Tagged articles

994 articles

Page 4 of 10

Apr 6, 2024 · Information Security

Comprehensive Guide to Malicious Website Anti‑Fraud: Detection, Operation, and Modeling

This article provides a detailed overview of malicious website anti‑fraud, covering classification, development, operational tactics, revenue models, multi‑dimensional anomaly detection, and advanced counter‑measure models such as fingerprint, text, image, complex network, and multimodal approaches.

Anomaly DetectionGraph Neural NetworkInformation Security

0 likes · 16 min read

Comprehensive Guide to Malicious Website Anti‑Fraud: Detection, Operation, and Modeling

Su San Talks Tech

Apr 5, 2024 · Information Security

How Data Masking Protects Sensitive Information: Techniques & Best Practices

This article explains why personal data leaks happen, defines data masking (desensitization), compares static and dynamic masking, and details six common masking techniques—invalidating, randomization, replacement, symmetric encryption, averaging, and offsetting—to help developers safeguard privacy.

Dynamic MaskingInformation Securitydata anonymization

0 likes · 8 min read

How Data Masking Protects Sensitive Information: Techniques & Best Practices

IT Services Circle

Apr 4, 2024 · Information Security

Understanding HTTPS: Security Principles, SSL/TLS, and Encryption Mechanisms

HTTPS secures web communication by adding SSL/TLS encryption to HTTP, providing confidentiality, integrity, authentication, and non-repudiation through a combination of symmetric and asymmetric cryptography, hash functions, digital signatures, and certificate authorities, while addressing migration concerns and performance considerations.

HTTPSInformation SecuritySSL/TLS

0 likes · 18 min read

Understanding HTTPS: Security Principles, SSL/TLS, and Encryption Mechanisms

Wukong Talks Architecture

Apr 1, 2024 · Information Security

Investigation of the xz Backdoor Vulnerability and Its Attack Chain

A recent security analysis reveals how a malicious contributor infiltrated the open‑source xz compression tool over two and a half years, inserted a backdoor using IFUNC hooks to compromise OpenSSH, and was eventually uncovered due to a CPU‑spike bug, highlighting severe risks for Linux and macOS systems.

Information SecurityOpenSSHbackdoor

0 likes · 8 min read

Investigation of the xz Backdoor Vulnerability and Its Attack Chain

MaGe Linux Operations

Apr 1, 2024 · Information Security

Understanding SSL Mutual Authentication vs. One‑Way Authentication

This article explains the fundamentals of SSL/TLS certificates, compares one‑way server authentication with mutual (two‑way) authentication using client certificates, and outlines the handshake processes, required components, and typical enterprise use cases.

Information SecuritySSLTLS

0 likes · 8 min read

Understanding SSL Mutual Authentication vs. One‑Way Authentication

Software Development Quality

Mar 28, 2024 · Information Security

How to Install and Activate Burp Suite Professional: Step‑by‑Step Guide

This article provides a detailed, step‑by‑step tutorial for installing and activating Burp Suite Professional, covering file extraction, PowerShell script execution, license entry, manual activation, and final verification, complemented by screenshots for each major step.

Burp SuiteInformation SecurityPowerShell

0 likes · 4 min read

How to Install and Activate Burp Suite Professional: Step‑by‑Step Guide

Aikesheng Open Source Community

Mar 19, 2024 · Information Security

Risks of Granting MySQL Authentication Table Permissions and How to Mitigate Them

The article explains how granting ordinary MySQL users full access to authentication tables can lead to severe privilege‑escalation risks, demonstrates the issue with concrete scenarios, and provides mitigation strategies including the use of MySQL 8.0 partial revokes and the principle of least privilege.

Information SecurityMySQLPartial Revokes

0 likes · 9 min read

Risks of Granting MySQL Authentication Table Permissions and How to Mitigate Them

Huolala Tech

Mar 19, 2024 · Information Security

How AI and Big Data Transform Information Security Risk Management

This article examines the evolution of information security risk management—from classic standards like GB/T20984 and ISO27001 to modern AI‑driven, big‑data approaches—detailing risk definitions, quantitative models, international guidelines, and future research directions.

BayesianInformation SecurityStandards

0 likes · 14 min read

How AI and Big Data Transform Information Security Risk Management

DataFunSummit

Mar 16, 2024 · Information Security

Building a Fraud Advertising Flow Risk‑Control System: Eight Key Elements and Practical Practices

This article shares practical experience from Shumei on constructing a fraud‑advertising flow risk‑control system, detailing eight essential elements, scenario analysis, black‑industry pathways, event design, strategy formulation, implementation methods, value demonstration, and a Q&A session for developers and product teams.

Information Securityadvertising securitybusiness strategy

0 likes · 17 min read

Building a Fraud Advertising Flow Risk‑Control System: Eight Key Elements and Practical Practices

Practical DevOps Architecture

Mar 14, 2024 · Information Security

Comprehensive Penetration Testing Course Outline

This article provides a detailed curriculum for a penetration testing training program, covering operating system basics, web services, database setup, Kali Linux installation, various hacking tools, common web vulnerabilities, SQL injection techniques, command execution, file upload and inclusion flaws, XSS, CSRF, SSRF, privilege escalation, and internal network exploitation.

Information SecurityVulnerability analysisethical hacking

0 likes · 10 min read

Comprehensive Penetration Testing Course Outline

Top Architect

Mar 12, 2024 · Information Security

Why Permission Management Is Needed and How to Design RBAC Models

The article explains the necessity of strict permission management in enterprises, introduces various permission models such as basic RBAC, role‑inheritance RBAC and constrained RBAC, and provides detailed table designs and best‑practice recommendations for implementing scalable and secure access control systems.

Information SecurityPermission managementRBAC

0 likes · 22 min read

Why Permission Management Is Needed and How to Design RBAC Models

Liangxu Linux

Mar 10, 2024 · Information Security

How to Secure Your Login API Against Brute‑Force, MITM, and Other Attacks

This article explains common login security risks such as brute‑force cracking, CAPTCHA bypass, IP‑based blocking, man‑in‑the‑middle attacks, and shows practical countermeasures like captcha enforcement, login throttling, phone verification, HTTPS adoption, and data encryption.

CaptchaHTTPSInformation Security

0 likes · 10 min read

How to Secure Your Login API Against Brute‑Force, MITM, and Other Attacks

21CTO

Mar 7, 2024 · Information Security

What the LINE Data Breach Reveals About Tech‑Stack Security and Governance

In December 2023 a massive data breach exposed over 510,000 LINE users, prompting the Japanese government to order LINE and its parent NAVER to overhaul their shared technology stack, tighten authentication, and separate their cloud infrastructures to prevent future security failures.

