Accepting Chaos

If I have to use a word to describe my life in the past month, it must be chaos. I believe I have experienced two chaotic incidents. The influence of each one is tremendous for my personal life.

Imagine your life of train is moving slowly towards the destination, and suddenly railway breaks. The train stops and you have to fix the rest of the track. It usually takes time to repair and you have nothing to do but wait. How would you react to it?

To be honest, I couldn’t manage my feelings when I was younger. I still remember the day when my phone was stolen on the bus, I cried all the way home. As I grow older, I realise that these negative feelings do no help to solve the problem. You cry, you scream, you whine, neither of which will get your phone back.

So this is a new change for me speaking of the attitude to chaos. I will think calmly about what actions I can take. Solution-driven mindset really works out. 

Advertisements

ssl_error_rx_record_too_long error

This error occurred to me when I was trying to open a website in firefox while playing around Burp.

I ruled out the possibility of proxy blocking the website request because intercept is off.

After Googling, cause for it is that the web server is sending non-secure (HTTP) data where secure (HTTPS) data is expected by Firefox.

So I tried to open another website starting with http (It seems that there are not many http websites). And it can be opened successfully.

https://support.portswigger.net/customer/portal/questions/17434431-gettin-error-code-ssl-error-rx-record-too-long

Downgrade Java to 10 and problem should be solved. But in my case, it isn’t. I emailed to technical consultant from Burp, who told me to change TLS from 4 to 3 (security.tls.version.max).

 

 

Data breach — a rising threat

Recently, the topic about data breach is heatedly discussed. The trigger is that the sensitive data like passport, credit card number from 500M guests of Marriot Hotel is exposed. So I googled serious data breach happened this year. And surprisingly, there’s a long list and some of which is the service that I am using. Here are some significant incidents.

  • Facebook: 50M
  • Quora: 100M
  • Huazhu Hotels: 130M
  • Marriot International: 500M

For more information, please refer: https://en.wikipedia.org/wiki/List_of_data_breaches

Well, we can easily find that the trend of data breach is more frequently, wider range, more private data is.

leakhackloselift

It sounds quite dark. But what can we do?

My personal reaction is not giving real data to the company. For example, when I book inspection for houses, I will always put my alias in it. The real estate agents can easily share it with others even without intention. In my observation, people trust others so easily that become the vulnerability that malicious attackers can use. There are so many stories that I can tell in my life.

My second advice would be just not giving unnecessary data to the company. In the forms provided by some companies, some are mandatory while some are not. I never tell what they want to know but they don’t have to know. It just reduces the risk of breach of your PII.

Data breach problem is just the elephant in the room. You cannot ignore it. Hope everyone can truly face it and take actions.