Recent Comments
Archives
- June 2017 (24)
- May 2017 (59)
- April 2017 (55)
- March 2017 (55)
- February 2017 (35)
- January 2017 (42)
- December 2016 (48)
- November 2016 (32)
- October 2016 (35)
- September 2016 (78)
- August 2016 (69)
- July 2016 (19)
- June 2016 (42)
- May 2016 (61)
- April 2016 (51)
- March 2016 (74)
- February 2016 (87)
- January 2016 (31)
- December 2015 (36)
- November 2015 (61)
- October 2015 (72)
- September 2015 (53)
- August 2015 (42)
- July 2015 (38)
- June 2015 (30)
- May 2015 (18)
- April 2015 (57)
- March 2015 (41)
- February 2015 (50)
- January 2015 (35)
- December 2014 (50)
- November 2014 (56)
- October 2014 (41)
- September 2014 (37)
- August 2014 (37)
- July 2014 (28)
- June 2014 (50)
- May 2014 (32)
- April 2014 (46)
- March 2014 (38)
- February 2014 (29)
- January 2014 (52)
- December 2013 (50)
- November 2013 (45)
- October 2013 (40)
- September 2013 (48)
- August 2013 (22)
- July 2013 (25)
- June 2013 (13)
- May 2013 (16)
- April 2013 (28)
- March 2013 (37)
- February 2013 (36)
- January 2013 (57)
- December 2012 (44)
- November 2012 (10)
- October 2012 (12)
- September 2012 (21)
- August 2012 (21)
- July 2012 (25)
- June 2012 (8)
- May 2012 (10)
- April 2012 (11)
- March 2012 (10)
- February 2012 (11)
- January 2012 (5)
- December 2011 (13)
- November 2011 (12)
- October 2011 (10)
- September 2011 (7)
- August 2011 (5)
- July 2011 (11)
- June 2011 (21)
- May 2011 (22)
- April 2011 (36)
- March 2011 (43)
- February 2011 (23)
- January 2011 (24)
- December 2010 (34)
- November 2010 (19)
- October 2010 (16)
- September 2010 (15)
- August 2010 (10)
- July 2010 (12)
- June 2010 (3)
- May 2010 (3)
- April 2010 (4)
- March 2010 (8)
- February 2010 (14)
- January 2010 (13)
- December 2009 (16)
- November 2009 (28)
- October 2009 (24)
- September 2009 (12)
- August 2009 (7)
- July 2009 (10)
- June 2009 (11)
- May 2009 (22)
- April 2009 (21)
- March 2009 (18)
- February 2009 (7)
- January 2009 (32)
- December 2008 (19)
- November 2008 (12)
- October 2008 (15)
- September 2008 (14)
- August 2008 (15)
- July 2008 (18)
- June 2008 (20)
- May 2008 (19)
- April 2008 (27)
- March 2008 (22)
- February 2008 (21)
- January 2008 (15)
- December 2007 (22)
- November 2007 (17)
- October 2007 (29)
- September 2007 (31)
- August 2007 (34)
- July 2007 (31)
- June 2007 (36)
- May 2007 (23)
- April 2007 (22)
- March 2007 (30)
- February 2007 (50)
- January 2007 (75)
- December 2006 (48)
- November 2006 (59)
- October 2006 (89)
- September 2006 (29)
- August 2006 (48)
- July 2006 (14)
- June 2006 (35)
- May 2006 (62)
- April 2006 (63)
- March 2006 (72)
- February 2006 (83)
- January 2006 (56)
- December 2005 (46)
- November 2005 (60)
- October 2005 (27)
- September 2005 (54)
- August 2005 (83)
Tags
Categories
- Anime (29)
- AWS (407)
- BBS (22)
- Blog (248)
- Book (31)
- Bridge (1)
- Browser (520)
- Cassandra (2)
- CDN (180)
- Cloud (548)
- CMS (58)
- Comic (19)
- Computer (4,384)
- Computer and Network Center (33)
- CSS (67)
- Database (413)
- DNS (124)
- Editor (24)
- Financial (88)
- Firefox (229)
- Food (14)
- FreeBSD (139)
- FTP (3)
- Game (60)
- GCP (4)
- Go (1)
- GoogleChrome (162)
- Hardware (378)
- IE (96)
- Joke (159)
- Lab (4)
- Library (2)
- Linux (171)
- MacOS (30)
- Mail (118)
- MariaDB (19)
- Movie (34)
- Murmuring (4,521)
- Music (49)
- MySQL (291)
- NCTU (65)
- NetBSD (7)
- Network (3,201)
- OpenBSD (8)
- Opera (26)
- OS (387)
- P2P (131)
- Photo (72)
- Political (123)
- PostgreSQL (41)
- Privacy (2)
- Programming (753)
- Recreation (532)
- RSS (78)
- Safari (38)
- Science (95)
- Search Engine (180)
- Security (1,024)
- Service (19)
- SMS (10)
- Social (210)
- Software (2,321)
- Spam (107)
- Sport (10)
- Telephone (115)
- Television (61)
- Usenet (14)
- Vim (13)
- VPN (16)
- Wiki (48)
- Windows (74)
- WWW (1,604)
Blogroll
Meta
Tag Archives: login
Cloudflare 總算支援 TOTP 了
Cloudflare 宣佈支援 TOTP 形式的 OTP 了:「You can now use Google Authenticator and any TOTP app for Two-Factor Authentication」。 這樣可以重設然後把 Authy 砍掉了,這樣就不用把 OTP 的 secret data 放在別人家了 :o
Facebook 支援 U2F 登入...
Facebook 也支援 U2F (Universal 2nd Factor) 了:「Security Key for safer logins with a touch」。 之前買 Yubico 的 Yubikey 好像不支援 U2F (很久前買的版本),好像該買幾顆玩具看看了... 剛剛翻了翻 Amazon,好像不少家都有支援 U2F,也許不一定要買 Yubico 的產品 :o
蘋果規劃在 iOS 9 與 OS X El Capitan 引入 2FA 登入機制
蘋果打算在 iOS 9 與 OS X El Capitan 引入 2FA 登入機制:「Apple Adds Two Factor Authentication to OS X and iOS」。 在蘋果的「Two-Factor Authentication in iOS 9 and OS X El Capitan」有詳細說明。 等實際推出的時候再來看看用起來如何...
使用者登入時的錯誤訊息
在「“Invalid Username or Password”: a useless security measure」這篇文章裡談到了使用者登入錯誤時的提示訊息。 通常為了安全考量,「沒有這個帳號」與「密碼錯誤」,我們會給出一樣的錯誤訊息,避免攻擊者可以猜測。像是 Amazon 的畫面: 這樣設計的前提是讓攻擊者不知道這個帳號是不是存在 (如果不存在的話就換其他帳號繼續攻擊)。但這個假設通常是錯的,因為大多數的系統一個 e-mail 綁定一個帳號,所以註冊時就可以分辨: 因此應該提供正確的訊息,而非將資訊隱蔽起來。
Facebook 官方提供 WiFi 登入綁 Facebook 的服務...
記得前陣子在 Twitter 上看到有人想要用 Twitter 認證使用者的消息,結果前幾天就看到 Facebook 提供官方版本:「Get Facebook Wi-Fi for Your Business」。 在「Set Up Facebook Wi-Fi for Your Business」有提到目前有這些產品可以支援: Meraki wireless products Cisco ISR G2 and ASR 1000 Series routers NETGEAR R6300 Smart WiFi router 不過,感覺好像有很多洞可以鑽... Facebook 用了大量的 Akamai 加速,除非在這些頁面特殊處理過 … Continue reading