Information SecurityTechnology Stackcloud security

0 likes · 6 min read

What the LINE Data Breach Reveals About Tech‑Stack Security and Governance

Java Architect Essentials

Mar 3, 2024 · Information Security

How to Secure Login APIs: Defending Against Brute Force, MITM, and More

This article examines common login vulnerabilities such as brute‑force attacks, CAPTCHA bypass, IP‑based lockouts, and man‑in‑the‑middle threats, and provides practical mitigation techniques—including password‑retry limits, CAPTCHA, SMS verification, HTTPS enforcement, and logging—to harden web authentication systems.

CaptchaHTTPSIP blocking

0 likes · 11 min read

How to Secure Login APIs: Defending Against Brute Force, MITM, and More

Ops Development & AI Practice

Feb 23, 2024 · Information Security

Understanding the TLS Handshake: Step-by-Step Guide to Secure Communication

TLS handshake is the essential process that establishes encrypted communication between a client and server, involving a series of messages such as ClientHello, ServerHello, certificate exchange, key exchange, and verification steps that culminate in a shared secret for secure data transmission.

HandshakeInformation SecurityTLS

0 likes · 5 min read

Understanding the TLS Handshake: Step-by-Step Guide to Secure Communication

IT Services Circle

Feb 22, 2024 · Information Security

Temporary Fix for Explorer.exe Quarantined by Huorong Antivirus

The article explains why Huorong antivirus may mistakenly delete the Windows Explorer process, provides step‑by‑step commands to restore explorer.exe and add it to the whitelist, and also includes a promotional book giveaway for readers.

AntivirusExplorerHuorong

0 likes · 4 min read

Temporary Fix for Explorer.exe Quarantined by Huorong Antivirus

ITPUB

Feb 18, 2024 · Information Security

How Misconfigured Cloud Buckets Exposed BMW and Mercedes Secrets – Lessons for Secure Cloud Practices

Recent reports reveal that misconfigured Azure storage buckets and exposed GitHub keys leaked sensitive BMW and Mercedes data, highlighting how simple cloud configuration errors can lead to massive breaches and underscoring the need for strict security controls and best‑practice cloud management.

AzureBest PracticesGitHub

0 likes · 7 min read

How Misconfigured Cloud Buckets Exposed BMW and Mercedes Secrets – Lessons for Secure Cloud Practices

Mike Chen's Internet Architecture

Feb 15, 2024 · Information Security

Mastering Single Sign-On: How CAS Simplifies User Authentication Across Systems

Single Sign-On (SSO) lets users log in once to access multiple trusted applications, and this article explains its necessity, core components like CAS Server, Client, and Service, the authentication flow, and common use cases in e‑commerce, enterprises, education, and finance.

AuthenticationCASInformation Security

0 likes · 7 min read

Mastering Single Sign-On: How CAS Simplifies User Authentication Across Systems

Java Tech Enthusiast

Jan 21, 2024 · Information Security

Security Risks of Exposing Your Public IP Address

Exposing your public IP address can invite DDoS floods, vulnerability scanning, privacy breaches, and targeted phishing or malware attacks, so you should protect it with firewalls, regular updates, secure VPN connections, and by avoiding public disclosure on social platforms.

DDoSInformation SecurityPublic IP

0 likes · 3 min read

Security Risks of Exposing Your Public IP Address

AntTech

Jan 18, 2024 · Information Security

The Value of Security Technology in the Digital Age – Summary of Lü Peng’s Report Presentation

The report released by the Chinese Academy of Social Sciences and Ant Group highlights how security technology, now a public good alongside AI, is essential for managing accelerating digital risks, outlines its four pillars, and proposes collaborative strategies to make security technology a universal, socially responsible foundation for the digital society.

AI riskInformation Securitydigital society

0 likes · 14 min read

The Value of Security Technology in the Digital Age – Summary of Lü Peng’s Report Presentation

Python Programming Learning Circle

Jan 17, 2024 · Information Security

How to Retrieve Saved WiFi Passwords on Windows Using CMD and Python

This guide shows how to list and export all saved WiFi profiles on a Windows PC via the command prompt and a Python script, explains the use of the subprocess module for executing system commands, and includes notes on UTF‑8 handling and related code examples.

CMDInformation SecurityPython

0 likes · 7 min read

How to Retrieve Saved WiFi Passwords on Windows Using CMD and Python

Efficient Ops

Jan 8, 2024 · Information Security

How a Securities Firm Built a 100‑Day DevSecOps Prototype

At the 21st GOPS Global Operations Conference in Shanghai, Shenwan Hongyuan Securities' application security lead Wang Biansi detailed a step‑by‑step 100‑day journey to create a DevSecOps sample room, covering goal setting, research, platform design, tool integration, and security training.

Application SecurityDevSecOpsInformation Security

0 likes · 5 min read

How a Securities Firm Built a 100‑Day DevSecOps Prototype

21CTO

Jan 8, 2024 · Information Security

How Lei Jun’s 1992 Expert System Pioneered Virus Detection – A Forgotten AI Breakthrough

During his 2023 'Growth' speech, Lei Jun recalled his 1992 university paper on a computer virus detection expert system—once a pioneering AI approach published in *Computer Research and Development*—which resurfaced online after 30 years, sparking admiration for its forward‑thinking security insights.

Information SecurityLei Juncomputer science

0 likes · 3 min read

How Lei Jun’s 1992 Expert System Pioneered Virus Detection – A Forgotten AI Breakthrough

21CTO

Jan 7, 2024 · Fundamentals

What Will Shape Software Development in 2024? Key Trends to Watch

The 2024 software development landscape will be driven by AI and machine‑learning integration, blockchain expansion, multi‑runtime microservices, heightened security, AR/VR adoption, sustainable coding, serverless, edge and quantum computing, as well as evolving programming languages and low‑code platforms.

2024 trendsAIBlockchain

0 likes · 16 min read

What Will Shape Software Development in 2024? Key Trends to Watch

OPPO Amber Lab

Dec 27, 2023 · Information Security

How OPPO Secures Global Smart Devices with BSIMM‑Driven Compliance

At the 7th Cloud Security Alliance Greater China Conference, OPPO’s security chief outlined the challenges of global smart‑device compliance and shared a BSIMM‑based framework for building robust enterprise security systems that bridge legal, technical, and operational hurdles.

BSIMMInformation SecurityOPPO

0 likes · 4 min read

How OPPO Secures Global Smart Devices with BSIMM‑Driven Compliance

php Courses

Dec 26, 2023 · Information Security

Preventing Cross-Site Scripting (XSS) in PHP Using Data Filtering

This article explains the principles of XSS attacks and demonstrates how to prevent them in PHP by using htmlspecialchars for output escaping, mysqli or PDO prepared statements for database queries, and the filter_var function with appropriate filters, providing clear code examples for each method.

