1. 360 Tan Xiaosheng: Intelligent Hardware Security Should Grab the Chip Design
In the past, IT and OT were two worlds. The two are not connected to each other, and neither information technology nor industrial control are known to each other. The status of security problems in various networks is also not the same. The OT network is relatively closed, there are not many attackers, and manufacturers consider more of "physical security", that is, the security of the production process.
Now, the two have merged into one. With the interconnection of everything, from hardware manufacturers to users, intelligence exists everywhere, and the attack surface of security threats has also been expanded. Attackers can start from any point in the process of manufacturer's production to sales, and have an impact on the company's production and operation activities. While disrupting production order, the attackers also increase the manufacturer's production costs.
It can be said that in the IOT era, security has become a challenge. Last week, the resident interviewed 360 chief security officer Tan Xiaosheng and chatted with him about security hardware manufacturer related issues. Tan Xiaosheng thinks there are three types of attacks that can only be common in hardware:
Smart hardware needs to communicate with other devices through network devices. The communication protocol is the first type of attack point. Intelligent hardware needs to be managed by a third-party device or platform. These platforms or devices are the second type of attack point. The App that controls the smart hardware on the phone or iPad, or the agreement between the App and the control platform, is the third type of attack point.
At the same time, he also believes that
There are no magic bullets for these attacks. Only product safety begins. From the product design stage, it is necessary to consider the foreseeable types of attacks, whether the protocol is secure, and whether there is a problem with the firmware update mechanism. It is relatively safe to ensure that products are produced and monitored in the operational life cycle of the future.
2. Anti-fraud expert Li Xuyang: I would like to “nothing thief in the worldâ€
If you close your eyes and recall the various tricks you've heard or experienced, it seems that the deceptions of fraudsters are erratic and elusive, and each time it is a "new deceit" that makes it difficult to prevent. However, in the eyes of Li Xuyang, Tencent anti-fraud laboratory, the first thing they have to fight is not the most sophisticated tricks. Instead, they are fraudulent and widely used fraud messages.
For anti-fraud laboratories, the dependence of fraudsters on routines is their weakness. The reason is simple:
Once a behavior is regular, it is time for machine recognition. The anti-fraud system can form rules that accurately determine fraud based on call length data (time data is not call content data) or network data in a large number of scams, and then telecom operators and police can monitor whether crimes occur in real time based on these rules. The fraud of fraudsters is blocked by means of text messages, telephone intervention by customer service personnel or direct intervention by the police.
Taking the system of identifying public security fraud as an example, for this type of fraud, there are several matching rules engines that jointly review. For example, just as several different experts express their opinions on the same thing, and then raise their hands to vote, if the number of experts established for the fraud reaches a certain number, the system will send out emergency reminders to operators and public security agencies. However, the drastic changes in each of these rules are based on a large amount of real fraud data. Otherwise, each system upgrade not only does not increase the accuracy of the recognition, but may also generate new missed reports and false alarms.
3. Pangu team released iOS 9.3.3 jailbreak tool
Without warning, the Pangu team released iOS 9.3.3 jailbreak tool. This jailbreak program supports all 64-bit devices running iOS 9.2-9.3.3, from iPhone 5s, iPad Air all the way to the latest devices.
Concerned about the Pangu children's shoes are aware that this group of cattle X hackers earlier in July, has demonstrated iOS 10 Beta 1 escape. In other words, the iOS 9.3.3 jailbreak is already Wu Song playing cats for them. The Pangeo team once revealed to Lei Fengwang (searching for the “Lei Feng Net†public number) that Apple’s iOS 10 has undergone some upgrades compared to iOS 9.X, resulting in some Pangu’s jailbreak loopholes being invalid on Apple’s upcoming new system. This led to them needing to tap new holes for iOS 10 jailbreak.
Therefore, Pangu released this iOS 9.2- 9.3.3 jailbreak, it is likely to use the Apple iOS 10 has been blocked by Apple's loopholes.
4. Beware, Pokemon Go may "grab" your personal information
Pokemon Go, which combines AR and LBS (Geosity Based Services) technology, has not only brushed up the circle of friends, but also continues to occupy the front row of free app download rankings in major application stores. There are relevant data showing that
The game currently has more than 7.5 million downloads in the United States. The average number of active users per day is almost equal to Twitter. Users play an average of 43 minutes a day, which is more than Instagram.
Although Pokemon Go is currently only officially launched in 27 countries including the United States, New Zealand, and Australia. China is still at the
In the state of IP+GPS dual lock, but there are still many players across the district to download. When everyone is positioned and the world is crazy about finding the elf, your personal information may become the target of others' capture. A player posted a message on Tumblr that the developer was “oversight†about the user’s personal privacy protection.
5. Chat with malicious websites: counterfeiting, fishing, hacking
A malicious website is a more general concept. Basically, you can understand that those websites that are harmful to ordinary netizens can be called malicious websites. For example, we know that counterfeiting and fishing, such as counterfeit banks, QQ space, and other websites, are still there. Horses, gambling, and porn sites can be classified as malicious websites within a certain category.
Where do you most likely experience malicious websites? In general, we may not be very clear about what is which, perhaps the most conceivable is for phishing websites, and in fact most of the students should often encounter. such as:
Students using Google Chrome may often see a red warning page;
WeChat access links will also be prompted that the site is insecure and then cannot be accessed; Â
Security software will jump to the warning page when you visit certain webpages. An alert box will tell you not to visit this website. The website is not safe.
And ultimately, the QQ chat window gives a URL to tell you not to visit.
These may be the time when people most intuitively experience malicious websites. Why not allow you to visit these websites? This is because these websites are identified as malicious websites by the corresponding systems of these software. In order to avoid your losses, they are reminded and prohibited. You visit!
phone case custom,phone case designs,phone case decorations,business phone case
Dongguan Yingxin Technology Co., Ltd. , https://www.yxsparepart.com