Security Alert: Malware Found Targeting Custom ROMs (jSMSHider)
原文
摘要
Android自定制ROM的安全風險�����,這個風險貌似是中國人弄出來的���,細節(jié)見文章��。。。
==========================分割線========================
Google +的Hosts,免凸墻登陸Google+1服務��。��。���。
這是最新的Hosts地址���,而且是Google位于北京的服務器���,可想而知速度那是���。。���。大家可以自己Ping下看看。�����。���。
廢話不多說�����,上地址�����。。�����。
#GooglePlus
順便附贈下Picasa的Hosts��。��。。
別告訴我你不會用��。���。�����。
#Picasa
另外,可以通過查詢plus服務的ip地址來設置hosts���。國外的ip可以到just-ping,國內(nèi)的ip可以到webkaka���,用他們提供的ping服務,可以得到N多不同的ip地址��,選其中較為"生僻"的ip地址�����,可保你在較長一段時間內(nèi)無需更換��!
看好了,這些ip按打頭數(shù)字的不同可分為三類:74 / 66 / 209�����,其中的74段貌似已經(jīng)成了被墻的首要目標��,所以66和209段的ip是上乘首選�����;而且這里邊還有ipv6地址(ipv4 to ipv6��,看這里),如果你有可用的ipv6網(wǎng)絡���,這將是個非常棒的選擇!
祝各位使用Google Plus愉快哦~~
==========================分割線========================
一個目標是在Linux下面使用iphone和itouch等設備的開發(fā)庫���,很有用!
==========================分割線========================
這是歐洲幾個著名的安全實驗室的聯(lián)盟�����,包括
FORTH-ICS (GR)
Vrije Universiteit Amsterdam (NL)
Institut Eurecom (FR)
IPP - Bulgarian Academy of Sciences (BG)
TU Vienna (AT)
Chalmers University (SE)
Politecnico di Milano (IT)
2011年它們組織了1st Syssec workshop
==========================分割線========================
Symantec 研究發(fā)現(xiàn) Android 仍比 PC 安全…
Symantec 對移動設備的安全性進行了研究�����,他們發(fā)現(xiàn) Apple 和 Google 的移動系統(tǒng)仍然比 Microsoft 的 Windows 要安全,可以更有效的防止惡意軟件等獲得相關的權限���。另外,事實證明兩個移動系統(tǒng)在其應用上增加的簽名功能更進一步增強了其安全性,而這種功能在 PC 目前是沒有的���。
==========================分割線========================
安全研究人員 Brain Neil Levine
Professor
Undergraduate Program Director
Dept. of Computer Science
UMass Amherst
My main research topics involve these challenges:
Center for Forensics (including privacy work)
Peer-to-peer networking
Mobility: DOME Projects
旗下有一個取證中心
兩篇和mobile取證相關的文章
John Tuttle, Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine.
Reverse engineering for mobile systems forensics with Ares.
In Proceedings of the ACM: Workshop on Insider Threats, 2010.
Robert Walls, Brian N. Levine, and Erik Learned-Miller.
Forensic triage for mobile phones with DEC0DE
USENIX Security Symposium, 2011.
==========================分割線========================
PROGRESS IN CRYPTOLOGY – AFRICACRYPT 2011
論文集已經(jīng)可以在springer上檢索到了
其中有三篇故障攻擊的文章,兩篇關于流密碼,一篇關于AES的,果然不愧是Bart主辦的會議……
Bart自己還做了一個Invited Talks
The NIST SHA-3 Competition: A Perspective on the Final Year
==========================分割線========================
CHES 2011 Accepted Papers
雖然論文集還沒現(xiàn)身�����,但是應該有些已經(jīng)能在網(wǎng)上搜索到pdf了
==========================分割線========================
[PDF] A Window Into Mobile Device Security
from Symentac
==========================分割線========================
Whitepaper “Python Arsenal For Reverse Engineering”
==========================分割線========================
Forensic Triage for Mobile Phones with DEC0DE
Abstract
We present DEC0DE, a system for recovering information
from phones with unknown storage formats, a critical
problem for forensic triage. Because phones have myr-
iad custom hardware and software, we examine only the
stored data. Via ?exible descriptions of typical data struc-
tures, and using a classic dynamic programming algo-
rithm, we are able to identify call logs and address book
entries in phones across varied models and manufactur-
ers. We designed DEC0DE by examining the formats of
one set of phone models, and we evaluate its performance
on other models. Overall, we are able to obtain high
performance for these unexamined models: an average
recall of 97% and precision of 80% for call logs; and
average recall of 93% and precision of 52% for address
books. Moreover, at the expense of recall dropping to
14%, we can increase precision of address book recovery
to 94% by culling results that don’t match between call
logs and address book entries on the same phone.
==========================分割線========================
iPad2 越獄發(fā)布
JailbreakMe 3.0 正式上線��,支持iPad2和其他設備的在線越獄��,這次的越獄和第一次iPad越獄一樣不需要連接電腦,然后直接用iPad的Safari
該越獄利用了Safari漏洞實現(xiàn)�����,目前��,基于該漏洞的安全隱患引起了許多擔憂���。Apple計劃在下一個版本中修復此漏洞�����。
==========================分割線========================
Recon 2011正在進行中
==========================分割線========================
Java 7 正式版將于7月28日發(fā)布
==========================分割線========================