Rahasia di Balik Pelanggaran NSA: Jaringan Infrastruktur Apakah Berikutnya Sasaran

拓展海外,文化上的沟通和融合需从这里开始:
Rahasia di Balik Pelanggaran NSA: Jaringan Infrastruktur Apakah Berikutnya TargetHow industri jaringan telah jatuh jauh di belakang dalam menggabungkan langkah-langkah keamanan untuk mencegah eksploitasi untuk router di mana-mana, proxy, firewall, dan switch. penyerang maju organisasi & rsquo menargetkan; garis pertahanan pertama – firewall mereka & mdash; dan mengubahnya menjadi gateway ke jaringan untuk pemasangan pelanggaran data. Pada tanggal 13 Agustus, teduh & ldquo; ShadowBrokers & rdquo; Kelompok menerbitkan beberapa eksploitasi firewall sebagai bukti bahwa mereka memiliki harta penuh senjata cyber. Apakah dimaksudkan untuk menaikkan tawaran untuk ldquo mereka &; Persamaan Grup Cyber Senjata Lelang & rdquo; (Sejak dihapus), atau mengancam negara-bangsa lainnya, pengungkapan baru-baru ini menimbulkan pertanyaan: jika organisasi dapat & rsquo; t percaya firewall mereka sendiri, maka apa yang bisa mereka percaya? Apakah cache senjata cyber terkena oleh ShadowBrokers sinyal pergeseran metode serangan dan target?
The Secret Behind the NSA Breach: Network Infrastructure Is the Next TargetHow the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches. Advanced attackers are targeting organizations’ first line of defense–their firewalls—and turning them into a gateway into the network for mounting a data breach. On Aug. 13, the shady “ShadowBrokers” group published several firewall exploits as proof that they had a full trove of cyber weapons. Whether intended to drive up bids for their “Equation Group Cyber Weapons Auction” (since removed), or to threaten other nation-states, the recent disclosure raises the question: if organizations can’t trust their own firewalls, then what can they trust? Does the cache of cyber weapons exposed by ShadowBrokers signal a shift in attack methods and targets?
Memperkenalkan kuat, tapi tidak terlalu birokratis atau berat perubahan dan manajemen konfigurasi proses, yang merangkum perubahan praktek kerja dan bukan hanya perubahan informasi, komunikasi dan teknologi (ICT) komponen.
Introduce robust, but not overly bureaucratic or onerous change and configuration management processes, that encapsulate changes to working practices and not just changes to information, communication and technology (ICT) components.
sumber gambar: Github dicerminkan arsip (asli tidak tersedia lagi)
Image source: Github mirrored archive (original no longer available)
Kami menganalisis dump dan menemukan eksploitasi bekerja untuk Cisco ASA, Fortinet FortiGate, dan Juniper SRX (sebelumnya NetScreen) firewall. Nama-nama eksploitasi disediakan oleh ShadowBrokers sesuai dengan nama kode yang dijelaskan dalam Edward Snowden & rsquo; s 2013 wahyu dari NSA mengintai.
We analyzed the dump and found working exploits for Cisco ASA, Fortinet FortiGate, and Juniper SRX (formerly NetScreen) firewalls. The names of the exploits provided by the ShadowBrokers match the code names described in Edward Snowden’s 2013 revelations of NSA snooping.
Mengeksploitasi nama bukan satu-satunya link ke NSA. Dengan menganalisis pelaksanaan fungsi kriptografi, para peneliti di Kaspersky telah menemukan konstan enkripsi yang sama yang digunakan dalam malware dikaitkan dengan Grup Persamaan (Kaspersky & rsquo; s nickname & nbsp; untuk NSA) dan kode python dalam pelanggaran terbaru.
The exploit names are not the only link to the NSA. By analyzing the implementation of a cryptographic function, researchers at Kaspersky have found the same encryption constant used in malware attributed to the Equation Group (Kaspersky’s nickname for the NSA) and python code in the latest breach.
Cyber Serangan dengan Side of EXTRABACONResearching salah satu & nbsp; Cisco ASA mengeksploitasi & nbsp; (dijuluki EXTRABACON) di laboratorium kami, kami menemukan bahwa & rsquo; s overflow sederhana menggunakan SNMP membaca akses ke perangkat. Payload tambahan dibundel dengan mengeksploitasi menghilangkan password yang diperlukan untuk SSH atau telnet akses shell, memberikan kontrol penuh atas alat. payload juga dapat mengaktifkan kembali password asli untuk mengurangi kemungkinan bahwa penyerang akan terdeteksi.
Cyber Attacks with a Side of EXTRABACONResearching one of the Cisco ASA exploits (dubbed EXTRABACON) in our lab, we found that it’s a simple overflow using SNMP read access to the device. The additional payload bundled with the exploit removes the password needed for SSH or telnet shell access, providing full control over the appliance. The payload can also re-enable the original password to reduce the chance that the attacker will be detected.
Kode python menangani beberapa versi perangkat dan patch payload untuk versi di tangan. Hal ini menunjukkan jumlah operasi kelompok di masa lalu sebagai pengembang mungkin diubah mengeksploitasi atas dasar kasus per kasus. Kami berlari mengeksploitasi terhadap versi didukung dari ASA Cisco di laboratorium kami beberapa kali dan itu didn & rsquo; t kecelakaan sekali, menunjukkan keberanian yang mengeksploitasi pengembang.
The python code handles multiple device versions and patches the payload for the version at hand. This indicates the amount of operations the group had in the past as the developers probably modified the exploit on a case-by-case basis. We ran the exploit against a supported version of a Cisco ASA in our lab multiple times and it didn’t crash once, showing the prowess of the exploit developers.
upaya kami menghasilkan shell tanpa proteksi password:
Our attempt yielded a shell without password protection:
Jaringan Peralatan di CrosshairsWhile eksploitasi sendiri menarik dalam hak mereka sendiri, tidak ada yang menangani gajah di dalam ruangan: penyerang semakin menargetkan infrastruktur jaringan, termasuk keamanan sebagai sarana untuk menyusup ke jaringan dan memelihara ketekunan. Sementara industri cybersecurity seluruh difokuskan pada mempertahankan endpoint dan server, penyerang telah pindah ke titik lemah berikutnya. kemajuan ini menggarisbawahi kebutuhan untuk mendeteksi penyerang jaringan yang aktif karena mereka pasti bisa & mdash; satu atau lain cara & mdash; menembus jaringan tertentu.
Networking Equipment in the CrosshairsWhile the exploits themselves are interesting in their own right, no one is addressing the elephant in the room: attackers increasingly target network infrastructure, including security as a means to infiltrate networks and maintain persistence. While the entire cybersecurity industry is focused on defending endpoints and servers, attackers have moved on to the next weak spot. This advancement underscores the need to detect active network attackers because they can certainly—one way or another—penetrate any given network.
Bertahan dan bekerja dari router, proxy, firewall atau switch membutuhkan usaha kurang dari mengendalikan titik akhir; penyerang don & rsquo; t perlu khawatir bahwa agen anti-virus akan mendeteksi proses yang tidak biasa, dan perangkat jaringan & nbsp; jarang diperbarui atau diganti. Sebagian besar jaringan memiliki router yang sama dan switch dari satu dekade & nbsp; lalu. Plus, beberapa alat forensik yang tersedia untuk mendeteksi indikator kompromi pada perangkat dan penyerang jaringan dapat memperoleh sudut pandang yang sangat baik dalam jaringan. & Nbsp;
Persisting and working from routers, proxies, firewalls or switches requires less effort than controlling endpoints; attackers don’t need to worry that an anti-virus agent will detect an unusual process, and networking devices are rarely updated or replaced. Most networks have the same routers and switches from a decade ago. Plus, few forensics tools are available to detect indicators of compromise on networking devices and attackers can gain an excellent vantage point within the network. 
perangkat jaringan vendor telah jatuh di belakang vendor sistem operasi dalam hal melaksanakan langkah-langkah keamanan yang lebih kuat. Berbagai peralatan jaringan masih menjalankan proses tunggal sistem operasi tanpa mengeksploitasi & nbsp; mitigasi diaktifkan (Cisco IOS, I & rsquo; sedang melihat Anda) atau menunjukkan efek sedikit atau tidak ada kualitas keamanan pengujian jaminan. Dalam beberapa tahun terakhir, endpoint dan sistem operasi mobile telah memasukkan teknik keamanan seperti tata letak ruang alamat pengacakan (ASLR), pencegahan eksekusi data (DEP), kotak pasir, dan metode lain yang membuat hidup lebih sulit bagi setiap mengeksploitasi penulis. perangkat jaringan yang terkena dampak memberikan tidak ada mekanisme keamanan dan itu menunjukkan.
Network devices vendors have fallen behind operating system vendors in terms of implementing stronger security measures. A wide range of networking equipment still run single-process operating systems without any exploit mitigation enabled (Cisco IOS, I’m looking at you) or exhibit the effects of little to no security quality assurance testing. In recent years, endpoint and mobile operating systems have incorporated security techniques such as address space layout randomization (ASLR), data execution prevention (DEP), sandboxes, and other methods that made life harder for every exploit writer. The affected networking devices provide none of these security mechanisms and it shows.
Bukan Pertama dan Pasti bukan pelanggaran LastThe Persamaan Group adalah bukan contoh pertama dari penyerang sangat mampu menargetkan perangkat jaringan. Ancaman aktor di balik tahun lalu & rsquo; s Tim Hacking pelanggaran memanfaatkan kerentanan dalam perangkat VPN untuk mendapatkan akses penuh ke jaringan internal mereka tanpa hambatan. Penyerang pindah dari perangkat jaringan untuk endpoint tanpa menggunakan satu bagian dari malware, hanya mengambil apa yang dia butuhkan dari endpoint jarak jauh atau berjalan perangkat administrasi terkenal. Ini adalah tempat yang lembut di setiap solusi endpoint & rsquo; s perut; penyerang istimewa menggunakan mandat untuk mengakses file tidak dianggap berbahaya selama ia doesn & rsquo; t menggunakan perangkat lunak berbahaya. Perhatikan bahwa seperti yang kita telah dinyatakan sebelumnya, penyerang, dikutip dalam pastebin, memilih untuk tertanam mengeksploitasi dan tidak pilihan lain, menyatakan bahwa & rsquo; s yang paling mudah:
Not the First and Definitely Not the LastThe Equation Group breach is not the first example of highly capable attackers targeting network devices. The threat actor behind last year’s Hacking Team breach leveraged a vulnerability in a VPN device to obtain full access to their internal network without any obstacles. The attacker moved from the networking device to endpoints without using a single piece of malware, only taking what he needed from endpoints remotely or running well-known administrative tools. This is a soft spot in every endpoint solution’s belly; a privileged attacker using credentials to access files is not considered malicious as long he doesn’t use any malicious software. Notice that as we have stated earlier, the attacker, quoted in pastebin, opted for an embedded exploit and not the other options, stating that it’s the easiest one:
Jadi, saya punya tiga pilihan: mencari & nbsp; 0day di Joomla, mencari 0day di postfix, atau mencari 0day di salah satu & nbsp; perangkat embedded. Sebuah 0day di perangkat tertanam tampak seperti pilihan yang paling mudah, & nbsp; dan setelah dua minggu engineering pekerjaan terbalik, saya mendapat root remote mengeksploitasi.
So, I had three options: look for a 0day in Joomla, look for a 0day in postfix, or look for a 0day in one of the embedded devices. A 0day in an embedded device seemed like the easiest option, and after two weeks of work reverse engineering, I got a remote root exploit.
Seperti biasa, serangan negara-bangsa biasanya selangkah lebih maju dari seluruh industri pada kedua defensif dan ofensif. Kita mungkin akan melihat metode yang sama yang digunakan oleh penyerang kurang canggih karena menjadi semakin sulit untuk berkompromi perangkat endpoint dan tetap tidak terdeteksi. Kita telah melihat ini terjadi sebelum; penyerang cybercrime mencuri teknik dari Persamaan Group, serta Stuxnet dan Flame malware dan Pemerintahan dan Apts lain dan itu pasti akan terjadi lagi dengan Persamaan Grup & rsquo; s baru-baru ini bocor eksploitasi.
As always, nation-state attacks are usually a step ahead of the entire industry on both the defensive and offensive. We will probably see the same methods employed by less sophisticated attackers as it becomes increasingly difficult to compromise endpoint devices and stay undetected. We have seen this happen before; cybercrime attackers stole techniques from Equation Group, as well as Stuxnet and Flame malware and Reign and other APTs and it will surely happen again with the Equation Group’s recently leaked exploits.
Sementara itu, di sini adalah empat rekomendasi untuk membantu membentengi perangkat jaringan terhadap serangan:
In the meantime, here are four recommendations to help fortify network devices against attack:
Rekomendasi 1: Tambal perangkat jaringan Anda segera. Mengganti perangkat jaringan yang telah mencapai akhir mereka dari tanggal dukungan.
Recommendation 1: Patch your network devices promptly. Replace network devices that have reached their end of support date.
Rekomendasi 2: Membatasi akses ke alamat manajemen perangkat untuk minimum yang diperlukan, dan memblokir setiap dibutuhkan, protokol tampaknya jinak termasuk SNMP dan NTP.
Recommendation 2: Restrict access to devices management addresses to the minimum required, and block any unneeded, seemingly benign protocols including SNMP and NTP.
Rekomendasi 3: Mengelola password perangkat Anda seperti yang Anda lakukan dengan administrator Anda rekening secara berkala mengubah password Anda dan mendefinisikan password yang berbeda untuk setiap perangkat. Jangan menggunakan template standar untuk password. Sebagai contoh, Rout3rPassw0rd192.168.1.1 sandi mungkin tampak kuat, tapi setelah mengorbankan satu perangkat, penyerang akan tahu semua password.
Recommendation 3: Manage your device passwords as you would with your administrator accounts by periodically changing your passwords and defining a different password for each device. Do not use a standard template for passwords. For example, the password Rout3rPassw0rd192.168.1.1 might seem strong, but after compromising one device, the attacker will know all of the passwords.

