Tencent's security lab uncovered a large‑scale trojan spread via pornographic web ads that exploits the CVE‑2016‑0189 IE vulnerability, installs a backdoor, and runs a Zcash mining program, while also distributing Linux malware and controlling numerous C&C servers across Chinese provinces.
Tencent Security Lab dissected the compromised XShell remote terminal, revealing a three‑stage malicious process where patched binaries load encrypted shellcode, exfiltrate system information via dynamically generated DGA domains, and ultimately deploy a svchost‑based payload, with detailed IOC listings and remediation advice.
In August 2017 MIT Technology Review honored Alibaba AI Lab chief scientist Wang Gang and Alibaba Cloud chief security scientist Wu Hanqing as part of its global TR35 young innovators, marking the first time two researchers from a Chinese company appeared on the prestigious list and highlighting China’s rising influence in AI and security research.
A critical backdoor was discovered in NetSarang’s Xshell 5 Build 1326, where the nssock2.dll module contains malicious code that contacts a remote domain, affecting multiple NetSarang products; the article details the vulnerability, affected versions, behavior, and provides safe download links.
A recent security advisory reveals that popular remote terminal Xshell versions contain a backdoor in the nssock2.dll component, enabling shellcode to harvest host information, generate monthly DGA domains, and potentially expose sensitive data, prompting immediate version checks and upgrades.
Security researchers discovered a physical attack vector on Amazon Echo that exposes its debug panel and allows booting from an external SD card, enabling persistent root access, covert audio streaming, and a full remote control backdoor, with detailed hardware and firmware exploitation steps provided.
This article explains how to protect Visual Studio Team Services (VSTS) by integrating Azure Conditional Access, covering account binding, rule creation, user and group selection, condition settings such as sign‑in risk and location, and testing the resulting access restrictions.
This article traces the evolution of cryptography from ancient substitution ciphers to modern standards like DES, RSA, and ECC, explains symmetric and asymmetric encryption, compares ECC and RSA in security and efficiency, and presents cloud‑server performance tests showing ECC‑256’s superiority in speed and resource usage.
This extensive essay traces the evolution of computer operating systems from the 1940s to today, analyzes the limitations of current OS architectures, and proposes a cloud‑native, container‑based future exemplified by the open‑source Elastos platform, highlighting security, interoperability, and new business models.
This article describes Ctrip's automated web vulnerability detection system, detailing the shift from active to passive scanning, the distributed architecture using traffic mirroring, message queues, Redis, and MySQL, and the processes for data collection, de‑duplication, scanning, and vulnerability management.
This guide walks through setting up Python 2.7 with the pywifi module, preparing a dictionary of common Wi‑Fi passwords, configuring a scanner, scanning nearby hotspots, testing each network, and recording results to identify vulnerable access points.
The article explores the hidden, high‑traffic world of web crawlers and anti‑crawling measures, revealing why most online requests are bots, how companies decide to crawl or block, the technical and organizational challenges involved, and what the future may hold for this perpetual cat‑and‑mouse game.
This article explores the often hidden and contentious world of web crawling and anti‑crawling, detailing industry motivations, the massive proportion of bot traffic, the technical arms race between scrapers and defenders, and the broader impact on developers, companies, and security practices.
The article examines how built‑in (embedded) security differs from bolt‑on security in IoT devices, outlines real‑world attack scenarios—including physical and network exploits—and recommends foundational security designs to protect connected sensors, actuators, and smart environments.
This article recounts the development of Ctrip's graphical captcha system, describing its early .NET‑based implementation, the challenges encountered such as uniform difficulty, limited data collection, and poor user experience, and how successive redesigns—including multilingual support, adaptive difficulty, and slider‑plus‑character selection—balanced security and usability.
Check Point researchers reveal that the Fireball malware, linked to Chinese firm Rafotech, has infected up to 250 million Windows and macOS computers worldwide by bundling malicious browser extensions, hijacking search engines, and enabling extensive data theft, prompting detailed analysis of its origin, impact, and mitigation steps.
This article explores the hidden, often unglamorous world of web crawling and anti‑crawling, detailing why companies need these technologies, the massive traffic they generate, the technical arms race between crawlers and defenders, and the evolving strategies and challenges that shape the industry today.
This article examines the hidden, often unglamorous world of web crawling and anti‑crawling, revealing why companies deploy aggressive scraping and defensive measures, the technical arms race between crawlers and defenders, the impact on engineers' careers, and future trends in this contested space.
