Tag Archives: baidu

透過搜尋引擎找 Hostname

看到「Fast subdomains enumeration tool for penetration testers」這個專案,可以透過多家搜索引擎找 hostname 出來做滲透測試。 支援五個大的搜尋引擎,以及 Netcraft 與 DNSdumpster: Sublist3r currently supports the following search engines: Google, Yahoo, Bing, Baidu, and Ask. More search engines may be added in the future. Sublist3r also gathers subdomains using … Continue reading

Posted in Computer, DNS, Murmuring, Network, Search Engine, Security, Software, WWW | Tagged , , , , , , , , , , , , , , | Leave a comment

百度被抓到蒐集個資後還是要蒐集...

在「Thousands of apps running Baidu code collect, leak personal data - research」這篇裡,加拿大的研究團隊 Citizen Lab 發現百度的 Android SDK 使用非加密傳輸這些個資: The unencrypted information that has been collected includes a user's location, search terms and website visits, JeffreyKnockel, chief researcher at Citizen Lab, … Continue reading

Posted in Computer, Murmuring, Network, Security, Software, Telephone, WWW | Tagged , , , , , , , , , | Leave a comment

CloudFlare 跟百度合作進入中國市場

昨天的大新聞,CloudFlare 宣佈跟百度合作進入中國市場:「How We Extended CloudFlare's Performance and Security Into Mainland China」。 在「China network」這邊可以看到各種限制,首先是需要有牌 (ICP) 才能用: CloudFlare customers that wish to serve traffic for their domains across the China network must possess a valid Internet Content Provider (ICP) license. An ICP … Continue reading

Posted in CDN, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , | Leave a comment

Google 對 GitHub 先前遭受 GFW 的 DDoS 攻擊的分析

Google Online Security 分析了前陣子 GitHub 被 DDoS 攻擊的行為:「A Javascript-based DDoS Attack as seen by Safe Browsing」。 透過 Google 的 Safe Browsing,針對 baidu.com 這個網域的 injection 情況分析: 可以看得出來分成多個不同階段攻擊。其中 AWS 的 CloudFront 承受了不小的壓力,不過畢竟是商用水準的 CDN,沒那麼容易垮掉。後來則是攻擊 GitHub 造成影響而上了新聞。 最終還是繼續推廣 TLS,可以避免中間被 injection 攻擊: Had the entire … Continue reading

Posted in AWS, CDN, Cloud, Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , , , , | 1 Comment