Recent Comments
Archives
- September 2016 (75)
- August 2016 (69)
- July 2016 (19)
- June 2016 (42)
- May 2016 (61)
- April 2016 (51)
- March 2016 (74)
- February 2016 (87)
- January 2016 (31)
- December 2015 (36)
- November 2015 (61)
- October 2015 (72)
- September 2015 (53)
- August 2015 (42)
- July 2015 (38)
- June 2015 (30)
- May 2015 (18)
- April 2015 (57)
- March 2015 (41)
- February 2015 (50)
- January 2015 (35)
- December 2014 (50)
- November 2014 (56)
- October 2014 (41)
- September 2014 (37)
- August 2014 (37)
- July 2014 (28)
- June 2014 (50)
- May 2014 (32)
- April 2014 (46)
- March 2014 (38)
- February 2014 (29)
- January 2014 (52)
- December 2013 (50)
- November 2013 (45)
- October 2013 (40)
- September 2013 (48)
- August 2013 (22)
- July 2013 (25)
- June 2013 (13)
- May 2013 (16)
- April 2013 (28)
- March 2013 (37)
- February 2013 (36)
- January 2013 (57)
- December 2012 (44)
- November 2012 (10)
- October 2012 (12)
- September 2012 (21)
- August 2012 (21)
- July 2012 (25)
- June 2012 (8)
- May 2012 (10)
- April 2012 (11)
- March 2012 (10)
- February 2012 (11)
- January 2012 (5)
- December 2011 (13)
- November 2011 (12)
- October 2011 (10)
- September 2011 (7)
- August 2011 (5)
- July 2011 (11)
- June 2011 (21)
- May 2011 (22)
- April 2011 (36)
- March 2011 (43)
- February 2011 (23)
- January 2011 (24)
- December 2010 (34)
- November 2010 (19)
- October 2010 (16)
- September 2010 (15)
- August 2010 (10)
- July 2010 (12)
- June 2010 (3)
- May 2010 (3)
- April 2010 (4)
- March 2010 (8)
- February 2010 (14)
- January 2010 (13)
- December 2009 (16)
- November 2009 (28)
- October 2009 (24)
- September 2009 (12)
- August 2009 (7)
- July 2009 (10)
- June 2009 (11)
- May 2009 (22)
- April 2009 (21)
- March 2009 (18)
- February 2009 (7)
- January 2009 (32)
- December 2008 (19)
- November 2008 (12)
- October 2008 (15)
- September 2008 (14)
- August 2008 (15)
- July 2008 (18)
- June 2008 (20)
- May 2008 (19)
- April 2008 (27)
- March 2008 (22)
- February 2008 (21)
- January 2008 (15)
- December 2007 (22)
- November 2007 (17)
- October 2007 (29)
- September 2007 (31)
- August 2007 (34)
- July 2007 (31)
- June 2007 (36)
- May 2007 (23)
- April 2007 (22)
- March 2007 (30)
- February 2007 (50)
- January 2007 (75)
- December 2006 (48)
- November 2006 (59)
- October 2006 (89)
- September 2006 (29)
- August 2006 (48)
- July 2006 (14)
- June 2006 (35)
- May 2006 (62)
- April 2006 (63)
- March 2006 (72)
- February 2006 (83)
- January 2006 (56)
- December 2005 (46)
- November 2005 (60)
- October 2005 (27)
- September 2005 (54)
- August 2005 (83)
Tags
Categories
- Anime (28)
- AWS (310)
- BBS (22)
- Blog (244)
- Book (30)
- Bridge (1)
- Browser (488)
- CDN (164)
- Cloud (430)
- CMS (57)
- Comic (19)
- Computer (4,008)
- Computer and Network Center (33)
- CSS (62)
- Database (354)
- DNS (115)
- Editor (22)
- Financial (81)
- Firefox (218)
- Food (14)
- FreeBSD (137)
- FTP (2)
- Game (54)
- GoogleChrome (145)
- Hardware (336)
- IE (92)
- Joke (158)
- Lab (3)
- Linux (156)
- MacOS (25)
- Mail (112)
- MariaDB (17)
- Movie (28)
- Murmuring (4,135)
- Music (47)
- MySQL (253)
- NCTU (64)
- NetBSD (7)
- Network (2,924)
- OpenBSD (7)
- Opera (26)
- OS (359)
- P2P (125)
- Photo (68)
- Political (117)
- PostgreSQL (36)
- Programming (670)
- Recreation (509)
- RSS (78)
- Safari (36)
- Science (84)
- Search Engine (173)
- Security (909)
- SMS (9)
- Social (188)
- Software (2,108)
- Spam (100)
- Sport (9)
- Telephone (109)
- Television (54)
- Usenet (14)
- Vim (13)
- VPN (16)
- Wiki (47)
- Windows (68)
- WWW (1,511)
Blogroll
Meta
Tag Archives: security
FreeBSD 11.0 重新發行...