Data FilteringInformation SecurityPHP

0 likes · 5 min read

Preventing Cross-Site Scripting (XSS) in PHP Using Data Filtering

Liangxu Linux

Dec 23, 2023 · Information Security

How HTTPS Secures Your Data: A Beginner’s Guide to Encryption, Integrity, and Trust

This article explains why HTTPS is needed, defines the protocol, describes the four security properties—confidentiality, integrity, authentication, and non‑repudiation—covers symmetric and asymmetric encryption, hybrid encryption, hash functions, digital signatures, certificate authorities, and the trust chain that together protect web communications.

Certificate AuthorityHTTPSInformation Security

0 likes · 15 min read

How HTTPS Secures Your Data: A Beginner’s Guide to Encryption, Integrity, and Trust

Alibaba Cloud Native

Dec 22, 2023 · Cloud Native

Secure Sensitive Configurations in MSE Nacos Using KMS Encryption

This guide explains how MSE Nacos integrates with Alibaba Cloud KMS to encrypt and protect sensitive configuration data, covering the security challenges, architecture, encryption/decryption workflows, recommended configuration items, step‑by‑step setup, and Java/Go SDK examples for cloud‑native applications.

Configuration EncryptionInformation SecurityJava

0 likes · 16 min read

Secure Sensitive Configurations in MSE Nacos Using KMS Encryption

Efficient Ops

Dec 17, 2023 · Information Security

How China Postal Savings Bank Achieved Advanced DevSecOps Standards

China Postal Savings Bank’s software R&D center detailed how its Gold‑Metal Cloud Mall project passed the CAICT DevSecOps Level‑2 assessment, showcasing a comprehensive cultural, process and technical rollout that boosted security metrics, cross‑team collaboration, and positioned the bank at the forefront of digital transformation.

DevSecOpsDigital TransformationInformation Security

0 likes · 17 min read

How China Postal Savings Bank Achieved Advanced DevSecOps Standards

Open Source Linux

Dec 15, 2023 · Information Security

Understanding Ransomware: Types, Attack Methods, and Effective Defenses

This article explains what ransomware is, outlines its main variants such as encryption‑based, lock‑screen and doxware ransomware, describes common infection vectors like brute‑force, phishing and exploit kits, and provides practical network‑ and host‑side defenses as well as response steps if an attack occurs.

DefenseInformation SecurityRansomware

0 likes · 9 min read

Understanding Ransomware: Types, Attack Methods, and Effective Defenses

Open Source Linux

Dec 11, 2023 · Information Security

Stealing Keys from Air‑Gapped PCs via Electromagnetic Eavesdropping

Researchers demonstrate a $3,000 electromagnetic detector that can capture encryption keys and other sensitive data from computers that are not connected to any network, revealing a fast, non‑intrusive side‑channel attack that bypasses traditional security measures.

Hardware HackingInformation SecuritySide-channel attack

0 likes · 5 min read

Stealing Keys from Air‑Gapped PCs via Electromagnetic Eavesdropping

php Courses

Dec 8, 2023 · Information Security

Critical Bluetooth Vulnerability CVE-2023-45866 Affects Android, iOS, Linux, and macOS

A high‑severity Bluetooth vulnerability (CVE‑2023‑45866) discovered by SkySafe researcher Marc Newlin allows attackers to bypass authentication, pair a fake keyboard, and execute code on Android, iOS, Linux, and macOS devices, with Google’s December Android security update already addressing the issue.

AndroidBluetoothCVE-2023-45866

0 likes · 2 min read

Critical Bluetooth Vulnerability CVE-2023-45866 Affects Android, iOS, Linux, and macOS

Code Ape Tech Column

Dec 7, 2023 · Information Security

Implementing Symmetric and Asymmetric Encryption, Digital Signatures, and Dynamic URL Encryption in Spring Cloud Gateway

This article explains the principles of symmetric and asymmetric encryption, digital signatures, HTTPS with CA, and demonstrates how to generate RSA keys, handle symmetric keys, encrypt URLs with AES, and verify signatures using custom Spring Cloud Gateway filters, complete with Java code examples.

Information Securitydigital signatureencryption

0 likes · 24 min read

Implementing Symmetric and Asymmetric Encryption, Digital Signatures, and Dynamic URL Encryption in Spring Cloud Gateway

Open Source Linux

Nov 28, 2023 · Information Security

How a Screen‑Sharing Slip Exposed Nvidia to a Multi‑Million Dollar IP Lawsuit

A careless screen‑sharing mistake by Nvidia engineer Mohammad Moniruzzaman revealed Valeo's confidential automotive source code, leading to a German court conviction, a hefty fine, and a lawsuit accusing Nvidia of profiting from stolen intellectual property.

IP theftInformation SecurityNVIDIA

0 likes · 7 min read

How a Screen‑Sharing Slip Exposed Nvidia to a Multi‑Million Dollar IP Lawsuit

Huawei Cloud Developer Alliance

Nov 27, 2023 · Information Security

LockBit Ransomware Attack on a Bank: Tactics, Impact, and Huawei Cloud Defense

The article details a recent LockBit ransomware attack on a bank’s US subsidiary, explains the malware’s intrusion, infection, and data‑exfiltration tactics, and outlines Huawei Cloud Host Security’s risk‑prevention, detection, and data‑recovery measures to defend against such threats.

Huawei CloudInformation SecurityLockBit

0 likes · 8 min read

LockBit Ransomware Attack on a Bank: Tactics, Impact, and Huawei Cloud Defense

DataFunSummit

Nov 23, 2023 · Information Security

How DCMM Supports Digital Transformation and Data Governance at XCMG Mining Machinery Co., Ltd.

This article details how XCMG Mining Machinery leveraged the DCMM framework to drive digital transformation, improve data governance, address data quality and security challenges, and establish a sustainable data-driven culture across the organization, highlighting the background, implementation steps, lessons learned, and future outlook.

DCMMData QualityDigital Transformation

0 likes · 25 min read

How DCMM Supports Digital Transformation and Data Governance at XCMG Mining Machinery Co., Ltd.

Huolala Tech

Nov 21, 2023 · Information Security

Understanding China’s Cybersecurity Grade Protection (等级保护) System and 2.0 Standards

This article explains the evolution, legal basis, supervising agencies, definitions, core standards, and implementation process of China’s cybersecurity grade protection system, including the transition to the 2.0 framework and the required filing, construction, assessment, and supervision steps.

ChinaGrade ProtectionInformation Security

0 likes · 12 min read

Understanding China’s Cybersecurity Grade Protection (等级保护) System and 2.0 Standards

JD Retail Technology

Nov 13, 2023 · Information Security

Red‑Blue Adversarial Testing for a Big Data Platform: Process, Benefits, and Best Practices

This article outlines the red‑blue adversarial testing process for a big‑data platform during the Double‑Eleven promotion, detailing its purpose, benefits, step‑by‑step execution, common issues, and recommendations to improve system reliability and security.

