Toggle navigation
SECUR
1
TY
Find an Expert
Toggle Dropdown
Compliance
Incident Response
Penetration Testing
Software Development
Website/Application Security
Security Marketing and PR
Security Staffing
Education and Training
Network Security
Social Engineering
Cryptography
Mobile App Security
Video Surveillance
CIO / CTO / CSO / CISO / Virtual CISO
Private Investigation
Custom
More...
For Experts
Advice
Sign Up
Login
Chen Wei
follow
×
Welcome! Create a free account.
I want to hire
an expert
Post a description. Connect with top security and IT experts.
Sign up as a business
or
I'm an expert
Find opportunities with great companies. Network with our community.
Sign up as an expert
Have an account? Login here.
Title
Python Developer
San Francisco, CA
I am originally from Shanghai, CA and now make my home in the Bay area of San Francisco. I know security will be even more important in 2015 and look forward to contributing.
Interests
Compliance Management
Computer Forensics
Configuration/Patch Management
Risk Assessment & Management
Security Metrics
SIEM (Security Information and Event Management)
Single Sign On
Web Filtering
3
Followers
10
Following
56
Posts
Posts by yangtze
Stop Passing Around Those Passwords! Manager finds spreadsheet containing sensitive passwords
Find every copy of such spreadsheets and eliminate them, change passwords on compromised resources
VAULT
INSIDER THREAT
HUMAN FACTORS
PASSWORD
Apple zero-day vulnerability fully compromises your devices
severe and previously unknown flaw circumvents Apple's stringent security features
ZERO DAY EXPLOIT
VULNERABILITY
SENTINELONE
OS X
SYSCAN360
PEDRO VILAÇA
APPLE
Welcome to Cyberwar- the ability to hack targets in other countries - interview with Fred Kaplan
Ability to hack targets in other countries, damaging power grids, dams, factories & key computers
NATION-STATE
CYBERWAR
BOOK
NSA
FRED KAPLAN
HACK
CVE system has bugs – quick, use this alternative: DWF - Distributed Weakness Filing
Distributed Weakness Filing (DWF) seeks to address critical software vulns ignored in huge backlog
VULNERABILITY
DISTRIBUTED WEAKNESS FILING
CVE
DWF
Seagate Phish Exposes All Employee W-2’s - CEO Scam
Employee at Seagate Technology tricked into giving away W-2 tax docs on current and former employees
CEO
IRS
W-2
TAX REFUND FRAUD
SEAGATE
PHISHING
Subgraph OS - Secure Linux Operating System for Non-Technical Users
Subgraph OS is a feather weight Linux flavor that aims to make combatting hacking attacks easier
SUBGRAPH
OS
LINUX
PRODUCT
uKnowKids Goes On Attack After Database Of 1,700 Kids Found Insecure
Steve Woda, CEO of uKnowKids, blasted Vickery accusing him of hacking into his company’s servers
UKNOWKIDS
STEVE WODA
CHRIS VICKERY
HACK
Perceptions and buying practices of infosec decision makers
Network breaches are rising, confidence is falling, BYOD deployments are shrinking
MALWARE
CYBEREDGE GROUP
SPEAR-PHISHING
SSL
CISO
INSIDER THREAT
HUMAN FACTORS
This Week: Employers Are Paying Data Firms to Predict Your Health Risks
Employee wellness firms and insurers are working to mine sensitive health data about workes like you
AIR-GAPPED NETWORK
DISTILLERY
DATA MINING
PRIVACY
HEALTHCARE
Remotely Disabling a Wireless Burglar Alarm (SimpliSafe Alarm Vulnerability)
Basic hardware and software, between $50 and $250, can harvest alarm's PIN and turn it off
ANDREW ZONENBERG
HOME SECURITY
IOACTIVE
SIMPLISAFE
Remotely Disabling a Wireless Burglar Alarm (SimpliSafe Alarm Vulnerability)
Basic hardware and software, between $50 and $250, can harvest alarm's PIN and turn it off
SIMPLISAFE
IOACTIVE
ANDREW ZONENBERG
HOME SECURITY
VULNERABILITY
Critical flaw exposes Cisco security appliances to remote hacking (CVE-2016-1287, CWE-119)
Firewalls running Cisco Adaptive Security Appliance (ASA) software can be compromised remotely with
CISCO
VULNERABILITY
ASA
UDP
CWE-119
CVE-2016-1287
EMV, IoT and Board Agendas Shape Cyber Fraud
Cyber crime and financial fraud converging as fraud becomes preferred method to monetize stolen data
FRAUD
CYBER CRIME
EMV
CORPORATE BOARD
eBay refuses to patch website flaw that can serve up malware
eBay will not fix flaw, which could allow an attacker to remotely run code in a user's browser
EBAY
IFRAMES
CHECKPOINT
BROWSER
MALWARE
13 Effective Security Controls for ISO 27001 Compliance When using Microsoft Azure
ISO provides foundation for establishing an information security management system (ISMS)
COMPLIANCE
MICROSOFT
FRANK SIMORJAY
ISMS
ISO 27001
PDF
AZURE
Schneier: Horrible Story of Digital Harassment
We need to figure out how to identify perpetrators without destroying Internet privacy
FORENSICS
CRIME
HARASSMENT
FORGERY
POLICE
PAUL STRATER
AMY STRATER
SCHNEIER
After New York, now California wants to ban sale of encrypted smartphones
California considering banning devices that come with unbreakable encryption.
