Category Archives: Security

AWS 推出 AWS Secret Region

AWS 推出給情報單位用的 AWS Secret Region:「Announcing the New AWS Secret Region」。 與 AWS GovCloud (US) 類似的架構,這個雲的範圍再小一些,給情報單位以及有對應授權的單位用的: The AWS Secret Region is readily available to the U.S. Intelligence Community (IC) through the IC’s Commercial Cloud Services (C2S) contract with AWS. The AWS … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Political, Privacy, Security, Service|Tagged , , , , , , , , |Leave a comment

StartCom 決定關門

在 Hacker News 上看到 StartCom 決定關門的消息:「Termination of the certificates business of Startcom」。 2018 停發新的憑證,然後維護兩年 CRL 與 OCSP 服務: We´ll set January 1st 2018 as the termination date and will stop issuing certificates therefrom. We will maintain our CRL and OCSP … Continue reading

Posted in Computer, Murmuring, Network, Privacy, Security, Service|Tagged , , , , , , , , , , |Leave a comment

新的 DNS Resolver:9.9.9.9

看到新的 DNS Resolver 服務,也拿到了還不錯的 IP address,9.9.9.9:「New “Quad9” DNS service blocks malicious domains for everyone」,服務網站是「Quad 9 | Internet Security and Privacy in a Few Easy Steps」,主打宣稱過濾已知的危險站台... 由政府單位、IBM 以及 Packet Clearing House 成立的: The Global Cyber Alliance (GCA)—an organization founded by law … Continue reading

Posted in CDN, Cloud, Computer, DNS, Murmuring, Network, Privacy, Security, Service, WWW|Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , |Leave a comment

AWS 推出 Cloud Native Networking,在每個 Container 內都有自己獨立的網路卡

AWS 讓 Amazon ECS 變得更好用了:「Introducing Cloud Native Networking for Amazon ECS Containers」。 Today, AWS announced task networking for Amazon ECS. This feature brings Amazon EC2 networking capabilities to tasks using elastic network interfaces. 在 awsvpc 模式下會給每個 container 一個獨立的網路卡 (Elastic Network … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Security, Service|Tagged , , , , , , , , , , , , , |Leave a comment

各家 Session Replay 服務對個資的處理

Session Replay 指的是重播將使用者的行為錄下來重播,市面上有很多這樣的服務,像是 User Replay 或是 SessionCam。 這篇文章就是在討論這些服務在處理個資時的方式,像是信用卡卡號的內容,或是密碼的內容,這些不應該被記錄下來的資料是怎麼被處理的:「No boundaries: Exfiltration of personal data by session-replay scripts」,主要的重點在這張圖: 後面有提到目前防禦的情況,看起來目前用 adblock 類的軟體可以擋掉一些服務,但不是全部的都在列表裡。而 DNT 則是裝飾品沒人鳥過: Two commonly used ad-blocking lists EasyList and EasyPrivacy do not block FullStory, Smartlook, or UserReplay scripts. EasyPrivacy has filter … Continue reading

Posted in Computer, Murmuring, Network, Privacy, Security, Service, WWW|Tagged , , , , , , , , , , , , |Leave a comment

GitHub 推出安全通知的功能

剛好是之前推出 Dependency Graph 後可以拿出來善用的利用:「Introducing security alerts on GitHub」,先前提到的 Dependency Graph 則是在「A more connected universe」這邊。 Vulnerability coverage 的部份有提到範圍,至少有公開 CVE 的會納入: Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not … Continue reading

Posted in Computer, Murmuring, Network, Programming, Security, Service|Tagged , , , , , |Leave a comment

PHP {7.1,7.0,5.6} 總算成為主流了...

PHP {7.1,7.0,5.6} (至少有安全性支援的版本) 佔了 90% 以上的量... 至少是有用 Composer 族群的主流了:「PHP Versions Stats - 2017.2 Edition」。 All versions Grouped PHP 7.1.10 11.63% PHP 7.1 36.63% (+18.99) PHP 7.0.22 7.95% PHP 7.0 30.76% (-5.36) PHP 5.6.31 7.38% PHP 5.6 23.28% (-8.16) PHP 5.6.30 … Continue reading

Posted in Computer, Murmuring, Network, Programming, Security, Software, WWW|Tagged , , , |Leave a comment

掃網域下主機名稱的方式...

原文是講滲透測試的前置作業,需要將某個特定 domain 下的主機名稱掃出來:「A penetration tester’s guide to sub-domain enumeration」。 最直接的還是 DNS zone transfer (AXFR),如果管理者沒設好 DNS server 的話,這會是最快的方式。當沒有這個方法時就要用各種其他方式來掃了。 看了一下有幾種方式: 透過各種第三方記錄撈:用 Google 以及 Bing 的 site: 指令過濾;用 VirusTotal 列;翻 Certificate Transparency 記錄;透過 ASN 資訊;透過 Forward DNS。 程式類的 DNS query:用 DNSRecon;Altdns 其他:透過 NSEC … Continue reading

Posted in Computer, DNS, Murmuring, Network, Privacy, Search Engine, Security, Service, Software|Tagged , , , , , , , , , , , , , , , , , , , , , , , , |Leave a comment

IBM 的 50 qubit quantum computer

IBM 在展示他們做到了什麼:「IBM makes 20 qubit quantum computing machine available as a cloud service」。 不過重點應該在目前已經拉出 50 qubit prototype 了: The company also announced that IBM researchers had successfully built a 50 qubit prototype, which is the next milestone for quantum computing, … Continue reading

Posted in Cloud, Computer, Murmuring, Network, Programming, Science, Security, Service|Tagged , , , , , , |Leave a comment

AWS PrivateLink

AWS 計畫把先前設計的 VPC Endpoint 都併到 AWS PrivateLink 裡,統一管理:「New – AWS PrivateLink for AWS Services: Kinesis, Service Catalog, EC2 Systems Manager, Amazon EC2 APIs, and ELB APIs in your VPC」。 Today we are announcing AWS PrivateLink, the newest generation of VPC … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Security, Service|Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , |Leave a comment