记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

白帽黑客们,美联航免费带你飞

值此2015乌云白帽子大会召开,全国白帽子聚集帝都之际,辛巴达给大家分享一个好消息:美联航(United Airlines)今年5月推出的漏洞奖励计划,刚给两个安全研究人员奖励了100万英里的里程! 美联航(UA)和国航(CA)同属星空联盟,里程可以互兑机票。能飞多少趟呢?100万英里是160万公里,举例来说,北京到深圳的CA航班需要15000公里兑换,可以飞100趟单程!以票价1500计算,价值15万人民币。 UA的漏洞奖励范围包括网站和应用,奖励分为三档,高危漏洞圈定为“远程代码执行”,奖励100万英里。中级漏洞包括“认证绕过”、“暴力破解攻击”、“可能的个人信息泄露”和“时序攻击”,奖励25万英里。低级的包括“跨站类”和“第三方
发布时间:2015-07-17 11:00 | 阅读:96586 | 评论:0 | 标签:信息速递

潜力股-最新年度开源项目新秀榜

黑鸭(Black Duck)软件公布了一份名叫“年度开源项目新秀”的报告,介绍了由全球开源协会发起的10个最有趣、最活跃的新项目。 年度开源项目新秀 每年都有上千新的开源项目问世,但只有少数能够真正的吸引我们的关注。一些项目因为利用了当前比较流行的技术而发展壮大,有一些则真正地开启了一个新的领域。很多开源项目建立的初衷是为了解决一些生产上的问题,还有一些项目则是世界各地志同道合的开发者们共同发起的一个宏伟项目。 从2009年起,开源软件管理公司黑鸭便发起了年度开源项目新秀这一活动,它的评选根据Open Hub网站(即以前的Ohloh)上的活跃度。今年,我们很荣幸能够报道2015年10大开源项目新秀的得主和2名荣誉奖得主,它们是从上千个开源项目中脱颖而出的。评选采用了加权评分系统,得
发布时间:2015-06-28 02:55 | 阅读:95928 | 评论:0 | 标签:信息速递

Penn State Takes Network Offline After Attack From China

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine   Penn State University has been forced to disconnect one of its college networks from the internet after discovering a major cyber-attack on its systems coming from China. In a lengthy statement posted on Friday, the university claimed it had been alerted a
发布时间:2015-05-19 16:25 | 阅读:85590 | 评论:0 | 标签:信息速递

Phantom Menace Attacker Set Sights on Oil Companies

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine   Security researchers have uncovered a major new targeted attack seemingly originating from Nigeria and designed to steal official documents which can be used in follow up 419 scams against oil brokers. Spain-based Panda Security claimed in a new report, Opera
发布时间:2015-05-19 16:25 | 阅读:86658 | 评论:0 | 标签:信息速递

FBI Claims Hacker Made Plane Fly Sideways

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine The FBI has accused a security researcher of hacking a plane’s on-board computers to make it fly sideways during a flight. The details emerged in a search warrant application produced by the Feds to examine the accused’s laptops, hard drives and other
发布时间:2015-05-19 16:25 | 阅读:90875 | 评论:0 | 标签:信息速递

United Airlines Launches Bug Disclosure Program to Bolster Software Security

BY JAIKUMAR VIJAYAN United Airlines has become the first company in the airline industry — and one of the few non-software vendors — to launch a bug disclosure bounty program for third-party security researchers who flag vulnerabilities in its software. Under the program, United will offer free miles to researchers who report bugs
发布时间:2015-05-19 16:25 | 阅读:111621 | 评论:0 | 标签:信息速递

More on the NSA’s Capabilities

Bruce Schneier   Ross Anderson summarizes a meeting in Princeton where Edward Snowden was "present." Third, the leaks give us a clear view of an intelligence analyst's workflow. She will mainly look in Xkeyscore which is the Google of 5eyes comint; it's a federated system hoovering up masses of stuff not just
发布时间:2015-05-17 07:45 | 阅读:104986 | 评论:0 | 标签:信息速递

VENOM – Does it live up to the hype?