Incident ResponseInformation Securitychaos engineering

0 likes · 12 min read

Red‑Blue Adversarial Testing for a Big Data Platform: Process, Benefits, and Best Practices

Architects' Tech Alliance

Nov 9, 2023 · Fundamentals

China Xinchuang (Information Technology Innovation) Industry Report 2023: Development History, Market Size, and Investment Opportunities

The 2023 China Xinchuang industry report analyzes the sector's evolution, policy environment, market scale, value chain, cost structure, and investment opportunities across hardware, operating systems, middleware, databases, cloud computing, and information security, highlighting a projected market size of 8 trillion CNY by 2025.

ChinaIT industryInformation Security

0 likes · 20 min read

China Xinchuang (Information Technology Innovation) Industry Report 2023: Development History, Market Size, and Investment Opportunities

Data Thinking Notes

Nov 8, 2023 · Information Security

Building a Comprehensive Data Security Framework: From Protection to Operations

This guide outlines a complete data security architecture, covering protection systems, design principles, overall framework concepts, management and technical systems, and operational processes, emphasizing holistic, lifecycle‑focused strategies rather than isolated security domains.

Data LifecycleData SecurityInformation Security

0 likes · 2 min read

Building a Comprehensive Data Security Framework: From Protection to Operations

AntTech

Nov 4, 2023 · Information Security

Native Security Paradigm and Parallel Security Aspects for Enterprise Digital Transformation

The whitepaper examines how exploding complexity in digitally transformed enterprises demands a native security paradigm and parallel security aspects that embed distributed, real‑time, and tool‑driven protection into system design, enabling high integration and low coupling between security and business functions.

Digital TransformationInformation Securityenterprise

0 likes · 11 min read

Native Security Paradigm and Parallel Security Aspects for Enterprise Digital Transformation

Architects Research Society

Nov 1, 2023 · Information Security

Roles and Responsibilities of a Security Architecture Team

The article outlines the composition and responsibilities of a security architecture team, detailing the roles of Security Architect, Information Security Architect, CISO, and Security Analyst, their required business and technical skills, risk management, threat modeling, and how they integrate with enterprise architecture.

CISOInformation SecuritySecurity Architecture

0 likes · 11 min read

Roles and Responsibilities of a Security Architecture Team

Data Thinking Notes

Oct 31, 2023 · Information Security

Why Data Classification & Grading Is Critical for Enterprise Security

This article explains the legal and strategic importance of data classification and grading in China, outlines the relevant regulations, describes the principles and processes for implementing classification, and offers practical steps for enterprises to secure data while meeting compliance and business needs.

Data SecurityEnterprise ComplianceInformation Security

0 likes · 11 min read

Why Data Classification & Grading Is Critical for Enterprise Security

Laravel Tech Community

Oct 29, 2023 · Information Security

Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)

Apache ActiveMQ versions prior to 5.18.3 are vulnerable to a deserialization flaw that allows remote code execution via crafted OpenWire messages on port 61616, affecting various activemq-client and activemq-openwire-legacy artifacts, and can be mitigated by upgrading to 5.15.16, 5.16.7, 5.17.6, 5.18.3 or later.

Apache ActiveMQDeserializationInformation Security

0 likes · 3 min read

Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)

php Courses

Oct 24, 2023 · Information Security

Using PHP Encryption Functions for Data Protection

This article explains PHP's built‑in encryption functions—including OpenSSL encryption/decryption, hashing, and password handling—shows how to generate keys, encrypt and decrypt data, and provides best‑practice tips for securely protecting sensitive information in PHP applications.

Data ProtectionInformation SecurityOpenSSL

0 likes · 5 min read

Using PHP Encryption Functions for Data Protection

AntTech

Oct 20, 2023 · Information Security

Digital Accessible Online Movie Service for the Visually Impaired: Privacy Computing, Blockchain, and Secure Identity Verification

The article describes how Ant Group and partners created an accessible online movie platform for visually impaired users in China, employing innovative privacy‑computing, blockchain, and terminal‑security technologies to enable secure, minimal‑disclosure identity verification and protect intellectual‑property rights.

Identity verificationInformation SecurityPrivacy Computing

0 likes · 6 min read

Digital Accessible Online Movie Service for the Visually Impaired: Privacy Computing, Blockchain, and Secure Identity Verification

Java Architect Essentials

Oct 13, 2023 · Information Security

Understanding JWT Claims and Token Renewal Strategies

This article explains the structure of JWT payloads, enumerates standard and custom claims, demonstrates how to generate tokens with expiration using Java code, and compares single‑token and double‑token renewal schemes—including Redis storage and WeChat OAuth2.0 examples—to help developers manage authentication securely.

Backend DevelopmentInformation Securitytoken refresh

0 likes · 7 min read

Understanding JWT Claims and Token Renewal Strategies

MaGe Linux Operations

Oct 12, 2023 · Information Security

How to Detect and Bypass CDN to Reveal a Website’s Real IP

This guide explains why CDNs hide a site's true IP, how to determine if a website uses a CDN, and outlines practical techniques—including DNS queries, online tools, sub‑domain analysis, email reverse lookup, and scanning scripts—to bypass the CDN and discover the real server address.

CDNIP discoveryInformation Security

0 likes · 8 min read

How to Detect and Bypass CDN to Reveal a Website’s Real IP

Open Source Linux

Sep 27, 2023 · Information Security

How Companies Spy on Your WeChat Chats and How to Defend Your Privacy

Despite modern privacy expectations, many companies in 2023 still monitor employees' chat records using root‑level management software and network interception, exposing personal WeChat conversations; this article explains the surveillance methods, real‑world examples, and practical steps employees can take to protect their privacy.

Information SecurityWeChatcompany policies

0 likes · 5 min read

How Companies Spy on Your WeChat Chats and How to Defend Your Privacy

Data Thinking Notes

Sep 24, 2023 · Information Security

How to Build a Robust Data Security Governance Framework: Steps & Best Practices

Data security governance, essential for modern enterprises, involves classifying and authorizing data, implementing scenario-based protections, and establishing comprehensive frameworks that address compliance, asset management, process control, and continuous improvement, guiding organizations through strategic planning, organizational structuring, policy creation, and ongoing operational monitoring.

ComplianceData SecurityFramework

0 likes · 15 min read

How to Build a Robust Data Security Governance Framework: Steps & Best Practices

21CTO

Sep 24, 2023 · Information Security

What the Recent Hack of Donald Trump Jr.’s X Account Reveals About Platform Security

A recent breach of Donald Trump Jr.'s X account exposed fake posts, highlighted ongoing security flaws on the platform, and underscored the broader challenges of protecting user data against sophisticated hacking attempts.

