Thái | Hacker | Kỹ sư tin tặc

Thái | Hacker | Kỹ sư tin tặc is a Substack focused on cybersecurity, technological innovation, and the personal experiences of a Vietnamese engineer navigating the tech industry. It covers online security challenges in Vietnam, ethical hacking, personal journeys within the tech sector, and insights on living a balanced life amidst tech advancements.

Cybersecurity Technological Innovation Personal Development Vietnamese Technology Scene Ethical Hacking Career Growth Cultural Insights Online Privacy

The hottest Substack posts of Thái | Hacker | Kỹ sư tin tặc

And their main takeaways

Hội thảo Tết 2012

0 implied HN points 10 Dec 11
🕹 Technology Cybersecurity Web applications Mobile devices Cloud Computing E-commerce
  1. Ticket prices for the workshop vary based on registration date with a 50% discount available for valid student ID holders.
  2. The workshop welcomes submissions on a wide range of topics related to web applications, mobile devices, cloud computing, e-commerce, and cybersecurity.
  3. The annual workshop organized by HVA and VNSECURITY focuses on practical experiences and latest developments in information security locally and globally.

Lớp học mật mã miễn phí ở Stanford

0 implied HN points 19 Nov 11
🚌 Education Online course Security
  1. Stanford offers a free cryptography course by Professor Dan Boneh, a leading expert in the field.
  2. The course covers modern cryptography and is based on the content of CS255.
  3. Participating in this course is a great opportunity to learn from a top expert and develop a passion for cryptography.

Tìm Lỗ Lấy Tiền

0 implied HN points 04 Nov 11
🕹 Technology Cybersecurity Software Ethical Hacking Internet
  1. When identifying a security vulnerability, individuals can choose to keep it for personal use, sell it, report it for free, or disclose it widely. Each choice has different implications and risks.
  2. Participating in bug bounty programs offered by companies like Google, Mozilla, and Facebook can be a fun way for security enthusiasts to earn money, gain recognition, and potentially further their careers.
  3. Bug bounty programs provide rewards and acknowledgments to individuals who identify and report security vulnerabilities, creating opportunities for financial gains and professional development.

Oakland 2011

0 implied HN points 22 May 11
🕹 Technology Cryptography Research Web applications Security Programming
  1. The misuse of cryptography in web security, particularly in ASP.NET, can lead to severe vulnerabilities allowing attackers to compromise web applications.
  2. Researching and questioning the implementation of cryptographic techniques can lead to the discovery of new attack methods and security flaws.
  3. Utilizing cryptography correctly is crucial for security solutions, but it is challenging as there are numerous serious vulnerabilities, requiring more focus and research in the field.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Cập nhật

0 implied HN points 30 Dec 10
🕹 Technology Cybersecurity Education
  1. The author is transitioning to a new location for work and study, balancing full-time work and part-time education, and emphasizing that work is also a form of learning.
  2. The author works for a small company specializing in information security consulting and research, while studying cryptography at a reputable university.
  3. The author looks forward to an exciting period ahead, expressing a willingness to write more and inviting readers to connect if they feel like meeting.

First time on screen

0 implied HN points 02 Oct 10
🕹 Technology Cybersecurity
  1. The post discusses a presentation at EKOPARTY on a vulnerability in ASP.NET.
  2. The presentation involved one person speaking in Spanish and another person speaking in English.
  3. The speaker notes an improvement in their accent during the presentation.

Hội thảo bảo mật quốc tế SyScan HCMC 2010

0 implied HN points 26 Aug 10
🕹 Technology Security Conference Vietnam Hacking
  1. Consider attending security conferences like SyScan HCMC 2010 to learn from top security experts and support the development of the industry.
  2. SyScan focuses on sharing research and experiences from leading security experts rather than commercial products or solutions.
  3. The conference covers hot security topics and offers reasonably priced registration, which includes opportunities for networking and even winning an iPad.

Hội thảo An ninh Web 17/06

0 implied HN points 15 Jun 10
🕹 Technology Security Web Development
  1. Conference on Web Application Security will be held on June 17 at Palace Hotel in HCMC. Topics include OWASP Top Ten 2010, Practical Crypto Attack, and Testing Web Application.
  2. Speakers will cover important aspects such as identifying vulnerabilities in web applications and real-world encryption attacks.
  3. The event is open to all without the need for an invitation, encouraging everyone to participate in the discussions.

