Tag:Loophole
-
Time:2020-10-22
Technical editor: Xu Jiufa stands on his ownSegmentFault has he reported the official account number: SegmentFault Recently, Google announced that it has found a security vulnerability in Apple‘s image I / O. Google’s Project Zero team outlined a number of details of the vulnerability after Apple said it was safe for users and that the […]
-
Time:2020-10-18
summary After sharing the evaluation of application hardening last time, many people want to see the comparative data related to vulnerability scanning. In fact, when choosing these mobile security products on the market, I often feel puzzled by all kinds of complicated data. I don’t know how to judge their performance and price, so as […]
-
Time:2020-10-15
1、 Preface With the rapid development of Android operating system, apps running on Android have sprung up. Because some app developers only pay attention to the implementation of APP business functions, they do not pay enough attention to the security problems of app, which makes app have more security risks. Some domestic security vendors provide […]
-
Time:2020-10-14
preface In the last article, after the comparison of charges, scanning time after sample testing and vulnerability items of aliju security [1], 360app vulnerability scanning [2], Tencent King Kong audit system [3], baidu mobile cloud test center [4] and apprisk scanner [5], this article will take the scanning ability of each manufacturer as the analysis […]
-
Time:2020-10-13
0X01 About WebView In Android development, WebView is often used to display web pages, start your own browser in activiry, or simply display some online content. WebView is powerful and widely used, but it is a combination of angels and demons. On the one hand, it enhances the online experience of app and makes app […]
-
Time:2020-10-11
The first part and the second part are reviewedThrough charging, scanning time after sample testing, comparison of vulnerability items and scanning ability, this paper makes a comparative analysis on aliju security [1], 360app vulnerability scanning [2], Tencent Vajra audit system [3], baidu mobile cloud test center [4] and apprisk scanner [5]. As the last article […]
-
Time:2020-10-7
The server and the crawler can automatically form a hole Preface to 0x00 In the last article, we wrote that Xray and 360 crawler form automatic burrow, but this requires us to have a look at whether we have dug a hole when we have nothing to do. It is very cumbersome, so we use […]
-
Time:2020-10-5
It is understood that the key sensitive data of the bank is stored in C: consle on the web server (10.1.1.178). I don’t want to say much nonsense. Now that we have a clear goal, we should scan nmap directly. The results show that cve-2012-0152 (Microsoft Windows Server RDP denial of service vulnerability) and cve-2012-0002 […]
-
Time:2020-9-24
Android is one of the two most widely used operating systems in the world. If it has major security vulnerabilities, it will undoubtedly pose a serious threat to more than one billion users worldwide. To dynamically analyze Android applications and see if they use passwords in an insecure way, an academic team at Columbia University […]
-
Time:2020-9-24
The k8s ecological weekly mainly contains some information that I have been exposed to and recommended on a weekly basis. Welcome to the k8s ecology column. Docker v19.03.11 release Only a week after the release of v19.03.10, docker released a new version of v19.03.11. This version is a security repair version, which prevents address spoofing […]
-
Time:2020-9-17
A few days ago, Tencent Yujian Threat Intelligence Center reported an invasion case of h2miner gangs using saltstack vulnerability to control server mining. It is reported that Tencent Security Threat Intelligence Center detected on May 3, 2020 that h2miner Trojan horse used saltstack remote command execution vulnerability (cve-2020-11651, cve-2020-11652) to invade enterprise hosts for mining. […]
-
Time:2020-9-15
Technical editor: Xu Jiuyi from the editorial department Recently, Apple released the official version of IOS / ipados 13.5, adding face ID, mask detection, close contact tracking and other functions related to the new crown epidemic. In addition, it also fixed some previous system bugs. However, it seems that there are still many security problems […]