Information SecurityX Platformdata breach

0 likes · 5 min read

What the Recent Hack of Donald Trump Jr.’s X Account Reveals About Platform Security

Laravel Tech Community

Sep 20, 2023 · Information Security

Analysis of a ThinkPHP 6.0 Deserialization Exploit Chain via LeagueFlysystem Cached Storage

This article analyzes a ThinkPHP 6.0 deserialization exploit chain that leverages LeagueFlysystem's cached storage classes, detailing the sequence from __destruct to write, showing how controllable parameters enable arbitrary file writes and providing a proof‑of‑concept demonstration.

DeserializationInformation SecurityLeagueFlysystem

0 likes · 7 min read

Analysis of a ThinkPHP 6.0 Deserialization Exploit Chain via LeagueFlysystem Cached Storage

MaGe Linux Operations

Sep 12, 2023 · Information Security

Mastering Container Vulnerability Management: Secure DevOps Strategies

This article explains how containers work, outlines the challenges of detecting and fixing vulnerabilities throughout the software lifecycle, and presents practical strategies—including CI/CD pipeline, registry, runtime, and host scanning—plus key principles for building a robust container security program.

DevOpsInformation SecurityVulnerability Management

0 likes · 7 min read

Mastering Container Vulnerability Management: Secure DevOps Strategies

AntTech

Sep 12, 2023 · Artificial Intelligence

Ensuring Trustworthy and Secure AI: Insights from the 2023 Pujiang Innovation Forum

The 2023 Pujiang Innovation Forum highlighted the rapid rise of generative AI, its associated security and privacy risks, and presented Ant Group's multi‑stage, multi‑layered approach—including data, training, and inference controls and three core defense technologies—to achieve safe, reliable, and open knowledge sharing in the era of large language models.

Information SecurityLarge Language Modelsknowledge sharing

0 likes · 10 min read

Ensuring Trustworthy and Secure AI: Insights from the 2023 Pujiang Innovation Forum

IT Services Circle

Sep 8, 2023 · Information Security

High‑Severity Vulnerabilities Discovered in Notepad++ (CVE‑2023‑40031, CVE‑2023‑40036, CVE‑2023‑40164, CVE‑2023‑40166)

Security researchers have identified four high‑severity buffer‑overflow vulnerabilities (CVE‑2023‑40031, CVE‑2023‑40036, CVE‑2023‑40164, CVE‑2023‑40166) in the popular open‑source editor Notepad++, disclosed after the developers failed to patch them before the release of version 8.5.6, urging users to apply mitigations.

CVEInformation SecurityNotepad++

0 likes · 3 min read

High‑Severity Vulnerabilities Discovered in Notepad++ (CVE‑2023‑40031, CVE‑2023‑40036, CVE‑2023‑40164, CVE‑2023‑40166)

Architect

Sep 4, 2023 · Information Security

Design and Implementation of a Unified Permission Management Service (MPS)

This article details the design and development of a unified permission management service (MPS) that consolidates RBAC, ACL, and DAC models to solve fragmented enterprise permission issues, covering requirement analysis, technical selection, functional modules, deployment, and performance outcomes.

DACGoInformation Security

0 likes · 16 min read

Design and Implementation of a Unified Permission Management Service (MPS)

Liangxu Linux

Aug 22, 2023 · Information Security

Explore siusiu: A Docker‑Based Penetration Testing Toolbox with Over 50 Ready‑to‑Use Security Tools

siusiu is a Docker‑based penetration testing toolbox that bundles more than 50 security utilities, offers an interactive console for listing, downloading, and running tools, supports non‑interactive mode, and can be installed via binary, Git, or Go with detailed usage commands.

DockerInformation Securitypenetration testing

0 likes · 5 min read

Explore siusiu: A Docker‑Based Penetration Testing Toolbox with Over 50 Ready‑to‑Use Security Tools

Java Interview Crash Guide

Aug 18, 2023 · Information Security

How to Perform Fuzzy Search on Encrypted Data: Practical Methods and Pitfalls

This article examines why encrypted data hinders fuzzy queries and presents three categories of solutions—naïve, conventional, and advanced—detailing their implementations, performance trade‑offs, and security implications to help developers choose an appropriate approach.

Information Securityalgorithmencrypted data

0 likes · 9 min read

How to Perform Fuzzy Search on Encrypted Data: Practical Methods and Pitfalls

MaGe Linux Operations

Aug 17, 2023 · Information Security

Explore siusiu: A Docker‑Powered Penetration Testing Toolbox

siusiu is a Docker‑based penetration testing toolbox that bundles dozens of security utilities as Docker images, offering an easy‑to‑use console, multiple installation methods, and a rich command set for both interactive and scripted security assessments.

DevOpsDockerInformation Security

0 likes · 6 min read

Explore siusiu: A Docker‑Powered Penetration Testing Toolbox

21CTO

Aug 15, 2023 · Information Security

Can Your Keyboard’s Sound Leak Your Password? AI‑Powered Acoustic Eavesdropping

A recent UK study demonstrates that a deep‑learning model can analyze audio recordings of keystrokes—captured via microphones or video‑call platforms like Zoom—to infer typed characters with up to 95 % accuracy, highlighting a serious acoustic side‑channel threat to passwords and other sensitive information.

Information Securityacoustic side-channelaudio eavesdropping

0 likes · 4 min read

Can Your Keyboard’s Sound Leak Your Password? AI‑Powered Acoustic Eavesdropping

AntTech

Aug 15, 2023 · Information Security

VILLAIN: Backdoor Attacks Against Vertical Split Learning Presented at USENIX Security 2023

The paper "VILLAIN: Backdoor Attacks Against Vertical Split Learning" introduced at USENIX Security 2023 proposes a novel framework that enables label‑free attackers to infer data labels and inject backdoors into vertically partitioned federated learning models, highlighting new security challenges and defense considerations for collaborative AI systems.

Information SecurityUSENIX Securitybackdoor attack

0 likes · 4 min read

VILLAIN: Backdoor Attacks Against Vertical Split Learning Presented at USENIX Security 2023

Huolala Tech

Aug 15, 2023 · Information Security

How Modern Security Risk Assessment Evolved: Key Features and Practical Insights

This article examines the expanded scope, updated standards, and practical workflow of security risk assessment in today's regulatory environment, offering detailed guidance on assessment criteria, target objects, methodologies, organizational steps, and decision‑making for effective risk management.

ComplianceData ProtectionInformation Security

0 likes · 9 min read

How Modern Security Risk Assessment Evolved: Key Features and Practical Insights

Cloud Native Technology Community

Aug 15, 2023 · Information Security

How to Secure Container Environments with DevSecOps: A Practical Guide

This article explains why container security is critical, outlines common threats such as image vulnerabilities, runtime escapes, network isolation, compliance, and orphaned containers, and shows how DevSecOps practices and automation tools can protect the entire container lifecycle.