The article examines how built‑in security components differ from bolt‑on solutions in IoT, highlighting real‑world vulnerabilities, physical attack scenarios, and the need for proactive, physically grounded security models to protect connected devices and users.
An unauthenticated remote attacker can exploit a flaw in Linux kernel versions prior to 4.5’s udp.c, using crafted UDP packets with MSG_PEEK to trigger an unsafe checksum calculation, achieving arbitrary code execution and potential privilege escalation, though the vulnerability’s impact is limited due to rare MSG_PEEK usage.
This article explains the concept and architecture of an unmanned customer service system, outlines its security testing strategy—including interface, vulnerability scanning, privilege and data protection tests—describes database and web security methods, and provides practical command examples and tool recommendations.
This article explains the purpose of key‑derivation functions, compares fast and slow hash algorithms, and explores how moving password stretching to the browser can increase attack costs while balancing usability, with practical code examples and deployment considerations.
Xplico is an open‑source network forensics platform that reconstructs application‑level data from captured traffic, supporting numerous protocols, offering modular decoding, multithreaded processing, and flexible output to databases or files, making it valuable for security analysis and incident response.
This article recounts a Redis server hijacking incident, details the step‑by‑step investigation and remediation process, and offers practical security recommendations to protect Redis deployments on Linux environments.
This article explains how vulnerabilities, backdoors, and various Oracle rootkit techniques—ranging from simple package tricks to OS‑level and memory‑level attacks—allow attackers to maintain persistent, hidden access to databases, and it offers concrete detection and mitigation strategies.
This article details Zhaogang's journey from a chaotic startup environment to a mature, multi‑stage security operation, covering its background, the four‑phase security framework, traditional security domains, and practical strategies for driving security initiatives across the organization.
The article explains how high‑definition intelligent video monitoring, automated analysis, and layered VMS architecture enable pre‑warning, real‑time response, and post‑event evidence collection to strengthen anti‑terrorism security in smart city environments.
This guide explains how to secure Linux servers against common attacks by configuring SELinux, iptables, SSH public‑key authentication, and immutable file attributes, while also showing real‑world scan results and practical hardening steps.
The article explains how various companies use technologies such as ultrasonic audio, facial recognition, smart TV monitoring, and image analysis to collect personal data, outlines the common pathways of information leakage, and offers practical advice for safeguarding online privacy.
The article examines common security risks such as weak passwords, GitHub credential leaks, and misconfigurations in DevOps pipelines, illustrating how attackers exploit these flaws and offering practical mitigation strategies like access control, least‑privilege policies, robust password rules, and vulnerability tracking.
This article provides a comprehensive, step‑by‑step tutorial on installing and configuring Search Guard for Elasticsearch, covering feature overview, version compatibility, downloading required packages, local installation commands, SSL/TLS certificate generation, and detailed security settings to protect both transport and REST layers.
This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.
The discussion outlines practical anti‑spam strategies—including text length limits, keyword replacement, trie‑based data structures, AC automata, Bayesian and vector‑similarity algorithms, and PHP extensions such as libdatrie—while also sharing performance metrics and resource links for implementing robust content filtering systems.
This article introduces Node.js's built‑in crypto module, explaining how to perform one‑way hashing with SHA‑256, create HMACs for stronger integrity checks, and use symmetric cipher/decipher for encrypting and decrypting data, complete with practical code snippets.
Recent public SHA-1 collision demonstrated by Google and Dutch researchers highlights the insecurity of SHA-1, prompting a shift toward stronger hashes like SHA-256/3, and underscores the importance of robust hash functions in data deduplication, storage compression, and overall information security.
This article outlines Ctrip's comprehensive business security strategy, detailing four major risk types, three core protection systems—including a unified captcha, a real‑time risk control engine, and a risk data platform—followed by a technology‑driven architecture, new captcha services, and future security directions.
This article explains Google’s BeyondCorp concept, the need for deep defense of internal and perimeter networks, and provides practical Linux scripts for monitoring processes, ports, command usage, system events, file changes, and SFTP activity to detect and mitigate host intrusions.
The article explains the TCP handshake spoofing technique, showing how the 32‑bit sequence and acknowledgment fields can be abused to impersonate a client, the traffic volume required for a successful attack, and why TLS is the recommended mitigation.
This article reviews sixteen notable 2016 service outages across finance, cloud, and entertainment, analyzes their causes—ranging from power failures to DDoS attacks—and highlights the critical need for robust disaster‑recovery and information‑security practices.
