通用漏洞披露 CVE(Common Vulnerabilities and Exposures)
a database of publicly known information-security vulnerabilities and exposures. -
CSDN 专访 吴翰清:白帽子讲Web安全;
我回阿里的29个月 值得一读;
这是吴翰清于2017年2月发表在知乎专栏 道哥的黑板报 的一篇长文。他的微信公号也很少更新。 -
MIT Technology Review
MIT 科技评论,值得一看;
MIT Technology Review is first to report on important new technologies that will affect your organization, your career, your life. -
这是2016年8月微信公众号安在 的一篇文章。
堡垒机 Jumpserver
- Jumpserver 是全球首款完全开源的堡垒机,是符合 4A(Authentication, Authorization, Accounting, and Auditing) 的专业运维审计系统。
- jumpserver@github;
- 一切都在 文档 中;
吴翰清 弹性安全网络

吴翰清因提出 Elastic Security Network(弹性安全网络) 而位列 MIT TR35 2017 榜单。
TR35 是 MIT 科技评论杂志发布的一个年度创新人物名单,35岁以下的35个人:The world's top 35 innovators under the age of 35.
TR35 对 Elastic Security Network 的 介绍
A cheaper solution for devastating hacking attacks.
During a distributed denial of service (DDoS) attack, an attacker overwhelms a domain-name server with traffic until it collapses. The traditional way of fending off an attack like this is to pile up bandwidth so the server under attack always has more than enough volume to handle what the attacker has released. But as hackers become capable of attacks with bigger and bigger data volumes, this is no longer feasible.
Since the target of DDoS attacks is a website’s IP address, Hanqing Wu, the chief security scientist at Alibaba Cloud, devised a defense mechanism through which one Web address can be translated into thousands of IP addresses. This “elastic security network” can quickly divert all benign traffic to a new IP address in the face of a DDoS attack. And by eliminating the need to pile up bandwidth, this system would greatly reduce the cost of keeping the Internet safe.
-- Yiting Sun