Rekomendasi 4: Menyebarkan solusi monitoring jaringan yang dapat profil pengguna dan perangkat IP-terhubung untuk membentuk dasar dari perilaku normal dan kemudian mendeteksi aktivitas yang tidak biasa yang berasal dari perangkat jaringan. Penyerang tidak memiliki cara untuk mengetahui apa & ldquo; biasa & rdquo; Sepertinya untuk setiap jaringan yang diberikan dan deteksi jaringan adalah satu-satunya cara umum untuk menghentikan penyerang mengorbankan perangkat jaringan.
Recommendation 4: Deploy a network monitoring solution that can profile users and IP-connected devices to establish a baseline of normal behavior and then detect unusual activity originating from network devices. Attackers have no way of knowing what “normal” looks like for any given network and network detection is the only generic way to stop attackers from compromising network devices.
Konten terkait:
Related Content:
Hacks Cyberspies Rusia 'Bocor Bisa Herald New normal
Russian Cyberspies’ Leaked Hacks Could Herald New Normal
Lone Hacker Mengambil Kredit Untuk DNC Pelanggaran Apakah Kemungkinan Rusia, Says Peneliti
Lone Hacker Taking Credit For DNC Breach Is Likely Russian, Says Researcher
Guccifer 2,0: Red Herring Atau Ketiga DNC Hacker?
Guccifer 2.0: Red Herring Or Third DNC Hacker?
'Strong Connection' Antara File Bocor Dengan ShadowBrokers & amp; Persamaan Grup
‘Strong Connection’ Between Files Leaked By ShadowBrokers & The Equation Group
Google Account Of Militer AS, Jurnalis Target Oleh Rusia Serangan Kelompok
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group
& Nbsp;
 