DevSecOpsInformation Securityautomation

0 likes · 8 min read

How to Secure Container Environments with DevSecOps: A Practical Guide

Laravel Tech Community

Aug 8, 2023 · Information Security

Generating SSL Certificates with OpenSSL and Configuring Nginx for HTTPS

This guide explains three ways to generate SSL certificates using OpenSSL, including creating a private key, self‑signed certificate, and CSR‑based signing, and shows how to configure Nginx to enable HTTPS with the generated certificates.

CertificateHTTPSInformation Security

0 likes · 4 min read

Generating SSL Certificates with OpenSSL and Configuring Nginx for HTTPS

MaGe Linux Operations

Jul 28, 2023 · Information Security

What Made Wireshark Thrive for 25 Years? Key Lessons from Its History

Celebrating Wireshark's 25‑year journey, this article recounts its origin as Ethereal, the community‑driven growth, pivotal milestones, and the essential support structures that turned a simple open‑source packet analyzer into a cornerstone tool for network reliability, education, and security worldwide.

Information SecurityWiresharknetwork analysis

0 likes · 5 min read

What Made Wireshark Thrive for 25 Years? Key Lessons from Its History

AntTech

Jul 26, 2023 · Information Security

Ant Group and Nanyang Technological University Launch Collaboration on Private Set Intersection Privacy Computing

On July 25, Ant Group and Singapore's Nanyang Technological University announced a research partnership to advance Private Set Intersection (PSI) privacy‑computing technology using Ant's YinYu framework, aiming to improve secure machine‑learning and data‑analysis applications while aligning with regional data‑privacy initiatives.

Information SecurityPrivacy Computingntu

0 likes · 4 min read

Ant Group and Nanyang Technological University Launch Collaboration on Private Set Intersection Privacy Computing

Alibaba Cloud Developer

Jul 21, 2023 · Information Security

Mastering Systematic Problem Solving for Complex Security Challenges

This article explores how to systematically tackle complex security problems by defining system thinking, distinguishing simple from complex issues, and applying a comprehensive, deep, and dynamic approach illustrated with a data‑leakage case study and practical recommendations for future security strategy.

Information Securitycase studycomplex problems

0 likes · 16 min read

Mastering Systematic Problem Solving for Complex Security Challenges

21CTO

Jul 20, 2023 · Information Security

Kevin Mitnick: From World’s Most Wanted Hacker to Security Guru

Kevin Mitnick, once dubbed the world’s most famous hacker and the first to be pursued by the FBI, transformed from a teenage social‑engineering prodigy into a celebrated information‑security consultant, author, and founder of Mitnick Security, leaving a lasting impact on computer security after his 2023 death.

Information SecurityKevin Mitnickcomputer security

0 likes · 5 min read

Kevin Mitnick: From World’s Most Wanted Hacker to Security Guru

Efficient Ops

Jul 19, 2023 · Information Security

How Shenwan Hongyuan Achieved National‑Level DevSecOps Excellence

Shenwan Hongyuan Securities showcased its advanced DevSecOps capabilities by passing the CAICT's DevSecOps security and risk management assessment and DevOps continuous delivery level‑3 evaluation, sharing detailed cultural, process, and technical practices that boost software security across the full lifecycle.

Continuous DeliveryDevOpsDevSecOps

0 likes · 12 min read

How Shenwan Hongyuan Achieved National‑Level DevSecOps Excellence

IT Services Circle

Jul 13, 2023 · Information Security

Manual Mitigation Steps for BlackLotus UEFI Bootkit (CVE‑2023‑24932) and Microsoft’s Three‑Phase Update Strategy

This article explains the BlackLotus UEFI bootkit (CVE‑2023‑24932), outlines Microsoft's three‑phase remediation strategy, details the KB5025885 and KB5028166/KB5028185 updates, provides a simplified registry command for manual activation, and warns of compatibility issues for legacy boot managers.

BootkitCVE-2023-24932Information Security

0 likes · 6 min read

Manual Mitigation Steps for BlackLotus UEFI Bootkit (CVE‑2023‑24932) and Microsoft’s Three‑Phase Update Strategy

MaGe Linux Operations

Jul 9, 2023 · Information Security

Master Internal Network Tunneling: NPS, FRP, EW, and NGROK Explained

This guide introduces several popular internal network tunneling tools—including NPS/NPC, FRP, EW, and NGROK—explaining their core principles, key features, installation steps, configuration files, and practical usage scenarios such as RDP, SSH, web services, file sharing, and advanced options like encryption, compression, TLS, and bandwidth limiting.

Information SecurityInternal toolsNPS

0 likes · 16 min read

Master Internal Network Tunneling: NPS, FRP, EW, and NGROK Explained

Liangxu Linux

Jul 9, 2023 · Information Security

Mastering tcpdump: Essential Commands and Real‑World Examples for Network Analysis

This guide explains how to use tcpdump (and its predecessor ethereal) for capturing and analyzing network traffic, describes key command‑line options, and provides dozens of practical examples ranging from basic packet dumps to complex filtered captures and related networking utilities.

Information SecurityLinuxNetwork Monitoring

0 likes · 17 min read

Mastering tcpdump: Essential Commands and Real‑World Examples for Network Analysis

php Courses

Jul 6, 2023 · Information Security

Anonymous Sudan Claims to Have Stolen Microsoft Customer Database; Microsoft Denies the Allegations

Anonymous Sudan alleges it has breached Microsoft’s servers and obtained a database containing over 30 million customer credentials, while Microsoft firmly denies any such breach, prompting widespread debate over the hacker group’s capabilities, motives, and the broader implications for information security.

Anonymous SudanCyberattackInformation Security

0 likes · 4 min read

Anonymous Sudan Claims to Have Stolen Microsoft Customer Database; Microsoft Denies the Allegations

Python Programming Learning Circle

Jul 5, 2023 · Information Security

Renmin University Student Data Breach and the Hacker's Background

A recent data breach at Renmin University's website exposed thousands of students' personal information, revealing that the hacker, a former graduate student with a strong academic record and industry experience, was arrested, highlighting serious privacy and information security concerns in China.

ChinaInformation SecurityRenmin University

0 likes · 4 min read

Renmin University Student Data Breach and the Hacker's Background

php Courses

Jul 3, 2023 · Information Security

June API Security Vulnerability Report: MinIO, Joomla Rest API, and Argo CD Issues with Remediation Guidance

The June API security report highlights three critical vulnerabilities—MinIO unauthorized data exposure, Joomla Rest API unauthenticated access, and multiple Argo CD API flaws—detailing their impacts and providing concrete remediation steps to protect sensitive data and maintain system integrity.

