weixin_26722031的博客

luna版本是什么Amazon has just announced that it is going to finally dive into the cloud gaming waters with a new service officially called Amazon Luna. What, did you think Amazon wasn’t going to cash in on...

抽象类不能声明主体Opinions are my own and not intended to be investment advice.观点是我自己的，并不打算成为投资建议。As I was doing research on another post, I was struck by just how much the tech sector has outperformed some o...

新笔记本电脑无法快捷The Macbook and a reformed Apple skepticMacbook和改革后的苹果怀疑论者Despite my reformed skeptisism, I have to clarify that I do not own an iPhone. I haven’t bought into the ecosystem. But now I can’t...

ipad air 2019When Apple hosted its annual special event on 15th September 2020, most people were expecting the announcement of the new iPhone lineups. Instead, what we got were the new Apple Watch Ser...

重点(Top highlight)There’s an empty warehouse 20 miles south of Seattle that, if everything goes as planned, will soon be full of dead people.Ť这里是一个空仓库西雅图以南20英里，如果一切按计划进行，很快就会充满死人的。The facility belongs...

计算机视觉英文介绍什么是计算机视觉？(What is Computer Vision?)Computer Vision can be generally understood using two perspectives: (1) computer science and (2) computer engineering. 通常可以使用两种观点来理解计算机视觉：(1)计算机科学和(2)计算机工程...

乐歌人体工学Whether you’re a frontend engineer, sysadmin, or even a video editor, chances are that you spend a lot of time typing on your keyboard. Typing is a pretty unavoidable part of daily life in the m...

马里奥 实现Like any other Nintendo fanatic, I felt morally obligated to gaming’s most lovable mustache to purchase the Super Mario 3D All-Stars collection on the Switch this past week. The game is supposed...

Jane Henkels简·汉克斯 Follow跟随 May 3 5月3日 3 Small Things You Can Do to Drastically Increase Your Personal Security 您可以做的3件事，可以大大提高您的人身安全 To the uninitiated and otherwise technologically challenged, the r...

ios屏幕录制60帧It’s been over two years since I last published a blog, so I thought I’d give this another go in 2020 and kick it off by writing about an iOS-related project I’ve been working on over the la...

zoom运行环境Prior to joining Five9, I spent 6 years at Cisco as SVP & GM of the collaboration business (including Webex). Before that I was the President of one of the largest cybersecurity companies ...

可缩放性After quietly building a strong customer base with little fanfare, Zoom became a household name as users flocked to its freemium videoconferencing service to stay connected during the worldwide pa...

微服务平台安全性提升We’ve all heard, “Software is eating the world.” But, today let’s talk about a corollary: “Software bugs are the root of all evil.” Software developers certainly will be nodding their heads ...

smb启动Following nine years at Google focused on application security and many more years as a developer, I joined Snapchat in 2014 to build a security and privacy team from the ground up. Amidst such a...

The art of encryption, called cryptography, is the way information is secured. Cryptography is primarily the question of: How can Alice send critical information to Bob without Eve being able to decod...

怎么查找xss漏洞 重点 (Top highlight)An article for newbies! (as requested) 面向新手的文章！ (按照要求) This article is for the newbies who are asking me to write this. Of course there are pro’s everywhere. You may not w...

网页缩放与窗口缩放Quarantine has changed the way people communicate with others. With the increased number of imposed lockdowns, the world has seen a massive rise in the usage of a video conferencing app- Zoom...

卫星云图,云从西向东The evolution of the world is dictated by the speed of evolution of technology. Governments, industries and organizations develop new technologies to strategically grow and drive value and p...

chatbotDesign by Freepik 由Freepik设计 But what exactly is a VA, in essence? 但是，从本质上讲，什么是VA？ To put it simply, a chatbot or an intelligent VA is a software program that emulates human conversation. Thi...

docker映像中安装软件Clair is an open source project for the static analysis of vulnerabilities in application containers. Clair 是一个开源项目，用于对 应用程序容器中的漏洞进行 静态分析 。 One of the main differences between a traditio...