Semua orang yang terlibat dalam menggunakan dan mengelola IT harus tahu bagaimana Pilih keamanan kesadaran dan pelatihan topik
All people involved in using and managing IT should know how to Select security awareness and training topics

猜您喜欢

谷歌约战黑客 新一轮人机大战将在Pwn2Own上演
互联网金融移动APP与虚假WIFI的信息安全教训
网络安全宣传周公益教育动画APT高级持续威胁
深度:中美博弈视野下中国海军国产航母的发展
EFLASKS DAVIDHAX
弗林德斯大学生物医学工程硕士专业入学信息概况
暴力恐怖与意外灾难事件致使不必要的安全等级升高

Facebook จะใช้ผู้ใช้ Whatsapp ข้อมูลส่วนบุคคลเพื่อกำหนดเป้าหมายโฆษณา

สองปีหลังจากการเข้าซื้อกิจการโดย Facebook, WhatsApp มีการเปลี่ยนแปลงนโยบายความเป็นส่วนตัวในการอนุญาตให้แชร์ข้อมูลเพิ่มเติมเกี่ยวกับผู้ใช้ app มือถือกับเจ้าของของมัน
Two years after its acquisition by Facebook, WhatsApp is changing its privacy policy to allow it to share more information about its mobile app users with its owner.
มีความเสี่ยงของข้อความ WhatsApp ของท่านปรากฏบนไทม์ไลน์ Facebook ของคุณไม่ได้หรืออัปเดตสถานะถูกส่งไปยังเพื่อน WhatsApp ของ บริษัท กล่าวว่า – แต่พวกเขาจะได้รับการแบ่งปันข้อมูลของผู้ใช้มากขึ้นอยู่เบื้องหลังในการสั่งซื้อการโฆษณาเป้าหมายที่ดีกว่าและแนะนำรายชื่อใหม่ทั่ว ทั้งสองบริการ
There’s no risk of your WhatsApp messages appearing on your Facebook timeline, or status updates being sent to your WhatsApp friends, the companies say — but they will be sharing more user data behind the scenes in order to better target advertising and suggest new contacts across the two services.
เมื่อกลยุทธ์การรับรู้และการฝึกอบรมได้รับการตกลงกันและลำดับความสำคัญการจัดตั้งความต้องการเงินทุนต้องเพิ่มแผน
Once an awareness and training strategy has been agreed upon and priorities established, funding requirements must be added to the plan.
WhatsApp ได้รับการเลื่อนตำแหน่งนานตัวเองเป็นผู้พิทักษ์ที่แข็งแกร่งของความเป็นส่วนตัวของผู้ใช้
WhatsApp has long promoted itself as a strong protector of user privacy.
การเปลี่ยนแปลงนอกจากนี้ยังจะช่วยให้ผู้ใช้ WhatsApp สื่อสารที่ดีกับธุรกิจ บริษัท ฯ กล่าวว่าในบล็อกโพสต์
The changes will also help WhatsApp users better communicate with businesses, the company said in a blog post. 

ในตัวอย่างทั้งหมด WhatsApp ให้ธุรกิจกำลังทำพูดไม่ฟัง อย่างไรก็ตาม บริษัท ฯ กล่าวว่าจะมีการควบคุมในสถานที่ที่จะช่วยให้คนที่จะเลือกออกจากการสื่อสารทางธุรกิจ
In all the examples WhatsApp gave, the businesses were doing the talking, not the listening. However, the company said there would be controls in place to allow people to opt out of business communications.
เราไม่ได้ต้องการให้คุณได้รับประสบการณ์ที่สแปม ก็กล่าวว่า
“We do not want you to have a spammy experience,” it said.
การเปลี่ยนแปลงที่สำคัญคือ WhatsApp จะแบ่งปันรายชื่อของผู้ใช้หมายเลขโทรศัพท์กับ Facebook, อนุญาตให้ บริษัท เพื่อให้ตรงกับค่าบัญชี WhatsApp กับคนที่ผู้ใช้ Facebook ได้ลงทะเบียนหมายเลขโทรศัพท์
The key change is that WhatsApp will be sharing its lists of users’ phone numbers with Facebook, allowing the company to match up WhatsApp accounts with Facebook ones where users have registered a phone number.
ที่จะให้ บริษัท แม่ข้อมูลได้มากขึ้นด้วยซึ่งในการให้คำแนะนำเพื่อนใหม่และวิธีการในการกำหนดเป้าหมายการโฆษณาแบบอื่น
That will give the parent company more data with which to make new friend suggestions and another way to target advertising.
สิ่งหนึ่งที่จะไม่เปลี่ยนเป็นผู้ที่สามารถอ่านข้อความของคุณ WhatsApp: ด้วยรุ่นใหม่ของแอปที่พวกเขาจะถูกเข้ารหัสจนจบดังนั้นเพียงผู้รับสามารถอ่านได้ บริษัท ฯ กล่าวว่า
One thing that won’t change is who can read your WhatsApp messages: With newer versions of the app, they are encrypted end to end, so only the intended recipient can read them, the company said.
ในความสัมพันธ์กับหน่วยงานกำกับดูแล, Facebook และ WhatsApp จะถูกสาปถ้าพวกเขาทำและสาปถ้าพวกเขาไม่ได้ Facebook ได้รับการวิพากษ์วิจารณ์อย่างรุนแรงในอดีตที่ผ่านมาในการเก็บรวบรวมข้อมูลที่มากเกินไป – โดยเฉพาะอย่างยิ่งเกี่ยวกับคนที่ไม่ได้ใช้บริการของตนหรือยังไม่ได้เข้าผ่าน Like ปุ่มบนเว็บไซต์ของบุคคลที่สาม
In its relations with regulatory authorities, Facebook and WhatsApp are damned if they do, and damned if they don’t. Facebook has been roundly criticized in the past for collecting too much information — particularly about people who don’t use its service, or are not logged in, through “Like” buttons on third-party websites.
เมื่อวันอังคารที่แม้ว่าฝ่ายนิติบัญญัติฝรั่งเศสและเยอรมันกล่าวว่าการให้บริการเช่นการส่งข้อความโทรเลขและ WhatsApp ที่นำเสนอโซลูชั่นแบบ end-to-end เข้ารหัสไม่ให้ข้อมูลที่เพียงพอเกี่ยวกับกิจกรรมของผู้ใช้ ฝรั่งเศสและเยอรมันรัฐมนตรีว่าการกระทรวงมหาดไทยเรียกร้องให้ผู้ประกอบการของบริการส่งข้อความที่เข้ารหัสเพื่อให้ประตูหลังสำหรับการบังคับใช้กฎหมายที่จะแตะลงในข้อความของผู้ใช้ในหลักสูตรของการสืบสวน
网络安全公益短片差旅无线网络安全
On Tuesday, though, French and German lawmakers said that messaging services such as Telegram and WhatsApp that offer end-to-end encryption don’t keep enough information about their users’ activities. The French and German interior ministers called for operators of encrypted messaging services to provide a back door for law enforcers to tap into users’ messages in the course of investigations.
การตรวจสอบหรือการตรวจสอบเป็นวิธีการเขียนโปรแกรมโดยที่การดำเนินการเรื่องของมีการติดตามและบันทึกไว้เพื่อวัตถุประสงค์ในการถือเรื่องที่รับผิดชอบต่อการกระทำของพวกเขาในขณะที่การรับรองความถูกต้องในระบบ นอกจากนี้ยังเป็นกระบวนการที่ไม่ได้รับอนุญาตหรือกิจกรรมที่ผิดปกติมีการตรวจพบในระบบ
Auditing, or monitoring, is the programmatic means by which a subject’s actions are tracked and recorded for the purpose of holding the subject accountable for their actions while authenticated on a system. It is also the process by which unauthorized or abnormal activities are detected on a system.

