Hacking Team can monitor iOS users without jailbreaking
HackingTeam, a monitoring software development company based in Italy, was hacked recently, and 415GB files were leaked. The data leaked by HackingTeam involves at least several remote code execution and entitlement vulnerability targeting Android4.4 or below.
Secure code audit -PHP
Preface: This article: the CMS version is 4.2. The following vulnerabilities are included in CNVD. Environment note: PHP version should use 7.0.9. SSRF: According to the function point directed audit, in the background toolbar has a collection function, according to experience this kind of
Pouch Is officially open source for Alibaba's own container technology
Abstract: After the restart of the maintenance of Dubbo, Ali technology in the open source dynamic, at the China Open Source annual meeting, Alibaba formally opened its own Pouch container technology. At the China Open Source Annual Conference, Alibaba officially opened the Pouch container technology based on the Apache 2.0 protocol. Pouch is a lightweight container technology that is fast, efficient, and portable...
How to do blockchain project testing?
Blockchain technology is hot recently, most articles are popularizing the concept of blockchain. Blockchain is likely to be the underlying technology for connected applications in the next decade, in projects across a wide range of industries. For example: commodity traceability, traditional traceability system uses centralized data storage data, in fact, such data for the holder, how to modify, how to modify, then how much credibility of its data? There's even been a silver...
Is your Open_basedir secure?
Open_basedir can restrict user access to a file to a specified area, usually the path to its directory, or the current directory can be represented by the "." symbol. Second, the Bypas
"Green" does not mean security, a Trojan horse analysis hidden in green software
0x00 Background "green software" usually refers to those small software that can be used without installation. These small software can be used directly after running, and will not leave any keys and files in the registry, system directory, etc., and can even be directly placed in the USB disk, CD-ROM and other mobile media at any time
BabaSSL: supports semi-homomorphic encryption algorithm EC-Elgamal
With the rapid development of big data and artificial intelligence, privacy data leakage and abuse happen from time to time, and privacy security has been paid more and more attention. The country will implement the Password Law in 2020 and the Personal Information Protection Law in 2021, with higher requirements for personal privacy data and data security encryption.
Ali Android development specification: resource file naming and use specification
The pursuit of excellence craftsman spirit, polishing quality code. Full understanding, guided by technical awareness, is the direction of individual learning, team communication and project cooperation. 1. [Recommended] Resource files must be prefixed with modules. 2, 【 recommended 】 Layout file naming method. 3, 【 recommended 】 Drawable resource names are lowercase words and underscores (_).
Android Security Internals chapter 2 Permission Translation
As we said in the previous chapter, Android applications run in a sandbox and by default only have access to their own files and a very limited set of system services. To interact with the system and other applications, Android applications can request a set of additional permissions granted at installation and cannot change them (with some exceptions, which are discussed below). On Android, permissions...
Digital certificate and its application in security testing
0x00 Background When performing security tests at the Web level, it is unavoidable to perform man-in-the-middle agent to intercept packets for analysis. Common tools include BurpSuit, Fiddler, Charles, etc. The use of these tools is well documented on the web, so I won't go into details here. However, in test one