Profile cover photo
Profile photo
Eric
291 followers -
讓科技優化你的生活
讓科技優化你的生活

291 followers
About
Posts

Post has attachment
Add a comment...

Post has attachment
Add a comment...

Post has shared content

Post has shared content
Originally shared by ****
標題:PC預載更新軟體潛藏危機,五大品牌PC都可能遭中間人攻擊

摘要:
Duo Security這份名為《開盒攻擊:OEM更新軟體的安全分析》的報告指出,市售電腦預載的各種軟體,大部份都沒什麼用,可稱為腫脹軟體(bloatware),或稱垃圾軟體(crapware)或騙人軟體(shovelware),因為他們會佔用記憶體空間、拖慢系統速度。但這類軟體最可怕的是會侵犯用戶隱私並帶來安全風險,像是聯想電腦的Superfish及Dell的eDellRoot。

報告指出,這些更新軟體有各種不同目的和實作方式,安全程度高下不一。研究人員針對在TLS上傳送、更新的manifest、manifest簽章、以及驗證碼檢驗等4個面向來評估這些受測電腦的軟體安全性(如下圖)。結果顯示,有的廠商連簡單的TLS來驗證更新軟體完整性或更新manifest內容的真實性都沒做到。

開盒攻擊:OEM更新軟體的安全分析下載處:
https://duo.com/assets/pdf/out-of-box-exploitation_oem-updaters.pdf
Add a comment...

Post has attachment
英國只要7天,台灣卻要124天?一分鐘看為什麼台灣需要總統交接條例
Add a comment...

Post has shared content

Post has shared content
到外面用公共電腦,別忘了用security Linux
Top 5 Best Security-Centric Linux Distributions Of 2016

For whatever reason you might want to remain anonymous or unidentifiable (if you may) on the net, in this article is our pick of tools that will help you achieve your purpose effectively without the risks that usually come with surfing the Internet unprotected.

Read more:http://www.tecmint.com/best-security-centric-linux-distributions-of-2016/

#linux #sysadmin #tecmint #security #privacy  
Add a comment...

Post has attachment
Android Studio for Ubuntu
Android Studio for Ubuntu
paolorotolo.github.io
Add a comment...

用藥安全! 備妥文件領藥、避免藥酒、伴手藥禮恐觸法

Post has attachment
太歡樂了這個
Wait while more posts are being loaded