猜您喜欢

欲当网络安全市场“扛把子”,思科有这实力?
安全意识教育之节日互联网安全生存赛
网络安全意识——社工攻击与信息诈骗防范
印度航母试航失败:却诬赖中国制造不行
1024GONGCHANG AJDOMEIER
铜陵一居民阳台现脸盆大蜂窝 特警消防合力摘除
保密讲堂第一弹:准确定密并正确标识国家秘密

Facebook将使用WhatsApp用户的个人资料来定位广告

Two years after its acquisition by Facebook, WhatsApp is changing its privacy policy to allow it to share more information about its mobile app users with its owner.
收购被Facebook两年后,WhatsApp的正在改变其隐私政策,以使其能够分享其移动应用程序用户提供它的主人的详细信息。
社交工程是指欺骗用户透露个人信息,取代了以往利用软件技术入侵网络的方法。
There’s no risk of your WhatsApp messages appearing on your Facebook timeline, or status updates being sent to your WhatsApp friends, the companies say — but they will be sharing more user data behind the scenes in order to better target advertising and suggest new contacts across the two services.
有出现在你的Facebook时间轴没有你的WhatsApp消息的风险,或状态更新发送到你的WhatsApp的朋友,该公司说 – 但他们会为了更好的目标广告来分享幕后更多的用户数据并在提出新的联系人两个服务。
Once an awareness and training strategy has been agreed upon and priorities established, funding requirements must be added to the plan.
一旦意识和培训战略已经商定和重点确立,资金需求必须加入该计划。
WhatsApp has long promoted itself as a strong protector of user privacy.
WhatsApp的长期推动本身的用户隐私强大的保护。
The changes will also help WhatsApp users better communicate with businesses, the company said in a blog post. 
这些变化也将有助于WhatsApp的用户更好地与企业沟通,公司在一篇博客文章中说。
In all the examples WhatsApp gave, the businesses were doing the talking, not the listening. However, the company said there would be controls in place to allow people to opt out of business communications.
在WhatsApp的给了所有示例中,企业采取了在说话,而不是聆听。不过,该公司表示将有控制,以让人们选择退出的业务通信。
“We do not want you to have a spammy experience,” it said.
“我们不希望你有一个垃圾的经验,”它说。
The key change is that WhatsApp will be sharing its lists of users’ phone numbers with Facebook, allowing the company to match up WhatsApp accounts with Facebook ones where users have registered a phone number.
关键的变化是,WhatsApp的将共享用户与Facebook的电话号码的清单,使公司能够匹配的WhatsApp账户的,用户已经注册了电话号码的Facebook的。
That will give the parent company more data with which to make new friend suggestions and another way to target advertising.
公司应该建立有效可靠的安全信息获取渠道,获取与公司信息系统运营相关的外部安全预警信息,汇总、整理公司内部安全信息,及时提交公司信息安全专业工作机构,并按相关流程发布实施。

这将使母公司更多的数据与做出新的朋友建议,另一种方式来瞄准广告。
One thing that won’t change is who can read your WhatsApp messages: With newer versions of the app, they are encrypted end to end, so only the intended recipient can read them, the company said.
不会改变的一件事是谁可以阅读您的WhatsApp消息:随着应用的新版本,它们是加密的端到端的,所以只有预期的收件人可以阅读它们,该公司表示。
In its relations with regulatory authorities, Facebook and WhatsApp are damned if they do, and damned if they don’t. Facebook has been roundly criticized in the past for collecting too much information — particularly about people who don’t use its service, or are not logged in, through “Like” buttons on third-party websites.
2016贵州省安全生产监督管理局直属事业单位招聘公告【招6人】
在与监管当局的关系,Facebook和WhatsApp的,如果他们这样做是该死的,如果他们不该死。 Facebook已经在过去已经严厉批评收集太多的信息 – 特别是关于谁不使用其服务,或者没有登录的人,通过“喜欢”上的第三方网站的按钮。
On Tuesday, though, French and German lawmakers said that messaging services such as Telegram and WhatsApp that offer end-to-end encryption don’t keep enough information about their users’ activities. The French and German interior ministers called for operators of encrypted messaging services to provide a back door for law enforcers to tap into users’ messages in the course of investigations.
周二,尽管法国和德国国会议员表示,短信服务,如电报和WhatsApp的,提供终端到终端的加密不要让他们的用户活动的足够信息。法国和德国的内政部长呼吁对加密信息服务经营者提供后门执法人员打入用户对调查过程的消息。
Auditing, or monitoring, is the programmatic means by which a subject’s actions are tracked and recorded for the purpose of holding the subject accountable for their actions while authenticated on a system. It is also the process by which unauthorized or abnormal activities are detected on a system.
审计和监测工作是编程方法,使主体的行为跟踪和记录的持有主体为自己的行为负责,同时在系统上认证的目的。它也是由一个系统上检测到未授权或异常活动的过程。

猜您喜欢

信息安全知识考试
保护帐户和密码的安全
EHS文化的建立从针对全员的意识教育培训开始
“钢铁侠”公司的办公室长这样
FUJIFILMXSTORIES RIVERVALLEYELECTRONICS
创维数码(00751)通过以股代息计划 最多增发7251.61万股
积极策划开展“安全意识进企业”系列活动

ICO Fines Nursing Home Over Data Breach

安全月安全生产教育动画片——小李的一天
The Information Commissioner’s Office (ICO) has fined a Northern Irish nursing home £15,000 for failing to adequately protect sensitive data.
The ICO’s report found “widespread systemic failings in data protection” at the time the breach took place at the Whitehead Nursing Group, based in County Antrim.
The breach occurred in August 2014 when an employee took home an unencrypted laptop belonging to the nursing home, which was subsequently stolen during a burglary. The theft was reported to police but the laptop has yet to be recovered.
The laptop contained personal details relating to 46 members of staff, including reasons for sickness absence, medical certificates and information about disciplinary matters. Sensitive personal information relating to 29 residents of the nursing home was also exposed, including name, date of birth, mental and physical health information and ‘do not attempt to resuscitate’ status.
To implement a classification scheme, you must Create an enterprise-wide awareness program to instruct all personnel about the classification system.
The nursing home had no policies in place governing the use of encryption, and provided no guidance or training regarding security awareness for homeworkers or for using mobile devices such as laptops, the ICO’s report said.
Ken Macdonald, Head of ICO Regions, said: “This nursing home put its employees and residents at risk by failing to follow basic procedures to properly manage and look after the personal information in its care.”
"Our investigation revealed major flaws in the nursing home’s approach to data protection. Employees would have expected any details about disciplinary matters or their state of health to have been kept safe,” he added. “Likewise, residents would not have expected their confidential information to have been stored on an unprotected laptop and taken to an employee’s home. Whitehead Nursing Home had totally inadequate provisions for IT security and procedure and poor data protection training.”
The ICO added that a larger organization would expect to receive a bigger fine than Whitehead Nursing Home.

