I'n Blog 之萬象真藏

本月，國際黑客的猖獗再次震驚全球。在不到半個月的時間裡，黑客兩度攻入聯合國官方網站，甚至篡改聯合國秘書長潘基文發表聲明的網頁。

網絡科技的發展為人類帶來便利。但與之相應產生的黑客群體，也給人們的生活、經濟、甚至國家安全造成巨大的威脅。在網絡時代裡，黑客永遠是一個我們繞不過去，時刻警惕的神秘群體。

IBM最新研究表明今年上半年有五大廠商受攻擊的次數最多，共被攻擊411次佔已知攻擊總數—3272的12.6%。

　　在2007年上半年，微軟是最易被攻擊的，被攻擊次數最多，Apple第二位，Oracle第三。IBM的Internet Security Systems' X-Force R&D部門在當地時間9月17日公佈了這份全球攻擊報告。具體數字如下：

9月12日下午，Rootkit技術研究網站www.rootkit.com上發表了俄羅斯黑客EP_X0FF的一篇文章：(卡巴斯基反病毒軟件6/7中的黑客後門)

    EP_X0FF是著名的俄羅斯黑客，曾開發過Rootkit Unhooker,Process walker等國際領先的反ROOTKIT軟件，並擔任微軟SysInternals技術論壇的Malware(惡意軟件)版版主。

安全隱患依然　三種系統漏洞至今無法解決
Web安全應用公司Watchire的安全研究總監Danny Allan總結到：這是幾年來第一次，人們走出黑客大會的主會場，搖頭聳肩表示無奈，因為有一些漏洞之今仍沒有解決方案。

Malware writers in September were sending out waves of spam in an attempt to infect computers with the Pushdo Trojan horse by offering pictures of naked female celebrities.

By Sharon Gaudin

he new book “Securing VoIP Networks,” the vulnerable side of VoIP

By Ellen Messmer, Network World, 10/01/07

A report this week on CNN that showed how a software vulnerability in a control system could be used to physically destroy power grid equipment refocused attention on an issue that some have been quietly trying to fix for several years.

The CNN segment, which aired Thursday, showed a turbine being reduced to a smoking, shuddering, metal spewing mess as the result of malicious code execution on the computer controlling the system.

he secure coding movement got a little boost today as CERT and Fortify Software announced that they have teamed up to automate part of the process of building security into software -- specifically, automating compliance with CERT's C and C++ Secure Coding Standard.

CERT is translating its guidelines into a coding format that will run on Fortify's Source Code Analysis tool. The resulting software module will be available for free from CERT, so other tool vendors can convert it to their products, and organizations that do in-house testing can use it with their tools as well.

BOSTON - A few weeks ago Candace Locklear's office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software.

She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.

October 1, 2007
By Brian Prince

October 1, 2007
By  Larry Seltzer
For weeks now I've been thinking on and off about "deperimeterization," a term that has been used in a variety of ways for years. Some analyst talk got it in the news recently.

October 1, 2007
By  Evan Schuman

By Steven J. Vaughan-Nichols
October 2, 2007