SMARTPHONE
CALIFORNIA
NEW YORK
ENCRYPTION
BACKDOOR
Oracle releases a record 248 patches (CVE-2016-0499, CVE-2015-4925, etc.)
Oracle advises admins to patch immediately
CVE-2016-0499
VULNERABILITY
CVE-2015-4925
CVE-2016-0451
GOLDENGATE
PATCH
ORACLE
JAVA
Oil and Gas Industry Increasingly Hit by Cyber-Attacks: Report
82 percent of oil and gas industry respondents said theey registered an increase in cyber attacks
ENERGY
DIMENSIONAL RESEARCH
INDUSTRY
TRIPWIRE
GM Asks Friendly Hackers to Report Its Cars’ Security Flaws
Vulnerability submission program allows security researchers to submit info about vulnerabilities
ONSTAR
GM
HACKERONE
VULNERABILITY
BUG BOUNTY
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
SLOTH is an acronym for Security Loss due to the use of Obsolete and Truncated Hash constructions
ATTACK
SLOTH
MESSAGE DIGEST
MD5
SHA-1
ACADEMIC PAPER
CRYPTOGRAPHY
Google slams AVG for exposing Chrome user data with “security” plugin
AVG AntiVirus "force-installed" Chrome plugin that left browsing data vulnerable
JAVASCRIPT
WEB TUNEUP
TAVIS ORMANDY
AVG
GOOGLE
CHROME
XSS
Microsoft is storing your encryption keys in the clouds, here is how to delete it
Follow these simple steps in order to remove your recovery key from your Microsoft account
MICROSOFT
BITLOCKER
RECOVERY KEY
WINDOWS
ENCRYPTION
Attackers hunt for tampered Juniper firewalls
'Honeypot' mimicking a Juniper firewall is seeing login attempts
SANS
SCREENOS
JUNIPER
FIREWALL
HONEYPOT
Database leak exposes 3.3 million Hello Kitty fans
Database storing 3.3 million sanriotown.com accounts found online
HELLO KITTY
SANRIOTOWN.COM
MONGODB
CHRIS VICKERY
HACK
Now's the time to perform a personal Android security audit
10 step list of items to do to keep your Andoroid device secure
MALWARE
DEVICE MANAGER
TFA
ANDROID
CHECKLIST
AUDIT
Dropbox now secured using cheap U2F tokens
File storage platform adds enterprise-friendly security feature using U2F token from YubiKey
YUBIKEY
U2F
MFA
AUTHENTICATION
DROPBOX
Baseball Gets A Rude Welcome To The Age Of Cyber Espionage
Allegations that Cardinals stole data from the Houston Astros in hacking scheme
BASEBALL
SABERMETRICS
HACK
Security and Human Behavior (SHB 2015)
People studying various aspects of the human side of security
WORKSHOP
SHB 2015
SCHNEIER
HUMAN FACTORS
FUD Watch: The Marketing Of Security Vulnerabilities
Making designer vulnerabilities, catchy logos and content part of disclosure process
VENOM
POODLE
SHELLSHOCK
HEARTBLEED
New domains revitalize phishing campaigns (e.g .science, .insurance)
Top level domains are a target for cybercriminals in delivering spam, phishing and malvertising
GTLD
SPAM
PHISHING
Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday
MS unveils new security patching scheme for Windows 10 devices, and security analytics
ANALYTICS
ATA
WINDOWS 10
PayPal patched critical remote code execution flaw four days after hacker reported it
Remote code execution vulnerability found, patched in the server's Java Debug Wire Protocol
RCE
PAYPAL
JAVA
Ransomware creators are laundering their Bitcoin rapidly since the currency value is dropping
Drop in the value of the Bitcoin is pushing cyber criminals to rapidly cash-out
BITCOIN
RANSOMWARE
Waratek Wins RSA Innovation Sandbox
Runtime application self protection solution for solving Java security problems
SANDBOX
WARATEK
RSA
JAVA
New Dark Web market selling Zero Day Exploits to Hackers
Anonymous market for brokering zero day attack methods, holds payments to facilitate market
THEREALDEAL
ZERO DAY EXPLOIT
DARK WEB
Vulnerabilities Found in Enterprise Search Engine SearchBlox