This article showcases a collection of quirky, poetically inspired passwords used by programmers, explains their hidden meanings, and presents statistical insights into common password habits such as length, character composition, and usage trends among developers.
This article explores the TLS protocol in depth, outlining its design objectives, cryptographic foundations, historical evolution, detailed handshake and record layer mechanisms, security analyses, common pitfalls, and lessons for designing robust modern encrypted communication protocols.
The article examines why financial institutions keep DDoS incidents under wraps, shares insights from senior security officers, and outlines six practical strategies—including real‑time defense preparation, upstream mitigation, application‑layer protection, collaboration, emergency planning, and vigilance against secondary attacks—to strengthen resilience against increasingly sophisticated distributed denial‑of‑service threats.
This article reviews the rapid growth of China’s OTA market, the rise of black‑market threats, and how Ctrip’s security team has iteratively redesigned its risk‑defense architecture—from a .NET‑based real‑time system, through an offline risk‑library, to the integrated Ares platform—highlighting each stage’s strengths, shortcomings, and lessons learned.
On September 28 Node.js issued four security updates—including maintenance releases 0.10.47 and 0.12.16, LTS 4.6.0 Argon, and stable 6.7.0—addressing multiple CVEs such as wildcard certificate validation, HTTP header validation, OCSP extension misuse, and the SWEET32 attack, and urging users to upgrade promptly.
This article provides a curated list of introductory resources—including programming fundamentals, control‑system basics, and industry‑specific videos—to help newcomers and professionals alike begin their journey into industrial control system cybersecurity.
The article details a troubleshooting process for a Huawei AR2240 router experiencing external network access issues due to ARP IP conflicts, showing how to identify the conflicting MAC address from trap logs and resolve the problem by creating an ACL to deny the offending MAC on the relevant interface.
The article examines agentless backup technology, comparing its implementation in virtualized and physical environments, detailing supported interfaces, evaluating a real‑world Asigra Cloud Backup case, and discussing security risks, performance impacts, and when traditional agents remain necessary.
This article details Tencent's comprehensive game security approach, covering common threats like cheats and malware, the value and cost of security systems, architectural design, core protection modules, operational results, and the company's external security services for game developers.
This article explains the unauthenticated SQL injection flaw in Zabbix's JSRPC profileIdx2 parameter, details its high impact on versions 2.2.x and 3.0.0‑3.0.3, provides a step‑by‑step proof‑of‑concept exploit, and recommends upgrading to version 3.0.4 to remediate the issue.
This article introduces business security testing, explaining its background, overall workflow, and detailed techniques such as network request interception with tools like TamperIE, Chrome DevTools, and tcpdump, as well as cookie manipulation, backend authentication forging, and replay attacks on GET and POST interfaces.
Ctrip has become the first Chinese online travel service to obtain ISO 27001 certification, demonstrating enhanced information security management for its financial and business‑travel divisions and reassuring users that their personal and payment data are protected throughout the booking process.
A programmer hired to fix a quirky questionnaire program on an old 3B2 machine discovers that the source code repeatedly reverts, the curses library is tampered, and ultimately a malicious compiler injects backdoor code, leading to a multi‑day forensic investigation and replacement of the toolchain.
This article provides an in‑depth overview of security testing, covering its definition, lifecycle, test types, a wide range of scanning and injection tools, practical checklists, evaluation metrics, and recommendations for integrating security assessments throughout the software development process.
The author recounts how they infiltrated a neighbor's Wi‑Fi by cracking the WPA2 password, accessed the router’s web admin, harvested personal accounts and photos, even controlled a TV box, and concludes with practical security recommendations for everyday users.
This article chronicles the evolution of Linux malware from the first recognized virus Staog in 1996 through notable threats such as Bliss, Slapper, Badbunny, Snakso, Hand of Thief, Windigo and the Shellshock‑related Mayhem botnet, highlighting how increasing Linux adoption has attracted attackers.
In the era of big data, banks face unprecedented information security challenges due to massive, valuable, and highly damaging data breaches, and must adopt encryption, flexible access control, rigorous auditing, DLP solutions, strict data management, and robust outsourcing controls to safeguard customer information.
This guide explains the five most common reasons an SSL certificate appears untrusted—such as using a self‑signed certificate, misconfigured trust chain, missing domain coverage, expiration, or lack of SNI support—and provides practical steps to resolve each issue.
