Recent Comments
- Zonr Chang on Telegram 使用 CDN 加速下載
- lin on AWS CodeCommit 總算支援東京區了...
- John Linq on 對 Open Data 的攻擊手段
- John Linq on Apache Foundation 宣佈禁止使用 Facebook BSD+Patents 的軟體
- CQD on 創業的點子
Archives
- July 2017 (35)
- June 2017 (37)
- May 2017 (59)
- April 2017 (55)
- March 2017 (55)
- February 2017 (35)
- January 2017 (42)
- December 2016 (48)
- November 2016 (32)
- October 2016 (35)
- September 2016 (78)
- August 2016 (69)
- July 2016 (19)
- June 2016 (42)
- May 2016 (61)
- April 2016 (51)
- March 2016 (74)
- February 2016 (87)
- January 2016 (31)
- December 2015 (36)
- November 2015 (61)
- October 2015 (72)
- September 2015 (53)
- August 2015 (42)
- July 2015 (38)
- June 2015 (30)
- May 2015 (18)
- April 2015 (57)
- March 2015 (41)
- February 2015 (50)
- January 2015 (35)
- December 2014 (50)
- November 2014 (56)
- October 2014 (41)
- September 2014 (37)
- August 2014 (37)
- July 2014 (28)
- June 2014 (50)
- May 2014 (32)
- April 2014 (46)
- March 2014 (38)
- February 2014 (29)
- January 2014 (52)
- December 2013 (50)
- November 2013 (45)
- October 2013 (40)
- September 2013 (48)
- August 2013 (22)
- July 2013 (25)
- June 2013 (13)
- May 2013 (16)
- April 2013 (28)
- March 2013 (37)
- February 2013 (36)
- January 2013 (57)
- December 2012 (44)
- November 2012 (10)
- October 2012 (12)
- September 2012 (21)
- August 2012 (21)
- July 2012 (25)
- June 2012 (8)
- May 2012 (10)
- April 2012 (11)
- March 2012 (10)
- February 2012 (11)
- January 2012 (5)
- December 2011 (13)
- November 2011 (12)
- October 2011 (10)
- September 2011 (7)
- August 2011 (5)
- July 2011 (11)
- June 2011 (21)
- May 2011 (22)
- April 2011 (36)
- March 2011 (43)
- February 2011 (23)
- January 2011 (24)
- December 2010 (34)
- November 2010 (19)
- October 2010 (16)
- September 2010 (15)
- August 2010 (10)
- July 2010 (12)
- June 2010 (3)
- May 2010 (3)
- April 2010 (4)
- March 2010 (8)
- February 2010 (14)
- January 2010 (13)
- December 2009 (16)
- November 2009 (28)
- October 2009 (24)
- September 2009 (12)
- August 2009 (7)
- July 2009 (10)
- June 2009 (11)
- May 2009 (22)
- April 2009 (21)
- March 2009 (18)
- February 2009 (7)
- January 2009 (32)
- December 2008 (19)
- November 2008 (12)
- October 2008 (15)
- September 2008 (14)
- August 2008 (15)
- July 2008 (18)
- June 2008 (20)
- May 2008 (19)
- April 2008 (27)
- March 2008 (22)
- February 2008 (21)
- January 2008 (15)
- December 2007 (22)
- November 2007 (17)
- October 2007 (29)
- September 2007 (31)
- August 2007 (34)
- July 2007 (31)
- June 2007 (36)
- May 2007 (23)
- April 2007 (22)
- March 2007 (30)
- February 2007 (50)
- January 2007 (75)
- December 2006 (48)
- November 2006 (59)
- October 2006 (89)
- September 2006 (29)
- August 2006 (48)
- July 2006 (14)
- June 2006 (35)
- May 2006 (62)
- April 2006 (63)
- March 2006 (72)
- February 2006 (83)
- January 2006 (56)
- December 2005 (46)
- November 2005 (60)
- October 2005 (27)
- September 2005 (54)
- August 2005 (83)
Tags
Categories
- Anime (29)
- AWS (414)
- BBS (22)
- Blog (249)
- Book (31)
- Bridge (1)
- Browser (526)
- Cassandra (2)
- CDN (181)
- Cloud (556)
- CMS (58)
- Comic (19)
- Computer (4,430)
- Computer and Network Center (33)
- CSS (69)
- Database (419)
- DNS (127)
- Editor (24)
- Financial (89)
- Firefox (232)
- Food (14)
- FreeBSD (139)
- FTP (3)
- Game (60)
- GCP (4)
- Go (1)
- GoogleChrome (166)
- Hardware (382)
- IE (98)
- Joke (159)
- Lab (4)
- Library (4)
- Linux (173)
- MacOS (30)
- Mail (118)
- MariaDB (19)
- Movie (35)
- Murmuring (4,569)
- Music (49)
- MySQL (294)
- NCTU (65)
- NetBSD (7)
- Network (3,232)
- OpenBSD (8)
- Opera (26)
- OS (389)
- P2P (131)
- Photo (72)
- Political (124)
- PostgreSQL (41)
- Privacy (7)
- Programming (763)
- Recreation (533)
- RSS (79)
- Safari (38)
- Science (97)
- Search Engine (181)
- Security (1,044)
- Service (35)
- SMS (10)
- Social (212)
- Software (2,346)
- Spam (107)
- Sport (10)
- Telephone (115)
- Television (62)
- Usenet (15)
- Vim (13)
- VPN (18)
- Wiki (48)
- Windows (74)
- WWW (1,618)
Blogroll
Meta
Tag Archives: security
GitHub 推出軟體版的 U2F Authenticator (目前只有 macOS)
用軟體實做 U2F,目前是開發在 macOS 上:「Introducing Soft U2F, a software U2F authenticator for macOS」。 實在是不愛這種方式,由於是軟體式的,安全性低了不少... (機器被入侵後就都沒有防護了) 不過 U2F 是目前少數可以在 protocol 層抵抗 phishing 的方式,相較於一般 OTP 的方式還是得很注意網址,所以站在推廣的立場的確是希望能多一點人用...
