The history of computer virus is the same as computer history. With more and more powerful computers, virus also are smarter and harder to be detected and killed. They have big impact on data security and system usability. We introduce 10 notorious computer virus in the history.1. CreeperIn 1971, the Creeper virus, an experimental self-replicating program, is written by Bob Thomas at BBN Technologies. Creeper infected DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the...

Secure communication has become a vital requirement on the Internet. Lots of information transferred through the Internet are sensitive data such as financial transactions, medical information, media streaming etc. To ensure security of data transferred on the Internet, a few secure protocols have been designed including SSL/TLS and IPsec. Many large websites in the world have adopted TLS. Apart from SSL/TLS, there is some other protocol designed to be used in special cases. One of them is the DTLS -- Datagram Transport Layer Security protocol.What is DTLSDTLS is a secure data transfer pr...

We need to build a password protected website frequently such as an internal website within the team, demo website. Here what we are talking about is password protection in Nginx server level instead of application level registration and login. We are going to use Nginx server configuration and htpasswd file to achieve password authentication.The final result looks like below(Different browsers may have different interfaces):If the authentication fails, it will report a HTTP error: 401 Authorization Required.To achieve this function, we need to modify server configuration and create the userna...

OAuth 2.0 is an authorization mechanism, it's ,mainly used for issuing access token. There are 4 ways to obtain access token as per RFC 6749.Authorization codeImplicitPasswordClient credentialsThe third party application must obtain a client id and client secret from the target service before obtaining access token no matter which method to use. This is to prevent token to be used maliciously.Authorization codeWith this method, the third party application must first get an authorization code and then use this authorization code to exchange the access token. This is the most commonly used metho...

Sometimes if you want to hide some important files on your computer which you don't want others to see, how would you do that? Find a professional tool? Set password for some folders? Change the file properties to hidden? They are possible, but they may not be so convenient or so secure. Here we share with you how to hide a file in a picture.Prerequisites1 picture for example : test.jpg1 test file, for example : test.txtWinRARStepsPrepare the picture test.jpg and test file test.txtUse WinRAR to compress test.txt to test.rarOpen command prompt : Start->Run->Type "cmd", then cd to the dire...

Spam comments are annoying and notorious. They are either malicious data from hackers to exploit the loopholes of the site or advertisements posted by robots. These kinds of comments have their own features and patterns, if we are careful enough, we can find ways to block most of them although it's not so easy.To block the comment with malicious executable codes such as JavaScript, we should remember one rule : never trust user input. So wherever there are user inputs, we need to check the validity of the data, we should escape the data inputted by users and remove unnecessary HTML tags from t...

Just after a few weeks since Apple's famous goto fail bug, there is one bug in OpenSSL which catches the attention from the world again. The bug is named HeartBleed, found in OpenSSL library, a famous open source library supporting lots of  SSL/TLS communication among server/client applications.The reason why this bug catches the attentions from the world is it affects almost all sites which are using the affected OpenSSL library, these includes many applications like Nginx server, some versions of Linux and many famous websites including Yahoo, Amazon. Private keys on the web server may ...

The first compiler malware in iOS was disclosed by Chinese iOS developers on Wednesday(Beijing time). The name of this malware is XcodeGhost as described by Alibaba researchers who released the analysis of this malware. The malicious code is located in a Mach-O object file that was repackaged into some versions of Xcode installers. These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers. Xcode is Apple’s official tool for developing iOS or OS X apps and it is clear that some Chinese developers have downloaded ...