This article provides a comprehensive overview of HTTPS, explaining its purpose, advantages, and drawbacks, and delves into the underlying cryptographic concepts such as symmetric and asymmetric encryption, hash algorithms, digital signatures, digital certificates, and the detailed SSL/TLS handshake process.
The article examines why databases are frequent targets of security breaches, explains the most common SQL injection vulnerability, categorizes injection paths, methods, and examples—including manipulation, code, function‑call, and buffer‑overflow attacks—then outlines practical defense measures such as input encryption, database firewalls, and patching.
Web crawlers, especially AI‑driven ones, threaten site performance and data ownership, so this article reviews common anti‑scraping methods—from IP and header analysis to behavior detection—and reveals two unconventional defenses: data poisoning and a deposit‑based access model that penalize malicious bots.
This article surveys seven modern hacking tricks—from fake Wi‑Fi hotspots and cookie theft to file‑name deception, path hijacking, hosts‑file redirection, watering‑hole attacks, and bait‑replacement—explaining how they work, why they succeed, and practical defenses for users and developers.
This article shares practical techniques for generating passwords that are easy to remember but difficult for others to guess, including using initials of poems, personal info combined with app names and random numbers, and custom keyboard patterns, while emphasizing the importance of a consistent rule.
This article outlines why proactive information‑security preparedness, cross‑department response teams, and clear incident‑response checklists are essential for minimizing damage and maintaining trust when a data breach occurs.
Samy Kamkar’s YouTube series “Applied Hacking” showcases a range of inventive security experiments—from toy‑controlled garage doors and 3D‑printed lock‑picking robots to USB keyloggers, drone hijacking, remote‑car exploits, and credit‑card cloning tools—illustrating how everyday devices can be repurposed for hacking.
Linux Mint warned that attackers replaced the official 17.3 Cinnamon ISO with a back‑doored version, and users can verify integrity using MD5 checksums, look for a hidden file, and follow remediation steps to protect their data and reinstall safely.
The article critiques common mandatory password complexity rules, explains why they often reduce security and usability, and proposes simpler, more effective approaches such as longer minimum lengths, pattern restrictions, and using strength estimators like zxcvbn, illustrated with Laravel implementation examples.
This article examines the evolution of a malicious MD5 collision campaign from 2014‑2015, detailing the chosen‑prefix collision method, the combination with digital signatures and dual‑signature tricks, the full infection workflow, and the large‑scale propagation and impact on millions of Windows users.
This article explains the fundamentals of server certificates, private keys, and certificate authorities, classifies DV/OV/EV certificates, describes how to generate and inspect them, outlines CA history and notable incidents, and discusses PKI security measures such as HPKP and Certificate Transparency.
A JavaScript snippet shared on Twitter claims to crash Firefox, Chrome, and Safari browsers and even force an iPhone to restart, prompting security researchers to examine its behavior, potential as a 0‑day exploit, and possible misuse in attacks.
A JavaScript snippet shared on Twitter claims to crash Firefox, Chrome, and Safari browsers and even force an iPhone to restart, prompting security researchers to examine the code, observed effects on desktop and mobile, and discuss whether it is a bug or a true 0‑day exploit.
This guide outlines the fundamental concepts, mindset, and step‑by‑step skills needed for beginners to start learning hacking and information security, covering everything from basic network knowledge to legal considerations.
Over the past decade, open‑source software has surged in the enterprise sector, driven by startups and venture capital, with surveys showing widespread adoption, increased contributions, and strong security advantages that are reshaping IT architecture, cloud, and big‑data strategies.
The article explores historical privacy tactics of the USSR and the United States, offers practical habits for protecting personal information online, explains how to detect leaked data using search engines and social‑media checks, and suggests strategies for mitigating exposure and crafting false identities.
The article presents a comprehensive list of one hundred practical web‑application defense techniques—ranging from HTTP request analysis and ModSecurity rule creation to honeypot deployment and automated threat intelligence—drawn from the under‑appreciated book “Web Application Defender’s Cookbook.”
The article presents a comprehensive technical analysis of a sophisticated Windows trojan that masquerades as a Word document, detailing its delivery method, file extraction process, registry modifications, remote‑control capabilities, and the organized, targeted attack infrastructure behind it.
A sudden shutdown of an Alibaba Cloud server revealed it had been hijacked as a bot, prompting a step‑by‑step remediation that highlights the importance of basic security hardening such as securing Redis, changing default SSH settings, and enabling cloud monitoring alerts.