API SecurityArgo CDInformation Security

0 likes · 4 min read

June API Security Vulnerability Report: MinIO, Joomla Rest API, and Argo CD Issues with Remediation Guidance

Efficient Ops

Jun 24, 2023 · Information Security

How ICBC Built a DevSecOps Security Framework to Accelerate Safe Software Delivery

This article explains how ICBC's software development center integrated DevSecOps practices—embedding security awareness, automating toolchains, and using metric‑driven assessments—to reduce vulnerabilities, lower compliance risk, and support a cloud‑native, secure smart‑banking ecosystem.

DevSecOpsInformation Securitysecurity automation

0 likes · 8 min read

How ICBC Built a DevSecOps Security Framework to Accelerate Safe Software Delivery

Alibaba Cloud Infrastructure

Jun 22, 2023 · Information Security

Cloud DNS: Challenges, Security Risks, and Future Directions Discussed at the Alibaba Cloud & Tsinghua University Forum

The forum highlighted the growing importance of DNS in cloud-era digital transformation, presented security challenges of cloud‑based DNS load balancing, and outlined research findings and future "DNS+" strategies to ensure stable, scalable, and secure internet naming services.

DNSDigital TransformationInformation Security

0 likes · 7 min read

Cloud DNS: Challenges, Security Risks, and Future Directions Discussed at the Alibaba Cloud & Tsinghua University Forum

HomeTech

Jun 21, 2023 · Information Security

Transparent Data Masking with AutoProxy Middleware at AutoHome

This article describes AutoHome's data security challenges in the big‑data era and explains how the self‑developed AutoProxy encryption middleware provides transparent, compliant data masking across legacy and new sensitive data, reducing cost, improving performance, and enabling automated masking workflows.

ComplianceInformation SecurityTransparent Encryption

0 likes · 8 min read

Transparent Data Masking with AutoProxy Middleware at AutoHome

Liangxu Linux

Jun 20, 2023 · Information Security

How AI Hallucinations Fuel Fake NPM Package Attacks and What You Can Do

The article explains how ChatGPT's hallucinations can generate non‑existent package links that attackers register and weaponize, demonstrates the attack with a fake Node.js npm package, and offers practical steps to detect and prevent such supply‑chain threats.

AI securityChatGPT hallucinationInformation Security

0 likes · 5 min read

How AI Hallucinations Fuel Fake NPM Package Attacks and What You Can Do

IT Services Circle

Jun 15, 2023 · Information Security

Microsoft Edge Image Super-Resolution Feature Raises Privacy Concerns and How to Disable It

Microsoft Edge's newly enabled image super‑resolution feature automatically enhances picture clarity but sends image URLs to Microsoft servers, prompting privacy concerns; the article explains the feature, its local processing claim, and provides step‑by‑step instructions to disable it in both stable and Canary builds.

Browser SettingsInformation SecurityMicrosoft Edge

0 likes · 3 min read

Microsoft Edge Image Super-Resolution Feature Raises Privacy Concerns and How to Disable It

DevOps Engineer

Jun 13, 2023 · Information Security

Understanding SBOM: Concepts, Relationship with SLSA and Black Duck, Best Practices, and Generation Tools

This article explains what a Software Bill of Materials (SBOM) is, compares it with SLSA and Black Duck, outlines best practices for creating and maintaining SBOMs, and reviews popular tools for generating SBOMs to improve software supply chain security.

Best PracticesBlack DuckInformation Security

0 likes · 11 min read

Understanding SBOM: Concepts, Relationship with SLSA and Black Duck, Best Practices, and Generation Tools

ITPUB

Jun 12, 2023 · Information Security

Inside Microsoft’s May 2023 Patch: Win32k Exploit Details and Visual Studio Vulnerability

Microsoft’s May 2023 security update addressed 52 CVEs, including a critical Win32k privilege‑escalation flaw (CVE‑2023‑29336) exploited in the wild and a Visual Studio installer UI vulnerability (CVE‑2023‑28299), with researchers detailing the attack vectors, proof‑of‑concept exploits, and mitigation strategies.

CVE-2023-29336Information SecurityMicrosoft

0 likes · 6 min read

Inside Microsoft’s May 2023 Patch: Win32k Exploit Details and Visual Studio Vulnerability

Architects Research Society

Jun 10, 2023 · Information Security

Roles and Responsibilities of a Security Architecture Team

The article outlines the composition of a security architecture team, detailing the roles of security architect, information security architect, chief information security officer, and security analyst, along with their business and technical skills, organizational relationships, and key responsibilities in managing enterprise security.

CISOInformation SecuritySecurity Analyst

0 likes · 13 min read

ITPUB

Jun 9, 2023 · Information Security

The 70 Largest Data Breaches in History: Impact, Details, and Lessons Learned

This comprehensive list chronicles the 70 biggest data breach incidents ever recorded, detailing dates, affected records, compromised data types, and the security failures that exposed personal information for companies ranging from social networks to financial institutions.

Information Securitycybersecuritydata breach

0 likes · 43 min read

The 70 Largest Data Breaches in History: Impact, Details, and Lessons Learned

Rare Earth Juejin Tech Community

Jun 8, 2023 · Information Security

Understanding Browser Sandboxes: Types, Benefits, and Implementation

This article explains what browser sandboxes are, why they are crucial for web security, outlines their benefits, lists common sandboxed applications, describes various sandbox types, and provides practical guidance on using and disabling sandbox features in major browsers.

Information SecuritySandboxingWeb Security

0 likes · 12 min read

Understanding Browser Sandboxes: Types, Benefits, and Implementation

Architects Research Society

Jun 8, 2023 · Information Security

From Flight Training to Industrial Control Systems Cybersecurity: Lessons from SANS ICS612

The article uses a CEO’s one‑hour flight lesson for ten staff as a metaphor to illustrate why hands‑on, relevant experience is essential for effective industrial control systems (ICS) cybersecurity training, and describes the structure and objectives of the SANS ICS612 course.

Hands‑on ExperienceICSInformation Security

0 likes · 13 min read

From Flight Training to Industrial Control Systems Cybersecurity: Lessons from SANS ICS612

OPPO Amber Lab

Jun 5, 2023 · Information Security

How ChatGPT Impacts Security: Key Insights from the CSA Seminar

An online CSA seminar on May 30 examined ChatGPT’s security impact, presenting a whitepaper and four AI‑security interaction dimensions, while experts discussed telecom‑operator security‑GPT models, safe vertical‑domain large‑model training, and future industry implications.

AI governanceAI securityChatGPT

0 likes · 7 min read

How ChatGPT Impacts Security: Key Insights from the CSA Seminar

Ziru Technology

Jun 2, 2023 · Information Security

Mastering Data Classification & Grading: Ziroom’s Compliance Blueprint

This article explains how Ziroom implements a comprehensive data classification and grading system to meet the 2021 Data Security Law, improve risk management, optimize security resources, and boost user trust through automated tools, multi‑level categorization, and continuous manual verification.

