Tag Archives: txt

security.txt

最近開始有人在討論「security.txt」這個標準了,可以在「A Method for Web Security Policies」這邊看到 draft。 想法其實類似於 robots.txt: # Our security address Contact: security@example.com # Our PGP key Encryption: https://example.com/pgp-key.txt # Our disclosure policy Disclosure: Full 以往的方式是透過 WHOIS 或是 DNS 的 SOA 欄位來聯絡,或是直接寄到 security@domain,現在這個架構就多了一套方法,是好是壞不曉得...

Posted in Computer, Murmuring, Network, Security, Service, WWW | Tagged , , , | Leave a comment

透過 DNS TXT 傳遞指令的惡意程式

看到「New Fileless Malware Uses DNS Queries To Receive PowerShell Commands」這篇,所以是有人開始這樣惡搞了... Distributed through an email phishing campaign, the DNSMessenger attack is completely Fileless, as it does not involve writing files to the targeted system; instead, it uses DNS TXT messaging capabilities … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, Spam | Tagged , , , , , , , | Leave a comment