Title
Python Developer
San Francisco, CA
I am originally from Shanghai, CA and now make my home in the Bay area of San Francisco. I know security will be even more important in 2015 and look forward to contributing.
Interests
Compliance Management Computer Forensics Configuration/Patch Management Risk Assessment & Management Security Metrics SIEM (Security Information and Event Management) Single Sign On Web Filtering3
Followers
10
Following
56
Posts
Posts by yangtze
Stop Passing Around Those Passwords! Manager finds spreadsheet containing sensitive passwords
Find every copy of such spreadsheets and eliminate them, change passwords on compromised resources
Apple zero-day vulnerability fully compromises your devices
severe and previously unknown flaw circumvents Apple's stringent security features
Welcome to Cyberwar- the ability to hack targets in other countries - interview with Fred Kaplan
Ability to hack targets in other countries, damaging power grids, dams, factories & key computers
CVE system has bugs – quick, use this alternative: DWF - Distributed Weakness Filing
Distributed Weakness Filing (DWF) seeks to address critical software vulns ignored in huge backlog
Seagate Phish Exposes All Employee W-2’s - CEO Scam
Employee at Seagate Technology tricked into giving away W-2 tax docs on current and former employees
Subgraph OS - Secure Linux Operating System for Non-Technical Users
Subgraph OS is a feather weight Linux flavor that aims to make combatting hacking attacks easier
uKnowKids Goes On Attack After Database Of 1,700 Kids Found Insecure
Steve Woda, CEO of uKnowKids, blasted Vickery accusing him of hacking into his company’s servers
Perceptions and buying practices of infosec decision makers
Network breaches are rising, confidence is falling, BYOD deployments are shrinking
This Week: Employers Are Paying Data Firms to Predict Your Health Risks
Employee wellness firms and insurers are working to mine sensitive health data about workes like you
Remotely Disabling a Wireless Burglar Alarm (SimpliSafe Alarm Vulnerability)
Basic hardware and software, between $50 and $250, can harvest alarm's PIN and turn it off
Remotely Disabling a Wireless Burglar Alarm (SimpliSafe Alarm Vulnerability)
Basic hardware and software, between $50 and $250, can harvest alarm's PIN and turn it off
Critical flaw exposes Cisco security appliances to remote hacking (CVE-2016-1287, CWE-119)
Firewalls running Cisco Adaptive Security Appliance (ASA) software can be compromised remotely with
EMV, IoT and Board Agendas Shape Cyber Fraud
Cyber crime and financial fraud converging as fraud becomes preferred method to monetize stolen data
eBay refuses to patch website flaw that can serve up malware
eBay will not fix flaw, which could allow an attacker to remotely run code in a user's browser
13 Effective Security Controls for ISO 27001 Compliance When using Microsoft Azure
ISO provides foundation for establishing an information security management system (ISMS)
Schneier: Horrible Story of Digital Harassment
We need to figure out how to identify perpetrators without destroying Internet privacy
After New York, now California wants to ban sale of encrypted smartphones
California considering banning devices that come with unbreakable encryption.
Oracle releases a record 248 patches (CVE-2016-0499, CVE-2015-4925, etc.)
