Windows LiveWindows Live
 
 
Hongyang 的个人资料Why照片日志列表 工具 帮助

日志
    2009/8/14

    7种常见的网络战方法

    网络战就是一群“斯文人进行的不可告人勾当”。
    Source: http://tech.qq.com/a/20090814/000130.htm

    1. 网络窃密:攻破互联网或侵入内部网,窃取个人隐私、单位或国家机密,有时也收集大量基础数据,为将来开展其它行动做准备。
    2. 攻击网页:篡改对方单位、政府机构网页或设法阻止访问,这样做一般来说实际危害不大,但对被攻击者的声望和威信是个打击。
    3. 网络宣传:通过互联网、手机等手段广泛散布对自己有利的真假消息,操纵舆论,影响士气。
    4. 拒绝服务:近期发生的多起事件都属这类,通过分布式攻击,让服务器资源不足,造成大片断网。
    5. 关键点破坏:通过病毒攻击、电磁干扰、实际火力打击等把对方网络中关键性的服务器、转接设备、卫星等破坏掉,从而使整个系统瘫痪。
    6. 公共服务破坏:对发达城市严重依赖网络管理的供水、供电、交通信号、通信等系统发起网络攻击,造成管线、网络的瘫痪,制造城市混乱。
    7. 硬件潜伏破坏:通过大的IT产品厂商或特工把藏有破坏程序的硬件当成正常硬件出售或安装到敌方枢纽部,战时摇控启动攻击。据说美国在1991年海湾战争中就利用预先掉包的打印机芯片作怪,使伊拉克防空系统错乱失去了应有战斗力。
    10:05 | 添加评论 | 固定链接 | 写入日志 | 工作
    2009/8/12

    安全TIPS

    Source: http://www.boonbox.net/csi/cyber-security-informer-19-5-09.htm

    Cyber security tips from Sauder School Dean, Daniel F. Muzyka, from his recent column in the Globe and Mail include:

    • Make sure security awareness exists and is maintained. Realize that users are generally rational actors: Give them incentives for good behaviour.【保持有安全意识】
    • Keep up with the technology. New hardware offers new solutions, including fingerprint readers that secure laptops.【跟踪新技术】
    • Remember the human element. People often avoid doing this because they worry, ironically enough, that it will harm their computer. It shouldn't be this way. Organizationally, patches can be supported by understanding them, testing them, and disseminating them efficiently and quietly with help available for those with difficulties.【不要忽视人的因素】
    • Don't collect data you don't need: You can't lose it if you don't have it.【最小权限】

    Sauder School Associate Professor of Management Information Systems Hasan Cavusoglu offers the following advice for companies looking to improve their security:

    • Cyber security awareness ust be presented in creative ways to get attention. Don't just give rules, because rules get broken. They have to understand what they do is also affecting themselves. For instance, employees should be made aware that their promotions and bonuses will depend in part on how they’re handling information security. Money is very tangible and a very effective way to change behavior.【要让他们知道,做的事情对自身的影响】
    • Make employees aware with literature about cyber crime and the legal consequences. Employees will know that if they are caught violating cyber security, they will get into trouble. Organizations should use these "carrot and stick" tactics at same time. 【要让他们知道,什么是合法的什么是犯罪的】

    9:58 | 添加评论 | 固定链接 | 写入日志 | 工作
    2009/8/3

    2009-7 应用安全漏洞 [选录]

    新! 及时知道最新的app security alert,请在twitter上follow @2sec

    应用安全漏洞 [选录]
    -------------------
    2009-7

    这个月有几个漏洞需要注意:Acrobat、BIND、Office Web Components

    Google SketchUp Pro 7.0 (.skp file) Remote Stack Overflow PoC    31-07-2009
    VLC Media Player 0.8.6f smb:-- URI Handling Remote BOF Exploit (univ)    31-07-2009
    EPSON Status Monitor 3 Local Privilege Escalation Vulnerability    30-07-2009
    IBM AIX 5.3 libc MALLOCDEBUG File Overwrite Vulnerability    30-07-2009
    Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit    30-07-2009
    ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC    30-07-2009
    Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit (py)    27-07-2009
    Cisco WLC 4402 Basic Auth Remote Denial of Service (meta)    27-07-2009
    ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC    27-07-2009
    MS Internet Explorer 7-8 findText Unicode Parsing Crash Exploit    24-07-2009
    Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit    24-07-2009
    Mozilla Firefox 3.5 (Font tags) Remote Buffer Overflow Exploit (osx)    24-07-2009
    Adobe Flash (Embedded in PDF) LIVE VIRUS-MALWARE Exploit    23-07-2009
    MS Office Web Components Spreadsheet ActiveX (OWC10-11) Exploit    21-07-2009
    Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit    21-07-2009
    KMplayer <= 2.9.4.1433 (.srt File) Local Buffer Overflow PoC    20-07-2009
    Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit (pl)    20-07-2009
    FreeBSD 7.2 (pecoff executable) Local Denial of Service Exploit    20-07-2009
    Adobe related service (getPlus_HelperSvc.exe) Local Privilege Escalation    20-07-2009
    Linux 2.6.30+-SELinux-RHEL5 Test Kernel Local Root Exploit 0day    17-07-2009
    Mozilla Firefox 3.5 (Font tags) Remote Heap Spray Exploit    17-07-2009
    Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC    16-07-2009
    Mozilla Firefox 3.5 unicode Remote Buffer Overflow PoC    15-07-2009
    Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all)    15-07-2009
    Mozilla Firefox 3.5 (Font tags) Remote Buffer Overflow Exploit    13-07-2009
    Mozilla Firefox 3.5 (JavaScript handling) Remote Buffer Overflow Exploit    13-07-2009
    FreeBSD 6-8 (ata device) Local Denial of Service Exploit    13-07-2009
    Mozilla Firefox 3.5 Remote Buffer Overflow Exploit (untested crash)    13-07-2009
    MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit    10-07-2009
    WordPress Privileges Unchecked in admin.php and Multiple Information    10-07-2009
    HTC - Windows Mobile OBEX FTP Service Directory Traversal Vuln    10-07-2009
    eEye Retina WiFi Security Scanner 1.0 (.rws Parsing) Buffer Overflow PoC    10-07-2009
    FreeBSD 7.0-7.1 vfs.usermount Local Privilege Escalation Exploit    09-07-2009
    Windows Live Messenger Plus! FileServer 1.0 Directory Traversal Vuln    09-07-2009
    Sun One WebServer 6.1 JSP Source Viewing Vulnerability    09-07-2009
    Microsoft Internet Explorer (AddFavorite) Remote Crash PoC    09-07-2009
    Linux Kernel <= 2.6.28.3 set_selection() UTF-8 Off By One Local Exploit    09-07-2009
    MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)    09-07-2009
    Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit    02-07-2009
    YourTube <= 2.0 Arbitrary Database Disclosure Exploit    02-07-2009
    Apple Safari 4.x JavaScript Reload Remote Crash Exploit    02-07-2009
    Green Dam Remote Change System Time Exploit    01-07-2009

    Source: bugsearch.net
    15:57 | 添加评论 | 固定链接 | 写入日志 | 工作