Vụ lừa đảo Macbook Air (2)

0 implied HN points 05 Feb 10
🕹 Technology Security Data Analysis Cybercrime
  1. Proper investigation of fraud cases like the Macbook Air scam involves preserving the crime scene data by making backups, which protects evidence integrity.
  2. Analyzing data from security systems can often reveal the identity of the perpetrator without necessarily requiring access to external entities' information.
  3. Creating profiles with relevant details such as nicknames, emails, phone numbers, and IP addresses helps in tracking and expanding the investigation using publicly available data.

Giám sát an ninh mạng - hay là làm thế nào để ngăn chặn một cuộc tấn công DDoS trong 20'

0 implied HN points 14 Dec 09
🕹 Technology Network Security Data Collection Data Analysis Incident Response
  1. Network security monitoring is crucial for preventing and mitigating DDoS attacks. It involves collecting data, analyzing it, and escalating information.
  2. Human expertise is vital in cybersecurity as machines and standards alone can't fully protect systems.
  3. Continuous monitoring of network security 24/7 is essential, requiring expert personnel and access to data for effective operation.

Lỗ hổng nghiêm trọng của TLS/SSL

0 implied HN points 06 Nov 09
🕹 Technology Security Internet
  1. A serious vulnerability in TLS/SSL allows a man-in-the-middle attack to inject chosen plaintext unnoticed, jeopardizing security for protocols like HTTPS.
  2. The vulnerability highlights the importance of understanding the interactions between TLS/SSL and protocols like HTTP, SMTP, or POP3 to prevent exploitation.
  3. Potential attacks exploit the 'authentication gap' between TLS/SSL and higher-level protocols, allowing attackers to insert plaintext into encrypted streams undetected.

Lại chuyện tiền nong

0 implied HN points 28 Oct 09
💰 Finance Personal Finance Investing Debt Management Financial Literacy Wealth Building
  1. Managing personal finances is crucial to avoid stress and missed opportunities. Recognizing financial ignorance and starting to learn can significantly improve your financial situation.
  2. Avoid accumulating debt whenever possible, as it can lead to financial stress and affect your overall well-being. Make informed decisions when it comes to borrowing or using credit cards.
  3. Investing in yourself and saving a portion of your income is essential for long-term financial stability. Consider different investment options, such as savings accounts, and be cautious with riskier ventures like stocks or real estate.

How to recover RSA private key in a coredump of ssh-agent - Sapheads HackJam 2009 Challenge 6

0 implied HN points 24 Sep 09
🕹 Technology Cybersecurity Programming Cryptography Networking Software Development
  1. Sapheads HackJam 2009 Challenge 6 involved recovering an RSA private key from a coredump of ssh-agent, showcasing real-world scenarios in CTFs
  2. The coredump contained data structures like RSA and BIGNUM that could be extracted to retrieve the private key for SSH access
  3. Understanding ASN.1 and using tools like pyasn1 were recommended for generating RSA private keys from parameters like n, d, e, p, and q

Flickr's API Signature Forgery Vulnerability

0 implied HN points 14 Sep 09
🕹 Technology Security Vulnerabilities APIs Cybersecurity
  1. Flickr's API has a vulnerability in its signing process that allows attackers to forge valid requests without the shared secret, potentially granting unauthorized access to user accounts.
  2. Web services similar to Flickr that use the same signing process could also be potentially vulnerable to the signature forgery attack.
  3. Vendor Yahoo! Flickr acknowledged the vulnerability and planned a fix, while other vendors responded differently to notifications about the issue, suggesting an inconsistency in addressing such vulnerabilities.

WOWHacker CTF - Binary Challenges

0 implied HN points 27 Aug 09
🕹 Technology Programming Cybersecurity Networking
  1. Decompiling Python files can reveal interesting scripts and their functionalities
  2. XORing content against a specific character can reveal hidden file types like executable files
  3. Remote stack-based buffer overflow exploitation can sometimes be easier than expected with proper guidance and techniques

Crypto challenges - WOWHacker CTF

0 implied HN points 18 Aug 09
🕹 Technology Crypto Java Cryptography
  1. Challenge 1 involved decoding base64-encoded strings, revealing the significance of the cookie's structure and encryption method.
  2. Challenge 10 required understanding Java serialization to recover an RSA private key used for decryption.
  3. The challenges highlighted the importance of paying attention to details and avoiding false trails while solving cryptographic puzzles.

này là cloud computing

0 implied HN points 02 Aug 09
🕹 Technology Cloud Computing Data Storage Infrastructure Security Startups
  1. Cloud computing trends take time to reach different regions; blogging, web 2.0, and now cloud computing are examples of such trends.
  2. The success of cloud computing services lies in cost-effectiveness and the ability to handle large amounts of data for many users.
  3. Developing a public cloud computing service requires a high level of expertise, infrastructure, and financial resources, making it a playground for top tech giants.

