Release of OpenWrt Stable Version 24.10.4 – 20251022

Release of OpenWrt Stable Version 24.10.4 - 20251022

Just a month after the last version, the OpenWrt official website has released the fifth stable version 24.10.4, which is indeed rare for such a high update frequency. As usual, let’s first look at the version information: _______ ________ __ | |.—–.—–.—–.| | | |.—-.| |_ | – || _ | -__| || | | … Read more

Is the AI Robot Going Crazy? The Real Vulnerabilities Behind ‘Open Sesame’

Is the AI Robot Going Crazy? The Real Vulnerabilities Behind 'Open Sesame'

The terrifying reality at GEEKCON: smart devices are being controlled by hackers. The recently concluded Shanghai event, dubbed the “Security Geek Competition,” revealed the true hidden dangers of the future smart era. When global white-hat hackers gather, they showcase far more than just “destruction”: They provide a profound warning about the security boundaries of embodied … Read more

New HTTP/2 ‘MadeYouReset’ Vulnerability Can Trigger Large-Scale DoS Attacks

New HTTP/2 'MadeYouReset' Vulnerability Can Trigger Large-Scale DoS Attacks

A new attack technique known as MadeYouReset has been discovered, which affects various implementations of HTTP/2 and can be exploited to launch powerful denial-of-service (DoS) attacks. Researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel stated: “MadeYouReset bypasses the limits typically imposed by servers, which allow a maximum of 100 concurrent HTTP/2 requests per TCP … Read more

Implementing Fuzz Testing in Python: A Practical Example

Implementing Fuzz Testing in Python: A Practical Example

Implementing Fuzz Testing in Python: A Practical Example In this article, I will implement a vulnerable program in Python and demonstrate how to perform fuzz testing using Python. It is important to note that since Python is a memory-safe language, we cannot fully replicate buffer overflow vulnerabilities found in C, but we can simulate similar … Read more

Reappearance of ‘Backdoors’ in International Wireless Encryption Algorithms

Reappearance of 'Backdoors' in International Wireless Encryption Algorithms

In 1995, the European Telecommunications Standards Institute (ETSI) released the TETRA (Terrestrial Trunked Radio) standard, which has been widely used by police, military, and critical infrastructure agencies in various countries around the world. However, researchers discovered in 2023 that the encryption algorithms within the TETRA standard (such as TEA1) have serious vulnerabilities that could be … Read more

New HTTP Smuggling Attack Technique Allows Attackers to Inject Malicious Requests

New HTTP Smuggling Attack Technique Allows Attackers to Inject Malicious Requests

Overview of Attack Principles This complex HTTP request smuggling attack exploits the differences in parsing behavior between front-end proxy servers and back-end application servers. The new technique uses malformed chunked transfer encoding to bypass existing security controls and inject unauthorized secondary requests into web applications. Key Points Exploiting malformed HTTP chunked encoding to create parsing … Read more

HTTP Smuggling: Understanding the Attack Techniques and Detection Methods

HTTP Smuggling: Understanding the Attack Techniques and Detection Methods

Question: Is HTTP smuggling only applicable to HTTP and not HTTPS? HTTP smuggling is not limited to HTTP; it can also be applied to HTTPS. HTTP smuggling is an attack technique that exploits the differences in how front-end servers and back-end servers parse HTTP requests. By cleverly constructing requests, attackers can confuse the server when … Read more

Will You Panic If Smart Speakers Become “Eavesdroppers”?

Will You Panic If Smart Speakers Become "Eavesdroppers"?

Recently, a report from Wired stated that a British security researcher, Mark Barnes, has conducted a detailed study on a method to compromise the Amazon Echo. This method allows anyone to install malware on the Echo, enabling them to listen in on conversations without the user’s knowledge and transmit the microphone data to a third-party … Read more

The Shadow Inside: Why HTTP Smuggling Still Disrupts Networks

The Shadow Inside: Why HTTP Smuggling Still Disrupts Networks

DELE 4 Generation In the ever-evolving battlefield of web application security, firewalls are becoming increasingly intelligent, and scanners are becoming more aggressive, yet some vulnerabilities still **slip silently through the cracks**. One of these — **HTTP Request Smuggling (HRS)** — has once again emerged as a *high-impact*, *low-visibility* threat capable of bypassing authentication, hijacking sessions, … Read more