本來已經發行的 FreeBSD 11.0,因為最近的安全性問題 (應該是講 OpenSSL?),決定不以 security update 的方式更新,而是直接發新版了:「[REVISED] [HEADS-UP] 11.0-RELEASE status update」。 Although the FreeBSD 11.0-RELEASE has not yet been officially announced, many have found images on the Project FTP mirrors. However, please be aware the final 11.0-RELEASE will be … Continue reading
另外一套用 shell script 寫的 ACME client (或者說 Let's Encrypt client)
acme.sh 是另外一套用 shell script 寫的 ACME client,由西安的 Neilpang 寫的。我也包成 Ubuntu PPA 了:「PPA for acme.sh」。 我建議的用法是先建立 /etc/acme.sh,把各種設定都放到這個目錄裡面,然後用這樣的指令執行: $ sudo acme.sh --issue -d www.example.com -w /srv/www.example.com/webroot/ --home /etc/acme.sh/ 不過 acme.sh 有個問題,沒有將檔案與目錄權限處理好... 我申請完後發現目錄是 drwxr-xr-x,而 key 是 -rwxr-xr-x,這樣會有安全性的問題,需要自己再修改。
letsencrypt.sh 改名為 dehydrated
在 Twitter 上被提醒 letsencrypt.sh 改名為 dehydrated 了: Hi @gslin letsencrypt.sh 已經 rename 成 dehydrated 建議一下看是否 letsencrypt.tw 的文件要不要調整一下 — johnpupu (@johnpupu) September 26, 2016 在「renamed project to dehydrated and main script to dehydrated.sh」這邊可以看到對應的 commit。 原有的 letsencrypt.sh PPA 仍然會保留,但不會再更新 (維持 letsencrypt.sh 所發行的最後一個版本,0.3.0),要使用的人請使用 … Continue reading
Mozilla 對 WoSign 事件的決策 (草稿階段)
在「Mozilla 在考慮移除 WoSign 的 CA Root」這邊提到的事情,隨著時間的發展,大家發現事情愈來愈誇張。 在兩個小時前 Mozilla 的 Gervase Markham 提出了對 WoSign + StartCom 處置的草稿:「WoSign and StartCom」,草稿在 Google Docs 上的「WoSign and StartCom」這邊可以看到。另外 Mozilla 在 wiki 上「CA:WoSign Issues」將 WoSign + StartCom 的事情都整理了出來,也是重要的資料。 文章很長,先講結論:目前 Mozilla 打算把 WoSign 與 StartCom 所簽出的 certificate … Continue reading
貨運公司每次都把腳踏車弄壞...
在「Our secret’s out.」這邊看到 VanMoof (腳踏車生意) 對於托運公司每次都把腳踏車給弄壞的解決方法 XDDD genius idea alert: @vanmoof bikes had problem with shipping damage. So it put flat TVs on its boxes. Problem solved. pic.twitter.com/dsomNATUoY — Jason Gay (@jasongay) September 4, 2016 因為包裝很像平板螢幕,就掛個平板螢幕的圖片上去,然後運送的損壞率就下降 70%~80%: Earlier this year … Continue reading
Posted in Murmuring
Tagged bike, delivery, fedex, flat, flatscreen, security, television, transport, tv
Leave a comment
Akamai 阻擋 DDoS 能力的上限
這應該是最近在看 DDoS 事件中比較重要的新聞了,從這次的事件知道 Akamai 沒有能力擋下某種 620Gbps 以上的 DDoS 攻擊,而這是攻擊者已經有能力「示範」出來的量:「Akamai kicked journalist Brian Krebs' site off its servers after he was hit by a 'record' cyberattack」。 The assault has flooded Krebs' site with more than 620 gigabits per second of traffic … Continue reading
Yahoo! 這次應該是史上最大的一次 leak...
Yahoo! 這次爆出來的 leak 應該是目前史上最大的一次:「An Important Message About Yahoo User Security」。 目前 Yahoo! 的研判是 2014 年時由政府單位搬出去的: A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by … Continue reading
歐盟法院認為公開無線網路的營運者不需要對使用者的侵權行為負責
歐盟法院 (The Court of Justice of the European Union) 認為公開無線網路的營運者不需要對使用者的侵權行為負責:「EU Court: Open WiFi Operator Not Liable For Pirate Users」。 不過這是有一些前提的,法院認為應該要符合這幾個要件,營運方才不要負責。基本上完全沒有 filter 限制的無線網路會符合這些條件: The Court further notes that in order for such ‘mere conduit’ services to be exempt from third party … Continue reading
Google Allo 減弱本來的安全設計
Google Allo 減弱了本來的安全設計:「Google backs off on previously announced Allo privacy feature」。 藉由修改預設行為減弱: The version of Allo rolling out today will store all non-incognito messages by default — a clear change from Google’s earlier statements that the app would only store … Continue reading
Dropbox 儲存密碼的方式
記得 Dropbox 前陣子才強迫所有使用者重設密碼:「The Dropbox hack is real」,官方的報告在這:「Resetting passwords to keep your files safe」,當時洩漏出來的資訊可以知道 2012 年的時候 Dropbox 用的是 SHA1: What we've got here is two files with email address and bcrypt hashes then another two with email addresses and SHA1 hashes. … Continue reading