ComplianceInformation Securitydata classification

0 likes · 12 min read

Mastering Data Classification & Grading: Ziroom’s Compliance Blueprint

Java Architect Essentials

May 26, 2023 · Information Security

Step‑by‑Step WordPress Site Penetration Testing Tutorial

This tutorial walks beginners through the entire process of compromising a WordPress website, from initial information gathering and DNS enumeration to vulnerability scanning, exploitation with tools like sqlmap and nmap, privilege escalation, and establishing persistent backdoors.

Information SecuritySQLMapWebshell

0 likes · 10 min read

Step‑by‑Step WordPress Site Penetration Testing Tutorial

Python Programming Learning Circle

May 25, 2023 · Artificial Intelligence

AI Deepfake Scams: How Synthetic Faces and Voices Enable Fraud and What to Watch For

AI-powered deepfake technology is increasingly being exploited for sophisticated scams, as illustrated by a case where a company executive transferred 4.3 million yuan to a fraudster using a fabricated video call, prompting urgent warnings about the need for verification, emerging regulations, and the broader misuse of face‑swap tools.

AI deepfakeInformation Securitydeepfake tools

0 likes · 5 min read

AI Deepfake Scams: How Synthetic Faces and Voices Enable Fraud and What to Watch For

Data Thinking Notes

May 21, 2023 · Information Security

Why Government Data Sharing Stalls and How a “Three‑Rights” Model Can Unlock It

The article analyzes why government data sharing often fails—citing legal, technical, security, and organizational hurdles—then outlines one‑to‑one and centralized sharing models, highlights four critical success factors, and proposes a “three‑rights” framework supported by blockchain to create trustworthy, sustainable inter‑departmental data exchange.

Big DataBlockchainInformation Security

0 likes · 11 min read

Why Government Data Sharing Stalls and How a “Three‑Rights” Model Can Unlock It

MaGe Linux Operations

May 21, 2023 · Information Security

Step‑by‑Step Webshell Upload and Kernel Privilege Escalation on Ubuntu 16.04

This tutorial walks through setting up an Ubuntu 16.04 vulnerable environment, gathering information, uploading a webshell via MySQL into outfile or log injection, establishing a reverse shell with Metasploit, and finally exploiting CVE‑2021‑4034 for kernel privilege escalation, while also covering post‑exploitation persistence techniques.

Information SecurityKaliLinux

0 likes · 10 min read

Step‑by‑Step Webshell Upload and Kernel Privilege Escalation on Ubuntu 16.04

AntTech

May 12, 2023 · Information Security

Exploring a Composite Data Security Governance System: Practices from Ant Group at the 6th Digital China Summit

At the 6th Digital China Construction Summit in Fuzhou, Ant Group’s Song Zheng presented a comprehensive data security governance framework that integrates strategy, management, and technology, outlining four key characteristics—strategic positioning, combat‑driven implementation, full‑staff participation, and technological breakthrough—to guide industry practice.

Data SecurityInformation Securitydigital China

0 likes · 3 min read

Exploring a Composite Data Security Governance System: Practices from Ant Group at the 6th Digital China Summit

vivo Internet Technology

May 10, 2023 · Information Security

Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework

The Vivo Internet Security Team demonstrates how to extend the Doop static analysis framework with custom Datalog rules to detect the Apache Commons Text CVE‑2022‑42889 remote code execution vulnerability by tracing taint from StringSubstitutor.replace to ScriptEngine.eval, producing source‑sink CSV reports and showcasing Doop’s extensibility for security research.

Apache Commons TextCVE-2022-42889Datalog

0 likes · 14 min read

Detecting Apache Commons Text RCE (CVE-2022-42889) with the Doop Static Analysis Framework

AntTech

May 9, 2023 · Information Security

Ant Group’s Biometric Security Testing Lab: Automated Detection and Evaluation of Fingerprint and Face Recognition Systems

The article details Ant Group’s Ant Security Tianji Lab’s end‑to‑end biometric security testing framework, covering standards, automated 1.0‑2.0‑3.0 detection stages, fingerprint and face‑recognition attack materials, intelligent AI‑driven countermeasures, and a 24/7 robotic testing infrastructure.

AI testingInformation SecurityRobotics

0 likes · 25 min read

Ant Group’s Biometric Security Testing Lab: Automated Detection and Evaluation of Fingerprint and Face Recognition Systems

Liangxu Linux

May 2, 2023 · Information Security

Kali Linux vs Parrot OS: Which Penetration Testing Distro Is Right for You?

An in‑depth comparison of Kali Linux and Parrot OS examines their origins, pre‑installed security tools, customization options, hardware requirements, user interfaces, and performance, helping security professionals and enthusiasts choose the most suitable Linux distribution for penetration testing and privacy‑focused work.

Information SecurityKali LinuxLinux Distribution

0 likes · 10 min read

Kali Linux vs Parrot OS: Which Penetration Testing Distro Is Right for You?

iQIYI Technical Product Team

Apr 28, 2023 · Information Security

Definition, Role, and Implementation of DRM (Digital Rights Management) – iQIYI Case Study

DRM safeguards digital content by authenticating users and encrypting streams, a necessity highlighted by iQIYI’s shift from free distribution to paid membership, prompting a dual‑layer architecture that combines hardware‑based Trusted Execution Environment protection with flexible software SDKs, continuously assessed and evolving to balance security, cost, and user experience.

Content ProtectionDRMDigital Rights Management

0 likes · 9 min read

Definition, Role, and Implementation of DRM (Digital Rights Management) – iQIYI Case Study

JD Tech

Apr 26, 2023 · Information Security

Overview of JD.com's Five‑Element Zero Trust Security Framework

This whitepaper outlines JD.com's practical zero‑trust security approach, detailing a five‑element framework that includes asset digitization, asset identity, diversified security checkpoints, a strategy center, and a zero‑trust cockpit, to help digital enterprises strengthen security, reduce costs, and meet regulatory requirements.

Digital TransformationInformation SecurityJD.com

0 likes · 6 min read

Overview of JD.com's Five‑Element Zero Trust Security Framework

Top Architect

Apr 22, 2023 · Information Security

Understanding SSO and OAuth 2.0: Concepts, Differences, and Implementation

This article explains the principles and workflow of Single Sign‑On (SSO) and OAuth 2.0, compares their concepts, details implementation steps and grant types, and concludes with a promotional invitation to join a community offering related resources and discounts.

AuthenticationBackendInformation Security

0 likes · 11 min read

Understanding SSO and OAuth 2.0: Concepts, Differences, and Implementation

Open Source Linux

Apr 19, 2023 · Information Security

What Is a VPN? Myths, Legality, and How It Really Works

This article explains what a VPN is, how it works, its legal status across countries, common misconceptions about privacy, its role as a proxy, and tips for choosing a trustworthy VPN provider.

Information SecurityProxyVPN

0 likes · 6 min read

What Is a VPN? Myths, Legality, and How It Really Works