Cần tuyển nhân viên giám sát an toàn thông tin

0 implied HN points 30 Jul 09
💼 Business Recruitment Technology Programming Network Security Professional development
  1. The job posting is for hiring 2 information security monitoring officers at Dong A Bank in Ho Chi Minh City. Candidates with technical skills in programming, networking, and a passion for overcoming technical challenges are sought after.
  2. The position requires proficiency in various technical areas like discrete mathematics, computer architecture, programming languages, and network programming, with the opportunity for training and career development.
  3. The benefits of the job include competitive salaries based on experience, a friendly and technology-focused work environment that emphasises information security as vital to a company's success, and the chance for advancement and scholarships for further education.

Solutions manual for "A computational introduction to number theory and algebra"

0 implied HN points 07 Jul 09
🚌 Education Mathematics Algebra Number Theory Computer Science Cryptography
  1. The book "A computational introduction to number theory and algebra" is recommended as an excellent resource for those interested in number theory, algebra, and cryptography, particularly from a computer science perspective.
  2. The book emphasizes computational aspects, presents algorithms, and discusses complexity analysis, making it a valuable resource for cryptography applications.
  3. The author has created a solutions manual for some chapters of the book, focusing on exercises related to basic properties of integers, congruences, and computing with large integers.

ước mơ làm trùm

0 implied HN points 05 Jul 09
🚌 Education Reading Library Non-profit Business Dreams
  1. Thinking about making the money spent on books count by turning them into valuable knowledge or joy is crucial.
  2. Consider starting a small private library to share books with others and expand it over time.
  3. Researching and following guides on how to manage, promote, and fund a library can help in establishing and growing the small library dream.

reality check

0 implied HN points 08 Jun 09
🕹 Technology Cybersecurity Hacking Competition Team Building Learning
  1. Success in competitions like Defcon CTF requires a balance of theory and real-world application, as highlighted by Richard Feynman's approach to physics.
  2. Building a strong hacking team demands dedication, expertise, and a deep understanding of both offensive and defensive tactics in cybersecurity.
  3. Participating in cybersecurity competitions showcases skills and can open up career opportunities in the field.

CodeGate 2009's Challenge 18 - Diffie-Hellman parameter tampering case study

0 implied HN points 12 Mar 09
🕹 Technology Cryptography Cybersecurity Vulnerabilities
  1. CodeGate 2009 Challenge 18 involved a cryptography challenge focusing on RSA, Diffie-Hellman Key Protocol Agreement, and AES block cipher.
  2. The protocol in the challenge included steps where the client exchanged RSA public keys with the server, the server sent DH parameters to the client, and both parties used the shared secret as the key for AES encryption.
  3. Vulnerabilities in the protocol included weak RSA public-keys and susceptibility to Man-In-The-Middle attacks against Diffie-Hellman, leading to the decryption of messages by malicious third parties.

nghệ thuật thuyết phục

0 implied HN points 20 Feb 09
🎭️ Culture Psychology Social Interaction Persuasion
  1. Social psychology studies show the importance of reciprocation rule where individuals should reciprocate favors received from others.
  2. The contrast principle influences how we perceive differences between two events or objects, making the second seem more extreme.
  3. Utilizing techniques like rejection-then-retreat strategy combined with the contrast principle can make it hard to refuse requests, as seen in persuasive interactions.

một nghề cho chín còn hơn chín nghề

0 implied HN points 14 Jan 09
🕹 Technology Programming Machine Learning Management Software Development IT Industry
  1. To excel in a field, focus on depth rather than breadth. Patience, planning, and method are key.
  2. Starting with basic scientific subjects like math is crucial for a deeper understanding of natural sciences.
  3. Continuous learning and acquiring diverse skills, such as machine learning, enhance job performance and market competitiveness.