SearchBlox is enterprise search solution built on Apache Lucene/Solr and Elasticsearch
CVE-2015-0968
CVE-2015-0967
SEARCHBLOX
VULNERABILITY
Older Versions of OS X Remain Vulnerable to Rootpipe ‘Hidden Backdoor API’
The issue is “hidden backdoor API” granting root privileges
PATCH
APPLE
OS X
BACKDOOR
Truecrypt: A few thoughts; audit from Open Crypto Audit Project
Truecrypt appears to be well designed, with no evidence of backdoors or severe design insecurities
TRUECRYPT
MATTHEW GREEN
TOOL
AUDIT
ENCRYPTION
DDoS attacks costs enterprise £100,000 per hour, study finds
DDoS attacks are not only a disruption but can also cost businesses dearly, according to Neustar
LIZARD STRESSER
DDOSAAS
NEUSTAR
DDOS
Schneier: Brute-Forcing iPhone PINs
Clever attack recovers iPhone PINs via using a black box that attaches to the iPhone via USB
PIN
SCHNEIER
USB
APPLE
IPHONE
Instagram API could be exploited to serve malicious links
Reflected filename download vuln affects Instagram API, can enable sharing of malicious links
INSTAGRAM
REFLECTED FILENAME DOWNLOAD
MALICIOUS LINKS
Leveraging the power of digital signatures
Digital signatures can replace physical signatures for a more efficient authorization process
E-SIGN
DIGITAL SIGNATURES
TUTORIAL
BlackBerry has no fix for devices vulnerable to FREAK security flaw
Warns that all devices will be vulnerable to a serious security flaw until a patch is released
BBM
BLACKBERRY
SSL
CryptoLocker look-alike searches for and encrypts PC game files
TeslaCrypt holds games hostage unless you pay $500 in bitcoins
CRYPTOLOCKER
MALWARE
TESLACRYPT
BITCOIN
RANSOMWARE
Aging Microsoft Code Leaves Corporations Vulnerable
Legacy Microsoft APIs were not designed with security in mind, and are vulnerable
API
Venmo Money, Venmo Problems
The mobile-payment service is trendy, easy to use, and growing fast. But is it safe?
VENMO
PAYMENTS
Bug in WordPress plugin can be exploited to take full control of website
Vulnerability in the MainWP Child plugin for WordPress - patch is in version 2.0.9.2- please update.
MAINWP CHILD
WORDPRESS
Critical “Ghost”bug allows code execution, affects most Linux systems
Bug CVE-2015-0235 affects Linux software that performs domain name resolution
GHOST
Credit card study blows holes in anonymity
It takes only a tiny amount of personal info to de-anonymize people - 3 pieces of data
Huge security flaw leaks VPN users’ real IP addresses
Websites can easily see VPN users' IP-addresses through WebRTC, Windows Firefox/Chrome affected
WEBRTC
WINDOWS
FIREFOX
Anthem hack: Seven ways to protect yourself right now
Anthem's hack is cause to protect ourselves from further cyber intrusions.
SECURITY FREEZE
FRAUD ALERT
Samsung's Smart TV may be collecting your data and conversations
Owners of the Samsung TV may need to watch what they say in their own homes
SMART TV
SMARTTV
SAMSUNG
Hackers Can Remotely Install Malware Apps to Your Android Device
Vulnerabilities in Google Play Store allow hackers to install/launch apps remotely
UXSS
ANDROID
GOOGLE PLAY
Ramping Up Automobile Cybersecurity
Nearly 100 percent of vehicles on market include wireless tech that could be vulnerable to hacking
AUTOMOBILE SECURITY
PRIVACY
How the CIA made Google
Thesis: CIA spawned Google to develop surveillance on groups perceived as potentially threatening to US
CIA
Following
Not currently following any packages.
Experience
yangtze has not filled out any achievements
Yours
FREE!
Where should we email
free access to your Security Grader?
We don't share emails
Get
FREE
access to my Security Grader