大数据学习途径By Thea Anderson, Director, Omidyar Network, Elizabeth M. Renieris, Fellow, Berkman Klein Center and Fellow, Carr Center for Human Rights at Harvard University 奥米迪亚网络主任Thea Anderson，哈佛大学伯克曼·克莱因...

金融欺诈分类More attacks, new fraud techniques, and other observations from the front lines 前线有更多攻击，新的欺诈手段和其他发现 While the recent migration online due to shelter-at-home orders and public closures has heavi...

docker映射端口到主机Widespread adoption of Docker both within desktop and server environments has significantly widen the attack surface of companies’ IT infrastructures. While the concept of containerizatio...

This article is about what organizations can take away from Zoom’s 90-day security journey and highlights valuable lessons for your Software Developers, Software Designers & Architects, Product Ma...

flutter 应用When it comes to developing a mobile application, app security is the biggest concern for the developers. 在开发移动应用程序时，开发人员最关心的是应用程序安全性。 In 2020, people are excessively accessing their smartph...

同态加密算法As our reliance on cloud infrastructure increases and our social interactions become increasingly dependent on the internet, we worry more about data breaches in activities like online conversat...

逻辑窃贼题Q: What kinds of cybersecurity problems are cropping up for teleworking and online learning? 问：远程办公和在线学习正在出现哪些类型的网络安全问题？ A: As schools and businesses transition their workforces and students onli...

LA county’s Voting System for All People (VSAP) had a difficult start. Super Tuesday’s debut caused widespread complaints of faulty machines and long wait times, some in excess of three hours. A pre-c...

机器学习风险评估I still remember the days when the software development industry was in its infancy. Many people were concerned about software vulnerabilities and exploits, and they were right back then as ha...

Austin Choi-Fitzpatrick is associate professor at University of San Diego & University of Nottingham, whose work focuses on social change as it relates to society, politics, and technology. 奥斯汀·崔·...

Big data drives our world, from the macro to the micro — from global economies and market trends to the news stories that show on our LinkedIn and Twitter feeds each morning. Economies of the 21st cen...

神经网络解决机器学习预测The dataset and code for this project is available in my GitHub repository. The link for the same is shared at the end of this story. 我的GitHub存储库中提供了该项目的数据集和代码。 故事的结尾共享了相同的链接。 The cybercri...

A story cropped up this morning on my feed. Someone had discovered that while visiting eBay, their web browser was running a port scan on localhost with WebSockets. Presumably, the browser fed that in...

websocketsThis is a story of a convoluted, not-very-useful method for extracting codez from unwitting JavaScript developers working on top secret projects. 这是一个复杂的，不是很有用的方法的故事，该方法用于从不知情的从事最高机密项目JavaSc...

In this article, we’re going to learn how to use COM objects and PowerShell in Windows to execute shell commands with a couple of techniques for evading some endpoint security. Specifically, what you ...

魔术唤醒For the past few years, I’ve been recommending passwordless login via magic links for most use cases to my consulting clients. 在过去的几年中，我一直建议大多数情况下通过魔术链接向咨询客户提供无密码登录。 This way of authentication ha...

ios隐私政策Apple’s new iOS 14 is yet to officially hit the market. But its new security updates are already revealing some serious privacy concerns. The OS update is currently available in beta, and as su...

惠普行车记录app下载Photo by 照片由 Tianyi Ma天翼马 on 上 UnsplashUnsplashThis blog post will explore the details behind a recent spree of website hacks and the malicious payloads that were embedded and served to unw...

总览 (Overview)One of the most asked questions on Hyperledger Fabric is about identity. A permissioned blockchain requires that an entity, be it a client, an administrator or a network component, must...

js全局拦截器In this article, you’re going to learn how to implement a global authentication interceptor. The job of this interceptor is to refresh the access token when you got an unauthorized response. 在本...

gmonIn this post, we will be exploiting the GMON command of Vulnerver using SEH based buffer overflow. If you are not acquainted with SEH based buffer overflows you can refer to the Exploit Research M...

