345449.vhj5l3oj7.asia

password.txt

2024-06-05T14:03:31Z

Make sure all your passwords are 12 characters or more, Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. - http://www.codinghorror.com/blog/2012/04/speed-hashing.html

Password is only worked for one time - http://www.mobileread.com/forums/showthread.php?threadid=6462

crack captcha - http://sam.zoy.org/pwntcha/

Java password mask - http://java.sun.com[..]er/technicalArticles/Security/pwordmask/

OpenID resource - http://openid.net/ http://www.arachna.com[..]ge/spidaman/20070225#the_openid_snowball http://developers.sun.com/identity/ http://www.theserverside.com[..]_id=46569&asrc=EM_NLN_2030603&uid=703565

OpenID explain - http://ravichodavarapu.blogspot.com/2007/06/what-is-openid.html

A technique that crack winxp password at 3 min - http://www.infoq.com/news/2007/09/rainbowtables

Using image as password - http://dsc.discovery.com/news/briefs/20060306/password_tec.html

The other interesting idea, Evolving Password - http://www.docuverse.com[..]uid=79730e53-1d30-47ae-98e8-abb55201429b

Passphrase Evangelism - http://www.codinghorror.com/blog/archives/000360.html

Rainbow Hash Cracking - http://www.codinghorror.com/blog/archives/000949.html , add salt (token) to prevent it - http://blog.cfelde.com/2011/04/hashing-passwords/

How to make password harder to be guessed, but I guess there should be simple way to guess "this is fun", other than take 2537 years? - http://www.baekdal.com/tips/password-security-usability

Discussion about if some old suggested rules about still valid or not - http://queue.acm.org/detail.cfm?id=2422416&ref=fullrss

Using quantum for password? - https://www.inside.com.tw/2017/03/01/quantum-key-distribution

Salted Password Hashing - Doing it Right - https://crackstation.net/hashing-security.htm http://www.infoq.com[..]w-to-encrypt-the-user-password-correctly

It sound like outsource is better - https://blog.plan99.net/building-account-systems-f790bf5fdbe0

Hash explained - https://dev.to[..]-passwords-in-your-next-application-4e2f

What is post-quantum encryption? Everything to know about the high-tech security feature adopted by Apple, Meta, and Zoom - https://www.fastcompany.com[..]tion-what-is-apple-meta-zoom-signal-hdnl

fundamental.txt

2024-04-30T12:48:10Z

Introduction to Cryptography Basic Principles - http://www.thegeekstuff.com/2012/07/cryptography-basics/

http://www.thegeekstuff.com[..]01/diffie-hellman-key-exchange-algorithm

http://meri-stuff.blogspot.hk[..]tography-theory-1-meaning-of-secure.html

getting-a-list-of-available-cryptographic-algorithms - http://invariantproperties.com[..]t-of-available-cryptographic-algorithms/

Differential privacy - http://www.infoq.com/cn/articles/differential-privacy-intro https://www.infoq.com/articles/differential-privacy-intro

The crazy mathematical concept that underlies all your online security: zero knowledge proofs - https://www.zmescience.com[..]r-online-security-zero-knowledge-proofs/

vpn.txt

2023-10-23T12:55:06Z

How VPNs really work - https://medium.com/@hnasr/how-vpns-really-work-a5da843d0eb3

TLS.txt

2023-05-04T12:09:46Z

A list of diagrams to show how TLS work

Understanding TLS protocol -- handshaking kickoff - http://blogs.sun.com/xuelei/entry/understanding_tls_protocol_1
Understanding TLS protocol -- connection states - http://blogs.sun.com[..]rstanding_tls_protocol_connection_states
Understanding TLS protocol -- handshaking renew - http://blogs.sun.com[..]rstanding_tls_protocol_handshaking_renew
Understanding TLS protocol -- handshaking resume - http://blogs.sun.com[..]standing_tls_protocol_handshaking_resume

Another reading, about the handshaking for HTTP protocol - http://www.moserware.com[..]/06/first-few-milliseconds-of-https.html

How to get HTTPs working - https://medium.freecodecamp.org[..]nt-environment-in-5-minutes-7af615770eec

The TLS Handshake Explained - https://auth0.com/blog/the-tls-handshake-explained/

programming.txt

2022-06-08T02:06:23Z

https://simpleprogrammer.com/security-code-secure-devops/

https://bitbucket.org/blog/best-practices-for-java-security

Conducting SAST (static application security testing) for Java Applications - https://itnext.io[..]-sast-for-java-applications-5b0ac381cb4a

How to do password hashing in Java applications the right way! - https://foojay.io[..]shing-in-java-applications-the-right-way

code.txt

2022-04-30T13:41:20Z

Learn Morse Code for Fun and Profit - https://www.bigmessowires.com[..]/27/learn-morse-code-for-fun-and-profit/

crack.txt

2021-12-24T12:26:06Z

How to use basic UNIX tool to steal other facebook identity - http://blog.mostof.it/how-to-steal-a-facebook-identity/

More on BGP Attacks - http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html

Discussion of crack protection - http://discuss.joelonsoftware.com/default.asp?design.4.579670 http://www.focusoncode.com/exe-packers-crypters-and-compressors/ , introduce tools - http://www.pelock.com/