“Today’s fine shows we can and will act against any organisation we feel is not taking seriously its duty to look after the personal details it has been entrusted with. In a world where personal information is increasingly valuable, it is even more important to ensure the security of data is not overlooked,” Macdonald added.
Photo © Photographee.eu
Integrity can be examined from three perspectives: Preventing unauthorized subjects from making modifications; Preventing authorized subjects from making unauthorized modifications, such as mistakes; Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world and any relationship with any child, peer, or parent object is valid, consistent, and verifiable.

猜您喜欢

(ISC)2(R) 公布五项已展示的人力计划
中国顶级黑客关注安全意识培训
国家安全法-全民安全教育日动画-教授海外遇谍记
GROWTHINSTITUTE BESTPENNYSTOCKS
闲话安全意识培训的价值

[Security] safe use of electricity common sense to remember!

苹果账号被盗变砖头 黑客索要700元解锁费
信息系统安全是公司持续稳定发展的重要基础。
Information security is an important basis for sustained and stable development.
IT Security Specialist should Make use of industrial processing and safety knowledge, information in order to promote industrial health and avoid accidents.
我们的生活中离不开电,
We can not live without electricity,
有了电,我们可以在黑暗中看到光明;有了电,我们可以使用电脑、手机等。电时时刻刻陪伴在我们身边,使我们的生活变得更加丰富多彩!但是!不注意安全用电的话,它就会对人造成极大的危害,严重的可导致触电身亡。最近,触电事故多发……2016年7月29日,河南郑州两名宽带安装工施工时,因距高压线太近,导致网线通电,触电工人被击中倒地,随后被送往医院救治……2016年8月2日,山西太原3名工人因脚手架碰到高压线,不幸中电身亡。2016年8月7日,江苏徐州工程学院校内发生一起悲剧。该院三名学生在校内通过积水路段时,先后触电倒地,在被送到医院抢救过程中,两人抢救无效死亡,一人暂无生命危险。在平时生活中,我们应该尽可能多的去了解电的安全使用方法,这样才能更好的避免灾害的发生!
These are some practical things you can do to ensure that any budget allocated to security is well spent and clearly accounted for. A business’s biggest asset and vulnerability is its people, so never underestimate or under-budget on training and awareness.
With electricity, we can see the light in the darkness; have electricity, we can use computers, mobile phones and so on. Power always accompany around us, to make our life more colorful! but! Pay attention to safe use of electricity, then it would have caused great harm, serious enough to cause electrocution. Recently, an electric shock accident-prone …… July 29, 2016, when two Zhengzhou broadband installation construction work, because from power lines too close, causing the network cable is energized, electric shock workers were hit fell to the ground, then was rushed to hospital …… August 2, 2016, Taiyuan three workers were hit power lines scaffolding, unfortunately CLP killed. August 7, 2016, Xuzhou Engineering College campus tragedy occurred. Hospital three students on campus when sections of water through, has an electric shock to the ground, in the process of being taken to hospital, two people died, one person no danger. In normal life, we should as much as possible to understand the safe use of electricity, so as to better prevent disasters!
★注意!!
★ Note! !

施救者要在安全的条件下开展救护!★触电是日常生活中较常见的意外伤害,轻者肢体麻痛、头晕、呼吸心跳加快,严重的会出现肢体烧伤、心跳呼吸骤停甚至死亡。
Rescuer to be carried out under safe conditions in the ambulance! ★ shock is more common in everyday life accident, the light limb numbness, dizziness, breathing rapid heartbeat, severe body burns occur, cardiac and respiratory arrest and even death.
当发现有人触电后,救护者应迅速断开电源总闸或电源开关,或用干竹竿、橡胶等绝缘物体推开电线,使触电者脱离触电状态,并迅速拨打120急救电话。
When they find someone electric shock, the rescuer should quickly disconnect the power or the total gate power switch, or with a dry bamboo, rubber insulated wire and push objects to make an electric shock from the state of shock, and quickly call 120 emergency calls.
如果触电者有被烧伤的局部创面,要用清洁布料覆盖,防止感染,禁用各种外用药物涂抹。对心跳呼吸停止的触电者,立即进行胸外按压、人工呼吸,直到120专业急救人员到达。
If the victim has a local wound burns, use a clean cloth covering to prevent infection, disable various topical smear. To get an electric shock heartbeat stopped breathing, chest compressions immediately, artificial respiration until 120 professional emergency personnel arrive.
如果触电者抽搐、昏迷及意识不清,施救者首先应清除触电者口腔内的呕吐物,保持上呼吸道通畅,以防窒息死亡。
If the victim convulsions, coma and unconsciousness, the rescuer should first clear the vomit electric shock in the oral cavity, holding the airway open to prevent suffocation.
如果触电者从高处坠落可能发生四肢或脊柱骨折,施救时要注意保护。转运伤员时要多人整体搬运,防止脊柱损伤和骨折移位造成截瘫。专业急救人员赶到后,现场救护人员要主动介绍触电者的受伤经过和前期处置过程,以便进一步抢救治疗。
If the victim falls from limbs or spinal fractures might occur, when the rescue should be protected. To transport the wounded people when the overall handling, spinal injury and fractures to prevent displacement caused paraplegia. After professional emergency personnel rushed to the scene ambulance staff to take the initiative to introduce an electric shock and injury through the pre-disposal process for further emergency treatment.
另外,提醒施救者,千万要在确保安全的条件下开展救护,不要轻易放弃救护,要坚持到医护人员到达现场。
Also, remind rescuers, be sure to carry out the rescue in ensuring safe conditions, do not easily give up the rescue, to adhere to the medical staff arrived at the scene.
提醒日常生活中,首先不要私拉乱接电线,私拉乱接违反用电制度,不符合安装要求,容易出事故;其次在日常生活中换灯泡、擦灯泡的时候,先将电源关上,不要用湿手、湿布擦灯泡,要站在木凳或桌子上,不要站在地上去擦,防止开关失灵漏电;最后不要在电灯开着的时候碰触螺丝口灯泡的金属部分,这部分跟地线通着,不小心碰着就会触电了。
Reminded daily life, first of all do not pull random access private wires, private pull random access violation electricity system, does not meet the installation requirements, accident prone; secondly changing a light bulb in their daily lives, rub the lamp when the power is turned on first, do not with wet hands, rub the bulb with a damp cloth to stand on a wooden bench or table, do not rub on the ground, to prevent leakage breaker failure; Finally, do not touch the metal part of the lamp bulb screw mouth open, when this part with land through the line, will be bumped accidentally electrocuted.
关注“安泰光明电力”掌握更多安全用电知识
Follow Aetna bright power to acquire more knowledge of safe use of electricity
微信扫一扫关注该公众号
Micro-channel sweep the attention of the public number
信息安全是一个大问题,发生在普通人的生活方方面面,只是很多人不注意。
Information security is a big problem occurs in all aspects of life of ordinary people, but many people do not pay attention.

