carfield.com.hk Web related issue.txt 2018-06-03T15:57:52Z 2018-06-03T15:57:52Z <br/>AJAX cross site scripting issue - <a href="http://getahead.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html">http://getahead.org[..]s_not_as_safe_as_people_think_it_is.html</a> <br/><br/>Explain XSS - <a href="http://www.codinghorror.com/blog/archives/001175.html">http://www.codinghorror.com/blog/archives/001175.html</a> <br/><br/>So easy to hack in wifi - <a href="http://www.codinghorror.com/blog/2010/11/breaking-the-webs-cookie-jar.html">http://www.codinghorror.com[..]010/11/breaking-the-webs-cookie-jar.html</a> <br/><br/>Top 10 web application security issues - <a href="http://keyholesoftware.com/2013/11/11/top-application-security-risks-owasp/">http://keyholesoftware.com[..]11/top-application-security-risks-owasp/</a> <br/><br/>We should show less system level detail at error page - <a href="http://www.ibm.com/developerworks/java/library/se-banner/index.html?ca=drs-">http://www.ibm.com[..]ava/library/se-banner/index.html?ca=drs-</a> <br/><br/>Story of getting hack with php server - <a href="http://www.bigmessowires.com/2015/07/13/web-site-hacked/">http://www.bigmessowires.com/2015/07/13/web-site-hacked/</a> <br/><br/>Basic - <a href="http://martinfowler.com/articles/web-security-basics.html">http://martinfowler.com/articles/web-security-basics.html</a> <br/><br/>How ransomware work - <a href="https://consolia-comic.com/comics/ransomware">https://consolia-comic.com/comics/ransomware</a> <br/><br/><a href="https://hackernoon.com/how-do-you-authenticate-mate-f2b70904cc3a">https://hackernoon.com/how-do-you-authenticate-mate-f2b70904cc3a</a> <br/><br/><a href="https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/">https://hacks.mozilla.org[..]18/05/a-cartoon-intro-to-dns-over-https/</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2018-06-03T15:57:52Z programming.txt 2018-03-12T04:09:22Z 2018-03-12T04:09:22Z <br/><a href="https://simpleprogrammer.com/security-code-secure-devops/">https://simpleprogrammer.com/security-code-secure-devops/</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2018-03-12T04:09:22Z TLS.txt 2018-01-27T02:29:51Z 2018-01-27T02:29:51Z <br/>A list of diagrams to show how TLS work<br/><br/>Understanding TLS protocol -- handshaking kickoff - <a href="http://blogs.sun.com/xuelei/entry/understanding_tls_protocol_1">http://blogs.sun.com/xuelei/entry/understanding_tls_protocol_1</a> <br/>Understanding TLS protocol -- connection states - <a href="http://blogs.sun.com/xuelei/entry/understanding_tls_protocol_connection_states">http://blogs.sun.com[..]rstanding_tls_protocol_connection_states</a> <br/>Understanding TLS protocol -- handshaking renew - <a href="http://blogs.sun.com/xuelei/entry/understanding_tls_protocol_handshaking_renew">http://blogs.sun.com[..]rstanding_tls_protocol_handshaking_renew</a> <br/>Understanding TLS protocol -- handshaking resume - <a href="http://blogs.sun.com/xuelei/entry/understanding_tls_protocol_handshaking_resume">http://blogs.sun.com[..]standing_tls_protocol_handshaking_resume</a> <br/><br/>Another reading, about the handshaking for HTTP protocol - <a href="http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html">http://www.moserware.com[..]/06/first-few-milliseconds-of-https.html</a> <br/><br/>How to get HTTPs working - <a href="https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec">https://medium.freecodecamp.org[..]nt-environment-in-5-minutes-7af615770eec</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2018-01-27T02:29:51Z crack.txt 2017-08-08T01:54:14Z 2017-08-08T01:54:14Z <br/>How to use basic UNIX tool to steal other facebook identity - <a href="http://blog.mostof.it/how-to-steal-a-facebook-identity/">http://blog.mostof.it/how-to-steal-a-facebook-identity/</a> <br/><br/>More on BGP Attacks - <a href="http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html">http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html</a> <br/><br/>Discussion of crack protection - <a href="http://discuss.joelonsoftware.com/default.asp?design.4.579670">http://discuss.joelonsoftware.com/default.asp?design.4.579670</a> <a