深度学习可见层The EDR market has proven itself to be incredibly valuable over the past 5–6 years. I think many security practitioners would agree there is no larger return on investment than buying an EDR. I...

谷歌浏览器所有版本下载Scavenging the Internet for some tips on how to safeguard my privacy online, I stumbled over this Twitter thread. It contains 30+ things Google knows about you — that you probably didn’t kn...

放大器负压保护Ever since the COVID-19 pandemic forced us all to stay at homes and social distance, we’ve resorted to using video conferencing apps like Discord, Skype and Google Meet for our meetings and to ...

OAuth 2.0 is the industry standard protocol for authorization. OAuth 2.0是用于授权的行业标准协议。 When I read the above sentence on the OAuth 2.0 homepage I felt like this is the kind of knowledge that I should h...

欺诈检测In my previous article, I discussed advanced analytics application in the area of fraud in a generic fashion. In this article I will delve into details in a specific area of fraud-signature forger...

In 2019 I wrote an article about how Google Analytics is problematic due to its privacy problems and immense size, and encouraged developers to use an alternative for tracking website or app usage. Pl...

鱼叉式网络钓鱼和网络钓鱼Over 60 percent of people who are phished by email are phished on mobile devices. This is why it happens and what you can do about it. 超过60％的通过电子邮件钓鱼的人都在移动设备上被钓鱼。 这就是它发生的原因以及您可以采取的措施。 为什...

数据库账户密码安全Thanks to online banking, taking care of your financial transactions has never been easier. However, its growing popularity has made it a prime target for many cybercrime schemes. Hence, you ...

What is a KMS (Key Management System)? 什么是KMS(密钥管理系统)？ Behind every bit of encrypted information, there is a key that unlocks that information. Due to the complexity of modern encryption, it becomes ...

This technical article will teach you how to pre-process data, create your own neural networks, and train and evaluate models using the US-CERT’s simulated insider threat dataset. The methods and solu...

The picture of your toddler sitting on your lap while working is endearing. Your golden retriever, Captain, wearing a headset, made me laugh. Seeing these work-from-home photos in articles and across ...

We are incredibly excited that six months after the first release of Krill it already powers delegated RPKI for over 150 organisations. Now we are launching Krill 0.7.1 ‘Sobremesa’, the biggest update...

现代密码学理论与实践The strength of a password is an important measurement of security for any system which uses password or PIN authentication. In this article, I will discuss the theoretical strength, and how...

v-on:监听按键事件Eavesdropping, has nothing to do with the Garden of Eden, or Eve, or.. well you get the picture, since that bad joke is out of the way, let’s focus on Acoustic Eavesdropping. 窃听与伊甸园，夏娃或..都没...

物联网安全解决方案You are a tinkerer. You want to build things, which you do at home in your garage. You dream of your device, the little BLE-enabled-chip-that-could, becoming a wild success on Kickstarter — p...

api安全测试工具 API测试的最佳做法 (Best Practices for API Testing)RESTful APIs have become a fundamental part of modern web application development in recent years. The RESTful approach is far more simple and sca...

互联网| 安全 (Internet | Security)If you are reading this, chances are that you have a Medium.com account and just like “with great power comes great responsibility” every account comes with a unique use...

h3crip路由协议配置I was interviewed on LBC last week about NHSX App, and realised that some people in media struggle a bit “Cryptography”. When the editor called me she said 上周，我在LBC上接受了有关NHSX App的采访，并且意识到一...

session混乱by Jamie Lewis, Venture Partner 合伙人杰米·刘易斯 ( Jamie Lewis) As we’ve discussed in several posts, organizations must apply the principles that drive DevOps and site reliability engineering (SRE)...

