12月27日安全热点 - 传感器猜解PIN码/破解加密PDF文档

 

资讯类

123456仍是今年最火密码，password紧随其后

https://www.bleepingcomputer.com/news/security/-123456-remains-most-common-password-found-in-data-dumps-in-2017/

 

伊朗网络安全风险或许不应无视

https://www.washingtonpost.com/opinions/we-ignore-iran-at-our-peril/2017/12/26/c246078c-ea80-11e7-b698-91d4e35920a3_story.html

 

马提尼克岛退税活动开始后提醒民众堤防钓鱼攻击

https://www.zayactu.org/2017/12/zayactu/actualites-martinique/phishing-attention-aux-faux-mails-annoncant-remboursement-dimpots

 

黑客可通过传感器数据猜测手机PIN码

https://www.sciencedaily.com/releases/2017/12/171226134614.htm

 

比特币疯狂飙车反而导致地下经济交易受到阻碍

https://krebsonsecurity.com/2017/12/skyrocketing-bitcoin-fees-hit-carders-in-wallet/

 

俄罗斯银行ATM按5次Shift就能被黑掉

http://securityaffairs.co/wordpress/67128/hacking/atms-russian-bank-hack.html

 

日前出现了3个假冒比特币钱包，目前均已从Google Play中移除

http://securityaffairs.co/wordpress/67123/malware/fake-bitcoin-wallet-apps.html

 

三年过去了，仍有大量网站在使用有后门的WordPress插件

https://www.bleepingcomputer.com/news/security/three-years-later-hundreds-of-sites-still-use-backdoored-wordpress-plugins/

 

技术类

破解加密PDF文档 Part 1

https://blog.didierstevens.com/2017/12/26/cracking-encrypted-pdfs-part-1/

 

检测并绕过防火墙与保护系统

https://github.com/Ekultek/WhatWaf

 

CVE-2017-5124：V8 JIT逃逸漏洞

https://bugs.chromium.org/p/chromium/issues/detail?id=765433

 

Rotten Potato漏洞：孤独的土豆

https://decoder.cloud/2017/12/23/the-lonely-potato/

 

Apktool 2.3.1更新，添加新功能–force-manifest

https://connortumbleson.com/2017/12/26/apktool-v2-3-1-released/

 

2017利用工具包全览图

http://executemalware.com/?page_id=320

 

为什么TLS 1.3不在现实场景中应用

https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/

 

Botconf 2017演讲

https://www.botconf.eu/botconf-2017/programme/botconf-2017-talks/

 

FreeBSD Rootkits：内核分析的第一步

https://www.youtube.com/watch?v=MbEhTkfuz3U

 

利用certstream枚举S3桶工具

https://github.com/bbb31/slurp

 

详解Java应用程序中的内存泄露是如何发生的

https://stackify.com/memory-leaks-java/

 

拒有关人士称美国FBI所用指纹识别程序为俄罗斯开发，或许其中另有隐情

https://www.buzzfeed.com/chrishamby/fbi-software-contains-russian-made-code-that-could-open-a

 

Tethr：安卓共享配置检查绕过漏洞 CVE-2017-0554

https://lanrat.com/tethr/

 

./getawspublicips.sh 获取aws公共ip，辅助进行在产喝茶

https://danielmiessler.com/blog/getawspublicips-aws-public-ip-internet/

 

利用Long Short-Term Memory Network预测域名生成函数

https://arxiv.org/pdf/1611.00791.pdf

 

Github年度最佳Pull Request