href="http://www.focusoncode.com/exe-packers-crypters-and-compressors/">http://www.focusoncode.com/exe-packers-crypters-and-compressors/</a> , introduce tools - <a href="http://www.pelock.com/">http://www.pelock.com/</a> <br/><br/>Ten Immutable Laws of Security<br/>Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore<br/>Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore<br/>Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore<br/>Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more<br/>Law #5: Weak passwords trump strong security<br/>Law #6: A computer is only as secure as the administrator is trustworthy<br/>Law #7: Encrypted data is only as secure as the decryption key<br/>Law #8: An out of date virus scanner is only marginally better than no virus scanner at all<br/>Law #9: Absolute anonymity isn't practical, in real life or on the Web<br/>Law #10: Technology is not a panacea<br/><br/><a href="http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true">http://www.microsoft.com[..]s/security/essays/10imlaws.mspx?mfr=true</a> <br/><br/>An example of buffer overflow attack - <a href="http://www.thegeekstuff.com/2013/06/buffer-overflow/">http://www.thegeekstuff.com/2013/06/buffer-overflow/</a> <br/><br/>hack yourself! - <a href="https://blog.codinghorror.com/hacker-hack-thyself/">https://blog.codinghorror.com/hacker-hack-thyself/</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2017-08-08T01:54:14Z password.txt 2017-07-31T05:57:56Z 2017-07-31T05:57:56Z <br/>Make sure all your passwords are 12 characters or more, Use bcrypt or PBKDF2 exclusively to hash anything you need to be secure. - <a href="http://www.codinghorror.com/blog/2012/04/speed-hashing.html">http://www.codinghorror.com/blog/2012/04/speed-hashing.html</a> <br/><br/>Password is only worked for one time - <a href="http://www.mobileread.com/forums/showthread.php?threadid=6462">http://www.mobileread.com/forums/showthread.php?threadid=6462</a> <br/><br/>crack captcha - <a href="http://sam.zoy.org/pwntcha/">http://sam.zoy.org/pwntcha/</a> <br/><br/>Java password mask - <a href="http://java.sun.com/developer/technicalArticles/Security/pwordmask/">http://java.sun.com[..]er/technicalArticles/Security/pwordmask/</a> <br/><br/>OpenID resource - <a href="http://openid.net/">http://openid.net/</a> <a href="http://www.arachna.com/roller/page/spidaman/20070225#the_openid_snowball">http://www.arachna.com[..]ge/spidaman/20070225#the_openid_snowball</a> <a href="http://developers.sun.com/identity/">http://developers.sun.com/identity/</a> <a href="http://www.theserverside.com/news/thread.tss?thread_id=46569&asrc=EM_NLN_2030603&uid=703565">http://www.theserverside.com[..]_id=46569&asrc=EM_NLN_2030603&uid=703565</a> <br/><br/>OpenID explain - <a href="http://ravichodavarapu.blogspot.com/2007/06/what-is-openid.html">http://ravichodavarapu.blogspot.com/2007/06/what-is-openid.html</a> <br/><br/>A technique that crack winxp password at 3 min - <a href="http://www.infoq.com/news/2007/09/rainbowtables">http://www.infoq.com/news/2007/09/rainbowtables</a> <br/><br/>Using image as password - <a href="http://dsc.discovery.com/news/briefs/20060306/password_tec.html">http://dsc.discovery.com/news/briefs/20060306/password_tec.html</a> <br/><br/>The other interesting idea, Evolving Password - <a href="http://www.docuverse.com/blog/donpark/EntryViewPage.aspx?guid=79730e53-1d30-47ae-98e8-abb55201429b">http://www.docuverse.com[..]uid=79730e53-1d30-47ae-98e8-abb55201429b</a> <br/><br/>Passphrase Evangelism - <a href="http://www.codinghorror.com/blog/archives/000360.html">http://www.codinghorror.com/blog/archives/000360.html</a> <br/><br/>Rainbow Hash Cracking - <a href="http://www.codinghorror.com/blog/archives/000949.html">http://www.codinghorror.com/blog/archives/000949.html</a> , add salt (token) to prevent it - <a href="http://blog.cfelde.com/2011/04/hashing-passwords/">http://blog.cfelde.com/2011/04/hashing-passwords/</a> <br/><br/>How to make password harder to be guessed, but I guess there should be simple way to guess "this is fun", other than take 2537 