SANS InfoSec Community Forums, RICK     Unless you have been hiding under a rock this week you have heard about VENOM.  The first article that I saw was from ZDNet with the headline of "Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenters".  Pretty provocati
发布时间:2015-05-17 07:45 | 阅读:88714 | 评论:0 | 标签:信息速递

Hiding in Plain Sight: FireEye and Microsoft Expose Chinese APT Group’s Obfuscation Tactic

May 14, 2015 | By FireEye Threat Intelligence | Vulnerabilities, Exploits, Threat Research   In late 2014, FireEye Threat Intelligence and the Microsoft Threat Intelligence Center discovered a Command-and-Control (CnC) obfuscation tactic on Microsoft’s TechNet web portal—a valuable web res
发布时间:2015-05-16 03:25 | 阅读:94815 | 评论:0 | 标签:信息速递 exp

Spyware Firm Hacked: 400,000 Victims’ Data Stuck on Dark Web

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine MSpy, a maker of notorious mobile spyware, has reportedly been breached and the personal details of over 400,000 of its victims posted to the dark web. Security researcher Brian Krebs claimed in a blog post that he was sent an anonymous link to a website reach
发布时间:2015-05-16 03:25 | 阅读:102023 | 评论:0 | 标签:信息速递

Chinese Site Serves 83 Windows Executables in Drive-By Attack

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine Security researchers have discovered a new drive-by-download attack serving up a staggering 83 Windows executables to infect users, without any interaction required. Cyphort explained in a blog post that in sandbox tests the HD video sharing site and forum www
发布时间:2015-05-16 03:25 | 阅读:140834 | 评论:0 | 标签:信息速递

New Flaws Identified in Lenovo’s System Update Service

  Statement from Kevin Bocek, Vice President, Security Strategy & Threat Intelligence at Venafi IoActive’s researchers have identified some new flaws in Lenovo’s system update service that can be used by hackers to create fake certificates for executable files. Please see statement from Kevin Bocek at 
发布时间:2015-05-16 03:25 | 阅读:130758 | 评论:0 | 标签:信息速递

Tinba Malware Watches Mouse Movements, Screen Activity to Avoid Sandbox Detection

  BY SHANE SCHICK   MAY 13, 2015 IT security programs would probably be much worse than they are without sandboxes, which isolate programs to prevent them from being infected by hackers. A recent analysis of the Tinba malware, however, indicated that cybercriminals are getting better at monitoring users’ every moveme
发布时间:2015-05-14 23:05 | 阅读:115881 | 评论:0 | 标签:信息速递

VENOM Vulnerability: Community Patching and Mitigation Update

THE LAB  13 MAY 2015  DMITRI ALPEROVITCH Today, CrowdStrike disclosed a critical virtual machine escape vulnerability (which we named VENOM) discovered by our Senior Security Researcher Jason Geffner. VENOM affects a number of open-source hypervisors, such as QEMU, Xen, KVM, VirtualBox and many derivatives of these products. For weeks now, we
发布时间:2015-05-14 23:05 | 阅读:118110 | 评论:0 | 标签:信息速递

VENOM-Virtualized Environment Neglected Operations Manipulation

Discovered by Jason Geffner, CrowdStrike Senior Security Researcher   Vendor advisories, patches, and notifications available below in Q&A section.   VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker
发布时间:2015-05-14 23:05 | 阅读:116027 | 评论:0 | 标签:信息速递

安全运行中心SOC分析金字塔

SOC Analyst Pyramid 转帖自:SANS Internet Storm Center Introduction Last weekend, I did a 10 minute fireside chat during lunch at BSidesSATX 2015 [1].  It was an informal presentation, where I discussed some of the issues facing security analysts working at an organization's Security Operations Center (SOC). With only 10 minutes, the
发布时间:2015-05-14 08:55 | 阅读:189790 | 评论:0 | 标签:信息速递

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云