Oracle advises admins to patch immediately
Oil and Gas Industry Increasingly Hit by Cyber-Attacks: Report
82 percent of oil and gas industry respondents said theey registered an increase in cyber attacks
GM Asks Friendly Hackers to Report Its Cars’ Security Flaws
Vulnerability submission program allows security researchers to submit info about vulnerabilities
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
SLOTH is an acronym for Security Loss due to the use of Obsolete and Truncated Hash constructions
Google slams AVG for exposing Chrome user data with “security” plugin
AVG AntiVirus "force-installed" Chrome plugin that left browsing data vulnerable
Microsoft is storing your encryption keys in the clouds, here is how to delete it
Follow these simple steps in order to remove your recovery key from your Microsoft account
Attackers hunt for tampered Juniper firewalls
'Honeypot' mimicking a Juniper firewall is seeing login attempts
Database leak exposes 3.3 million Hello Kitty fans
Database storing 3.3 million sanriotown.com accounts found online
Now's the time to perform a personal Android security audit
10 step list of items to do to keep your Andoroid device secure
Dropbox now secured using cheap U2F tokens
File storage platform adds enterprise-friendly security feature using U2F token from YubiKey
Baseball Gets A Rude Welcome To The Age Of Cyber Espionage
Allegations that Cardinals stole data from the Houston Astros in hacking scheme
Security and Human Behavior (SHB 2015)
People studying various aspects of the human side of security
FUD Watch: The Marketing Of Security Vulnerabilities
Making designer vulnerabilities, catchy logos and content part of disclosure process
New domains revitalize phishing campaigns (e.g .science, .insurance)
Top level domains are a target for cybercriminals in delivering spam, phishing and malvertising
Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday
MS unveils new security patching scheme for Windows 10 devices, and security analytics
PayPal patched critical remote code execution flaw four days after hacker reported it
Remote code execution vulnerability found, patched in the server's Java Debug Wire Protocol
Ransomware creators are laundering their Bitcoin rapidly since the currency value is dropping
Drop in the value of the Bitcoin is pushing cyber criminals to rapidly cash-out
Waratek Wins RSA Innovation Sandbox
Runtime application self protection solution for solving Java security problems
New Dark Web market selling Zero Day Exploits to Hackers
Anonymous market for brokering zero day attack methods, holds payments to facilitate market
Vulnerabilities Found in Enterprise Search Engine SearchBlox
SearchBlox is enterprise search solution built on Apache Lucene/Solr and Elasticsearch
Older Versions of OS X Remain Vulnerable to Rootpipe ‘Hidden Backdoor API’
The issue is “hidden backdoor API” granting root privileges
Truecrypt: A few thoughts; audit from Open Crypto Audit Project
Truecrypt appears to be well designed, with no evidence of backdoors or severe design insecurities
DDoS attacks costs enterprise £100,000 per hour, study finds
DDoS attacks are not only a disruption but can also cost businesses dearly, according to Neustar
Schneier: Brute-Forcing iPhone PINs
Clever attack recovers iPhone PINs via using a black box that attaches to the iPhone via USB
Instagram API could be exploited to serve malicious links
Reflected filename download vuln affects Instagram API, can enable sharing of malicious links
Leveraging the power of digital signatures
Digital signatures can replace physical signatures for a more efficient authorization process
BlackBerry has no fix for devices vulnerable to FREAK security flaw
Warns that all devices will be vulnerable to a serious security flaw until a patch is released
CryptoLocker look-alike searches for and encrypts PC game files
TeslaCrypt holds games hostage unless you pay $500 in bitcoins
Aging Microsoft Code Leaves Corporations Vulnerable
Legacy Microsoft APIs were not designed with security in mind, and are vulnerable
Venmo Money, Venmo Problems
The mobile-payment service is trendy, easy to use, and growing fast. But is it safe?
Bug in WordPress plugin can be exploited to take full control of website
Vulnerability in the MainWP Child plugin for WordPress - patch is in version 2.0.9.2- please update.
Critical “Ghost”bug allows code execution, affects most Linux systems
Bug CVE-2015-0235 affects Linux software that performs domain name resolution
Credit card study blows holes in anonymity
It takes only a tiny amount of personal info to de-anonymize people - 3 pieces of data
Huge security flaw leaks VPN users’ real IP addresses
Websites can easily see VPN users' IP-addresses through WebRTC, Windows Firefox/Chrome affected
Anthem hack: Seven ways to protect yourself right now
Anthem's hack is cause to protect ourselves from further cyber intrusions.
Samsung's Smart TV may be collecting your data and conversations
Owners of the Samsung TV may need to watch what they say in their own homes
Hackers Can Remotely Install Malware Apps to Your Android Device