中国站长站
对于京东,已经无需我再多做介绍,稍微有网购经验的网民都知道它是目前国内B2C领域的巨头企业。我们诧异于京东的低价格,诧异于它的品类齐全,诧异于它投资巨大的自建物流及客服体系。在3月27日的深圳电子商务大讲堂开启大会上,京东掌门人刘强东的一句“B2C不打价格战是不行的,但光打价格战是绝对不行的”引得台下阵阵掌声,这掌声折射出广大B2C商家在电子商务价格苦战中无法脱身的苦恼,却在茫然中没有摸索出明晰的利润方向。
B2C商家都卖商品不可能不用价格做营销工具,至于怎样才能不光打价格战,刘强东是不可能在大众面前直言的。但是笔者狼里格朗对京东的盈利模式倒有一番个人解读,供大家玩味推敲。 Continue reading »
Report of incident on 15-MAR-2011
An RA suffered an attack that resulted in a breach of one user account of that specific RA.
This RA account was then used fraudulently to issue 9 certificates (across 7 different domains).
All of these certificates were revoked immediately on discovery.
Monitoring of OCSP responder traffic has not detected any attempted use of these certificates after their revocation.
Fraudulently issued certificates
9 certificates were issued as follows:
Domain: mail.google.com [NOT seen live on the internet]
Serial: 047ECBE9FCA55F7BD09EAE36E10CAE1E
Domain: www.google.com [NOT seen live on the internet]
Serial: 00F5C86AF36162F13A64F54F6DC9587C06
Domain: login.yahoo.com [Seen live on the internet]
Serial: 00D7558FDAF5F1105BB213282B707729A3
Domain: login.yahoo.com [NOT seen live on the internet]
Serial: 392A434F0E07DF1F8AA305DE34E0C229
Domain: login.yahoo.com [NOT seen live on the internet]
Serial: 3E75CED46B693021218830AE86A82A71
Domain: login.skype.com [NOT seen live on the internet]
Serial: 00E9028B9578E415DC1A710A2B88154447
Domain: addons.mozilla.org [NOT seen live on the internet]
Serial: 009239D5348F40D1695A745470E1F23F43
Domain: login.live.com [NOT seen live on the internet]
Serial: 00B0B7133ED096F9B56FAE91C874BD3AC0
Domain: global trustee [NOT seen live on the internet]
Serial: 00D8F35F4EB7872B2DAB0692E315382FB0
What didn’t Happen
Our CA infrastructure was not compromised.
Our keys in our HSMs were not compromised.
No other RA was compromised. No other RA user accounts were compromised.
What Happened
One user account in one RA was compromised.
The attacker created himself a new userID (with a new username and password) on the compromised user account. Continue reading »
内容很长,大家慢慢看.
Detecting Certificate Authority compromises and web browser collusion
Posted March 22nd, 2011 by ioerror
Thanks to Ian Gallagher, Seth Schoen, Jesse Burns, Chris Palmer, and other anonymous birds for their invaluable feedback on this writeup.
The Tor Project has long understood that the certification authority (CA) model of trust on the internet is susceptible to various methods of compromise. Without strong anonymity, the ability to perform targeted attacks with the blessing of a CA key is serious. In the past, I’ve worked on attacks relating to SSL/TLS trust models and for quite some time, I’ve hunted for evidence of non-academic CA compromise in the wild.
I’ve also looked for special kinds of cooperation between CAs and browsers. Proof of collusion will give us facts. It will also give us a real understanding of the faith placed in the strength of the underlying systems.
Does certificate revocation really work? No, it does not. How much faith does a vendor actually put into revocation, when verifiable evidence of malice is detected or known? Not much, and that’s the subject of this writing.
Last week, a smoking gun came into sight: A Certification Authority appeared to be compromised in some capacity, and the attacker issued themselves valid HTTPS certificates for high-value web sites. With these certificates, the attacker could impersonate the identities of the victim web sites or other related systems, probably undetectably for the majority of users on the internet.