vô văn hóa

0 implied HN points 14 Jan 09
🎭️ Culture Etiquette Social norms Self-reflection
  1. Calling out others for being uncultured has ironically become a unique cultural aspect. People label behaviors like littering or being noisy as uncultured.
  2. Critically reflect on one's own actions and be stern with oneself, while being forgiving towards others. It's easier to notice and criticize others' mistakes than our own.
  3. The advice from reading is: be tolerant of others but rigorously strict with yourself. Blaming circumstances for one's own mistakes is unproductive.

cáo tật thị chúng

0 implied HN points 14 Jan 09
📖 Philosophy Human behavior Beliefs Self-awareness
  1. Sometimes we may act cruel to feel superior to others, but this behavior might just happen naturally without control.
  2. We tend to blindly believe authority figures without questioning, only to realize later that they can be wrong too.
  3. At times, we may go along with things we dislike out of fear of rejection or to avoid making others upset, but in the end, it just makes us unhappy.

Daemon02 - HITB Malaysia 2008 CtF

0 implied HN points 03 Nov 08
🕹 Technology Security Vulnerability Network Python
  1. Command injection vulnerability example with Daemon02, highlighting the importance of checking for dangerous metacharacters.
  2. Daemon02's vulnerability lies in its character checking method, allowing for potential bypasses to execute unintended commands.
  3. Exploiting Daemon02 is straightforward, involving sending specific input to execute commands on the host system.

hacking stuff again

0 implied HN points 23 Sep 08
🕹 Technology Hacking Information Security Ethics
  1. Finding a way to do what you like and earn money is ideal but sometimes difficult due to real-world necessities.
  2. Success can be subjective, but having success may involve balancing personal interests with career achievements.
  3. Choosing a career based on personal passion and interests can lead to high motivation and satisfaction.

không phải cứ có lỗi là vá

0 implied HN points 26 Jul 08
🕹 Technology Cybersecurity Software Development Networking Business impact
  1. Having a bug doesn't always mean it needs to be fixed immediately; prioritizing user needs over patching every issue is crucial.
  2. In cybersecurity, understanding the core business objectives is key; security measures should align with business goals rather than just technical solutions.
  3. Addressing security vulnerabilities should be done strategically; rushing to patch every flaw without assessing the impact or necessity can lead to more harm than good.

Hindsight analysis of the infamous DNS bug

0 implied HN points 24 Jul 08
🕹 Technology Cybersecurity Networks DNS
  1. Dan Kaminsky's research revealed DNS tricks like the 'CNiping' CNAME override, showing ways to manipulate cached data in DNS resolvers.
  2. Understanding the probability formula involving 'D', 'R', 'W', 'N', 'P', and 'I' can help in launching successful spoofing attacks on resolvers.
  3. Increasing 'R' and 'A' with specific values like 300 packets/s and 4000 queries can lead to a 51% success chance in poisoning target resolvers, showcasing the relative ease of the attack.

loss vs gain

0 implied HN points 02 Jul 08
  1. When faced with a loss, people tend to be more risk-seeking to try and make up for it.
  2. People prefer sure gains over risky larger gains, but are more willing to accept risky larger losses than sure losses.
  3. Humans have a tendency to avoid risks when it comes to gains and seek risks when it comes to losses, impacted by how situations are framed as gains or losses.

copyright vs license

0 implied HN points 24 Jun 08
🚌 Education Intellectual Property Copyright Legal Compliance
  1. Copyright is the right of the creator to copy and distribute their work. It's different from a license.
  2. License is like a contract between the creator and the user, outlining what the user can and cannot do with the product.
  3. Most software licenses don't grant users the highest rights like copying and distributing. Users need written permission for that.

Firewall có thật sự bảo vệ thông tin tuyệt đối hay không?

0 implied HN points 10 Jun 08
🕹 Technology Cybersecurity Software Hardware Networking IT Management
  1. Firewalls cannot provide absolute protection as they themselves can also be targeted in cyber attacks.
  2. Adding security devices like firewalls can introduce new vulnerabilities to a system.
  3. Complex systems with intermediary devices like firewalls can make the system less secure and increase the potential attack surface.

pseudo intellectual

0 implied HN points 04 Jun 08
🎭️ Culture Intellectualism Philosophy Literature Social Issues Humor
  1. To become a pseudo intellectual, buy some philosophy books from notable philosophers and pretend to understand them
  2. Dive into various cultural and social topics, watch top films, and pretend to have deep knowledge to impress others
  3. Engage in online intellectual communities, share opinions on worldly issues, and avoid becoming a true intellectual by just talking without real action