移动端获得微信openidFinding precise guidelines on how to implement OpenID Connect for native mobile apps is a harsh journey. Most resources available don’t follow best practices and the other ones leave some...

专利第三方评估Today, insurance companies and investment enterprises tend to prioritize third-party risk management in the wake of several global trends. Namely, accelerated outsourcing in a milieu of increas...

安全架构安全漏洞?Drumroll…. I think it is this one: 击鼓…。 我认为是这样的: What is Security Architecture? 什么是安全架构？ 嗯，以斯帖，你确定吗？ 对我来说似乎很基本。 (Uhm, Esther, are you sure? Seems pretty basic to me.)When me and my team we...

twitterBy Jason Aten 杰森·阿滕(Jason Aten) If nothing else, the hack Wednesday evening of high-profile Twitter accounts should teach us that giving employees the ability to bypass normal controls and mak...

21世纪最伟大的科学家Please note, this is a quick analysis of the Google specification, and not a deep dive yet. 请注意，这是对Google规范的快速分析，尚未深入探讨。 A while back I posted an article about the usage of Bluetooth beaco...

aws mfa 认证I am currently working on improving the security of cloud operations for one of my clients and wanted to share an interesting solution I developed to help provide programmatic access to AWS ...

ssh链接有证书的服务器SSH is the standard tool used by pretty much anyone accessing the server. Yet very few people know about SSH certificates. We are still stuck with copying and pasting our public key to the...

二级c评分Our main focus today is on existing threats affecting your company or individual website. Threats we know of and ignore and threats we don’t. Let’s now dive into it, describe, discuss and curb th...

cronCron is a super useful job scheduler in Unix-based operating systems. It allows you to schedule jobs to run periodically. Cron在基于Unix的操作系统中是超级有用的作业调度程序。 它允许您安排作业定期运行。 Cron is usually used to auto...

mitm 和嗅探攻击 什么是地址解析协议(ARP)？ (What is Address Resolution Protocol (ARP)?)In a network, computers use the IP Address to communicate with other devices, however, in reality, the communication happens ove...

When you can trick the front and the back of your application causing it to behave unexpectedly. 当您可以欺骗应用程序的正面和背面时，导致其行为异常。 Vulnerability, that could allow malicious actors to leverage specific featu...

zoom 用户被锁定With working from home on the rise, Zoom and other video conference applications have been in heavy use, by employees but also by malicious threat actors. On Apr 1st, Security Week wrote abo...

黑猫智能网络信号灯The “Cyber Security” (aka InfoSec, CND, IA, etc.) field has to encompass many disciplines and pieces of knowledge in both defensive and offensive practices. When you think about it, Cyber Sec...

基于深度学习lstmMalware development has seen diversity in terms of architecture and features. This advancement in the competencies of malware poses a severe threat and opens new research dimensions in malwa...

jwt 储存 TL; 博士 (TL; DR)There’re 2 major ways to store the JWT in the frontend. 在前端存储JWT有2种主要方法。 A: In the local storage and send it via a custom header. 答:在本地存储中 ，并通过自定义标头发送。 B: In a secure httpOnly ...

Node.js is a popular runtime to write apps for. These apps are often production quality apps that are used by many people. To make maintaining them easier, we’ve to set some guidelines for people to f...

twitter搜索用户内容On Wednesday, Twitter experienced a massive “coordinated social engineering attack.” The accounts of multiple high profile users including, tech titans, celebrities, Joe Biden, and Barack...

使用jwt给api加密This is a guide on creating and setting up a Rails API application from scratch. 这是从头开始创建和设置Rails API应用程序的指南。 The focus will be on user login and sign up and authorizing/authenticating the...

tls证书验证A walk-through of a simplified implementation of mTLS. mTLS简化实现的演练。 First, what is TLS? 首先，什么是TLS？ Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SS...

leaflet改变zoomRecent research shows the sloppy security architecture of Zoom. After a former NSA employee has uncovered massive security holes and researchers from the Canadian CitizenLab found problem...

ssh 无密码登录SSH (Secure Shell) is a protocol that is used for remote administration of Linux systems. Obviously, it is secure, but what if I told you that you can make it even more secure by disabling th...