I watch the Chromium and Mozilla Firefox projects carefully, because they are so important to the internet infrastructure. On the evening of 16 March, I noticed a very interesting code change to Chromium: revision 78478, Thu Mar 17 00:48:21 2011 UTC.
In this revision, the developers added X509Certificate::IsBlacklisted, which returns true if a HTTPS certificate has one of these particular serial numbers:
d8f35f4eb7872b2dab0692e315382fb0
b0b7133ed096f9b56fae91c874bd3ac0
9239d5348f40d1695a745470e1f23f43
d7558fdaf5f1105bb213282b707729a3
f5c86af36162f13a64f54f6dc9587c06
A comment marks the first as “Not a real certificate. For testing only.” but we don’t know if this means the other certificates are or are not also for testing. Continue reading »
2011-03-24 互联网周刊 作者:启言 孙晓红
对大部分互联网用户来说,IDC(互联网数据中心)可能只是一个艰深晦涩的概念。但是放在整个互联网经济的框架之中,IDC就成为一个必不可少的存在。
IDC是互联网的基础资源,它能够提供高端的数据传输服务和高速接入服务,是应ICP(互联网内容提供商)的需求而产生的。互联网经济越是发达,互联网上的内容和应用资源就越多,相应的对IDC的需求就越大。可以说,IDC是互联网发展的晴雨表。
经过多年的发展,目前IDC的功能已经从基础业务如主机托管、带宽出租、服务器出租等拓展到网络安全服务、代维服务和数据存储等增值业务。随着中国信息化战略的不断推进,以及物联网、云计算等概念的出现,将来IDC的发展还有很大的空间。
但是IDC究竟能走多远,很大程度上不在于它本身有多大的潜力,而在于它是否有发挥这些潜力的机会。中国的IDC产业发展一直面临体制困境。
本文内容详细,建立家用nas服务器,值得一读,核对了一下原文件,补充了几个遗漏的内容。
仅做了翻译,没有做安装的验证,尽量做到没有技术错误,希望有感兴趣的fans能做个测试,分享一下经验。
HOWTO : Home made NAS server with Ubuntu 8.04.1
[HOWTO] 用Ubuntu 8.04.1搭建NAS服务器
There are many NAS for home users in the market, such as Synology, Qnap, LinkStation and etc. They are not in good performance and not cheap in price. However, they are good in less power consumption. It is because I owned not only one brand of such products at home now.
现在市场上有很多家用NAS产品,例如:Synology, Qnap, LinkStation等。它们性能并不好,而且价格不便宜。不过,在低能耗方面做得较好,因此,我家里有不止1个品牌的这类产品。
Recently, I bought a VIA PC-1 PC2500E motherboard, which has VIA C7-D 1.5GHz CPU on board. It is cheap in price and use less power too. The maximum amount of RAM is 2 GB.
最近,我买了1块VIA PC-1 PC2500E主板,板上带有VIA C7-D 1.5GHz CPU。价格便宜,也节能。最大可装2G内存。
Testing it with Ubuntu 8.04.1 Desktop version for a while, I am very satisfied with the performance of the CPU, although it is not quite fast indeed. I decided to build a home made NAS server with remote BitTorrent function.
