分类:信息安全
跳转到导航
跳转到搜索
关于信息安全,加密/解密等。
知识
- 数字签名是什么? - 阮一峰的网络日志
- 你会做Web上的用户登录功能吗? | 酷壳 - CoolShell.cn
- 关于密码——你们不知道的很多事情 | shell's home
- 密码管理规范 | shell's home
- 支付宝的一项设计问题 | shell's home
- Crypto Fails — Crypto Noobs #2: Side Channel Attacks
- 936: Password Strength - explain xkcd
- GNU/Linux安全基线与加固
- Myths about /dev/urandom
- 用奧卡姆剃刀修剪「信任鏈」 | Tyrant's Blog已失效,存档
- Duplicate Signature Key Selection Attack in Let's Encrypt
- Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision
- Padding oracles and the decline of CBC-mode cipher suites
- Glenn Greenwald: Why privacy matters | TED Talk
- 安全协议的设计 // Shell's Home
- 密码策略建议 - Microsoft 365 admin | Microsoft Docs
- 网络数字身份认证术 | 酷 壳 - CoolShell
- Understanding the prevalence of web traffic interception: (经常用于安全目的的)「中间人」设备不安全
- PINs for Cryptography with Hardware Secure Elements
加密算法
- RSA算法原理(一) - 阮一峰的网络日志
- Matrix67: My Blog » Blog Archive » 跨越千年的RSA算法,从数论开始讲起
- RSA 算法是如何诞生的 | 考据癖
- A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
网页安全
- 如何阻止iframe里引用的网页自动跳转 | 沙湖王已失效,存档(未证实)
- Coding Horror: We Done Been ... Framed!,关于网页 frame 的攻防
- Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites(PDF)
- 使用 X-Frame-Options 头来防止被 frame
- Flash+Upload Csrf 攻击技术 - 知道创宇
- Subresource Integrity - GitHub Engineering
- Subresource Integrity 介绍 | JerryQu 的小站
- Do not let your CDN betray you: Use Subresource Integrity ✩ Mozilla Hacks – the Web developer blog
- 考虑开启SRI防止七牛CDN HTTPS劫持 | Soul Of Free Loop
- Debunking Myths in Securing Websites
软件
- Open source anti-theft solution for Mac, PCs & Phones – Prey
- Pass: The Standard Unix Password Manager
- Linux Crypto Archives - Arabesque
- chokepoint/CryptHook: symmetric encryption tunnel wrapper, using LD_PRELOAD technique.
- Elettra - plausible deniable file cryptography, for Windows/Linux/MacOSX
- USTC-blog / ngx_lua_waf | GitLab
- Elettra - plausible deniable file cryptography, for Windows/Linux/MacOSX
- fire-keeper/BlindWatermark: 使用盲水印保护创作者的知识产权using invisible watermark to protect creator's intellectual property
- 通过 USB 保护电脑数据的物理安全
在线工具
反垃圾信息
事件
- 棱镜系统是怎么工作的?-月光博客
- How I Hacked Hacker News (with arc security advisory) | Hacker News
- CVE-2014-0160 - OpenSSL 安全漏洞的非技術事件 | Ant's ATField(openssl heartbleed)
- Inside Shellshock: How hackers are using it to exploit systems(bash shellshock)
- Shellshock, David A. Wheeler. This paper covers the basics of the Shellshock bash vulnerability, a discussion on ways to detect or prevent future Shellshock-like vulnerabilities, a timeline of what happened when, and some information about the specific CVEs (vulnerability identifiers). It ends with a few conclusions.
- [1] SSLv3 Poodle
- XcodeGhost
- 沃通(WoSign)证书问题
- The story of how WoSign gave me an SSL certificate for GitHub.com | Schrauger.com
- WoSign Incidents Report (September 4th 2016)(WoSign 官方报告,包含大量拼写和语法错误)
- Solidot | 沃通被指秘密收购了StartCom,CEO发出威胁
- CA:WoSign Issues - MozillaWiki
- 老流氓 CNNIC 的接班人——聊聊“沃通/WoSign”的那些破事儿 @ 编程随想的博客
- 每日安全资讯:国内CA机构沃通错误颁发GitHub域名SSL证书_新浪看点_手机新浪网
- 关于 WoSign 收购 StartCom 及其英文水平
- 代码不小心泄漏了怎么办? | shell's blog
隐私安全
中国大陆手机号
其它
- XSS測試語法大全 - 網路攻防戰
- ZoomEye.org关于D-Link后门的统计分析报告 - 知道创宇
- 腾讯安全应急响应中心: 链路劫持攻击一二三
- An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied
- Abusing Internet Explorer 8's XSS Filters
- So I lost my OpenBSD FDE password
- 建立个人信息安全模型 · BlahGeek's Blog
- Touch-to-operate password-store with YubiKey 4
- 如何防止查水表 – Telegraph
- Hostnames and usernames to reserve - Geoffrey Thomas (geofft)