猜您喜欢

网站安全SaaS解决之道
移动设备安全越狱风云
企业安全意识之歌
朱婷与土耳其俱乐部签约 郎导帮了大忙
GEKKEIKAN GLENECHO
《2016年中国无菌包装产业发展论坛》在京举行
移动金融服务中的信息安全问题实录

[Security] 10 kinds of means of telecommunications fraud – you experienced it? Look at the Postal Savings Bank branch in Jiangsu Province branch coup

近年来,不法分子利用电话、短信、网络频繁实施诈骗犯罪,给人民群众财产造成了巨大损失,为有效预防电信诈骗犯罪,邮储银行江苏省分行公布10种最常见诈骗手段,同时给出应对建议。
In recent years, criminals use the telephone, the frequent text messaging, network implementation fraud, to the people and property caused huge losses for the effective prevention of telecommunications fraud, the Postal Savings Bank branch in Jiangsu Province announced the 10 most common scams, and gives response Suggest.
一冒充熟人借钱
Posing as a friend to borrow money
不法分子拨打受害人电话后先试探性地问“猜猜我是谁”,然后诱使受害人对号入座,再以“出事了”为由向受害人借钱。还有骗子盗取熟人的QQ、微信号,以手机欠费为由要求受害人帮忙充值等。
Criminals after the first phone call the victim tentatively asked, Guess who I am, and then convince the victim condemnation, then the accident as an excuse to borrow money from the victim. There acquaintances crooks steal QQ, micro signal to phone arrears grounds require the victim to help recharge the like.
邮储银行支招:只要是涉及钱的问题,都应该确认确认再确认,避免掉进不法分子设下的“圈套”中。
Postal Savings Bank Weapon: as long as the issue relates to money, should be re-confirmation confirmation confirmation, to avoid falling into criminals set a trap in the.
二冒充公安局、检察院、法院人员
Two posing as police, prosecutors, court staff
骗子冒充“公安局”、“检察院”、“法院”等单位“工作人员”打来电话,告知受害人涉嫌洗钱、贩毒、经济犯罪等,利用受害人急于“摆脱干系、减少损失”的心理,诱使受害人将钱款转入骗子提供的所谓安全账号,以达到诈骗的目的。
Crooks posing as police, Procuratorate, court other units staff called and told the victim suspected of money laundering, drug trafficking, economic crime, eager to take advantage of the victim, get rid of stakeholders, to reduce the loss mentality, lured the victim transfer money to the so-called security account liar provided to achieve the purpose of fraud.
这一诈骗手法女神也曾中招。2014年某女明星拍戏期间接到“上海市公安局”的短信和电话,指她的存款有问题,要避刑就必须将钱存入“警方”户头,她汇了21万。
This scam has caught the goddess. 2014 received an actress during the filming of Shanghai Public Security Bureau, the message and telephone, referring to her deposit in question, to avoid punishment must deposit money into police account, she sinks 21 million.
邮储银行支招:“公检法”没有所谓的“安全账户”!“安全账户”=诈骗!
Postal Savings Bank Weapon: public security There is no so-called security account! Security Account = Fraud!
三用伪基站冒充10086等运营商客服电话
10086 posing with three pseudo base stations and other customer service phone operators
诈骗分子通过“伪基站”伪装成10086等号码群发诈骗短信,以“积分兑换现金”的方式诱骗下载安装一个带有木马病毒的App,窃取账号、密码、验证码等,从而盗刷资金。
Fraudsters through the pseudo base stations under the guise of mass fraud SMS number 10086 and so on, in order to redeem cash way to trick App download and install a virus with a Trojan to steal account numbers, passwords, codes, so as fraudulent funds.
邮储银行支招:最简单的一招,就是遇到这种事情,反打10086来咨询,一打电话就什么都明白了。
Postal Savings Bank Weapon: The easiest trick is to encounter this kind of thing, anti-hit 10086 to consult, a call to understand anything.
四冒充银行工作人员
Four posing as bank staff
骗子冒充银行工作人员,谎称客户银行卡被恶意透支,受害人辩解后,又称受害人身份被盗用,以保证受害人资金安全为由,诱骗受害人提供银行卡卡号、密码、动态交易码等信息,进而盗取用户资金。
Swindlers posing as bank staff, lied to the customer's bank card malicious overdraft, excuse after the victim, also known as the victim of identity theft, in order to ensure the safety of funds by the victim, lured the victim to provide bank card numbers, passwords, dynamic transaction code and other information, and then steal the user money.
邮储银行支招:正规的银行客服是不会向客户索要银行卡密码和验证码的!如果有疑问,可以挂掉电话,再拨打官方客服核实!
Postal Savings Bank Weapon: regular bank customer is not going to ask for bank card password and a verification code to the customer! If you have questions, you can hang up the phone, and then call to verify the official customer service!
五冒充明星骗钱
Five star posing scam
有骗子冒充明星,称在深山拍戏被打,后又向粉丝筹钱,这类骗术看起来一点也不高明,但现实中就真的有粉丝失去理智,比如去年某女星生日的时候,有骗子冒充女明星微信名,并以女明星的名义骗粉丝的钱,同样躺枪的还有某男星,在微信上被冒充邀约粉丝见面,还索要红包等等。
There are crooks posing as a star, said filming was beaten in the mountains, then to the fans to raise money, such tricks did not seem wise, but in reality there are fans really irrational, such as when an actress birthday last year, there are crooks posing as female star micro letter name and in the name of the actress cheated fans money, there is a gun lying on the same actor in the micro channel is posing invited fans to meet, but also ask for a red envelope, and so on.
邮储银行支招:你和明星没有那么大的缘分,再说,明星比你有钱多了,哪里需要你来给他钱,大家还是不要太操心。
Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.
Postal Savings Bank Weapon: you do not have a big star and fate, say, star money than you are, and where you need to give him the money, we still do not worry too much.
六短信中暗藏木马链接
Six SMS Trojan hidden link
犯罪分子发送的短信中暗藏木马病毒的网站链接,一旦点击就可能盗取手机内的网银密码等信息,最终导致网银内的资金被盗。同时,中毒的手机还有可能自动向通讯录中存储的号码再次扩散病毒短信,导致亲友“中招”。
SMS criminals sent hidden Trojan website link, once you click on your phone may steal online banking passwords and other information, resulting in funds stolen online banking within. At the same time, the phone may also automatically contacts stored numbers SMS poisoning again spread of the virus, leading to relatives and friends caught.
为了达到目的,骗子往往会以各种夺人眼球的文字为噱头诱使受害人点击链接,比如“你老公/老婆有外遇了”、“看看你干的好事,身边的人都知道了”、“最近干吗呢?我整理了上次聚会的照片,记得去看哦,照片链接网址……”。
To achieve this, scammers often in a variety of eye-catching text as a gimmick to lure victims click on the link, such as your husband / wife having an affair, Look at what you've done, the people around know recently doing? I'm finishing up the last party photos, remember to look oh, photo link URL …….
此外为达到目的,这些骗子的手段也是花样翻新,同时还很会抓热点,比如《爸爸去哪儿》、《中国好声音》、《我是歌手》,均已“被抽选为幸运观众”为由,诱使用户点击植入木马病毒的链接。
In addition, to achieve the goal, the means these crooks also a new guise, but still would grab hot spots, such as Where is the father, China good voice, I'm a singer, have was selected for the lucky audience for the by enticing a user to click on a link implanted Trojan.
邮储银行支招:好奇心害死猫,来历不明的链接一律不点,收到类似的短信,最好的处理方式是一概不回复并立即删。
Postal Savings Bank Weapon: Curiosity killed the cat, not all links of unknown origin point, received a similar message, the best approach is not and will not respond immediately deleted.
七贵金属转账诈骗
Seven precious metal transfer fraud
骗子通过病毒木马等方法获取了用户的网银账号和密码,为了骗取用户的手机验证码,完成资金盗取,骗子把用户的的网银用来买理财产品,比如“贵金属”等,制造资金丢失假象,再通过冒充银行或者支付网站客服给用户打电话,骗取验证码,进而盗走资金。这类骗术比较高明,真假难辨,往往是一环扣一环,稍不留神就容易掉进陷阱。
Liar by viruses, Trojans and other methods to obtain the user's online banking account and password, in order to cheat the user's phone verification code to complete the funding steal, crook of the user's online banking used to buy financial products, such as precious metals, etc., manufactured capital loss of illusion and then by posing as a bank or payment site users to call customer service, cheat codes, and then stole the money. Such clever tricks comparison, real to the enemy, often inter-related, it is easy to fall into the trap too easy.
邮储银行支招:凡是索要验证码的都是骗子,验证码在任何情况下都不能给别人!另外,发生这样的事是因为网银密码泄露,建议先挂失然后去柜台改密码。
Postal Savings Bank Weapon: those who are liars ask for verification codes, codes in any case do not give to others! In addition, this happened because the online banking passwords leaked, it is recommended to report the loss and then go to the counter to change the password.
八“网上购物退款”诈骗
Eight online shopping refund scam
犯罪分子冒充淘宝等公司客服拨打电话或者发送短信,以受害人拍下的货品缺货或者交易失败为由,告诉受害人需要退款,要求购买者提供银行卡号、密码等信息,从而实施诈骗。
Taobao and other criminals posing as company customer service call or send text messages to the victim take the goods out of the ground or the transaction fails, tell the victim needs a refund, the purchaser requested to provide bank card numbers, passwords and other information to commit fraud.
类似的骗局还有骗子假冒铁路部门客服人员以“改签车票”、冒充航空公司机票改签/航班取消等借口行骗。此类诈骗手段具有较强的迷惑性,如果事主不了解详细的操作流程,很容易被骗。
There are similar scam liar fake railway customer service department to Meal tickets, posing as airline tickets Meal / flight cancellations and other excuses to cheat. Such scams have strong confusing, do not know if the victim detailed operating procedures, easily deceived.
邮储银行支招:淘宝等公司网购退款会直接退到支付宝内,不需要知道银行卡号等信息。遇到此类事情,千万不要贸然把银行卡号等信息告诉别人,直接向卖货商家咨询就知道真假。
企业安全意识之歌
Postal Savings Bank Weapon: Taobao and other online shopping company refunds directly retreated inside Alipay, bank does not need to know the card number and other information. Encountered this sort of thing, do not rush to the bank card number and other information to tell people directly to business consulting sellers will know true and false.
九网银密码器升级诈骗
Nine upgrade defraud online banking passwords
犯罪分子搭建与银行网站极为相似的虚假网站,通过群发网银密码器升级短信诱使受害人登陆假网站,输入银行帐号、密码等信息,犯罪分子在后台获取后,再骗取动态口令,迅速通过网银转帐方式将受害人银行帐户内资金转移。
Criminals set up with the bank's website is very similar to the fake Web site, through group hairnet banking passwords upgrade SMS lure victims landing fake website, enter your bank account number, password and other information, criminals in the background after the acquisition, and then cheat dynamic password, the rapid adoption of online banking initiate your bank account transfer of funds within the victim.
邮储银行支招:收到此类信息时千万不要贸然输入自己的账户、密码等个人信息,如有疑问,可以直接向银行客服核实。
Postal Savings Bank Weapon: do not rush to enter their account passwords and other personal information when you receive such information, if in doubt, you can verify the customer directly to the bank.
远程接入用户大量采用双因素身份验证,终端量大,终端安全工作繁重,而且难免有漏网之鱼,而使用VPN接入的往往都是处理关键的核心业务,终端被攻击,VPN仅信赖帐户和密码认证显然不够充分,应该考虑搭配多因子身份验证措施。
Remote access users a lot of two-factor authentication, terminal capacity, terminal security heavy workload, and inevitably slip through the net, and use VPN access are often critical core business processing, terminal attack, VPN only trust account and password authentication is clearly insufficient, it should be considered with multi-factor authentication measures.
十二维码内植入木马

