Profile

Cover photo
Marco Mililotti
127 followers|250,537 views
AboutPostsPhotosVideos

Stream

Marco Mililotti

Shared publicly  - 
 
Affacciati sulle Dolomiti dalla "terrazza" di Dantercepies 😀
 ·  Translate
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
#iot
Serve una regolamentazione.
 ·  Translate
 
80 tipi di telecamere IP Sony hanno come password “admin” e fanno la spia

Pensateci bene prima di mettervi in casa una IP cam

#privacy #sicurezza
 ·  Translate
View original post
1
Add a comment...

Marco Mililotti

Discussione - Domande e Curiosità su LG G4  - 
 
#lgg4 #security
Info di sicurezza da LG.
LGE Logo PRODUCTSECURITY. LG Product Security Response Team. menu. HOME. Introduction; Product Security Info. LG SECURITY NEWS · LG RESPONSE PROCESS · LG SECURITY BULLETINS. Android Mobile; webOS. SECURITY ISSUE REPORTING ...
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
 
Wanna Understand AI?...These Simple Videos from Facebook are extremely helpful in Understanding How AI Works?.... Don't miss them out... friends..#AI

So Facebook wants students to learn How Artificial Intelligence works? In order to help students learn the basics. So the Social Network Company, Facebook has initiated a campaign to understand the benefits of AI and demystify the myths about Artificial Intelligence.
2 comments on original post
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
Purché funzioni ! :)
 ·  Translate
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
Avete mai visto una mappa completa di INTERNET ?
Negli anni '70 si poteva ancora fare:

1973:
https://twitter.com/workergnome/status/807704855276122114

1974:
https://twitter.com/MarkJHandley/status/808283251609571328

Allora si chiamava ArpaNet, ed è nato tutto da lì!
 ·  Translate
@digitalcoleman I know. Got him to tell stories this week—it was amazing. You know, like the time he sold a computer to Ed Catmull. Illtud Daniel · 10 dic. Illtud Daniel @illtud .@workergnome that's the US Army's Aberdeen Ballistic Research Lab in Maryland over on the right, in case any UKnians ...
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
Quindi a qualcosa può servire il TPM dei nostri pc!! :)
One of the new features of Linux Plumbers Conference this year was the TPM Microconference, which facilitated great discussions both in the session itself and in the hallways. Quite a bit of discussion was generated by the Beginner's Guide to the TPM talk I gave, mostly because I blamed the ...
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
Un esempio di patch rilasciata per il kernel Linux ma che ha impatti sulla sicurezza di Android. Ma l'Android Security Team non è stato interessato prima della disclosure !
 ·  Translate
 
On January 19th, 2016, Perception Point and Red Hat announced a security issue (CVE-2016-0728) in the mainline linux kernel that affects some Android devices. We have received some questions, so I want to quickly provide an update.

We have prepared a patch, which has been released to open source and provided to partners today. This patch will be required on all devices with a security patch level of March 1 2016 or greater.

In addition, since this issue was released without prior notice to the Android Security Team,  we are now investigating the claims made about the significance of this issue to the Android ecosystem.  We believe that the number of Android devices affected is significantly smaller than initially reported. 

We believe that no Nexus devices are vulnerable to exploitation by 3rd party applications.  Further, devices with Android 5.0 and above are protected, as the Android SELinux policy prevents 3rd party applications from reaching the affected code. Also, many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in linux kernel 3.8, as those newer kernel versions not common on older Android devices.
24 comments on original post
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
#android #security
Ecco quel che significa combattere il malware per Android !
Compliments :)
 ·  Translate
 
The fight against Ghost Push continues

Since 2014, the Android security team has been tracking a family of malware called 'Ghost Push,' a vast collection of 'Potentially Harmful Apps' (PHAs) that generally fall into the category of 'hostile downloaders.' These apps are most often downloaded outside of Google Play and after they are installed, Ghost Push apps try to download other apps. For over two years, we’ve used Verify Apps to notify users before they install one of these PHAs and let them know if they’ve been affected by this family of malware.

Ghost Push has continued to evolve since we began to track it. As we explained in last year's Android Security report [https://goo.gl/yrSqAG], in 2015 alone, we found more than 40,000 apps associated with Ghost Push. Our actions have continued at this increasingly large scale: our systems now detect and prevent installation of over 150,000 variants of Ghost Push.

Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent. In the last few weeks, we've worked closely with Check Point [https://www.checkpoint.com/], a cyber security company, to investigate and protect users from one of these variants. Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps. This morning, Check Point detailed those findings on their blog.

As always, we take these investigations very seriously and we wanted to share details about our findings and the actions we've taken so far.

Findings

- No evidence of user data access: In addition to rolling back the application installs created by Ghost Push, we used automated tools to look for signs of other fraudulent activity within the affected Google accounts. None were found. The motivation behind Ghost Push is to promote apps, not steal information, and that held true for this variant.
- No evidence of targeting: We used automated tools to evaluate whether specific users or groups of users were targeted. We found no evidence of targeting of specific users or enterprises, and less than 0.1% of affected accounts were GSuite customers. Ghost Push is opportunistically installing apps on older devices.
- Device integrity-checks can help: We’ve taken multiple steps to protect devices and user accounts, and to disrupt the behavior of the malware as well. Verified Boot [https://source.android.com/security/verifiedboot/], which is enabled on newer devices including those that are compatible with Android 6.0, prevents modification of the system partition. Adopted from ChromeOS, Verified Boot makes it easy to remove Ghost Push.
- Device updates can help: Because Ghost Push only uses publicly known vulnerabilities, devices with up-to-date security patches have not been affected. Also, if a system image is available (such as those we provide for Nexus and Pixel devices[https://developers.google.com/android/images]) a reinstall of the system software can completely remove the malware.

