System Vulnerability

In 2014, March 22, the afternoon of the 18:18 points, Cloud vulnerability platform released data message that Ctrip system storage technology loopholes, may lead to user personal information and bank card information leaks. According to the survey of cloud platform, Ctrip opened the debugging function to the service interface for processing user's payment, so that some of the packets that were transmitted to the bank to verify the owner interface of the card were kept directly in the local server. The cloud report said that the leak of information included the user's name, ID number, bank card number, bank card category ...

Absrtact: April 28 a day ago Microsoft confirmed that all versions of IE browser a high-risk vulnerability, hackers can exploit the vulnerability of remote attacks on users ' computers, and then delete or steal the victim user data. Microsoft's official statement is fixing the vulnerability, but WinXP users can not get April 28 days ago Microsoft confirmed that all versions of IE browser a high-risk vulnerability, hackers can exploit the vulnerability of remote attacks on users ' computers, and then delete or steal the victim user data. Microsoft Official statement is fixing this vulnerability, but WinXP users can not get patch updates, continue to use ie6-ie ...

How to build corporate security? Enterprise security vulnerability notification engine. Today, most enterprises are using Vulnerability Scanning + Vulnerability Bulletin, which has the following two problems: 1. There is a problem of "long scan cycle, less timely update of scan library" in the case of missed scan, and there are numerous interference items in the scan report, Sweep reports about equal to "loopholes piling up information", may not really useful a few, and allow Party A operation and maintenance personnel to find useful information, it is unusually time-consuming. 2. Security vendor's vulnerability notice is "only notice, the specific impact of that server, operation and maintenance to find it." From the above two pain points, we ...

1. Kernel-Level Vulnerability Dirty COW Dirty Cow Vulnerability. The COW mechanism of the Linux kernel memory subsystem competes with memory writes, causing read-only memory pages to be tampered with. Impact: Linux kernel> = 2.6.22 Vulnerability Affected: Low privilege Users can write to this read-only memory page (including a file read-only to this user on a writable file system) and to root PoC Reference: https://github.com/dirtycow/di ...

Following Google and Facebook to launch the vulnerability Award program, domestic internet companies have also built their own vulnerability incentive platform to encourage security technology experts to identify and notify the Enterprise vulnerability information. 　　A researcher named Mil3s Beep has received a cash reward of more than 35,000 yuan since the 360 security vulnerability response platform was online. Previously, the so-called 0day vulnerabilities (which have never been made public or patched) usually only circulate in the underground "black market", being used by hackers for cybercrime and profiting from China. However, if the manufacturer to change the angle, its ...

As many manufacturers in the security industry slowly transform into managed security service providers, a specific application area has become the mainstream, namely, through cloud computing software, the vulnerability management of service delivery. At present, some vendors have also provided cloud-based vulnerability scanning and repair tools, these products quickly occupy market share. In this article, we'll start by exploring whether the use of cloud based vulnerability management Services is the right choice for your business, and then will provide some criteria to help you select a vendor, and finally a DIY approach for cloud computing scans. Software as a service, base ...

On December 18, "ninth China Disaster Recovery Industry High-level Forum", 360 and six companies won the National Information Security Vulnerability Library (CNNVD) Technical Support Unit Best Contribution Award. A large number of network leaks and information security incidents are closely related to the existence of vulnerabilities. To achieve vulnerability resource sharing, effectively reduce the risk of vulnerability, in 2013, China Information Security Assessment Center to set up a national Information Security Vulnerability Database (CNNVD) and 360, Venus Chen, NSFocus, Tiancheng letter, such as 14 security companies to reach technical support cooperation, and employ Shangeng, Zheng Wenbin, Zhao ...

Distributed vulnerability scanning system based on cloud technology Hong Yuxuan double Kailian with the rapid development of Internet, network security problems and computer crime also present more and more serious trend. According to statistics, most of the network security problems are caused by system or software vulnerabilities. Therefore, if you can detect and guard against potential vulnerabilities of the department or software on a regular basis, it will effectively reduce its security threat. This paper combines cloud computing technology with traditional vulnerability scanning technology and designs a set of distributed vulnerability scanning system, which can provide users with safety leak in the way of software application.

Beijing time May 2 early morning, the Microsoft Official website issued emergency Security Patch (Security bulletin: ms14-021), used to repair last week's exposure of the IE secret fox high-risk loopholes. This is the first time this year that Microsoft has broken the routine of regular patches for the second week of the month, and has even provided patches for XP systems that have stopped service support. As of press, 360 security guards have been the first time to push patches. Figure: Only 10% of the world's security software can be detected by the Internet Explorer secret Fox vulnerability attack sample IE secret Fox vulnerability is XP after the first major vulnerability, the impact of IE6-IE11 full version. Use this vulnerability to hang on a Web page ...

At the beginning of 2011, Jinshan Poison PA and 360 on "whether to disclose the user's privacy" just erupted a war of words, in this respect, 360 security expert Dr. Shi Xiaohong explained the technology of "cloud security", said, "360 did not disclose user privacy, but cloud security, cloud computing, the new technology system may put individual Login Vulnerability ' site leaked user privacy collection. If you want to fundamentally eliminate this situation, not only the safety manufacturers should pay attention to the proper handling of user information, Internet stations also need to actively repair the vulnerability. "Do not involve online banking, network payments and other accounts are currently 36 ...