Partially Decentralized: Security training policy and strategy lie with a central authority, but implementation responsibilities are distributed.
Twelve-dimensional code trojaned
不法分子先将二维码植入木马病毒,再以降价、奖励为诱饵,诱使用户扫描,一旦扫描安装,木马就会进入手机系统,盗取银行账号、密码等个人隐私信息,再以短信验证的的方式篡改对方密码,将对方账户的资金转走。
Criminals first two-dimensional code implanted Trojan, and then to price cuts, incentives as bait to lure users to scan, scan once installed, the Trojan will enter the mobile phone system, steal bank account numbers, passwords and other private information, then SMS verified other way tamper with the password to the other account funds transferred out.
邮储银行支招:不管对方以什么理由要你扫二维码支付,只要不是正规平台的二维码,千万别乱扫,贪小便宜小心吃大亏哦。
Postal Savings Bank Weapon: No matter what the other reason to pay you sweep the two-dimensional code, as long as the platform is not a regular two-dimensional code, do Freeze sweep, because they are cheap suffer a great deal carefully oh.
那么,到底应该怎么办,才能让电信诈骗远离我们呢?别急,根据以往的各种案例和实践经验,邮储银行总结了一套防范电信诈骗的“安全口诀”,小伙伴们只需要牢记口诀,一定能保障好自己的财产安全的。
So, in the end should be how to do, to make telecommunications fraud away from us? Do not worry, according to the conventional variety of cases and practical experience, summed up a postal savings bank to prevent telecommunications fraud safe formulas, small partners only need to remember formulas, you will be able to protect their own property safe.
防范电信诈骗安全口诀陌生来电勿轻信,可疑短信要当心
Telecommunications fraud prevention security formulas do not believe in strange calls, beware of suspicious messages
电信欠费要核实,安全账户真没有
Telecom arrears to verify, it did not secure accounts
冒充警察和法院,这是骗子的演技
Posing as police and courts, which is a liar acting
飞来大奖莫惊喜,天上不会掉馅饼
Flying Award Mo surprise, the sky will not fall
来电恐吓不慌乱,报警就能保安全
Calls threatening not panic, the police will be able to ensure safety
淘宝卖家来链接,是真是假看仔细
Taobao sellers to link, it is true look carefully
你好猜猜我是谁,再见拜拜挂电话
Hello Guess who I am, bye bye hang
这些诈骗很好防,小心就是防火墙
These anti-fraud well, be careful that the firewall
不理不睬不汇款,财产安全做得到
Not ignore money, property do
最关键提示:当你难以判断是否遇到诈骗时,唯一正确的办法就是立即向警方咨询,拨打“110”报警电话,向警方咨询求助。
The most critical Tip: When you encounter difficult to judge whether the fraud, the only correct way is to consult immediately to the police, dial 110 emergency call to the police for help.
盐渎街道
Yandu street
神州路服务站
Shenzhou Road Service Station
长按识别关注噢!
Press identification attention Oh!

猜您喜欢

反间谍法对网络信息安全行业的影响分析
网络安全宣传——保护信息设备资产安全
面向全体员工的OHSAS18001体系在线培训课程问世
娱乐城注册送彩金10元_圣诞最新优惠
UNDERWORLD-TATTOO QUANTASAIR
网络安全公益短片中间人攻击防范
移动金融服务中的信息安全问题实录

深圳市瑞合科技有限公司招聘手机APP测试工程师助理待遇5k-6.5k


信息安全十字歌谣

猜您喜欢

郑州信息学院路8个候车亭”恭候”一路公交车,环球网
环境Environment、健康Health、安全Safety在线动画教程
大型企业开始改造整个信息安全架构以适应新变化
网络安全宣教动漫——揭密社工黑客
VOLFIX CONSTANTINESSWORD
面向企业员工的HSE基础知识扫盲式在线学习教程
依法管网与网络安全意识