用Ubuntu 8.04.1 Desktop测试一段时间,虽然不是足够快,我还是对CPU的性能相当满意。我决定在家组装NAS服务器,并带有远程BT功能。
Hardware
Motherboard – VIA PC-1 PC2500E with VIA C7-D 1.5GHz CPU
RAM – 2 X 1GB DDR2 667MHz (maximum)
Hard drive – 300GB Seagate SATA (The motherboard treats it as ATA drive)
Router – Planet WRT-401E (wired) (optional)
Software
Operating system – Ubuntu 8.04.1 Server Edition
File server – Samba
FTP server – vsFTPd
Remote access – OpenSSH
Web Server – Apache, PHP and MySQL
Remote BitTorrent – TorrentFlux (front-end) and BitTornado (back-end)
Security software – Fail2Ban Continue reading »
【搜狐IT消息】北京时间3月18日消息,科技博客TechCrunch创始人Michael Arrington今天发表博文称,Digg创始人Kevin Rose自己都不再使用自家的服务了。
曾经风光一时的Digg如今情况不太令人乐观。自从去年8月份改版后重新推出已经过了几个月了。据互联网流量监测公司Comscore的数据显示,重新推出当月Digg有1800万来自全世界的独立访问用户,今年一月份这一数字下降到不足1200万,五个月的时间内剧减33%。
Digg官方放出的消息一直声称一切情况良好,公司会找到成功的方式。但所有人都觉得这已经不太可能了,尤其是创始人Kevin Rose似乎也这样认为。
据观察,Kevin已经几乎不再使用这项服务。去年12月份,他连续22天没有提交、评论或甚至挖掘(Digg)任何新闻。
过去30天内,他只在Digg上活动过7次,每4天不足一次。自2月13日以来的一个月里,他没有提交一则新闻。同样,Digg首席执行官Matt Williams也好不到哪里去,尽管他尽量努力平均每天评论或提交一则新闻。
与之形成鲜明对比的是,Rose在Twitter上非常活跃,上个月内发了181条微博,活跃程度比在他自己创建的网站上高了25倍。
如果连Kevin Rose这样的高管们都不再使用自家的服务,那Digg想要枯树逢春的希望实在渺茫了。对于这个曾经出尽风头的创业企业来说,真是一个彻底的悲剧。 Continue reading »
ordns.he.net (globally anycasted in 11 countries)
2001:470:20::2
74.82.42.42
bind.odvr.dns-oarc.net (https://www.dns-oarc.net/)
2001:4f8:3:2bc:1::64:20
149.20.64.20
Internode
2001:44b8:1::6
2001:44b8:2::6
google-public-dns-a.google.com
2001:4860:4860::8888
8.8.8.8
google-public-dns-b.google.com
2001:4860:4860::8844
8.8.4.4
f.6to4-servers.net (http://www.isc.org/)
2001:4F8:0:2::14
NTT (good)
x.ns.ntt.net: 2001:418:3ff::53
y.ns.ntt.net: 2001:418:3ff::1:53
OpenDNS (good)
2620:0:ccc::2
2620:0:ccd::2
208.67.222.222
208.67.220.220
Comcast (Anycast based)
2001:558:feed::1
2001:558:feed::2.
Verizon Business
cache00.ns.uu.net: 2600:803:5:1::10
Cogent
eu-res1.dns.cogentco.com: 2001:978:1:1::d
ns.ipv6.uni-leipzig.de
2001:638:902:1::10
139.18.25.34
上海交大
2001:da8:8000:1:202:120:2:101
2001:da8:8000:1:202:120:2:100
202.120.2.101
下一代互联网国家工程中心
首选DNS: 240c::6666
备用DNS: 240c::6644
Quad9
Secure IPv6: 2620:fe::fe , Blocklist, DNSSEC, No EDNS Client-Subnet
Unsecure IPv6: 2620:fe::10 , No blocklist, no DNSSEC, send EDNS Client-Subnet
有不少不喜歡網頁上有 Flash(尤其是那些動畫),所以 Firefox 上也有一個很出名的 add-on Flashblock。我個人也不喜歡網頁用上 Flash,但也不至於原教旨般的逢 Flash 必反 – 只要用得其所便可。
在我的印象中,香港政府的網站常有濫用 Flash 的情況,隨便在 Google 找一下,也找到五個值得批評的例子。
第五位
區議會
http://www.districtcouncils.gov.hk/front.html
我十分反對 Flash Intro Page ,但現在幾乎每個政府網站都有,也只好接受 – 至少它們還有一個 skip button。不過我要特別針對區議會以前用的這個 Flash Intro,不止是因為它很醜,最重要是它在 Firefox 中不懂得 resize,畫面小到字也看不到(在 1024×768 下就是上圖的樣子),其實就算到了 IE,那段轉簡體中文的文字也不清楚。 Continue reading »
