6 Steps to Protect the Privacy of IoT Devices You Must Know

6 Steps to Protect the Privacy of IoT Devices You Must Know

In today’s world, our devices are more closely connected than ever before. For example, we can remotely control home appliances such as air conditioners, lamps, and refrigerators. However, it is crucial to protect IoT devices and ensure the security of personal identity information. Today, I will share 6 steps to protect the privacy of IoT … Read more

When Nezha’s Myth Shines in Reality: Analyzing the Defense Logic of Hardware Encryption Modules

When Nezha's Myth Shines in Reality: Analyzing the Defense Logic of Hardware Encryption Modules

Movie Version: Shen Gongbao breaks through the barrier set by Yuanshi Tianzun and steals the spirit pearl. Real Version: Hackers exploit system vulnerabilities to steal database keys. HSM Breakthrough: If the spirit pearl safe used a hardware encryption module, key generation, storage, and usage would all be completed within the tamper-resistant chip. Even if Shen … Read more

Please Set Up MFA (Multi-Factor Authentication) ASAP

Please Set Up MFA (Multi-Factor Authentication) ASAP

2024 UNNC IT Services Mandatory MFA Setup @2024 IT Services 01 Important Notice MFA In an ongoing effort to enhance the security of our student accounts and protect your personal information, we are implementing Multi-Factor Authentication (MFA) for all student accounts. This will add an extra layer of security to ensure that you are the … Read more

Understanding OAuth 2.0 for Single Sign-On

Understanding OAuth 2.0 for Single Sign-On

[Source] https://sourl.cn/hMw7yT Single sign-on (SSO) is a popular login method for multi-domain enterprise sites. This article aims to clarify the principles of OAuth 2.0 in implementing single sign-on, using real-life scenarios for better understanding. It also summarizes the implementation solutions for access control and its application in microservice architecture. What is Single Sign-On? Multiple Logins … Read more

Building a Secure and Reliable Authentication Service with Rust: From Basics to Practical Implementation

Building a Secure and Reliable Authentication Service with Rust: From Basics to Practical Implementation

Building a Secure and Reliable Authentication Service with Rust: From Basics to Practical Implementation Introduction: When Security Meets Performance “Another user data breach?” Such headlines have become all too familiar. In web development, authentication services act like guards at the entrance, quickly identifying legitimate users while blocking malicious intruders. Traditional authentication solutions often struggle to … Read more

Securing HTTP-Based APIs

Securing HTTP-Based APIs

This guide provides recommendations for securing HTTP-based APIs. It is aimed at technical personnel responsible for designing or building applications that provide HTTP APIs. Please note that you should perform threat modeling specific to your design to fully secure HTTP-based APIs. What is an HTTP-Based API? An HTTP-based API enables communication between different software systems … Read more

MQTT 5.0: Enhanced Security Features

MQTT 5.0: Enhanced Security Features

MQTT Introduction  MQTT[1] 5.0, launched in March 2019 by OASIS (Organization for the Advancement of Structured Information Standards), is a significant upgrade from the MQTT 3.1.1 version released in 2014.  As a messaging protocol specifically designed for the Internet of Things (IoT) and Industrial IoT, it was previously introduced in ‘MQTT, Friend of Weak Networks’, … Read more

A Reverse Engineering Journey of the Xiaomi Mi Band BLE Communication Protocol

A Reverse Engineering Journey of the Xiaomi Mi Band BLE Communication Protocol

AuthorForum Account:FinchK 0x0 Introduction As a pure beginner in reverse engineering, I have been involved in it for about two months. I have a Xiaomi Mi Band 4 NFC version, which has the built-in Xiao Ai assistant that can engage in voice conversations to control smart home devices and perform operations such as setting alarms. … Read more

Understanding the Fields in HTTP Request Headers

Understanding the Fields in HTTP Request Headers

Professionals Click the blue text to follow us Today’s article Request headers are key information sent by the client to the server when making a request, used to convey metadata about the request. Common request headers include: Host (target domain name or IP), User-Agent (information about the client and the browser used for access), Content-Length … Read more