Large quantity SQL Injection mitigation

Dustin D. Trammell: VoIPshield 10.08.08 and 11.11.08 Vulnerabilities: Since I've been fairly vocal regarding VoIPshield's questionable advisory practices in the past, pointing out their blatant advisory duplication tactic that essentially turned a handful of single vulnerabilities into an exponential number of extraneous associated [...]

Dan York: If you are out at VoiceCon this week in San Francisco...: .... I am there too (currently flying cross-country). Feel free to drop me a note if you want to meet somewhere at the show. <br /> Jonathan Zar and I are also planning to meet and maybe even do a live BlueBox episode. <br /> Dan <br /> Sent from my iPhone <br />

Jason Ostrom: UCSniff VoIP v1.0 Tool Released!: http://ucsniff.sourceforge.net <br /> Sipera VIPER Lab has finally released UCSniff. <br /> Have a great weekend. Jason <br />

EU agency launches campaign

Online gamers have become a soft target for cybercrime, with three in 10 users reporting the loss of items of virtual property through fraud.…

“You don’t know who is swimming naked until the tide goes out.” In our world, we don’t know whose systems are running naked, with no controls, until they are attacked. Share To:

I changed the theme to “Clean Press“. It’s very simple, concise, crisp. As Dave said it focuses on content. I slightly modified it by changing the sidebar to right. If you like this one, Click to download Clean Press (right sidebar). Share To:

Normal 0 false false false EN-CA ZH-TW X-NONE ...(more)...

The incident handling cheat sheets in an earlier diary applied to many types of security incidents. ...(more)...

The oldfashioned way to launch a network DDoS attack involved building one's own bot network that wo ...(more)...

近日，央视接连两天对百度竞价排名的弊端进行了报道，各大媒体也没有放过这个机会，百度的媒体形象一度跌入低谷。联系到Google深入人心的“不作恶”形象，两形之下，给人高低立判之感。当公司发展到一定阶段，“民心所向”和“政治”就成为一个非常重要的环节。 虽然百度在国内市场占有率遥遥领先，但是由于其“竞价”方式的排名，搜索结果往往让人难以接受，从而放弃。尤其是专业人士，很依赖搜索结果的公正和客观，如果发现搜索出来的是一个报价的排名，还不如直接看广告了。 我在Google和百度上面分别搜索“信息安全”和”Security”，搜索结果大家一看就可以感觉到百度“竞价”排名对你的嘲弄： 1 百度搜索 “Security” 看不懂百度搜出来的是什么东西。好，百度是中文搜索引擎，搜索英语属于分外要求，暂且放下。 2 Google搜索 “Security” 3 百度搜索 “信息安全” 轮到中文了，可是看到的还是个广告版。 4 Google搜索 “信息安全” 感兴趣的话，不妨试一试在你的关键词上试一试。 Share To:

Change? Start with security

President elect Barack Obama's embrace of online video and social networking may have propelled him to victory, but unless he's careful, his administration could be brought down by the same sloppy security problems that have plagued MySpace, Facebook, and dozens of other Web 2.0 properties.…

朋友分享来的”东东枪”译版的奥巴马选举胜利后的演说稿，非常精彩。与大家共享： Hello，Chicago! 芝城父老，别来无恙， If there is anyone out there who still doubts that America is a place where all things are possible, who still wonders if the dream of our founders is alive in our time, who still questions the power of our democracy, tonight is your answer. 余尝闻世人有疑，不知当今美利坚凡事皆可成就耶？开国先贤之志方岿然于世耶？民主之伟力不减于昔年耶？凡存诸疑者，今夕当可释然。 It’s the answer told by lines that stretched around schools and [...]

In no particular order: We Are Doomed ...(more)...

People only see what they are prepared to see. -- Ralph Waldo Emerson Maybe your syste ...(more)...

Plucky Brits shrug off Mytob network blitz

IT staff at three major London hospitals have spent a second day struggling to restore IT systems following a major computer virus outbreak.…

这个就是传说中的:不见棺材,不掉泪? 前面我在dz论坛苦苦却说他们早出补丁的.....

http://bbs.chinaz.com/Club/thread-1192527-1-1.html

http://www.discuz.net/thread-1113736-1-1.html

具体补丁了那些bug 还没时间去看 有兴趣的朋友对比下 告诉我 :)

类别：默认分类 查看评论

I love the directness of Marcum Ranum's perspective on security awareness training. If it was ...(more)...

Malware targets grumble-flick fans

Security researchers have uncovered a rare example of a Trojan that affects Mac PCs.…

加固保安全，改改更健康：

1、打开secpol.msc，把“网络安全：LAN Manager 身份验证级别”修改为“仅发送 NTLMv2 响应\拒绝 LM 和 NTLM”：



2、打开你的AP的配置界面，修改WPA的加密方式为AES（大多数AP默认都是TKIP）：

阅读全文
类别：技术探索 research 查看评论