Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

SEARCH KEYWORD -- Web security



  How does CSDN dare to use plain text as password?


Recently, the China's largest Chinese IT community website named CSDN leaked its user's account information. Later today CSDN made an announcements to its users on their website. The announcement said that some user account information was leaked and the passwords of the accounts were stored as plain text in their database before 2009, and after 2009, they adopted an encryption algorithm to encrypt user password. They urged all users who registered the account before 2009 to change their passwor...

   Security,Information leak,CSDN,Plain text     2011-12-22 09:10:01


  Severe SSL 3.0 vulnerability to be released


According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today. There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries...

   SSL,Security vulnerability, The Register     2014-10-14 22:22:39


  8 very useful and free web security testing tools


With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...

   Website, security,Web security,Attack     2012-07-22 10:59:09


  Turn on SecurityManager in Java


SecurityManager in Java is to check whether the application codes can access some restricted resource such as file, socket etc. This can be used in applications which have high security requirements. With this feature turned on, our system resources can be secured with only permitted operations. When JVM starts, it will first check whether the SecurityManager is on by checking the system property java.security.manager, if it's on, then an instance of SecurityManager will be created and it can be...

   SecurityManager,enable,program     2013-12-16 05:03:53


  Building Security onto Your Mobile Application


Analysts state that more than 75% of the mobile applications will fail the basic security tests in 2015 – Gartner Research. Enterprises that follow the Bring Your Own Device (BYOD) approach and facilitate mobile computing to their employees are susceptible to security threats and other vulnerabilities, unless they implement stringent security measures. In the development or deployment of mobile applications, a business can be severely impacted both financially and otherwise, if they are to...

   Web Application Development Company, iPhone App Development Company     2015-08-21 07:22:32


  Oracle released an urgent Java patch


On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...

   JAVA,SECURITY,ORACLE,NEWS     2016-03-25 08:39:59


  25 worst passwords in 2012


Weak password is a serious security vulnerability, but the majority of network users still use some universal simple character sequences as the password. SplashData recently announced the world's worst password list in 2012.  "password","123456" and "12345678" are still at top places, while others have varying,  some new passwords like  "welcome" "Jesus" "ninja","mustang"and "password1 "are in the list. With the risk of password loss, SplashData CEO Morgan Slain said we hoped netw...

   Password,Security     2012-10-25 12:04:49


  Different types of keystore in Java -- PKCS11


PKCS11 keystore is designed for hardware storage modules(HSM). It's an interface to talk to the HSMs. It doesn't actually store any keys but provide a set of classes to communicate with the underlying HSM. The actual keys and certificates are stored on the HSMs. The reason for storing the keys and materials is to ensure security and efficiency. Since the keys are on the HSMs, they are safe to be stolen. All encryption/decryption operations are performed on the HSMs as well, this increase the...

   PKCS11,keystore,HSM,Java     2015-01-08 00:39:12


  30 minutes to fix Java vulnerability


On September 25, Adam Gowdiak from the Polish security consulting firm Security Explorations submitted a Java security vulnerability to Oracle and provided a proof-of-concept. The vulnerability exists in Java 5 6,7, once the user accesses hosted malware site, an attacker can remotely control the infected machine.Gowdiak later got in touch again with Oracle and got the response that the fix has reached the final stage. He can expect the patch in four months later. He eventually unbearable Oracle'...

   Java, Vulnerability,Fix     2012-10-29 11:53:43


  Windows Security Improvements


Traenk is still upset by his recent dive into Windows security.  So much more was promised when the merger of Windows 9x and NT lines was announced, so long ago. I honestly expected better.Long ago, Microsoft announced that it would merge the then NT and Windows 9x lines of products.  Wow!  That means a file access control system, logging, different accounts and filespaces for accounts!  Finally!  We would have a secure version of Windows for our homes!And we do hav...

   Windows,Security,Improvement,Windows NT     2011-09-02 11:54:50