- 資訊安全:
1.WordPress Captain Slider 1.0.6 Cross Site Scripting by Arash Khazaei
Intrduction :
Wordpress Captain Slider Plugin Have 3000+ Active Install And Suffer From A Stored XSS Vulnerability In Title And Caption Section.
Exploit :
To Exploit This Vulnerability Go To Manage Silder Section And Add Slider In Title And Caption add Your Js Code .After Adding New Slider Go To Sorter Section Then You Can See Js Codes Executed .
Vulnerable Code :
-->
<th class="column-order"><?php _e('Order', 'ctslider'); ?></th>
<th class="column-thumbnail"><?php _e('Slide Image', 'ctslider');
?></th>
<th class="column-title"><?php _e('Title', 'ctslider'); ?></th>
2.Point-of-Sale Payment Security by Pierluigi Paganini
How Point-of-sale (POS) Works:
(1)Customer swipes a card at the merchant
(2)The Merchant’s POS sends the transaction through to the processor
(3)The Processor encrypts the payment and sends it from the POS device to the payment processing network (Visa, MasterCard, Discover, etc.)
(4)The payment processing network verifies that funds are available from the card issuing bank
(5)The card issuing bank then releases the funds back to the processor
(6)At the end of the day or a sales cycle, the merchant runs a batch with the processor
(7)The processor then authorizes the release of the funds to the merchant’s bank
(8)Later the customer receives a statement from the card issuing bank noting that funds were removed from a debit account, or that payment is due for credit card purchase
The PCI council provides a standard for companies providing payment services at any phase of a transaction:
(1)Install and maintain a firewall configuration to protect cardholder data
(2)Do not use vendor-supplied defaults for system passwords and other security parameters
(3)Protect stored cardholder data
(4)Encrypt transmission of cardholder data across open, public networks
(5)Use and regularly update anti-virus software or programs
(6)Develop and maintain secure systems and applications
(7)Restrict access to cardholder data by business need-to-know
(8)Assign a unique ID to each person with computer access
(9)Restrict physical access to cardholder data
(10)Track and monitor all access to network resources and cardholder data
(11)Regularly test security systems and processes
(12)Maintain a policy that addresses information security for employees and contractors
3.Hacking ipcam like Harold in POI by redrain有节操
(1)找到目标摄像头并确定其版本,型号,对固件进行下载分析
(2)利用之前该版本爆出过的漏洞或者自己对固件分析后得到的漏洞获取会话
(3)确定用于视频流传输的协议
(4)找到处理视频流的CGI
(5)分析脚本文件,找到脚本中的功能函数
(6)有些摄像头固件是没有动态脚本的,功能处理都写在server的bin中,所以还要分析server的bin文件
Intrduction :
Wordpress Captain Slider Plugin Have 3000+ Active Install And Suffer From A Stored XSS Vulnerability In Title And Caption Section.
Exploit :
To Exploit This Vulnerability Go To Manage Silder Section And Add Slider In Title And Caption add Your Js Code .After Adding New Slider Go To Sorter Section Then You Can See Js Codes Executed .
Vulnerable Code :
-->
<th class="column-order"><?php _e('Order', 'ctslider'); ?></th>
<th class="column-thumbnail"><?php _e('Slide Image', 'ctslider');
?></th>
<th class="column-title"><?php _e('Title', 'ctslider'); ?></th>
2.Point-of-Sale Payment Security by Pierluigi Paganini
How Point-of-sale (POS) Works:
(1)Customer swipes a card at the merchant
(2)The Merchant’s POS sends the transaction through to the processor
(3)The Processor encrypts the payment and sends it from the POS device to the payment processing network (Visa, MasterCard, Discover, etc.)