索尼的PlayStation网络终于有了一个重要的安全功能

Bloomberg—Bloomberg via Getty Images
通过盖蒂图片彭博,彭博
我们大多数的网站都是为了向客户介绍我们的产品和服务,以及加强同客户的沟通与交流,而这些产品和服务可能在不断的变化之中。
A logo sits on the front of a Sony PlayStation 4 (PS4) games console, manufactured by Sony Corp., in this arranged photograph taken in London, U.K., on Friday, Nov. 15, 2013.
一个logo坐在一个索尼的PlayStation 4(PS4)游戏机,索尼公司制造的前面,在这个安排在伦敦,英国,采取了上周五,二零一三年十一月十五日照片。
The PlayStation Network catches up with the rest of the world
我市社保职能身份认证系统上线运行
在PlayStation网络赶上与世界其他地区
Two-step authentication has arrived, belatedly, for Sony’s PlayStation Network.
两步验证已经到货,姗姗来迟,索尼的PlayStation网络。
This means Sony’s stable of supported devices, including the PlayStation 4, PlayStation 3, PS Vita and PlayStation Portable, will finally provide the sort of protection they arguably should have had years ago. You can sign up online here .
这意味着支持的设备,其中包括了PlayStation 4的PlayStation 3,PS Vita的和PlayStation便携式的索尼的稳定,最终将提供某种保护,他们无疑应该有年前就有的。您可以登录在线在这里。
The awareness and training plan should contain a list of topics. E-mail advisories, online IT security daily news websites, and periodicals are good sources of ideas and material.
意识和培训计划应该包含的主题列表。电子邮件咨询,在线IT安全每日新闻网站和期刊的思想和物质的良好来源。
2-step verification feature for PlayStation Network accounts launches tonight, offers additional security: https://t.co/uubOFHGnxn
为PlayStation网络的两步验证功能占今晚推出,提供了额外的安全性:https://t.co/uubOFHGnxn
— PlayStation (@PlayStation) August 25, 2016
– 的PlayStation(@PlayStation)2016年8月25日

The idea behind two-step authentication is as simple as it sounds: You have to provide two forms of identification to access your account. And the two forms are tethered with a realtime interlink. Enter your password, and the process sends a code to your mobile devices, which you then enter into a second authentication box to complete the validation process.
因为它的声音背后两步验证的想法很简单:你必须提供两种形式的身份证明来访问您的帐户。和两种形式是栓与一个实时互联。输入您的密码,并且进程发送一个代码,您的移动设备,你就可以进入第二个身份验证框来完成验证过程。
当我们遭受到网络攻击,商业利益受到损失时要及时报案,寻求专业的网络安全调查取证服务,共同打击商业间谍等不良黑客行为。
Yes, it’s a bit of extra busywork if you don’t leave your system signed in (especially since you’re inputting case sensitive alpha-numerics with a gamepad). But it’s ground floor common sense to use two-factor. Sony’s left it optional, but I’d consider it mandatory.
是的,这一点额外的无用功,如果你不离开你的系统在签署(特别是因为你在输入大小写字母数字用手柄)。但一楼常识使用双因素。索尼的离开它可选的,但我会考虑它的强制性。
That it took the company this long is a bit of a mystery, given that it became the face of online insecurityfive years ago. And it’s had plenty of trouble since . But that’s also hindsight. And while the PlayStation Network continues to suffer rare outages from denial of service attacks, no one’s managed to abscond with the sort of personal information that defined the 2011 fiasco.
它把公司这个长期是一个有点神秘,因为它的在线insecurityfive几年在面临前开始。而且它,因为有足够的麻烦。但是,这也是事后诸葛亮。而且,尽管PlayStation网络继续遭受拒绝服务攻击罕见的停电,没有人管理的排序,确定了2011惨败的个人信息潜逃。
Currently, the term hacker is being more widely used to describe any individual who attempts to compromise the security of an IT system, especially those whose intention is to cause disruption or obtain unauthorized access to data.
目前,术语黑客正在被更广泛地用于描述谁试图破坏一个IT系统的安全性的任何个人,特别是那些打算是导致中断或获取对数据的未授权的访问。

猜您喜欢

信诺瑞得助力辽宁公安系统以信息安全增强城市免疫力
意识形态、网络安全与理念的力量
EHS培训计划的制定与培训策略的创新性选择
899元陶瓷喷砂金属背板红米note4再度升级
INFOROTOR ELATINOS
话题:万华媒体(00426)首财季盈转亏蚀461万元不派息,同花顺
信息安全基础考卷

Cisco comienza a parchear los dispositivos de firewall contra la NSA ligado a explotar

Cisco Systems ha comenzado la liberación de parches de seguridad para una falla crítica en los servidores de seguridad de Adaptive Security Appliance (ASA) dirigido por un exploit vinculado a la Agencia de Seguridad Nacional de EE.UU..
Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency.
La explotar, ExtraBacon apodado, es una de las herramientas utilizadas por un grupo que se llama a la industria de la seguridad de la ecuación, se cree que es un equipo ciberespionaje atado a la NSA.
The exploit, dubbed ExtraBacon, is one of the tools used by a group that the security industry calls the Equation, believed to be a cyberespionage team tied to the NSA.
ExtraBacon fue lanzado a principios de este mes, junto con otros ataques por parte de uno o más individuos que utilizan el nombre de Shadow Brokers. Los archivos se proporcionan como una muestra de un conjunto de herramientas más grande grupo de la ecuación del traje de Shadow Brokers ha puesto a subasta.
ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction.
ExtraBacon explota una vulnerabilidad de desbordamiento de búfer en la aplicación Simple Network Management Protocol (SNMP) por el software ASA de Cisco. Se permite a los atacantes ejecutar código de forma remota falso en los dispositivos afectados, siempre y cuando puedan enviar tráfico a su interfaz SNMP. Esto normalmente requiere estar en la misma red interna como los dispositivos de destino.
ExtraBacon exploits a buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) implementation from Cisco’s ASA software. It allows attackers to remotely execute rogue code on the affected devices, as long as they can send traffic to their SNMP interface. This typically requires being on the same internal network as the targeted devices.
A pesar de que la ExtraBacon hazaña fue diseñado para trabajar para las versiones 8.4 (4) y versiones anteriores del software ASA, otros investigadores demostraron que pueda ser modificado para que funcione también en las versiones más recientes. Cisco confirmó en un aviso de que todas las versiones de SNMP en el software Cisco ASA contienen la falla.
Even though the ExtraBacon exploit was designed to work for versions 8.4(4) and earlier of the ASA software, other researchers demonstrated that it can be modified to also work on newer versions. Cisco confirmed in an advisory that all versions of SNMP in Cisco ASA software contain the flaw.
El estado actual de la seguridad de TI a raíz de una serie de violaciones de datos de alto perfil que han sacudido a las empresas y sacudido la confianza del consumidor.
The current state of IT security in the wake of a series of high profile data breaches that have rocked businesses and shaken consumer confidence.
El miércoles, la compañía actualizó su advertencia de anunciar la disponibilidad de versiones parcheadas para diferentes ramas de Cisco ASA, a saber, 9.1.7 (9), 9.5 (3) y 9.6.1 (11).
【治国理政,浙江实践–对话县市区当家人】全力推进民生项目落地
On Wednesday, the company updated its advisory to announce the availability of patched versions for different Cisco ASA branches, namely 9.1.7(9), 9.5(3), and 9.6.1(11).

No rechazo puede establecerse mediante certificados digitales, identificadores de sesión, registros de transacciones y otros numerosos mecanismos de control de transacciones y el acceso.
Nonrepudiation can be established using digital certificates, session identifiers, transaction logs, and numerous other transactional and access control mechanisms.

猜您喜欢

齐鲁师范学院信息与工程学院在全国物联网大赛勇创佳绩,高校之窗
全民网络安全意识教育策略与资源
全民国家安全教育-海外安全防间谍
中国要韩在萨德和中韩关系中二选一
VISIONTIMES HIBBINGHIGHSCHOOL1988
建立信息安全培训计划
为保国家网络信息安全“叛徒”“国妖”请勿杀之
大多数效率及协作方面的移动应用程序存在严重安全漏洞