The hottest Networking Substack posts right now

And their main takeaways
Category
Top Technology Topics

Reminder: Tìm việc ở Thung lũng Silicon

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 29 Aug 20
💼 Business Career development Networking Job Market Tech industry
  1. An event is happening today focusing on job opportunities in Silicon Valley, with diverse guests including engineers, managers, researchers, from big companies to startups.
  2. The event will cover topics like career preparation, interviews, salary negotiations, and the experience of living in Silicon Valley.
  3. Organizers and guests include professionals from top tech companies like Tesla, Google, Salesforce, Pinterest, and NASA, offering valuable insights and opportunities.

Trivial birthday attacks against HMAC

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 06 Apr 16
🕹 Technology Crypto Security Networking Cryptography Cybersecurity
  1. HMAC is vulnerable to birthday attacks, which can lead to forged signatures with lower cost.
  2. The second attack, duplicate signature attack, is security-relevant as it can produce two messages with the same tag, exploiting a server's validation system.
  3. Birthday attacks on HMAC can often be parallelized, and using HMAC-SHA256 is recommended for increased security.

Asiacrypt 2016 lần đầu tiên được tổ chức ở Hà Nội

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 16 Mar 16
🚌 Education Conference Sponsorship Research Networking
  1. Asiacrypt 2016 was held in Hanoi for the first time with classes being offered before the main event, focusing on cryptography foundations and trends, with renowned experts teaching.
  2. The organizers are seeking sponsors for the event, offering opportunities for companies to support Asiacrypt 2016 and gain visibility among industry leaders in the field of cryptography.
  3. The participation of top cryptography experts at Asiacrypt 2016 presents a great chance for networking, gaining exposure, and forming connections with leading global specialists.

Đánh nhau bằng toán

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 28 Dec 15
🕹 Technology Security Cryptocurrency Networking Software Privacy
  1. Juniper, RSA, and other companies were found to use the Dual EC algorithm which had a backdoor installed by the NSA, compromising security.
  2. Using closed-source security products without thorough scrutiny can lead to vulnerabilities in the system, highlighting the importance of investing in in-house expertise for secure solutions.
  3. Generating truly random numbers for encryption is a complex task, and backdoors in algorithms can pose serious security risks, emphasizing the need for caution in technology choices.

TetCon 2016 news

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 15 Dec 15
🕹 Technology Security Conference Networking
  1. The TetCon 2016 conference program is almost ready, with talks on building security tools and advancing security research in the community.
  2. Organizers are looking for sponsors to host a lunch party for attendees to promote networking and interaction between speakers and participants.
  3. Discounted tickets for TetCon 2016 are selling out quickly, so it's advisable to grab one soon to save money before prices go up.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Bad Life Advice: Never Give Up - Replay Attacks Against HTTPS

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Dec 15
🕹 Technology Security Web Cybersecurity Networking
  1. Self-help advice of 'Never Give Up' can sometimes lead to vulnerabilities like replay attacks against HTTPS.
  2. Browsers like Chrome automatically retry failed requests, creating an opportunity for attacks by duplicating and replaying HTTPS traffic.
  3. TLS may protect against replay attacks, but there can still be mismatches between what it promises and what is actually deployed, requiring additional server defenses.

Why not validate Curve25519 public keys could be harmful

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 12 Sep 15
🕹 Technology Cryptocurrency Security Programming Encryption Networking
  1. Curve25519 public keys should be validated to prevent potential vulnerabilities in protocols that require contributory behavior.
  2. Protocols like TLS <= 1.2 may be vulnerable to attacks if Curve25519 public keys are not validated.
  3. An important solution is to check the shared value and raise exceptions if it is zero when working with Curve25519 public keys.

Cập nhật TetCon Saigon 2015: Hai bài đầu tiên

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 15 Dec 14
🕹 Technology Web Security Networking
  1. TetCon Saigon 2015 aims to provide attendees with practical experiences and the latest research insights
  2. One talk at TetCon Saigon 2015 will discuss the Rosetta Flash attack technique that found vulnerabilities in major websites
  3. Another talk will highlight the importance of correctly implementing TLS, showing that spending more money does not always equate to better security measures

TetCon Saigon 2015

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 02 Dec 14
🏝 Travel Event Language Training Networking
  1. TetCon Saigon 2015 will focus on creating connections between attendees, speakers, and organizers by having shorter talks, longer tea breaks, and more time for Q&A and roundtable discussions.
  2. The conference will still be primarily in Vietnamese, but English presentations will be simultaneously translated to and from Vietnamese.
  3. There will be training sessions on software reverse engineering and Windows by Bruce Dang and Nguyễn Phố Sơn, with more details to be released on the conference website soon.

