长期以来,亚洲地区的很多政府一直不放弃审查互联网,难以割舍在没有边界的虚拟空间展示权力,控制信息的流动。
马来西亚作出了表率,首相纳吉布·拉扎克(Najib Razak)在8月15日表示,在没有边界互相连接的当今世界,审查报纸和杂志正日益过时、无效和不正当,马来西亚除了不审查互联网外,还将重新审视传统媒体的审查法律。
在这之前,《经济学人》因为报导了一个呼吁改革选举的民间组织组织的示威游行而遭到审查,相关内容被用墨水抹黑,但经济学人的网站并没有因此遭到审查。纳吉布指出,审查行动本身比文章造成了更多的混乱,更造成公关灾难。他表示,对于诽谤性的报导马来西亚将通过合法性的手段处理。然而在包括中国在内的亚洲其它国家,政府仍然采用粗暴的审查方法处理他们不喜欢的内容。
籍贯贵州的北京大学09届计算机学院本科毕业生王某因在京城无亲无故,工作一直没有落实,于是回到家乡遵义,向朋友借钱买了一台二手电脑,利用自己所学技术办了一个少儿教育培训网站,受到附近乡邻的赞扬和支持,正在初步产生效益时,网站却被贵州省通信管理局责令其服务器所在机房关停——理由是“没有通过备案”。
小王连续提交三次备案都没有获得通过,而每次备案结果的审批时间却是工业和信息化部规定的漫长20天。在两个月审批未果的情况之下,小王进行了电话质询,得到的竟然是培训类网站需持当地教育部门相关证明才能办理备案手续,否则需出资1000元“特别审批费”。而当地教育部门更是变相索取“好处费”。
绝望之下的王某终于失去了理智,独自一人持水果刀来到贵州省通信管理局,将负责网站备案审批的机关处级干部刘某当场刺死。王某投案自首之后冷冷说了一句话是“我并不后悔。是他们不让我依靠自力生存。”
中国的ipv6申请数量又一次突破,/32块数达到5552个,本月激增4096块,本月申请量是以前所有申请量的3.8倍!总量暂列世界第八位。暂时还不知是哪家运营商的大手笔。随着IPv4的耗尽,中国在IPv6领域开始觉醒了。加油!
IPv6 Resource Allocations
http://bgp.potaroo.net/iso3166/v6cc.html
误解七:HTTPS无法缓存
许多人以为,出于安全考虑,浏览器不会在本地保存HTTPS缓存。实际上,只要在HTTP头中使用特定命令,HTTPS是可以缓存的。
微软的IE项目经理Eric Lawrence写道:
“说来也许令人震惊,只要HTTP头允许这样做,所有版本的IE都缓存HTTPS内容。比如,如果头命令是Cache-Control: max-age=600,那么这个网页就将被IE缓存10分钟。IE的缓存策略,与是否使用HTTPS协议无关。(其他浏览器在这方面的行为不一致,取决 于你使用的版本,所以这里不加以讨论。)”
Firefox默认只在内存中缓存HTTPS。但是,只要头命令中有Cache-Control: Public,缓存就会被写到硬盘上。下面的图片显示,Firefox的硬盘缓存中有HTTPS内容,头命令正是Cache-Control:Public。 Continue reading »
DoNews 专访 “我经常在飞机上一觉醒来,搞不清自己是正在从北京飞往旧金山,还是从旧金山飞回北京。”
穿着白色棉布衬衫,捧着一台MacBook Air,留着一个娃娃发型的女孩儿坐在我面前,一时还真难以把她和她自己描述的那个恨不得一个月要在中美两国之间来回飞十次的空中飞人形象结合到一起。
(木瓜移动创始人沈思)
“你有想过这样的情景吗?正当你一切顺利的时候,在某一个瞬间,毫无征兆的突然一切都变了,一切都没有了。你写了一晚上的Email,然后打了一白 天的国际电话,然后从北京飞到美国,跑到一个人的楼下等了他7个小时,只为见他一面…… ”当讲到这一段往事的时候,沈思一下子变得非常兴奋,看得出来她对那个时候的每一个细节似乎都记忆犹新。和很多人一样,我一时间也以为这会是一段感人肺腑 的爱情故事,然而,事实上这是沈思在她的生活历程中遇到的第一次,也是唯一的一次重大麻烦,带给她这个麻烦的,正是她一直崇拜着的美国苹果公司教父:史蒂 夫·乔布斯。 Continue reading »
SSL协议由美国 NetScape公司开发的,V1.0版本从没有公开发表过;V2.0版本于1995年2月发布。但是,由于V2.0版本有许多安全漏洞,所以,1996年紧接着就发布了V3.0版本。
SSL协议 V2.0 主要安全漏洞:
(1) 同一加密密钥用于消息身份验证和加密。
(2) 弱消息认证代码结构和只支持不安全的MD5哈希函数。
(3) SSL握手过程没有采取任何防护,这意味着非常容易遭遇中间人攻击。
(4) 使用TCP连接关闭,以指示数据的末尾(没有明确的会话关闭通知)。这意味着截断攻击是可能的:攻击者只需伪造一个TCP FIN,使得接受方无法识别数据结束消息的合法性。
(5) 仅能提供单一服务和绑定一个固定域名,这与Web服务器中的虚拟主机标准功能有冲突,这意味着,许多网站都无法使用SSL。
因为SSL v2.0协议存在许多安全漏洞问题,容易遭遇中间人攻击和容易被破解。但是,由于许多系统和Web服务器都还支持SSL v2.0协议,所以为了增强用户浏览网页的安全,目前所有主流新版浏览器都已经不支持不安全的SSL v2.0协议。 Continue reading »
你的SSL 服务器是否存在着错误的配置和已知的漏洞?这些不安全的因素会给企业网络带来极大的安全风险。遵循下面这些技巧可以使你避免一些常见的SSL安全错误,让你远离风险。
1、禁用对SSLv2的支持。该版本的SSL协议在15多年前就被证明是不安全的,但如今有许多Web服务器仍在使用它。
禁用此协议用了不多少时间。例如,在Apache v2中,你需要对默认为配置进行改变:
将:SSLProtocol all
变为:SSLProtocol all -SSLv2
2、禁用对弱加密的支持。几乎所有的Web服务器都支持强加密算法(128位)或极强的加密算法(256位),但许多服务器还在支持弱加密,黑客们会利用这个漏洞来损害企业网络安全。我们没有理由支持弱加密,只需用很短的时间来配置服务器就可以禁用弱加密: Continue reading »
下边的表格对比的很详细,简单一句就是,openvpn是个人用户最好的选择.
