據(jù)國(guó)外媒體報(bào)道,安全廠商Dasient對(duì)1萬(wàn)款A(yù)ndroid應(yīng)用進(jìn)行了研究,發(fā)現(xiàn)逾8%的應(yīng)用向沒(méi)有獲得授權(quán)的計(jì)算機(jī)傳輸用戶的個(gè)人資料。這類(lèi)惡意件旨在控制用戶的智能手機(jī)。例如,11款應(yīng)用會(huì)自動(dòng)向用戶通信錄中的聯(lián)系人發(fā)送短信。如果用戶需要為短信付費(fèi),用戶在不知情的情況下就可能需要支付巨額賬單。
Dasient首席技術(shù)官尼爾·達(dá)斯萬(wàn)尼(Neil Daswani)表示,在過(guò)去2年內(nèi),惡意的Android應(yīng)用增長(zhǎng)了1倍。用戶可能在訪問(wèn)網(wǎng)站時(shí)不知不覺(jué)地被安裝了惡意件。
Android Market不對(duì)提交的應(yīng)用進(jìn)行審查是惡意Android應(yīng)用泛濫的一大原因。
盡管開(kāi)發(fā)者無(wú)需等待應(yīng)用通過(guò)審批,但這樣做的代價(jià)卻要有用戶來(lái)承擔(dān)。由于沒(méi)有采取最基本的措施確保應(yīng)用不是惡意件,如果當(dāng)前的趨勢(shì)不發(fā)生改變,未來(lái)兩年內(nèi)Android Market中將充斥著大量惡意件。
除用戶的個(gè)人資料外,惡意件還經(jīng)常泄露手機(jī)的IMEI碼(國(guó)際移動(dòng)電話設(shè)備識(shí)別碼)和IMSI碼(國(guó)際移動(dòng)用戶識(shí)別碼)。這些信息被泄露后,犯罪分子可以方便地復(fù)制用戶的SIM卡,或?qū)⑿畔⑴砍鍪劢o非法組織。
================= ================= ================= =================
學(xué)術(shù)會(huì)議推薦
http://www.light-sec.org
一個(gè)研究輕量級(jí)密碼學(xué)與安全的workshop,The main goal of this workshop is to promote and initiate novel research on the security & privacy issues for applications that can be termed as lightweight security
此外,根據(jù)一個(gè)計(jì)算機(jī)學(xué)術(shù)會(huì)議排名網(wǎng)站cs.conference-ranking.net給出一些參考的好會(huì)議,其中和LoCCS緊密相關(guān)的有(為什么里面有Asiacrypt沒(méi)有Eurocrypt我不知道……)
ASIACRYPT: International Conference on the Theory and Application of Cryptology and Information Security
CCS: Conference on Computer and Communications Security
CRYPTO: International Crytology Conference
CSFW: IEEE Computer Security Foundations Workshop
ISSP: IEEE Symposium on Security and Privacy
ISSTA: International Symposium on Software Testing and Analysis
PLDI: SIGPLAN Conference on Programming Language Design and Implementation
有一些關(guān)系的
ASPLOS: International Conference on Architectural Support for Programming Languages and Operating Systems
CAV: Computer Aided Verification
ICALP: International Colloquium on Automata, Languages and Programming
ICCS: IAENG International Conference on Computer Science
ICCSE: International Conference of Computer Science and Engineering
ICFP: International Conference on Function Programming
ICNP: International Conference on Network Protocols
ICLP: International Conference on Logic Programming
ICSE: IAENG International Conference on Software Engineering
MOBICOM: ACM/IEEE International Conference on Mobile Computing and Networking
OSDI: Operating Systems Design and Implementation
PADS: Workshop on Parallel and Distributed Simulation
PODC: ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing
SIGCOMM: ACM SIGCOMM Conference
USITS: USENIX Symposium on Internet Technologies and Systems
WWW: World-Wide Web Conference
幾乎沒(méi)啥關(guān)系
AAAI: National Conference on Artificial Intelligence
ACL: Association for Computational Linguistics
ACM-EC: ACM Conference on Electronic Commerce
ATAL: Agent Theories, Architectures, and Languages
CHI: Computer Human Interaction
CPM: Combinatorial Pattern Matching
ECOOP: European Conference on Object-Oriented Programming
EDBT: International Conference on Extending Database Technology
FPGA: Symposium on Field Programmable Gate Arrays
ICCAD: International Conference on Computer Aided Design
ICCV: IEEE International Conference on Computer Vision
ICDE: International Conference on Data Engineering
ICMCS: International Conference on Multimedia Computing and Systems
ICML: International Conference on Machine Learning
KDD: Knowledge Discovery and Data Mining
SIGGRAPH: Annual Conference on Computer Graphics
SIGKDD: ACM Knowledge Discovery and Data Mining
SIGMOD: ACM SIGMOD Conference on Management of Data
VLDB: Very Large Data Bases
================= ================= ================= =================