Ten Immutable Laws of Security
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea

http://www.microsoft.com[..]s/security/essays/10imlaws.mspx?mfr=true

An example of buffer overflow attack - http://www.thegeekstuff.com/2013/06/buffer-overflow/

hack yourself! - https://blog.codinghorror.com/hacker-hack-thyself/

How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit - https://blog.polybdenum.com[..]-anatomy-of-a-java-bytecode-exploit.html

Log4j MEGATHREAD - https://www.reddit.com/r/java/comments/rhywh5/log4j_megathread/

How to Find Dangerous Log4j Libraries - https://thenewstack.io/how-to-find-dangerous-log4j-libraries/

sms.txt

2020-09-26T15:54:02Z

Security Analysis of SMS as a Second Factor of Authentication - https://queue.acm.org/detail.cfm?ref=rss&id=3425909

Web related issue.txt

2020-05-12T14:55:52Z

AJAX cross site scripting issue - http://getahead.org[..]s_not_as_safe_as_people_think_it_is.html

Explain XSS - http://www.codinghorror.com/blog/archives/001175.html

So easy to hack in wifi - http://www.codinghorror.com[..]010/11/breaking-the-webs-cookie-jar.html

Top 10 web application security issues - http://keyholesoftware.com[..]11/top-application-security-risks-owasp/

We should show less system level detail at error page - http://www.ibm.com[..]ava/library/se-banner/index.html?ca=drs-

Story of getting hack with php server - http://www.bigmessowires.com/2015/07/13/web-site-hacked/

Basic - http://martinfowler.com/articles/web-security-basics.html

How ransomware work - https://consolia-comic.com/comics/ransomware

https://hackernoon.com/how-do-you-authenticate-mate-f2b70904cc3a

https://hacks.mozilla.org[..]18/05/a-cartoon-intro-to-dns-over-https/

Vimattack: How to get someone's database credentials while they are editing config files on a live server - https://webdevetc.com[..]re-editing-config-files-on-a-live-server

tools.txt

2017-07-18T16:22:53Z

The NSA has open-sourced dozens of security tools
- https://medium.freecodecamp.org[..]ced-dozens-of-security-tools-7af99cfe422

firewall.txt

2012-12-23T09:30:52Z

Explanation about the Great Firewall - http://queue.acm.org/detail.cfm?id=2405036&ref=fullrss

system.txt

2012-06-30T16:07:02Z

Anatomy of a Stack Smashing Attach and How GCC Prevents It - http://www.drdobbs.com[..]cleId=240001832&siteSectionName=security

ssh.txt

2012-04-01T14:17:08Z

http://www.javacodegeeks.com/2012/03/ssh-tunneling-explained.html

reference.txt

2012-03-01T14:41:18Z

How to make encrytion really safe - http://www.javacodegeeks.com[..]roduction-to-strong-cryptography-p1.html

Review and summary of "19 Deadly Sins of Software Security" - http://www.codinghorror.com/blog/archives/000841.html

Dumb idea of security and recommend fix - http://www.ranum.com/security/computer_security/editorials/dumb/ ... interesting to read but not much real impact

Top 25 coding issue about security - http://www.sans.org/top25errors/

http://java.sun.com/security/seccodeguide.html

phpfog.txt

2011-04-05T16:25:55Z

The story about phpfrog.com getting hacked - http://blog.phpfog.com[..]gers-and-why-it-will-never-happen-again/

wifi.txt

2007-12-06T15:33:35Z

TJX lost customer data due to haven't update wifi code - http://www.google.com[..].com/article/07/01/17/HNtjxbreach_1.html

config file.txt

2007-11-28T05:35:27Z

Encrypting configuration, probably a good idea - http://www.jasypt.org/encrypting-configuration.html

credit card related.txt

2006-11-13T08:43:04Z

Some complaint about credit card handling - http://thedailywtf.com/forums/thread/101060.aspx

losting notebook.txt

2006-06-20T06:44:56Z

Cases like that happen again and again and again... We really need to educate user about security: http://www.dailytech.com/article.aspx?newsid=2914

HK police information leakage.txt

2006-05-07T11:57:54Z

Look like most Government don't handle data security well. Recently HK police information leakage case is one of great example:

http://www.thestandard.com.hk[..]35&sid=7287851&con_type=1&d_str=20060330
http://www.google.com[..]ge+case&sourceid=opera&ie=utf-8&oe=utf-8

However, this is not only HK problem some other countries facing similar problem also: http://thedailywtf.com/forums/65974/ShowPost.aspx http://thedailywtf.com/forums/71199/ShowPost.aspx

For HK case, look like it just some idiots in Government given out real data for testing, of course the IT service provider should also check the data and keep the data secure even for test data.

But for later case, it is more trick, it turn out Googlebot is too clear to bypass the security trick which call GET HTTP command to delete link everyday. Remember, all client side security is not safe.

http.txt

2006-04-05T07:46:05Z

An article show how to test various security bug of website using HTTP header manipulation tool. However, look like using a HTTP client is more easy and scriptable?

http://www.onlamp.com/lpt/a/6268