 |
 |
 |
|
|---|---|---|---|
| Background | A very basic VPN protocol based on PPP. PPTP was the first VPN protocol supported on the Microsoft Windows platform. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. | An advanced protocol formally standardized in IETF RFC 3193 and now the recommended replacement for PPTP where secure data encryption is required. | OpenVPN is an advanced open source VPN solution backed by the company ‘OpenVPN technologies’ and which is now the de-facto standard in the open source networking space. It uses uses the mature SSL/TLS encryption protocols. |
| Data Encryption | The PPP payload is encrypted using Microsoft’s Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys. | The L2TP payload is encrypted using the standardized IPSec protocol. RFC 4835 specifies either the 3DES or AES encryption algorithm for confidentiality. iVPN uses the AES algorithm with 256 bit keys. (AES256 is the first publicly accessible and open cipher approved by the NSA for top secret information) | OpenVPN uses the OpenSSL library to provide encryption.OpenSSL supports a number of different cryptographic algorithms such as 3DES, AES, RC5, Blowfish. As with IPSec, iVPN.net implements the extremely secure AES algorithm with 256 bit keys. |
| Setup / Configuration | All versions of Windows and most other operating systems including mobile platforms have built in support for PPTP. PPTP only requires a username, password and server address making it incredibly simple to setup and configure. | All versions of Windows since 2000/XP and Mac OSX 10.3+ have built in support for L2TP/IPSec. Most modern mobile platforms such and iPhone and Android include built in clients. | OpenVPN is not included in any operating system release and requires the installation of client software. The software installers are very user friendly and installation typically takes less than 5 minutes. |
| Speed | With 128 bit keys, the encryption overhead is less compared to OpenVPN which may make the VPN feel slightly faster than with 256 bit keys although the difference is negligable. | L2TP/IPSEC encapsulates data twice making it less efficient and slightly slower than its rivals. | When used in its default UDP mode, OpenVPN provides the best performance. |
| Ports | PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol. | L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports. | OpenVPN can be easily configured to run on any port using either UDP or TCP. To easily bypass restrictive firewalls, OpenVPN can be configured to use TCP on port 443 which is indistinguihasble from standard HTTP over SSL making it extremely difficult to block. |
| Stability / Compatibility | PPTP is not as realiable, nor does it recover as quickly as OpenVPN over unstable network connections. Minor compatibility issues with the GRE protocol and some routers. | L2TP/IPSec is more complex than OpenVPN and can be more difficult to configure to work reliably between devices behind NAT routers. However as long as both the server and client support NAT traversal, there should be few issues. In practice L2TP/IPSec has shown itself it be as reliable and stable as OpenVPN for iVPN.net customers. | Very stable and fast over wireless, cellular and other non reliable networks where packet loss and congestion is common. OpenVPN has a TCP mode for highly unreliable connections but this mode sacrifices some speed due to the ineffeciency of encapsulating TCP within TCP. |
| Security weaknesses | The Microsoft implementation of PPTP has serious security vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly recommends upgrading to IPSec where confidentiality is a concern. | IPSec has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES. | OpenVPN has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES. |
| Client compatibility |
|
|
|
| Conclusion | Due to the major security flaws, there is no good reason to choose PPTP other than device compatibility. If you have a device on which neither L2TP/IPsec or OpenVPN is supported then it may be a reasonable choice. If quick setup and easy configuration are a concern then L2TP/IPsec should be considered. | L2TP/IPSec is an excellent choice but falls slightly short of OpenVPN’s high performance and excellent stability. If you are using a mobile device running iOS (iPhone) or Android then it is the best choice as OpenVPN does not currently support these platforms. Additionally if a quick setup is required, L2TP/IPSec may be a better option although this should not be an important consideration. | OpenVPN is the best choice for all users of Windows, Mac OSX and Linux desktops. It is extremely fast, secure and reliable. Additionally, the iVPN.net multihop network is only available when connecting via OpenVPN. The only downside is its current lack of support for mobile devices and the requirement to install a 3rd party client. |
| Rating |  |
 |
 |