在飯店裡攻擊企業的高階主管
算是為什麼企業要提供 Full Routing VPN 的一個攻擊管道的說明... 這篇介紹了在飯店裡透過 WiFi 攻擊企業的高階主管,想辦法塞木馬取得資訊,或是滲透進企業內部的網路:「Hackers are using hotel Wi-Fi to spy on guests, steal data」。 Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in … Continue reading
Telegram 使用 CDN 加速下載
Telegram 說明他們將會使用 CDN 加速:「More Speed and Security!」。 資料在 CDN 的節點上是加密的,金鑰需要透過 Telegram 的 key server 提供: While these caching nodes are only used to temporarily store public media (imagine Telegram versions of superpopular YouTube hits), all data that goes through them … Continue reading
歡樂的 md5crypt 密碼...
作者寫了一篇關於以前在 WHOIS 記錄上看到一串 $1$ 開頭的 md5crypt 密碼 XDDD:「I mean, why not tell everyone our password hashes?」。 Now the fields are filtered but this is a reasonably recent change. Prior to July 2015 the hashed passwords were shown to anyone who … Continue reading
對 Open Data 的攻擊手段
前陣子看到的「Membership Inference Attacks against Machine Learning Models」,裡面試著做到的攻擊手法: [G]iven a data record and black-box access to a model, determine if the record was in the model's training dataset. 也就是拿到一組 Open Data 的存取權限,然後發展一套方法判斷某筆資料是否在裡面。而驗證攻擊的手法當然就是直接攻擊看效果: We empirically evaluate our inference techniques on classification models … Continue reading
Amazon Route 53 將會加緊支援 DNS CAA
看到 Amazon Route 53 要支援 DNS CAA 的消息:「Announcement: Announcement: CAA Record Support Coming Soon」。 裡面有提到 CA/Browser Forum 的決議,要求各瀏覽器支援 DNS CAA: On March 8, 2017, the Certification Authority and Browser Forum (CA/Browser Forum) mandated that by September 8, 2017, CA’s are … Continue reading
直接接管整個 .io 的網域...
在「The .io Error – Taking Control of All .io Domains With a Targeted Registration」這邊看到的 XDDD 其實就是這樣: ;; AUTHORITY SECTION: io. 172800 IN NS ns-a1.io. io. 172800 IN NS ns-a2.io. io. 172800 IN NS ns-a3.io. io. 172800 IN NS ns-a4.io. io. … Continue reading
AWS 的 Patch Manager 支援 Linux
在「Amazon EC2 Systems Manager Patch Manager now supports Linux」這邊 AWS 宣佈了 Patch Manager 支援 Linux 的消息。 目前支援的包括了: Amazon Linux 2014.03 and later (2015.03 and later for 64-bit) Ubuntu Server 16.04 LTS, 14.04 LTS, and 12.04 LTS RHEL 6.5 and later … Continue reading
Google Chrome 對 WoSign 與 StartCom 的白名單要完全移除了
在 Twitter 上看到的: Chrome will fully distrust WoSign and StartCom in Chrome 61; beta in July, stable in September. https://t.co/5fnda6aUQw — Ivan Ristic (@ivanristic) July 7, 2017 對 WoSign 與 StartCom 的移除會發生在 61 版,而依照「Final removal of trust in WoSign and … Continue reading
用照片打鑰匙的服務
在 Bruce Schneier 的 blog 上看到 KeyMe 這個服務:「Now It's Easier than Ever to Steal Someone's Keys」。 你把鑰匙的照片拍下來,透過 app 上傳付款後,他就把鑰匙寄給你 XDDD 查了一下資料,在五年前 (2012) 的時候就有人做遠距離攻擊的研究了:「60 公尺外,拍照攝影就可以重製鑰匙...」,所以有好的方面,也有邪惡的方面...