表必备三字段:idWhat Is It? Proxying can be taken many ways but at the core of it is a system that intercepts and handles requests on behalf of a client connecting to a service. They most commonly reside bet...

漏洞管理 什么是漏洞管理？ (What is Vulnerability Management?)We’ll start at the beginning. According to ISO 27002, a vulnerability is 我们将从头开始。 根据ISO 27002，漏洞为 A weakness of an asset or group of assets that can ...

蓝牙间谍蓝牙间谍 重点 (Top highlight)What if someone just around a corner could see what you’re looking at on your computer screen without using a physical or wireless connection and without ever being in your ...

android 聊天泡泡Chat Bubbles aka Chat Heads is a user interface element initially introduced by Facebook Messenger back in December 2012. This feature allowed Android and iOS users to chat with multiple p...

shellcodeSomething quick that I picked up while learning about linux assembly exploitation — it is a right pain to test shellcode using a C program, because you need to do the following: 我在学习linux程序集开...

武汉国家网络安全与创新Today’s enterprises face new attack surfaces such as deepfakes and ransomware, while countering traditional threats like denial of service. It is well regarded that countering these threats...

vue-cli构建I should start this article with a disclaimer: It is based on iOS 13, Swift 5, and Xcode 11.x. If you’re reading this and those numbers look dated, be forewarned. 我应该以免责声明开头:它基于iOS 13，Swift 5...

python 验证漏洞Writing a safe and secure code is difficult. When developing software, you often concentrate on how it should be applied. But in the context of security, the first thing to think about is h...

找出二进制中的0Welcome to my guide on dynamic binary instrumentation (DBI). In this article, we’re going to learn the evolution of general binary analysis methods and how to perform some common routines used...

ddos攻击缓解 系列概述: (Series outline:)Part 1: A Short History of Mobile Malware 第1部分: 移动恶意软件的简要历史 Part 2: The Layers of the Android Security Model 第2部分: Android安全模型的各层 Part 3: Mitigating Android Social Eng...

数据处理注意事项 介绍 (Introduction)When working on data projects, scientist/analysts are often focussed on so many different elements that security can easily be forgotten. However, when the security aspect i...

setuIn order to fight Covid19, the Indian government released a mobile contact tracing application called Aarogya Setu. This application is available on the PlayStore and 90 million Indians already in...

微信小程序数据绑定原理Each year, hackers have grown bolder, and cyberattacks continue to rise. According to the 2019 Official Annual Cybercrime Report is sponsored by Herjavec Group, 68% of businesses feel their...

rdmaThe following article hopes to (i) explain the first principles behind RDMA, a technology producing an order of magnitude performance increase in scale-limited systems (ii) discuss the shift from ...

twitter登陆安全问题By Jordan Robertson, Kartikay Mehrotra, and Kurt Wagner 乔丹·罗伯森(Jordan Robertson)，卡蒂凯(Kartikay Mehrotra)和库尔特·瓦格纳(Kurt Wagner) Twitter Inc. has struggled for years to police the growing nu...

kubernetes 集群As Kubernetes has rapidly become one of the most popular choices for deploying code in the cloud, I decided to write an article to give you some insights about security measures. Furtherm...

限速脚本Protecting APIs from overuse by limiting how often users can access them, comes with it, several benefits. It helps against denial-of-service attacks, brute-force login attempts, and other types o...

面试中sql调优的几种方式The first question I ask someone in an interview for a cybersecurity position is, “What type of cellphone do you use?” The candidate’s answer can provide a deep insight into their securit...

微软teams软件--Disclaimer--Microsoft:Thank you again for your submission to MSRC. Our engineers have investigated the report and we have informed the appropriate team about the issues you reported. Howe...