Thông tin liên lạc

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 12 Feb 14
🕹 Technology Social media Email Messaging Networking
  1. The author primarily uses email and Google Talk for communication and avoids other software and services for contact.
  2. It's mentioned that there are fake Facebook accounts created using the author's identity, emphasizing the importance of verifying identities online.
  3. The author has accounts on Google Plus and LinkedIn for work purposes but does not actively engage in social media, preferring email and Google Talk for communication.

How to recover RSA private key in a coredump of ssh-agent - Sapheads HackJam 2009 Challenge 6

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 24 Sep 09
🕹 Technology Cybersecurity Programming Cryptography Networking Software Development
  1. Sapheads HackJam 2009 Challenge 6 involved recovering an RSA private key from a coredump of ssh-agent, showcasing real-world scenarios in CTFs
  2. The coredump contained data structures like RSA and BIGNUM that could be extracted to retrieve the private key for SSH access
  3. Understanding ASN.1 and using tools like pyasn1 were recommended for generating RSA private keys from parameters like n, d, e, p, and q

BKIS đã làm điều đó như thế nào?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 20 Jul 09
🕹 Technology Cybersecurity Internet Data Analysis Software Networking
  1. BKIS helped track down the culprits of a DDoS attack on US and South Korean websites, showcasing their technical prowess.
  2. The investigation involved identifying intermediary servers, infiltrating some of them, and ultimately discovering the original server controlling the attack.
  3. Despite BKIS's efforts and findings, the actual perpetrators behind the DDoS attack remain unidentified, highlighting the complexities of cybercrime investigations.

không phải cứ có lỗi là vá

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 26 Jul 08
🕹 Technology Cybersecurity Software Development Networking Business impact
  1. Having a bug doesn't always mean it needs to be fixed immediately; prioritizing user needs over patching every issue is crucial.
  2. In cybersecurity, understanding the core business objectives is key; security measures should align with business goals rather than just technical solutions.
  3. Addressing security vulnerabilities should be done strategically; rushing to patch every flaw without assessing the impact or necessity can lead to more harm than good.

Có cần bảo vệ firewall không?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 20 Jun 08
🕹 Technology Security Networking Cybersecurity Software
  1. Firewall protection effectiveness depends on various factors, both subjective and objective.
  2. Identifying the most vulnerable threats and focusing protection efforts accordingly is crucial in security measures.
  3. It's essential to prioritize and protect what matters most based on each organization's unique needs and vulnerabilities.

Firewall có thật sự bảo vệ thông tin tuyệt đối hay không?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 10 Jun 08
🕹 Technology Cybersecurity Software Hardware Networking IT Management
  1. Firewalls cannot provide absolute protection as they themselves can also be targeted in cyber attacks.
  2. Adding security devices like firewalls can introduce new vulnerabilities to a system.
  3. Complex systems with intermediary devices like firewalls can make the system less secure and increase the potential attack surface.

detecting snake oil

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 31 Mar 08
🕹 Technology Security Networking Cryptography Scalability
  1. Security-clueless companies often focus too much on fancy network devices like firewalls and IDS without considering the human element, a key weak point in security.
  2. Be cautious of companies that claim their products or solutions are 'secure' without specifying what threats they protect against or how they handle unexpected disasters.
  3. Companies that overlook scalability, high-availability, and the importance of cryptography in their security solutions may not fully understand the comprehensive nature of security.

Port scanning in ActionScript 3.0 without DNS rebinding

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Aug 07
🕹 Technology Programming Networking
  1. In ActionScript 3.0, port scanning can be done without DNS rebinding by utilizing the SecurityErrorEvent.
  2. The SecurityErrorEvent in AS3 is thrown immediately when Flash Player tries to connect to a closed TCP port, allowing for potential identification of open ports within 2 seconds.
  3. Each probed port in ActionScript 3.0 uses a new Flash player instance to handle connections, sending only one policy-file request per player per host per port.

DNS Rebinding Attacks

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Aug 07
🕹 Technology Cybersecurity Networking
  1. DNS Rebinding Attacks can subvert the same-origin policy and turn browsers into open network proxies.
  2. These attacks have the potential to bypass firewalls and gain access to internal documents and services.
  3. It takes less than $100 to temporarily hijack 100,000 IP addresses for purposes like sending spam and defrauding pay-per-click advertisers.

Tấn công DDoS bằng PDF Spam

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 26 Jul 07
🕹 Technology Cybersecurity Networking Email Malware Operating Systems
  1. A client's server faced a DDoS attack through PDF spam, causing FPT Telecom's firewall to freeze due to high traffic.
  2. Investigating the server's services and analyzing log files helped determine the source of the attack - in this case, excessive traffic on SMTP and DNS ports.
  3. Disabling specific troublesome domains temporarily and monitoring traffic helped mitigate the DDoS attack effectively.

