|
Cloudbleed
Cloudbleed was a Cloudflare buffer overflow disclosed by Project Zero on February 17, 2017. Cloudflare's code disclosed the contents of memory that contained the private information of other customers, such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. As a result, data from Cloudflare customers was leaked to all other Cloudflare customers that had access to server memory. This occurred, according to numbers provided by Cloudflare at the time, more than 18,000,000 times before the problem was corrected. Some of the leaked data was cached by search engines. Discovery The discovery was reported by Google's Project Zero team. Tavis Ormandy posted the issue on his team's issue tracker and said that he informed Cloudflare of the problem on February 17. In his own proof-of-concept attack he got a Cloudflare server to return "private messages from major dating sites, full messages from a well-known chat service, online password manager data, frame ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications. In technical writing you often you will see references to (D)TLS when it applies to both versions. TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Project Zero (Google)
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. History After finding a number of flaws in software used by many end-users while researching other problems, such as the critical "Heartbleed" vulnerability, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. The new project was announced on 15 July 2014 on Google's security blog. When it launched, one of the principal innovations that Project Zero provided was a strict 90-day disclosure deadline along with a publicly visible bugtracker where the vulnerability disclosure process is documented. While the idea for Project Zero can be traced back to 2010, its establishment fits into the larger trend of Google's counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden. The team was formerly headed ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Tavis Ormandy
Tavis Ormandy is an English computer security white hat hacker. He is currently employed by Google as part of their Project Zero team. Notable discoveries Ormandy is credited with discovering severe vulnerabilities in LibTIFF, Sophos' antivirus software and Microsoft Windows. With Natalie Silvanovich he discovered a severe vulnerability in FireEye products in 2015. His findings with Sophos' products led him to write a 30-page paper entitled "Sophail: Applied attacks against Sophos Antivirus" in 2012, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time" and that its products shouldn't be used on high-value systems. He also created an exploit in 2014 to demonstrate how a vulnerability in glibc known since 2005 could be used to gain root access on an affected machine running a 32-bit version of Fedora. In 2016, he demonstrated multiple vulnerabilities i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cloudflare
Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San Francisco, California. According to '' The Hill'', it is used by more than 20 percent of the entire Internet for its web security services. History Cloudflare was founded in July 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn. Prince and Holloway had previously collaborated on Project Honey Pot, a product of Unspam Technologies that served as some inspiration for the basis of Cloudflare. From 2009, the company was venture-capital funded. On August 15, 2019, Cloudflare submitted its S-1 filing for IPO on the New York Stock Exchange under the stock ticker NET. It opened for public trading on September 13, 2019 at $15 per share. In 2020, Cloudflare co-founder and COO Michelle Zatlyn was named president, making her one of the few ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Project Zero
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. History After finding a number of flaws in software used by many end-users while researching other problems, such as the critical "Heartbleed" vulnerability, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. The new project was announced on 15 July 2014 on Google's security blog. When it launched, one of the principal innovations that Project Zero provided was a strict 90-day disclosure deadline along with a publicly visible bugtracker where the vulnerability disclosure process is documented. While the idea for Project Zero can be traced back to 2010, its establishment fits into the larger trend of Google's counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden. The team was formerly heade ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
HTTP Cookies
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session. Cookies serve useful and sometimes essential functions on the web. They enable web servers to store stateful information (such as items added in the shopping cart in an online store) on the user's device or to track the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to save for subsequent use information that the user previously entered into form fields, such as names, addresses, passwords, and payment card numbers. Authentication cookies are commonly used by web servers to authenticate t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Nginx
Nginx (pronounced "engine x" ) is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license. A large fraction of web servers use Nginx, often as a load balancer. A company of the same name was founded in 2011 to provide support and ''Nginx Plus'' paid software. In March 2019, the company was acquired by F5, Inc. for $670 million. Popularity W3Tech's web server count of all web sites ranked Nginx first with 33.6%. Apache was second at 31.4% and Cloudflare Server third at 21.6%. , Netcraft estimated that Nginx served 22.01% of the million busiest websites with Apache a little ahead at 23.04%. Cloudflare at 19.53% and Microsoft Internet Information Services at 5.78% rounded out the top four servers for the busiest websites. Some of Netcraft's other statistics show Ngi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
2017 In Computing
Seventeen or 17 may refer to: *17 (number), the natural number following 16 and preceding 18 * one of the years 17 BC, AD 17, 1917, 2017 Literature Magazines * ''Seventeen'' (American magazine), an American magazine * ''Seventeen'' (Japanese magazine), a Japanese magazine Novels * ''Seventeen'' (Tarkington novel), a 1916 novel by Booth Tarkington *''Seventeen'' (''Sebuntiin''), a 1961 novel by Kenzaburō Ōe * ''Seventeen'' (Serafin novel), a 2004 novel by Shan Serafin Stage and screen Film * ''Seventeen'' (1916 film), an American silent comedy film *''Number Seventeen'', a 1932 film directed by Alfred Hitchcock * ''Seventeen'' (1940 film), an American comedy film *''Eric Soya's '17''' (Danish: ''Sytten''), a 1965 Danish comedy film * ''Seventeen'' (1985 film), a documentary film * ''17 Again'' (film), a 2009 film whose working title was ''17'' * ''Seventeen'' (2019 film), a Spanish drama film Television * ''Seventeen'' (TV drama), a 1994 UK dramatic short starring Christien ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Bugs
A software bug is an error, flaw or fault (technology), fault in the design, development, or operation of computer software that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The process of finding and correcting bugs is termed "debugging" and often uses formal techniques or tools to pinpoint bugs. Since the 1950s, some computer systems have been designed to deter, detect or auto-correct various computer bugs during operations. Bugs in software can arise from mistakes and errors made in interpreting and extracting users' requirements, planning a program's software architecture, design, writing its source code, and from interaction with humans, hardware and programs, such as operating systems or Library (computing), libraries. A program with many, or serious, bugs is often described as ''buggy''. Bugs can trigger errors that may have ripple effects. The effects of bugs may be subtle, such as unintended text formatting, through to more o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Security
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms. Many methods are used to combat these threats, including encryption and ground-up engineering. Threats Malicious software Malicious software comes in many forms, such as viruses, Trojan horses, spyware, and worms. * Malware, a portmanteau of malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include softw ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Arbor Networks
Arbor Networks is a software company founded in 2000"Arbor Networks, Inc." ''BusinessWeek''. Retrieved June 26, 2010. and based in Burlington, Massachusetts, United States, which sells and software, used – according to the company's claims – by over 90% of all |
Multi-factor Authentication
Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password. A ''third-party authenticator'' (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication. Factors Authentication takes place when someone tries to log into a computer resource (such as a network, device, or application). The resource requires the u ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