This article explains how Tencent uses big‑data collection, user profiling, and AI‑driven risk learning engines to detect and block malicious accounts, proxy IPs, and fraudulent activities across e‑commerce and other platforms, detailing the architecture, algorithms, and practical defenses employed.
This article shares insights from a security‑focused discussion on nurturing security‑oriented developers, balancing leadership and analyst needs in security visualization, and evaluating whether machine‑learning techniques truly add value to internal security data processing.
This article examines how manually assigned passwords in web services exhibit predictable structures—prefixes, keywords, separators, and suffixes—by analyzing millions of leaked Gmail passwords and other data, and categorizes the patterns to aid security assessments.
Security researchers discovered a wormhole‑style flaw in the popular 360 Browser for Android that allows remote code execution through a custom HTTP service, affecting both rooted and non‑rooted devices, and a patch (version 6.9.9.71) was released on November 23 to mitigate the issue.
The article explains how a widespread Java serialization vulnerability lets attackers execute remote commands by deserializing malicious objects, and describes a practical mitigation that overrides ObjectInputStream’s resolveClass method to enforce a whitelist, preventing unauthorized class instantiation without rewriting application code.
A user received a suspicious SMS with a malicious app link, prompting an analyst to download, decompile, and dissect the Android malware, revealing hidden Device Admin permissions, obfuscated code, DES-encrypted credentials, and the attacker’s email address, ultimately exposing how the trojan steals personal data.
The article explores the essence of information security by comparing it to safeguarding personal money, detailing the four fundamental attributes—confidentiality, integrity, availability, and controllability—and illustrating how different conditions shape security needs, from personal to enterprise contexts.
This article explains the XcodeGhost malware that infected iOS developers, detailing its data‑reporting and command‑issuing capabilities, the potential threats it poses on older iOS versions, and practical steps to detect and remove an infected Xcode installation.
The article examines Alibaba Cloud’s recent security incident, compares the “babysitter” model with AWS’s shared‑responsibility approach, and discusses how overly‑protective cloud security can affect user awareness, third‑party vendors, and the overall health of China’s cloud security ecosystem.
Shor’s algorithm leverages quantum parallelism to efficiently find integer factors, exposing the vulnerability of RSA encryption by locating periodicity in modular exponentiation, and the article outlines a five-step hybrid quantum‑classical procedure—including quantum Fourier transform—to break RSA keys.
The article explains what HTTP and DNS hijacking are, illustrates real‑world examples, analyzes their causes and harms, and presents practical anti‑hijacking techniques such as data validation, HttpDNS, operator cache handling, and logging systems.
This article summarizes a comprehensive ops security talk that breaks down network segmentation, system hardening, and permission management into layered defenses, offering practical guidance on VLANs, ACLs, least‑privilege principles, and account auditing for robust enterprise protection.
This article explains the fundamentals of encryption, symmetric and asymmetric cryptography, digital certificates, PKI, and provides step‑by‑step guidance on using OpenSSL to generate keys, create a private CA, issue and revoke certificates for secure data transmission.
This guide details how to set up USG firewall email filtering to block specific attachment types, limit attachment size, and prevent messages containing prohibited keywords by creating pattern groups, defining a mail‑filter policy, applying it to the outbound interzone firewall view, and verifying the configuration.
At the 55th Baidu Technology Salon, Baidu International Antivirus unveiled a cloud‑defense system that replaces traditional local pop‑ups with controllable, operable alerts and cloud‑based monitoring, analysis, and response policies, enabling targeted strikes, richer actions, and smarter handling of unknown threats such as zero‑day exploits.
The article outlines front‑end web security tactics—blocking all user‑supplied external links, sanitizing rich‑text to prevent XSS and iframe abuse, nullifying window.opener to stop phishing redirects—while recommending CSP, whitelist CSS, sandboxed iframes, and click‑through confirmations as mitigations.
This article explains the concept of digital signatures, their role in verifying data integrity and origin, outlines common algorithms such as RSA, DSS, and hash‑based signatures, and details the full PKI‑based workflow—including authentication, signing, and verification—while also describing how to combine encryption with signatures for confidential transmission.
Web traffic hijacking exploits the plaintext nature of HTTP to inject malicious scripts, steal cookies and saved passwords, poison caches or offline storage, bypass HTTPS redirects, and even compromise downloads, making unauthenticated browsing, auto‑fill features, and public Wi‑Fi especially dangerous without proper defenses.
