Security Alert: Malware Found Targeting Custom ROMs (jSMSHider)
原文
摘要
Android自定制ROM的安全风险,这个风险貌似是中国人弄出来的,细节见文章。。。
==========================分割线========================
Google +的Hosts,免凸墙登陆Google+1服务。。。
这是最新的Hosts地址,而且是Google位于北京的服务器,可想而知速度那是。。。大家可以自己Ping下看看。。。
废话不多说,上地址。。。
#GooglePlus
203.208.46.29 plus.Google.com
203.208.46.29 talkgadget.Google.com
顺便附赠下Picasa的Hosts。。。
别告诉我你不会用。。。
#Picasa
203.208.46.29 picadaweb.Google.com
203.208.46.29 lh1.ggpht.com
203.208.46.29 lh2.ggpht.com
203.208.46.29 lh3.ggpht.com
203.208.46.29 lh4.ggpht.com
203.208.46.29 lh5.ggpht.com
203.208.46.29 lh6.ggpht.com
另外,可以通过查询plus服务的ip地址来设置hosts。国外的ip可以到just-ping,国内的ip可以到webkaka,用他们提供的ping服务,可以得到N多不同的ip地址,选其中较为"生僻"的ip地址,可保你在较长一段时间内无需更换!
看好了,这些ip按打头数字的不同可分为三类:74 / 66 / 209,其中的74段貌似已经成了被墙的首要目标,所以66和209段的ip是上乘首选;而且这里边还有ipv6地址(ipv4 to ipv6,看这里),如果你有可用的ipv6网络,这将是个非常棒的选择!
祝各位使用Google Plus愉快哦~~
==========================分割线========================
一个目标是在Linux下面使用iphone和itouch等设备的开发库,很有用!
==========================分割线========================
安全研究机构 http://www.syssec-project.eu
这是欧洲几个著名的安全实验室的联盟,包括
FORTH-ICS (GR)
Vrije Universiteit Amsterdam (NL)
Institut Eurecom (FR)
IPP - Bulgarian Academy of Sciences (BG)
TU Vienna (AT)
Chalmers University (SE)
Politecnico di Milano (IT)
2011年它们组织了1st Syssec workshop
==========================分割线========================
Symantec 研究发现 Android 仍比 PC 安全…
Symantec 对移动设备的安全性进行了研究,他们发现 Apple 和 Google 的移动系统仍然比 Microsoft 的 Windows 要安全,可以更有效的防止恶意软件等获得相关的权限。另外,事实证明两个移动系统在其应用上增加的签名功能更进一步增强了其安全性,而这种功能在 PC 目前是没有的。
==========================分割线========================
安全研究人员 Brain Neil Levine
Professor
Undergraduate Program Director
Dept. of Computer Science 
UMass Amherst
My main research topics involve these challenges:
Center for Forensics (including privacy work)
Peer-to-peer networking
Mobility: DOME Projects
旗下有一个取证中心
两篇和mobile取证相关的文章
John Tuttle, Robert J. Walls, Erik Learned-Miller, and Brian Neil Levine. 
Reverse engineering for mobile systems forensics with Ares. 
In Proceedings of the ACM: Workshop on Insider Threats, 2010. 
Robert Walls, Brian N. Levine, and Erik Learned-Miller. 
Forensic triage for mobile phones with DEC0DE 
USENIX Security Symposium, 2011. 
==========================分割线========================
PROGRESS IN CRYPTOLOGY – AFRICACRYPT 2011
论文集已经可以在springer上检索到了
其中有三篇故障攻击的文章,两篇关于流密码,一篇关于AES的,果然不愧是Bart主办的会议……
Bart自己还做了一个Invited Talks
The NIST SHA-3 Competition: A Perspective on the Final Year 
==========================分割线========================
CHES 2011 Accepted Papers
虽然论文集还没现身,但是应该有些已经能在网上搜索到pdf了
==========================分割线========================
[PDF] A Window Into Mobile Device Security
from Symentac
==========================分割线========================
Whitepaper “Python Arsenal For Reverse Engineering”
==========================分割线========================
Forensic Triage for Mobile Phones with DEC0DE
Abstract
We present DEC0DE, a system for recovering information
from phones with unknown storage formats, a critical
problem for forensic triage. Because phones have myr-
iad custom hardware and software, we examine only the
stored data. Via ?exible descriptions of typical data struc-
tures, and using a classic dynamic programming algo-
rithm, we are able to identify call logs and address book
entries in phones across varied models and manufactur-
ers. We designed DEC0DE by examining the formats of
one set of phone models, and we evaluate its performance
on other models.  Overall, we are able to obtain high
performance for these unexamined models: an average
recall of 97% and precision of 80% for call logs; and
average recall of 93% and precision of 52% for address
books.  Moreover, at the expense of recall dropping to
14%, we can increase precision of address book recovery
to 94% by culling results that don’t match between call
logs and address book entries on the same phone.
==========================分割线========================
iPad2 越狱发布
JailbreakMe 3.0 正式上线,支持iPad2和其他设备的在线越狱,这次的越狱和第一次iPad越狱一样不需要连接电脑,然后直接用iPad的Safari
该越狱利用了Safari漏洞实现,目前,基于该漏洞的安全隐患引起了许多担忧。Apple计划在下一个版本中修复此漏洞。
==========================分割线========================
Recon 2011正在进行中
==========================分割线========================
Java 7 正式版将于7月28日发布
关于 Java 7 的新特性请看:http://t.cn/h9SlIo ,也可以从这里下载到开发者预览版本:http://t.cn/h5LoQi 。
==========================分割线========================