years? - <a href="http://www.baekdal.com/tips/password-security-usability">http://www.baekdal.com/tips/password-security-usability</a> <br/><br/>Discussion about if some old suggested rules about still valid or not - <a href="http://queue.acm.org/detail.cfm?id=2422416&ref=fullrss">http://queue.acm.org/detail.cfm?id=2422416&ref=fullrss</a> <br/><br/>Using quantum for password? - <a href="https://www.inside.com.tw/2017/03/01/quantum-key-distribution">https://www.inside.com.tw/2017/03/01/quantum-key-distribution</a> <br/><br/>Salted Password Hashing - Doing it Right - <a href="https://crackstation.net/hashing-security.htm">https://crackstation.net/hashing-security.htm</a> <a href="http://www.infoq.com/cn/articles/how-to-encrypt-the-user-password-correctly">http://www.infoq.com[..]w-to-encrypt-the-user-password-correctly</a> <br/><br/>It sound like outsource is better - <a href="https://blog.plan99.net/building-account-systems-f790bf5fdbe0">https://blog.plan99.net/building-account-systems-f790bf5fdbe0</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2017-07-31T05:57:56Z tools.txt 2017-07-18T16:22:53Z 2017-07-18T16:22:53Z <br/>The NSA has open-sourced dozens of security tools<br/>- <a href="https://medium.freecodecamp.org/the-nsa-has-open-sourced-dozens-of-security-tools-7af99cfe422">https://medium.freecodecamp.org[..]ced-dozens-of-security-tools-7af99cfe422</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2017-07-18T16:22:53Z fundamental.txt 2017-03-21T06:30:43Z 2017-03-21T06:30:43Z <br/>Introduction to Cryptography Basic Principles - <a href="http://www.thegeekstuff.com/2012/07/cryptography-basics/">http://www.thegeekstuff.com/2012/07/cryptography-basics/</a> <br/><br/><a href="http://www.thegeekstuff.com/2013/01/diffie-hellman-key-exchange-algorithm">http://www.thegeekstuff.com[..]01/diffie-hellman-key-exchange-algorithm</a> <br/><br/><a href="http://meri-stuff.blogspot.hk/2013/11/cryptography-theory-1-meaning-of-secure.html">http://meri-stuff.blogspot.hk[..]tography-theory-1-meaning-of-secure.html</a> <br/><br/>getting-a-list-of-available-cryptographic-algorithms - <a href="http://invariantproperties.com/2014/08/03/getting-a-list-of-available-cryptographic-algorithms/">http://invariantproperties.com[..]t-of-available-cryptographic-algorithms/</a> <br/><br/>Differential privacy - <a href="http://www.infoq.com/cn/articles/differential-privacy-intro">http://www.infoq.com/cn/articles/differential-privacy-intro</a> <a href="https://www.infoq.com/articles/differential-privacy-intro">https://www.infoq.com/articles/differential-privacy-intro</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2017-03-21T06:30:43Z firewall.txt 2012-12-23T09:30:52Z 2012-12-23T09:30:52Z <br/>Explanation about the Great Firewall - <a href="http://queue.acm.org/detail.cfm?id=2405036&ref=fullrss">http://queue.acm.org/detail.cfm?id=2405036&ref=fullrss</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2012-12-23T09:30:52Z system.txt 2012-06-30T16:07:02Z 2012-06-30T16:07:02Z <br/>Anatomy of a Stack Smashing Attach and How GCC Prevents It - <a href="http://www.drdobbs.com/article/print?articleId=240001832&siteSectionName=security">http://www.drdobbs.com[..]cleId=240001832&siteSectionName=security</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2012-06-30T16:07:02Z ssh.txt 2012-04-01T14:17:08Z 2012-04-01T14:17:08Z <br/><a href="http://www.javacodegeeks.com/2012/03/ssh-tunneling-explained.html">http://www.javacodegeeks.com/2012/03/ssh-tunneling-explained.html</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2012-04-01T14:17:08Z reference.txt 2012-03-01T14:41:18Z 2012-03-01T14:41:18Z <br/>How to make encrytion really safe - <a href="http://www.javacodegeeks.com/2012/02/introduction-to-strong-cryptography-p1.html">http://www.javacodegeeks.com[..]roduction-to-strong-cryptography-p1.html</a> <br/><br/>Review and summary of "19 Deadly Sins of Software Security" - <a href="http://www.codinghorror.com/blog/archives/000841.html">http://www.codinghorror.com/blog/archives/000841.html</a> <br/><br/>Dumb idea of security and recommend fix - <a