XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input.Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injection vulnerabilities can not be fixed by the two functions above, and sometimes we are not allowed to r...

Recently, the China's largest Chinese IT community website named CSDN leaked its user's account information. Later today CSDN made an announcements to its users on their website. The announcement said that some user account information was leaked and the passwords of the accounts were stored as plain text in their database before 2009, and after 2009, they adopted an encryption algorithm to encrypt user password. They urged all users who registered the account before 2009 to change their password immediately. After reading this news, I was shocked. How come an IT website stores passwords in pl...

Cheating has been around as long as gambling itself, which is surely since the dawn on of time. Cheating in casinos, both land based and online, can prove a huge problem, not only for those playing against the cheater, but for the individual casino operators, as well as the industry in its entirety. Preventing cheating makes casino play fairer for all involved, both operators and their clients.Fortunately, in today's day and age, we have excellent, highly developed technology that can assist casino operators in pinpointing, profiling and ultimately catching the cheaters amongst their clientele...

Most websites need user login in order to provide personalized content to visitors. The usual way is to request user to register an user account.Actually, this is not so appealing since if we need to remember one password for each website, it's troublesome, while for developers, it's their responsibility to protect password, once password is leaked, then it's a big headache to a website's business and reputation.So long time ago people started thinking about password-less login, this is a big release for both users and websites. We discuss some common ways of password-less login.1. OpenIDOpenI...

Facebook, Zynga, and other hot companies use Interview Street to recruit programmers. Interview Street posts programming challenges and invites contenders to solve as many as they can.According to their message board, nine of Interview Street's top ten hackers are all from China. One is from an unknown country.A hacker called ralekseenkov, who is ranked number 11, is from the United States.What does that say about the talent crunch here?Read more: http://www.businessinsider.com/hackers-the-best-all-come-from-one-country-2012-4#ixzz1rkl1LN9B...

Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw.Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.If this vulnerability is exploited by the attackers, the session cookies from ...

According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today.There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries or frameworks. The HeartBleed issue happens in OpenSSL and the ShellShcok issue happens in bash shel...

Facebook, Twitter and YouTube have become part of many people's daily network life. People hang around these sites to network with known and unknown friends, to know about the latest news and to relax with fancy video clips. But what will you feel if all of a sudden you cannot access them? Want to experience this? Go behind the GFW(Great Firewall) of China. Just a joke, but it's real.Huh, you are out of China? Don't worry. Change your DNS server to those located in China. I just experienced it, although it's not planned and unpleasant one.I am not sure what happens at the beginning, all of a s...