Dùng iptables NAT thay thế cho reverse proxy

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Network Security Networking
  1. Consider using iptables NAT as a replacement for reverse proxy to simplify setup and avoid potential issues with complex software like Squid.
  2. Iptables commands like DNAT and SNAT can efficiently redirect traffic between servers based on IP addresses and ports.
  3. Understanding the flow of packets in iptables NAT can help troubleshoot and reroute traffic effectively in case of similar network issues.

Một phương pháp chống DDoS bằng xFlash

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Security Web Programming Networking
  1. The way browsers handle HTML forms with enctype="multipart/form-data" and enctype="application/x-www-form-urlencoded" is different. This difference is key to detecting POST requests from Flash, which cannot send requests in the "multipart/form-data" format.
  2. By automatically setting all HTML forms to enctype="multipart/form-data" through a reverse proxy with an Apache output filter module, one can detect and protect against DDoS attacks from Flash.
  3. While this method can limit the impact of existing xFlash attacks, it may not be a permanent solution. Avoiding Flash altogether or focusing on overall DDoS defense strategies like infrastructure investment and system optimization is crucial.

ADSL DoS

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity Internet Networking
  1. You can launch a DoS attack on someone using ADSL if you know their MAC address and exploit weakness in the PPPoE protocol.
  2. The vulnerability lies in how PPPoE uses the SESSION_ID and MAC address for connection control, making it possible to disrupt someone's PPPoE connection.
  3. Social engineering can be an effective way to obtain the victim's MAC address for carrying out such attacks, highlighting the importance of safeguarding sensitive information.

Hội hay là thảo?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Cybersecurity Events Community Hacking Networking
  1. Attending security conferences can provide valuable insights and networking opportunities.
  2. Understanding security concepts like the perimeter of a system and directory harvest attacks is crucial in the field.
  3. Organizing small, focused, and serious security conferences can help local communities connect with the global cybersecurity landscape.

Vàng hay bạc nhái

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 17 Jul 07
🕹 Technology Security Networking Web Hosting Cybersecurity
  1. Many IT solution providers are often just resellers of existing solutions from renowned companies, lacking in innovation and technical depth.
  2. A strong first impression is crucial in professional presentations, including being punctual and confident in communication.
  3. When assessing a cybersecurity company, it's important to look beyond certifications and explore their actual research and development, as well as tangible contributions to the field.

Seminar giới thiệu nhóm nghiên cứu Kernel ĐH Bách Khoa

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 22 Mar 07
🕹 Technology Operating Systems Open Source Networking Security
  1. Seminar introducing OS Group and Linux kernel research aims to attract students to participate and learn.
  2. The seminar covers topics like Linux kernel architecture, filesystems, processes, security, and building a Linux distro in just 10 minutes.
  3. The event promotes open participation and aims to bring open-source knowledge closer to students.

Tổng kết nho nhỏ

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 16 Jan 07
🕹 Technology Blogging Security Open Source Community Networking
  1. The blog has been running for over 2 months with around 200-300 daily visitors and 800-1000 pageviews.
  2. Future plans for the blog include consistent quality writing, introducing open-source software projects, and collaborating with other writers.
  3. There are plans for small meetups for bloggers and readers, potentially on a weekly basis.

Nếu tôi là Huyremy

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 12 Nov 06
🕹 Technology Privacy Cybersecurity Encryption Networking Forensics
  1. Prioritize encryption to protect your privacy and ensure security. Make use of tools like Tor to anonymize internet traffic and defend against network surveillance.
  2. Securely deleting data is critical. Traditional methods like formatting a hard drive or overwriting data may not be effective. Consider encryption to ensure data destruction without physically tampering with drives.
  3. Implement a layered approach to security, including encryption of various files and using different passwords for different websites. Be cautious and understand that true safety comes from avoiding illegal activities.

Setting Up Google Cloud Composer in a Shared VPC Network

realkinetic 0 implied HN points 15 Jan 24
🕹 Technology Cloud Computing Google Cloud Networking Infrastructure as Code
  1. Plenty of resources are available for setting up a Cloud Composer environment in a single GCP project, but integrating it into a professional enterprise environment with a Shared VPC network can pose challenges with communication and permissions.
  2. Setting up two GCP projects, a service project, and a host project is essential. Understanding how to create and configure a Shared VPC network and subnet for the Cloud Composer environment is crucial for data and infrastructure engineers.
  3. Permissions preparation is key, including roles like Compute Shared VPC Admin and Project IAM Admin, and setting up the necessary permissions for Google APIs service accounts, GKE service accounts, and Composer Agent Service Accounts at both project and subnet levels.