Actions

- Strengthening Android ecosystem security: We’ve deployed Verify Apps [https://goo.gl/9rqdiH] improvements to protect users from these apps in the future. Even if a user tries to install an offending app from outside of Play, Verify Apps has been updated to notify them and stop these installations.
- Removing apps from Play: We’ve removed apps associated with the Ghost Push family from Google Play. We also removed apps that benefited from installs delivered by Ghost Push to reduce the incentive for this type of abuse in the future. Downloading apps from Google Play, rather than from unknown sources [https://goo.gl/9rqdiH], is a good practice and will help reduce the threat of installing one of these malicious apps in the future.
- Protecting Google Accounts: We revoked affected users’ Google Account tokens and provided simple instructions so they can sign back in securely. We have already contacted all users that we know are affected.
- Teaming-up with Internet service providers: We are working with the Shadowserver Foundation and multiple major ISPs that provided infrastructure used to host and control the malware. Taking down this infrastructure has disrupted the existing malware, and will slow the future efforts.

Recap

We’ve taken many actions to protect our users and improve the security of the Android ecosystem overall. These include: revoking affected users’ Google Account tokens, providing them with clear instructions to sign back in securely, removing apps related to this issue from affected devices, deploying enduring Verify Apps improvements to protect users from these apps in the future and collaborating with ISPs to eliminate this malware altogether.

This was a team effort within Google, across the Android security, Google Accounts, and the Counter-Abuse Technology teams. It also required close coordination with research firms, OEMs, and hosting companies. We want to thank those teams for their assistance and commitment during our ongoing efforts to fight Ghost Push and keep users safe.
50 comments on original post
1
Add a comment...

Marco Mililotti

Shared publicly  - 
 
 
Un No per Scalfari
di Marco Travaglio e Silvia Truzzi
Il Fatto Quotidiano 3 dicembre 2016

“Il Senato delle autonomie non ha senso alcuno, c’è già la conferenza Stato-Regioni, che comprende anche i Comuni… Non costa un centesimo se non il viaggio a Roma… Il Senato delle autonomie sarebbe un inutile doppione” (Eugenio Scalfari, Repubblica, 6.4.2014).

“Renzi non ha alcuna intenzione di cambiare il bicameralismo eliminando utilmente la sua ‘perfezione’… Voi avete in mente di far mangiare la minestra o far saltare dalla finestra chi non la mangia. Ma questo può concepirlo un Berlusconi o un Grillo, ma non il Partito democratico. Perciò pensate bene a quel che fate… Un Senato delle autonomie non può essere eletto dalle medesime autonomie se deve… vigilare sul loro operato legislativo e finanziario. Per la contraddizione che non lo consente. A me sembra elementare, e a lei, onorevole Renzi?” (11.5.2014).

“Le leggi di riforma costituzionale dovrebbero essere presentate dal Parlamento e non dal governo perché la competenza in questo caso spetta al potere legislativo e non all’esecutivo il quale, appunto, esegue e non può cambiare le regole… Il Senato, secondo gli accordi tra Renzi, Berlusconi, Alfano e Lega, si dovrebbe comporre di 74 membri eletti dai Consigli regionali, 21 assegnati ai Comuni… e 5 nominati dal presidente della Repubblica… Caro Matteo, tu sei bravo e seducente… Ma un governo autoritario francamente non lo voglio. Non lo vogliamo. Quanto al fatto che un Senato vero farebbe perdere tempo prezioso, si tratta d’una totale bugia. Dai dati ufficiali dell’Ufficio del Senato risulta che l’approvazione d’una legge ordinaria avviene mediatamente in 53 giorni, la decretazione d’urgenza è convertita in legge in 46 giorni e le finanziarie in 88 giorni. Non sono colpe del bicameralismo ma della burocrazia ministeriale i ritardi… Il bicameralismo funziona a dovere e i ritardi non provengono da lì” (22.6.2014).

“Attenti perché con tutti questi divieti, a volte chiamati ghigliottina e altre volte tagliola…, l’autoritarismo rispunta inevitabilmente… Se parla e decide solo il capo, la democrazia dov’è? Dice Renzi: ne parliamo da tre anni di queste riforme. Ma chi ne ha parlato? E di quali riforme? I tre governi ‘presidenziali’ di Monti, Letta, Renzi, alcune riforme le hanno fatte…: 800 leggi, approvate da entrambe le Camere non sono ancora entrate in vigore… Perché? Mancano i regolamenti attuativi… E poi si parla di balletto tra le due Camere, magari, ma il balletto non è quello: riguarda la burocrazia ministeriale” (27.7.2014).
....(continua)

Articolo intero su Il Fatto Quotidiano in edicola oggi. 
 ·  Translate
9 comments on original post
1
Add a comment...
Collections Marco is following
Links
Basic Information
Gender
Male