12月9日-每日安全知识热点

1、荷兰电信提供商未能保护个人数据:看我是怎么访问1200万条个人记录的

http://sijmen.ruwhof.net/weblog/608-personal-data-of-dutch-telecom-providers-extremely-poorly-protected-how-i-could-access-12-million-records

2、linksys 认证绕过,哈西递归,wlan中毒

https://blog.korelogic.com/blog/2015/12/04/linksys-0day-unauth-infodisco

3、重放攻击阻击https

http://blog.valverde.me/2015/12/07/bad-life-advice/#.Vmcpl-N97XY

4、DefCamp #6 2015安全会议视频

http://def.camp/archives/2015/

5、保护模式:一个案例说明当你选择no的时候,其实是yes

https://www.mdsec.co.uk/2015/12/protected-mode-a-case-of-when-no-means-yes/

6、火眼报告:火眼通过大量调查被黑网站,发现均安装有识别受害者计算机软件的版本和supercookie

https://www2.fireeye.com/threat-intel-report-WITCHCOVEN.html?utm_source=Twitter&utm_campaign=Witchcoven&utm_medium=Socialmedia

7、使用so_reusaddr绑定2个进程一个端口来实现防火墙逃逸的poc代码

https://github.com/sghctoma/multipass

8、微软.net/silverlight 信息泄漏漏洞[CVE-2015-6114 TALOS-CAN-0130]

http://www.icewall.pl/?p=732&lang=en

9、google修复严重的android媒体服务器漏洞

https://threatpost.com/google-patches-critical-android-mediaserver-vulnerability/115590/

10、阻止年轻人犯罪计划:如何发现你的儿子在进行黑客行为第二部分

http://www.nationalcrimeagency.gov.uk/crime-threats/cyber-crime/cyber-crime-preventing-young-people-from-getting-involved

11、HACKING OLD ETHERNET GEAR

http://hackaday.com/2015/12/06/hacking-old-ethernet-gear/?utm_content=bufferb28ef&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

12、基于avr的嵌入式设备的固件逆向和利用

http://2015.zeronights.org/assets/files/43-bolshev-ryutin.pdf

13、owasp的rest安全cheatsheet

https://www.owasp.org/index.php/REST_Security_Cheat_Sheet