Three best practice approaches to authentication

realkinetic 0 implied HN points 13 Dec 22
🕹 Technology Authentication APIs Microservices Networking Security
  1. Service-level authentication puts the responsibility of authentication on individual services, allowing better control over which endpoints are authenticated and which aren't.
  2. API-gateway authentication centralizes authentication at a gateway, simplifying downstream services' implementation but requires careful configuration to prevent vulnerabilities.
  3. Service-mesh authentication uses sidecar proxies to provide authentication, set up transparently for services, enhancing security but adding complexity and performance overhead.

Zero-Trust Security on GCP With Context-Aware Access

realkinetic 0 implied HN points 22 Jun 20
🕹 Technology Security Cloud Computing Networking Infrastructure Cybersecurity
  1. Serverless architecture on GCP allows for quick application development with minimal operational overhead, setting Google Cloud apart from other providers.
  2. Implementing a zero-trust security model on GCP, especially with context-aware access, enhances security for applications and services.
  3. Transitioning from perimeter-based security to a zero-trust model with tools like IAP and IAM Conditions Framework provides a more flexible and secure approach, even beyond GCP.

Join me on Notes

America in Crisis 0 implied HN points 03 Jul 23
🕹 Technology Social media Networking Community
  1. Mike Alexander invites readers to join him on Substack Notes for a new way to connect and share content beyond his newsletter.
  2. Subscribers to America in Crisis can automatically view and engage with Mike's notes on the Substack app or the substack.com/notes page.
  3. Readers are encouraged to share their own notes on the platform and create a space for sharing thoughts, ideas, and quotes.

What I learned at University

Tecnica 0 implied HN points 28 Jul 24
🚌 Education Higher education Learning methods Career development Personal Growth Networking
  1. Going to university is still a good choice because it can open up job opportunities. But just having a degree won't guarantee success, so you need to gain extra experiences.
  2. You learn useful study skills and problem-solving strategies in university. However, to really prepare for a job, you should also do projects and learn on your own.
  3. Make sure to network and gain experiences while in university. Connecting with others and participating in events can really help shape your future career.

How to !win a Hackthon

Tecnica 0 implied HN points 24 Jul 24
🕹 Technology Coding Innovation Events Networking Education
  1. Hackathons are a great way to meet new people and network for job opportunities. Companies often sponsor these events looking for talent.
  2. It's important to be spontaneous and work with different people. Picking random team members can lead to new ideas and creativity.
  3. Don’t overthink your project idea or spend too much time planning. Choose tools you haven't used before to keep the experience fresh and exciting.

Inside India’s Most Powerful GCC Summit

Sector 6 | The Newsletter of AIM 0 implied HN points 01 Jul 24
💼 Business Corporate Innovation Leadership Conferences Networking
  1. The GCC Summit held in Bengaluru brought together over 300 attendees and 90 speakers. It was a big event focusing on how Global Capability Centers (GCCs) can influence innovation and the future of work.
  2. Industry leaders like CP Gurnani and Shikha Miglani shared their insights. Their discussions highlighted the important role of GCCs in overcoming challenges and adapting to market trends.
  3. This summit marked the fifth edition of the MachineCon GCC Summit. It reflects a growing interest in how GCCs are shaping business strategies in India.

Nothing Like Cypher

Sector 6 | The Newsletter of AIM 0 implied HN points 15 Oct 23
🕹 Technology AI Conferences Innovation Data Networking
  1. The Cypher 2023 conference was a big success, with over 1700 attendees and 800 companies present. This made it the largest event ever held for this conference.
  2. The conference took place over three days at Hilton Convention Center in Bengaluru, showcasing the latest in AI technology and trends.
  3. Unlike many events that operate in isolation, Cypher encouraged collaboration and networking among participants, making it more engaging and informative.

Making Generative AI Fun

Sector 6 | The Newsletter of AIM 0 implied HN points 28 Sep 23
🕹 Technology AI Open Source Startup Innovation Networking
  1. A Paris-based AI startup, Mistral AI, has created a new model that performs better than several other popular models. They’re making advances in AI while also keeping it fun.
  2. Before making their AI model available on GitHub, Mistral AI shared it directly on X (formerly Twitter). This move promotes the idea of open source and made it a more exciting release.
  3. Many people appreciate Mistral AI's approach to releasing their model. They see it as a way to truly support open-source principles without any extra middlemen.

Empires of the Cloud: Azure's Ascension

Sector 6 | The Newsletter of AIM 0 implied HN points 12 Jan 23
🕹 Technology Cloud Computing Data Storage Artificial Intelligence Networking Startups
  1. Microsoft is making big moves in the cloud space, especially with the recent acquisition of Fungible, a company that makes advanced data processing units.
  2. This move shows Microsoft is focusing on improving Azure's performance and efficiency, moving away from traditional data centers.
  3. They also plan to incorporate OpenAI's technology into their services, which could enhance their offerings in the market.