2015年8月31日 星期一

8/31 晨摘

  • 資訊安全:
1.WordPress Captain Slider 1.0.6 Cross Site Scripting by Arash Khazaei

Intrduction :

Wordpress Captain Slider Plugin Have 3000+ Active Install And Suffer From A Stored XSS Vulnerability In Title And Caption Section.

Exploit :

To Exploit This Vulnerability Go To Manage Silder Section And Add Slider In Title And Caption add Your Js Code .After Adding New Slider Go To Sorter Section Then You Can See Js Codes Executed .

Vulnerable Code :

<th class="column-order"><?php _e('Order', 'ctslider'); ?></th>
<th class="column-thumbnail"><?php _e('Slide Image', 'ctslider');
<th class="column-title"><?php _e('Title', 'ctslider'); ?></th>

2.Point-of-Sale Payment Security by Pierluigi Paganini

How Point-of-sale (POS) Works:

(1)Customer swipes a card at the merchant
(2)The Merchant’s POS sends the transaction through to the processor
(3)The Processor encrypts the payment and sends it from the POS device to the payment processing network (Visa, MasterCard, Discover, etc.)
(4)The payment processing network verifies that funds are available from the card issuing bank
(5)The card issuing bank then releases the funds back to the processor
(6)At the end of the day or a sales cycle, the merchant runs a batch with the processor
(7)The processor then authorizes the release of the funds to the merchant’s bank
(8)Later the customer receives a statement from the card issuing bank noting that funds were removed from a debit account, or that payment is due for credit card purchase

The PCI council provides a standard for companies providing payment services at any phase of a transaction:

(1)Install and maintain a firewall configuration to protect cardholder data
(2)Do not use vendor-supplied defaults for system passwords and other security parameters
(3)Protect stored cardholder data
(4)Encrypt transmission of cardholder data across open, public networks
(5)Use and regularly update anti-virus software or programs
(6)Develop and maintain secure systems and applications
(7)Restrict access to cardholder data by business need-to-know
(8)Assign a unique ID to each person with computer access
(9)Restrict physical access to cardholder data
(10)Track and monitor all access to network resources and cardholder data
(11)Regularly test security systems and processes
(12)Maintain a policy that addresses information security for employees and contractors

3.Hacking ipcam like Harold in POI by redrain有节操


  • 自我成長:
1.成為公司的「資產」而不是「成本」,你該學會的6件事! by 知識家編輯部


2.如果可以重回過去,妳會想改變什麼? by 丁菱娟




3.別想工作與生活的平衡點 by 丁菱娟





如欲閱讀更多文章摘要,請見 每日晨摘

