Cloud Servers

September 1, 2014--business security technology leader Blue Coat Systems announced today that 71% of Web site host names (hostnames) only appear 24 hours. While the vast majority of these "day trips" host names play an important role in the sharing and delivery of Internet content, they also provide cover for malicious activity, such as communication with infected systems. The Blue coat Security Laboratory released the latest report "Day Tour" host: How malware hides itself in short-lived websites, detailing ...

0x00 in a previously described traffic hijacking article, the introduction of a "https downgrade down" scenario--Replaces all HTTPS hyperlinks in the page with HTTP versions, allowing users to always communicate in clear text. See this, perhaps everyone will think of a classic man-in-the-middle attack tool--sslstrip, through which it does achieve this effect. Today, however, it is a completely different idea, a more effective, more advanced solution--https front-end hijacking. 0x01 the back end of the defect ...

WebSockets is a HTML5 feature that provides a Full-duplex channel to a single TCP connection. Its continuous connection function makes it possible to build a B/S mode real-time application. WebSockets are often used in Web applications with chat capabilities. The following picture is very apt to illustrate an apt attack using the websockets:498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' ...

"Steganography" technology is often seen in many detective stories and spy Wars films. Spy with steganography potion to write the information on the white Paper, received information from the superior and through the development technology to restore information. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' style= ' width:516px; height:275px "border=" 0 "a ...

Web server security is a big topic; when it comes to the best tools and techniques for consolidating a Web server, different people have different preferences and perspectives. In the case of the Apache Web server, even if not all experts, at least the vast majority of experts agree, Mod_security and mod_evasive are two very important modules that can protect the Apache Web server from common threats. In this article we will explore how to install and configure mod_security and mod_evasive, assuming Apach ...

Blue Coat has discovered a malicious ad attack that uses large legal advertising networks such as ads.yahoo.com to carry out cryptowall extortion activities. In the malicious advertisement attack, the cyber criminals obtain the legal status for their advertisement server in the advertisement network, then spreads the malicious advertisement to the high profile website. These ads appear legitimate, but provide unsuspecting users with malicious software or other harmful software. The architect of the Blue coat system webpulse Threat research team, Chris Larsen, said ...

Large Web applications are vulnerable to multiple attacks, such as SQL injection and Cross-site scripting exploits, which can result in downtime, inefficiencies, data theft, penalty fines, brand damage, service disruption, customer dissatisfaction, and so on. To protect Web applications, it is recommended that enterprises use Web application firewalls. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0 "alt=" for ...

This article describes the vulnerabilities of PHP applications and how attackers can use PHP hyper-global variables to perform web attacks. And explain what is the PHP Super global variable and the risks it poses. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0 ' alt= "mitigate enterprise risk from PHP hyper-global variables" Src=&qu ...

Facebook suffered a massive outage in Thursday and affected users worldwide. The Facebook outage lasted about 40 minutes. Users are complaining that Twitter users are the first to expose Facebook's downtime to the social networking site. When a user logs on to a Facebook site, an error message prompts them, saying, "Sorry, there's been a problem ... We are trying to fix the problem as much as possible. "498" this.width=498 ' OnMouseWheel = ' Javascri ...

The previous article explained the hook program attack and defense combat, and realized a set of frame page monitoring scheme, the protection of all child pages. So far, the depth of our protection has been similar, but the breadth is still deficient. For example, our property hooks only consider setattribute, but ignore similar setattributenode. Although this method has never been used, it does not mean that people cannot use it. For example, creating an element is usually createelement, and in fact Createelementns is also possible. Even ...

What are the most reliable Web application monitoring programs? What criteria should we use to compare? First consider whether you want to solve one or more of the following problems: 498) this.width=498 ' OnMouseWheel = ' javascript:return big ( This) "border=" 0 "alt=" How to select the standard Web application monitoring tool "src=" http://s9.51c ...

0x00 test environment 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0 "alt=" nginx Security Configuration Research "src=" http:// S8.51cto.com/wyfs02/m02/23/37/wkiol1m1giqgyosxaaa1uofgzu ...

RSA2014 left the curtain, and saw many old friends, know many new friend, fortunately even. Major security companies, as always, the spendthrift, occupy the best booth, hire the most beautiful mm eye-catching. The big company's booth strategy is all-inclusive, the network to the terminal, the box to the cloud, we all have. Onestopshop is also. New technology, many large companies are basically in the follow-up panw and Feye technology, scrambling to express our no stagnation, what the popular we also play what the train of thought, fortinet,int ...

Web applications are more difficult to secure than client applications because they are not like Web servers with four or five major vendors, it has a number of Web applications and custom scripts, and each can contain potential vulnerabilities. For developers, the best way to ensure application security is to use recommended security measures and software that can scan code, and to alert users to potential security issues. Administrators need to periodically scan vulnerabilities in their Web sites. The security of an application is primarily controlled by the application's developers. Admin can tighten some of the ...

The government's massive surveillance programme, unveiled by Snowden, is still rife, and the issue of Internet user privacy has been put on the table again and again. And for privacy and network behavior security is listening to the insider, some people think that the SSL protocol encryption communication, so they will be safe. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0&quo ...

For any project, the start phase is critical for delivering secure applications. Proper security requirements can lead to proper security design. The following discusses eight major issues to consider when analyzing the security requirements for Web applications. 1. Authentication and password management: This is primarily a one-off activity and is done only as part of the project. Someone may ask some questions about authentication and password management: Password Policy: This is a very important issue because of avoiding dictionary attacks related to user credentials. Password hashing algorithm: Ensure that passwords are encrypted using the appropriate encryption algorithm ...

Traffic hijacking, this ancient attack has been quiet for some time, and recently began to uproar. Many well-known brands of routers have burst into existence security loopholes, leading to domestic media have reported. As long as the user did not change the default password, open a Web page or even posts, router configuration will be secretly modified. The internet became precarious overnight. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' style= ' width: ...

Recently, Kaspersky discovered a new malicious software neverquest for bank website. By implanting plug-in code on a bank website, Neverquest can attack about 100 banks if the user accesses a bank website on IE or Firefox. and using VNC or other methods, Neverquest can attack any bank in any country. It supports each of the methods used in online banking attacks: Web placement, remote system access, social engineering, and so on. The main function of neverquest is to use an additional thread installed on the system ...

0x01 ASP Introduction: ASP is a server-side scripting environment that you can use to create and run dynamic Web pages or Web applications. ASP Web pages can include HTML tags, plain text, script commands, and COM components. With ASP, you can add interactive content, such as online forms, to a Web page, or you can create a Web application that uses an HTML Web page as a user interface. 0x02 ASP Vulnerability Introduction: I. Database path disclosure (db path Leak) Overview: Number ...

The following article is mainly about the introduction of DDoS prevention, I saw the previous two days in the relevant website DDoS prevention profile information, feel very good, take out for everyone to share. The following is a detailed description of the main content of the article, hope that you will have a deeper understanding of it after browsing. 1. Ensure all servers adopt the latest system and make security patches. The Computer Emergency Response Coordination Center found that almost every DDoS-attacked system was not patched in time. 2. Ensure that all hosts are inspected by the administrator, not only for critical hosts. This is to ensure that the administrator knows each of the main ...