Dan Kaminsky DNS Vulnerability

基本上这是一个DNS cache poison攻击,利用了Source Port固定和DNS Query ID过短以及现行增加的算法,采取flood的方法,通过精心设计的猜测报文,达到攻击DNS的目的。这篇文章详细地介绍了这个攻击: http://unixwiz.net/techtips/igui...

2008-10-15 06:51:00

阅读数:1046

评论数:0

活动目录(AD)下的组策略(group policy)

大的企业,如果使用windows客户端系统,基本上都会部署活动目录,并采用组策略来进行管理。同时这个策略是和系统安全结合在一起的。相对昨天介绍的linux下的配置管理软件,他们更侧重对系统进行统一的配置。外部链接微软教程(18节视频课程): http://www.microsoft.com/chi...

2008-09-11 00:34:00

阅读数:1548

评论数:0

Red Hat下的g++安装

 再debian下直接apt-get install gcc g++就可以了。按照类似的逻辑,再Fedora下yum install gcc g++ 报告无法找到g++包。差了一下,原来这个包的名字叫做gcc-c++。完整的应该是yum install gcc gcc-c++ 。注意安装时要先成为...

2008-07-29 22:05:00

阅读数:10233

评论数:4

“Bump In The Stack” (BITS) and “Bump In The Wire” (BITW)

Three different architectures or implementation models are defined for IPSec. The best is integrated architecture, where IPSec is built into the IP l...

2008-06-10 11:15:00

阅读数:2146

评论数:0

windows平台c/c++ IDE环境

我测试了3种方法,当然软件都是免费的了。1、Visual C++ Express: http://msdn2.microsoft.com/en-us/express/aa700735.aspx好处就不用多说了,兼容性等都应该是没问题。“missing windows.h?” http://www....

2008-04-06 10:03:00

阅读数:1133

评论数:1

在Windows上安装Snort+MySQL

安全领域防护,除了大家熟悉的防火墙, 还有IDS/IPS系统,实现更加智能化的保护。安装参考:http://media.wiley.com/product_data/excerpt/53/07645683/0764568353-1.pdf由于软件版本问题,其中有些文件的路径不对了。配置文件都在安装...

2008-04-02 10:36:00

阅读数:2412

评论数:0

加拿大归来

 

2008-03-07 11:31:00

阅读数:513

评论数:0

可以crack大部分企业级无线网络的新工具

主要原因在于客户端的设计问题,在强健的服务器段设置都被pass了。 http://blogs.zdnet.com/security/?p=922&tag=nl.e622而且WEP可以在半小时内被破解。何况还有很多没有设置密码的无线网络。

2008-03-07 11:01:00

阅读数:681

评论数:0

计算机世界中的道德伦理

 不可否认,计算机已经成为另一个世界另一个社会,但是这是一个缺乏权威,缺乏约束的地方!置身其中人们是否应该遵守现实社会中得道德规范呢?先先看一篇文章《Are Computer Hacker Break-ins Ethical?*》 by Eugene H. Spafford作者提出了一个评价是否道...

2008-02-11 08:17:00

阅读数:746

评论数:0

Tech's all-time top 25 flops

第一的是安全,嗬嗬,就是我目前的方向,太讽刺了:)1. Security. Computers influence every aspect of our business lives. We trust them implicitly to manage our records, compute...

2008-01-23 10:52:00

阅读数:570

评论数:0

VoIP Infratructure

 

2008-01-18 05:09:00

阅读数:596

评论数:0

Risk, Threat, Vulnerability

 •"Risk" is the likelihood that a specific threat will exploit a certain vulnerability, & the resulting impact •"Threat" is s...

2008-01-18 04:57:00

阅读数:1241

评论数:0

The 2007 International Capture The Flag in UCSB

The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security sk...

2007-12-08 09:49:00

阅读数:725

评论数:0

Cron, PAM, OpenDNS 介绍

 In computing, cron is a time-based scheduling service in Unix-like computer operating systems. The name is derived from Greek chronos (χρόνος), mean...

2007-11-09 03:56:00

阅读数:1069

评论数:0

How to Forge email

How to Forge EmailSMTP, or Simple Mail Transport Protocol, is the name of the method computers use to send mail to each other, in other words SMTP is...

2007-10-31 12:20:00

阅读数:1109

评论数:0

Fall 2007 Cyber Security Symposium

 The rapid deployment of advanced communication and information technology in our society has enabled increased interdependencies among diverse busin...

2007-10-11 06:04:00

阅读数:658

评论数:0

Example of email Phishing

 What is Phishing (from Wikipedia)In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as username...

2007-10-09 23:11:00

阅读数:1206

评论数:0

Phishing and Redirection Vulnerability in Yahoo and Google

在2005年就出现了,但是还是在一直被使用。http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0438.html http://lists.grok.org.uk/pipermail/full-disclosure/2006...

2007-10-08 10:55:00

阅读数:507

评论数:0

跨网站指令码(Cross-site scripting,通常简称为XSS)介绍

 这是一种很危险的攻击方式,原因在于网路程序的自身漏洞,采取代码注入。XSS则是利用网站的安全漏洞,将程序码注入网站中,藉以绕过Same origin policy限制,以取得资讯。Cross-site scripting的缩写是CSS,但因为CSS已经被广泛指层叠样式表(Cascading St...

2007-10-08 10:12:00

阅读数:1335

评论数:0

获取SSL密码 (1)

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the...

2007-10-08 03:51:00

阅读数:995

评论数:0

提示
确定要删除当前文章?
取消 删除
关闭
关闭