href="http://www.ranum.com/security/computer_security/editorials/dumb/">http://www.ranum.com/security/computer_security/editorials/dumb/</a> ... interesting to read but not much real impact <br/><br/>Top 25 coding issue about security - <a href="http://www.sans.org/top25errors/">http://www.sans.org/top25errors/</a> <br/><br/><a href="http://java.sun.com/security/seccodeguide.html">http://java.sun.com/security/seccodeguide.html</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2012-03-01T14:41:18Z phpfog.txt 2011-04-05T16:25:55Z 2011-04-05T16:25:55Z <br/>The story about phpfrog.com getting hacked - <a href="http://blog.phpfog.com/2011/03/22/how-we-got-owned-by-a-few-teenagers-and-why-it-will-never-happen-again/">http://blog.phpfog.com[..]gers-and-why-it-will-never-happen-again/</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2011-04-05T16:25:55Z wifi.txt 2007-12-06T15:33:35Z 2007-12-06T15:33:35Z <br/>TJX lost customer data due to haven't update wifi code - <a href="http://www.google.com/search?hl=en&safe=off&client=safari&rls=en&q=related:www.infoworld.com/article/07/01/17/HNtjxbreach_1.html">http://www.google.com[..].com/article/07/01/17/HNtjxbreach_1.html</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2007-12-06T15:33:35Z config file.txt 2007-11-28T05:35:27Z 2007-11-28T05:35:27Z <br/>Encrypting configuration, probably a good idea - <a href="http://www.jasypt.org/encrypting-configuration.html">http://www.jasypt.org/encrypting-configuration.html</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2007-11-28T05:35:27Z credit card related.txt 2006-11-13T08:43:04Z 2006-11-13T08:43:04Z <br/>Some complaint about credit card handling - <a href="http://thedailywtf.com/forums/thread/101060.aspx">http://thedailywtf.com/forums/thread/101060.aspx</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2006-11-13T08:43:04Z losting notebook.txt 2006-06-20T06:44:56Z 2006-06-20T06:44:56Z <br/>Cases like that happen again and again and again... We really need to educate user about security: <a href="http://www.dailytech.com/article.aspx?newsid=2914">http://www.dailytech.com/article.aspx?newsid=2914</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2006-06-20T06:44:56Z HK police information leakage.txt 2006-05-07T11:57:54Z 2006-05-07T11:57:54Z <br/>Look like most Government don't handle data security well. Recently HK police information leakage case is one of great example:<br/><br/><a href="http://www.thestandard.com.hk/news_detail.asp?we_cat=4&art_id=15435&sid=7287851&con_type=1&d_str=20060330">http://www.thestandard.com.hk[..]35&sid=7287851&con_type=1&d_str=20060330</a> <br/><a href="http://www.google.com/search?client=opera&rls=en&q=HK+police+information+leakage+case&sourceid=opera&ie=utf-8&oe=utf-8">http://www.google.com[..]ge+case&sourceid=opera&ie=utf-8&oe=utf-8</a> <br/><br/>However, this is not only HK problem some other countries facing similar problem also: <a href="http://thedailywtf.com/forums/65974/ShowPost.aspx">http://thedailywtf.com/forums/65974/ShowPost.aspx</a> <a href="http://thedailywtf.com/forums/71199/ShowPost.aspx">http://thedailywtf.com/forums/71199/ShowPost.aspx</a> <br/><br/>For HK case, look like it just some idiots in Government given out real data for testing, of course the IT service provider should also check the data and keep the data secure even for test data.<br/><br/>But for later case, it is more trick, it turn out Googlebot is too clear to bypass the security trick which call GET HTTP command to delete link everyday. Remember, all client side security is not safe.<br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2006-05-07T11:57:54Z http.txt 2006-04-05T07:46:05Z 2006-04-05T07:46:05Z <br/>An article show how to test various security bug of website using HTTP header manipulation tool. However, look like using a HTTP client is more easy and scriptable?<br/><br/><a href="http://www.onlamp.com/lpt/a/6268">http://www.onlamp.com/lpt/a/6268</a> <br/><br/><script type="text/javascript"><!--google_ad_client = "pub-9426659565807829";google_ad_slot = "9359905831";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script> 2006-04-05T07:46:05Z