How to ensure the security of open source projects is a concern for many open source users including individual users and companies. But it's not an easy task to ensure the security of open source projects.Because everyone can see the source code, there is much higher possibility that a bug may be found by someone. Once a bug is disclosed, people may exploit it and do evil things, this may cause loss of money either for individuals or companies, some of the bugs may even have big impact to the whole industry. For example, the recent HeartBleed bug in OpenSSL.Also since many of the open source ...

The history of computer virus is the same as computer history. With more and more powerful computers, virus also are smarter and harder to be detected and killed. They have big impact on data security and system usability. We introduce 10 notorious computer virus in the history.1. CreeperIn 1971, the Creeper virus, an experimental self-replicating program, is written by Bob Thomas at BBN Technologies. Creeper infected DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the...

Remote form submission is way of submitting HTML forms from local to a particular remote server. This is used by many advertisers, spammers or even hackers to submit bad data to other websites in order to get what they want. They can write some automation scripts to help them do spamming.How can people do remote form submission and how to prevent this kind of attacks?Since a website can be accessed by almost every one, so one can save a local copy of a HTML form of a website through File->Save as on the browser. Then they only need to modify the action attribute of the form, instead of the ...

1. What is cross domain?We may often using AJAX to request data from other domain, now we will have cross domain request issues. It's because JavaScript only allows to request data from the same domain because of security consideration. In short, same domain strategy means a piece of code can read data from the same source, the same source here means the combination of the same domain, protocol and port number.For example:URLDescriptionAllow communication?http://www.a.com/a.js http://www.a.com/b.jsSame domainYeshttp://www.a.com/lab/a.js http://www.a.com/script/b.jsSame domain differe...

Weak password is a serious security vulnerability, but the majority of network users still use some universal simple character sequences as the password.SplashData recently announced the world's worst password list in 2012.  "password","123456" and "12345678" are still at top places, while others have varying,  some new passwords like  "welcome" "Jesus" "ninja","mustang"and "password1 "are in the list.With the risk of password loss, SplashData CEO Morgan Slain said we hoped network users should be more careful about ourselves network status, be more conscious about password secu...

Now almost every website requires the user to register, there are many benefits of registration for a website, such as retaining users, accommodating discussions, providing customized content and so on.But there is too much trouble if each site requires registration, right?Of course, users can also have their own way, for those less important sites, for example, using a unified user name, password and email so that you only need to remember one account. Then, we also see some advanced methods emerging, such as Facebook Connect, Twitter login, Google OAuth, etc., this indeed eliminates some tro...

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input.Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injection vulnerabilities can not be fixed by the two functions above, and sometimes we are not allowed to r...

A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion trillion. In reality the usable space is substantially less; you can start seeing significant collisions once you've filled half the space, but half of an impossibly large number is still impossibly large.Back in 2005, I wondered about the difference between a checksum and a hash. You can think of a checksum as a person's full name: Eubediah Q. Horsefeathers. It's a shortcut ...