forum 上被通過強制要求支援了。(參考「未來 CA 將會強制要求檢查 DNS CAA record」) Gandi 的 DNS … Continue reading
DynamoDB 也可以透過 VPC Endpoint 存取了
Amazon DynamoDB 也可以透過 VPC Endpoint 存取了:「New – VPC Endpoints for DynamoDB」。 這樣一來,除了 Amazon S3 可以在 private network 內存取外,DynamoDB 也可以直接存取了... VPC Endpoint 主要是解決對於安全性與頻寬的需求,不過什麼時候會出一般性的 VPC Endpoint 啊,而非個別服務個別設計打洞...