Security Alert: Malware Found Targeting Custom ROMs (jSMSHider)
原文
摘要
Android自定制ROM的安全風(fēng)險(xiǎn),這個(gè)風(fēng)險(xiǎn)貌似是中國(guó)人弄出來(lái)的,細(xì)節(jié)見(jiàn)文章。。。
==========================分割線========================
Google +的Hosts,免凸墻登陸Google+1服務(wù)。。。
這是最新的Hosts地址,而且是Google位于北京的服務(wù)器,可想而知速度那是。。。大家可以自己Ping下看看。。。
廢話不多說(shuō),上地址。。。
#GooglePlus
203.208.46.29 plus.Google.com
203.208.46.29 talkgadget.Google.com
順便附贈(zèng)下Picasa的Hosts。。。
別告訴我你不會(huì)用。。。
#Picasa
203.208.46.29 picadaweb.Google.com
203.208.46.29 lh1.ggpht.com
203.208.46.29 lh2.ggpht.com
203.208.46.29 lh3.ggpht.com
203.208.46.29 lh4.ggpht.com
203.208.46.29 lh5.ggpht.com
203.208.46.29 lh6.ggpht.com
另外,可以通過(guò)查詢plus服務(wù)的ip地址來(lái)設(shè)置hosts。國(guó)外的ip可以到j(luò)ust-ping,國(guó)內(nèi)的ip可以到webkaka,用他們提供的ping服務(wù),可以得到N多不同的ip地址,選其中較為"生僻"的ip地址,可保你在較長(zhǎng)一段時(shí)間內(nèi)無(wú)需更換!
看好了,這些ip按打頭數(shù)字的不同可分為三類:74 / 66 / 209,其中的74段貌似已經(jīng)成了被墻的首要目標(biāo),所以66和209段的ip是上乘首選;而且這里邊還有ipv6地址(ipv4 to ipv6,看這里),如果你有可用的ipv6網(wǎng)絡(luò),這將是個(gè)非常棒的選擇!
祝各位使用Google Plus愉快哦~~
==========================分割線========================
一個(gè)目標(biāo)是在Linux下面使用iphone和itouch等設(shè)備的開(kāi)發(fā)庫(kù),很有用!
==========================分割線========================
安全研究機(jī)構(gòu) http://www.syssec-project.eu
這是歐洲幾個(gè)著名的安全實(shí)驗(yàn)室的聯(lián)盟,包括
FORTH-ICS (GR)
Vrije Universiteit Amsterdam (NL)
Institut Eurecom (FR)
IPP - Bulgarian Academy of Sciences (BG)
TU Vienna (AT)
Chalmers University (SE)
Politecnico di Milano (IT)
2011年它們組織了1st Syssec workshop
==========================分割線========================
Symantec 研究發(fā)現(xiàn) Android 仍比 PC 安全…
Symantec 對(duì)移動(dòng)設(shè)備的安全性進(jìn)行了研究,他們發(fā)現(xiàn) Apple 和 Google 的移動(dòng)系統(tǒng)仍然比 Microsoft 的 Windows 要安全,可以更有效的防止惡意軟件等獲得相關(guān)的權(quán)限。另外,事實(shí)證明兩個(gè)移動(dòng)系統(tǒng)在其應(yīng)用上增加的簽名功能更進(jìn)一步增強(qiáng)了其安全性,而這種功能在 PC 目前是沒(méi)有的。
==========================分割線========================
安全研究人員 Brain Neil Levine
Professor
Undergraduate Program Director
Dept. of Computer Science 
UMass Amherst
My main research topics involve these challenges:
Center for Forensics (including privacy work)
Peer-to-peer networking
Mobility: DOME Projects
旗下有一個(gè)取證中心
兩篇和mobile取證相關(guān)的文章
John Tuttle, Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine. 
Reverse engineering for mobile systems forensics with Ares. 
In Proceedings of the ACM: Workshop on Insider Threats, 2010. 
Robert Walls, Brian N. Levine, and Erik Learned-Miller. 
Forensic triage for mobile phones with DEC0DE 
USENIX Security Symposium, 2011. 
==========================分割線========================
PROGRESS IN CRYPTOLOGY – AFRICACRYPT 2011
論文集已經(jīng)可以在springer上檢索到了
其中有三篇故障攻擊的文章,兩篇關(guān)于流密碼,一篇關(guān)于AES的,果然不愧是Bart主辦的會(huì)議……
Bart自己還做了一個(gè)Invited Talks
The NIST SHA-3 Competition: A Perspective on the Final Year 
==========================分割線========================
CHES 2011 Accepted Papers
雖然論文集還沒(méi)現(xiàn)身,但是應(yīng)該有些已經(jīng)能在網(wǎng)上搜索到pdf了
==========================分割線========================
[PDF] A Window Into Mobile Device Security
from Symentac
==========================分割線========================
Whitepaper “Python Arsenal For Reverse Engineering”
==========================分割線========================
Forensic Triage for Mobile Phones with DEC0DE
Abstract
We present DEC0DE, a system for recovering information
from phones with unknown storage formats, a critical
problem for forensic triage. Because phones have myr-
iad custom hardware and software, we examine only the
stored data. Via ?exible descriptions of typical data struc-
tures, and using a classic dynamic programming algo-
rithm, we are able to identify call logs and address book
entries in phones across varied models and manufactur-
ers. We designed DEC0DE by examining the formats of
one set of phone models, and we evaluate its performance
on other models.  Overall, we are able to obtain high
performance for these unexamined models: an average
recall of 97% and precision of 80% for call logs; and
average recall of 93% and precision of 52% for address
books.  Moreover, at the expense of recall dropping to
14%, we can increase precision of address book recovery
to 94% by culling results that don’t match between call
logs and address book entries on the same phone.
==========================分割線========================
iPad2 越獄發(fā)布
JailbreakMe 3.0 正式上線,支持iPad2和其他設(shè)備的在線越獄,這次的越獄和第一次iPad越獄一樣不需要連接電腦,然后直接用iPad的Safari
該越獄利用了Safari漏洞實(shí)現(xiàn),目前,基于該漏洞的安全隱患引起了許多擔(dān)憂。Apple計(jì)劃在下一個(gè)版本中修復(fù)此漏洞。
==========================分割線========================
Recon 2011正在進(jìn)行中
==========================分割線========================
Java 7 正式版將于7月28日發(fā)布
關(guān)于 Java 7 的新特性請(qǐng)看:http://t.cn/h9SlIo ,也可以從這里下載到開(kāi)發(fā)者預(yù)覽版本:http://t.cn/h5LoQi 。
==========================分割線========================