Server Vulnerability

In 2014, March 22, the afternoon of the 18:18 points, Cloud vulnerability platform released data message that Ctrip system storage technology loopholes, may lead to user personal information and bank card information leaks. According to the survey of cloud platform, Ctrip opened the debugging function to the service interface for processing user's payment, so that some of the packets that were transmitted to the bank to verify the owner interface of the card were kept directly in the local server. The cloud report said that the leak of information included the user's name, ID number, bank card number, bank card category ...

How to build corporate security? Enterprise security vulnerability notification engine. Today, most enterprises are using Vulnerability Scanning + Vulnerability Bulletin, which has the following two problems: 1. There is a problem of "long scan cycle, less timely update of scan library" in the case of missed scan, and there are numerous interference items in the scan report, Sweep reports about equal to "loopholes piling up information", may not really useful a few, and allow Party A operation and maintenance personnel to find useful information, it is unusually time-consuming. 2. Security vendor's vulnerability notice is "only notice, the specific impact of that server, operation and maintenance to find it." From the above two pain points, we ...

1. Kernel-Level Vulnerability Dirty COW Dirty Cow Vulnerability. The COW mechanism of the Linux kernel memory subsystem competes with memory writes, causing read-only memory pages to be tampered with. Impact: Linux kernel> = 2.6.22 Vulnerability Affected: Low privilege Users can write to this read-only memory page (including a file read-only to this user on a writable file system) and to root PoC Reference: https://github.com/dirtycow/di ...

Security experts recently warned administrators using Microsoft Internet Information Services IIS 6 that Web servers are vulnerable to attacks and expose password-protected files and folders. It is reported that this vulnerability exists in some process commands based on WebDAV protocol. By adding some Unicode characters to the Web address, hackers can access these sensitive files, which are generally protected by a system password. In addition, the vulnerability can be used to upload malicious files to the server. Nikolaos Rangos safety researcher said, "W ...

The days when XP announced a formal cessation of service were also the days when Openssl burst into big holes. All afternoon we are in a state of emergency, the spirit of tension, this vulnerability affects the 30–50% ratio of the use of HTTPS sites, including the regular visits: Alipay, micro-letter, Taobao, internet banking, social, portal and other well-known sites. As long as the site to visit HTTPS is likely to have the risk of sniffing data, around 5 o'clock in the afternoon Zoomeye completed this data scanning: National 443 ports: 1601250, 33 ...

This article describes the benefits of using remote vulnerability scanning services in the cloud. This service can be loaded by any system from anywhere, as if a remote entity managed by a third party. The Open Source Vulnerability analysis tool can help open, comprehensive review of cloud security. Vulnerability analysis is only part of ensuring server security. 　　 　　Clearly, it is a big step in the right direction to precisely define a vulnerability assessment policy. 1, the introduction of any security policy, vulnerability assessment is a very important aspect. Now, for the internet ...

At the beginning of 2011, Jinshan Poison PA and 360 on "whether to disclose the user's privacy" just erupted a war of words, in this respect, 360 security expert Dr. Shi Xiaohong explained the technology of "cloud security", said, "360 did not disclose user privacy, but cloud security, cloud computing, the new technology system may put individual Login Vulnerability ' site leaked user privacy collection. If you want to fundamentally eliminate this situation, not only the safety manufacturers should pay attention to the proper handling of user information, Internet stations also need to actively repair the vulnerability. "Do not involve online banking, network payments and other accounts are currently 36 ...

At the beginning of 2011, Jinshan Poison PA and 360 on "whether to disclose the user's privacy" just erupted a war of words, in this respect, 360 security expert Dr. Shi Xiaohong explained the technology of "cloud security", said, "360 did not disclose user privacy, but cloud security, cloud computing, the new technology system may put individual Login Vulnerability ' site leaked user privacy collection. If you want to fundamentally eliminate this situation, not only the safety manufacturers should pay attention to the proper handling of user information, Internet stations also need to actively repair the vulnerability. "Does not involve on-line bank, the network payment and so on account number 360 Ann ...

The Open Source Vulnerability analysis tool can help open, comprehensive review of cloud security. Vulnerability analysis is only part of ensuring server security. 　　Clearly, it is a big step in the right direction to precisely define a vulnerability assessment policy. 1, the introduction of any security policy, vulnerability assessment is a very important aspect. 　　Now, attacks on Internet hosts are increasingly driven by interest, so they are more cunning and more widely distributed. It seems difficult to protect all the Web servers, but most of the attacks launched by hackers can be avoided.

Absrtact: December 29 News, in 12306 Web site database leaks, the site added a patch-day vulnerability response platform, and the director of the Chinese Academy of Railway Science, the single highest reward 2000 yuan, called on users to find loopholes. As of press, there have been more than 20 netizens submitted December 29 news, in 12306 Web site database leakage, the site added to the Patch-day vulnerability response platform, and the Director of China Railway Science Research Institute, a single maximum reward of 2000 yuan, called netizens to find loopholes. As of press, there have been more than 20 netizens submitted the vulnerability report, according to the discovery leakage ...