(4)The payment processing network verifies that funds are available from the card issuing bank
(5)The card issuing bank then releases the funds back to the processor
(6)At the end of the day or a sales cycle, the merchant runs a batch with the processor
(7)The processor then authorizes the release of the funds to the merchant’s bank
(8)Later the customer receives a statement from the card issuing bank noting that funds were removed from a debit account, or that payment is due for credit card purchase
The PCI council provides a standard for companies providing payment services at any phase of a transaction:
(1)Install and maintain a firewall configuration to protect cardholder data
(2)Do not use vendor-supplied defaults for system passwords and other security parameters
(3)Protect stored cardholder data
(4)Encrypt transmission of cardholder data across open, public networks
(5)Use and regularly update anti-virus software or programs
(6)Develop and maintain secure systems and applications
(7)Restrict access to cardholder data by business need-to-know
(8)Assign a unique ID to each person with computer access
(9)Restrict physical access to cardholder data
(10)Track and monitor all access to network resources and cardholder data
(11)Regularly test security systems and processes
(12)Maintain a policy that addresses information security for employees and contractors
3.Hacking ipcam like Harold in POI by redrain有节操
(1)找到目标摄像头并确定其版本,型号,对固件进行下载分析
(2)利用之前该版本爆出过的漏洞或者自己对固件分析后得到的漏洞获取会话
(3)确定用于视频流传输的协议
(4)找到处理视频流的CGI
(5)分析脚本文件,找到脚本中的功能函数
(6)有些摄像头固件是没有动态脚本的,功能处理都写在server的bin中,所以还要分析server的bin文件
- 自我成長:
1.成為公司的「資產」而不是「成本」,你該學會的6件事! by 知識家編輯部
(1)保持身心健康、充滿熱情
(2)保持好的習慣與例行公事
(3)學會發問與接受別人的建議
(4)成為自發者
(5)學會分辨重要的事跟緊急的事
(6)跟優秀的人共事
2.如果可以重回過去,妳會想改變什麼? by 丁菱娟
犯過的錯都得付出一些代價,那就一定要學到教訓,學費才不會白交。在每一次的錯誤與挫折之後,我就試著調整心態,調整步伐,慢慢的朝自己原來想往的方向,因此成為今日的我。
所以在每一個關鍵的時刻,無論做什麼選擇,就好好的愛那個選擇,義無反顧的走一段試試看,不對了,再想辦法修正,直到它對為止。
嘗試著用「接受」的心態看待發生的任何事,也許就有機會改變。所以有大師說,「讓我們吃苦的,都不是事情的本身,而是我們對事情的看法」。
3.別想工作與生活的平衡點 by 丁菱娟
成功的人都是樂在工作,樂在生活的。他們總是該加班的時候加班,該休息的時候盡情玩樂。成功的人不會去考慮平衡點,他們知道平衡點不是永恆的,也不會永遠在那裏。
也許今天平衡了,明天又突然覺得不平衡了,它是動態的,隨著你的心情而變。就像翹翹板,你要隨時在兩邊隨機的踩著才能維持平衡,右邊多一點了,就踩一下左邊,左邊多一點了,就多踩一下右邊,要隨時調整,絕不是找到中間一個平衡點就天下太平。
當工作很辛苦時,你不會委屈,你有自己可以快樂的能力,自然也會感染他人,快樂會加倍。當工作多一點,翹翹板踩一下另一邊,多寵愛自己一點,當自己能量回來了,又可以投入享受工作,形成正面循環。
身體的疲憊休息一兩天就回來了,精神上的疲憊與無奈才是生活的殺手。把平衡的想法放一邊,投入,享受手上所擁有的,才是平衡的第一步。
(1)保持身心健康、充滿熱情
(2)保持好的習慣與例行公事
(3)學會發問與接受別人的建議
(4)成為自發者
(5)學會分辨重要的事跟緊急的事
(6)跟優秀的人共事
2.如果可以重回過去,妳會想改變什麼? by 丁菱娟
犯過的錯都得付出一些代價,那就一定要學到教訓,學費才不會白交。在每一次的錯誤與挫折之後,我就試著調整心態,調整步伐,慢慢的朝自己原來想往的方向,因此成為今日的我。
所以在每一個關鍵的時刻,無論做什麼選擇,就好好的愛那個選擇,義無反顧的走一段試試看,不對了,再想辦法修正,直到它對為止。
嘗試著用「接受」的心態看待發生的任何事,也許就有機會改變。所以有大師說,「讓我們吃苦的,都不是事情的本身,而是我們對事情的看法」。
3.別想工作與生活的平衡點 by 丁菱娟
成功的人都是樂在工作,樂在生活的。他們總是該加班的時候加班,該休息的時候盡情玩樂。成功的人不會去考慮平衡點,他們知道平衡點不是永恆的,也不會永遠在那裏。
也許今天平衡了,明天又突然覺得不平衡了,它是動態的,隨著你的心情而變。就像翹翹板,你要隨時在兩邊隨機的踩著才能維持平衡,右邊多一點了,就踩一下左邊,左邊多一點了,就多踩一下右邊,要隨時調整,絕不是找到中間一個平衡點就天下太平。
當工作很辛苦時,你不會委屈,你有自己可以快樂的能力,自然也會感染他人,快樂會加倍。當工作多一點,翹翹板踩一下另一邊,多寵愛自己一點,當自己能量回來了,又可以投入享受工作,形成正面循環。
身體的疲憊休息一兩天就回來了,精神上的疲憊與無奈才是生活的殺手。把平衡的想法放一邊,投入,享受手上所擁有的,才是平衡的第一步。
如欲閱讀更多文章摘要,請見 每日晨摘
沒有留言:
張貼留言