2月11日安全热点 - iBoot源码泄露始末 / 超算被利用于挖矿

 

资讯类

iBoot源码泄露事件始末

https://motherboard.vice.com/en_us/article/xw5yd7/how-iphone-iboot-source-code-leaked-on-github

 

科学家们因利用核武器中心的超级计算机挖掘比特币被逮捕

https://www.bleepingcomputer.com/news/cryptocurrency/russian-nuke-scientists-ukrainian-professor-arrested-for-bitcoin-mining/

https://thehackernews.com/2018/02/supercomputer-mining-bitcoin.html

 

超过50%的加密脚本被发现在成人主题网站上

https://www.bleepingcomputer.com/news/security/half-of-all-cryptojacking-scripts-found-on-porn-sites/

 

VMware发布了针对Meltdown和Spectre漏洞的临时缓解措施

VMware releases temporary mitigations for Meltdown and Spectre flaws

 

技术类

z3 巧解逆向题

https://paper.seebug.org/532/

 

Grammarly For Chrome扩展任意用户劫持漏洞分析及利用

https://blog.formsec.cn/2018/02/08/grammarly-for-chrome/

 

从 Faraday-Caged, Air-Gapped 隔离的计算机中通过磁场变化获取机密信息

https://arxiv.org/pdf/1802.02700.pdf

 

WhatsApp取证：解密加密的数据库并提取未经授权的Android设备上已删除的邮件

https://blog.salvationdata.com/2018/02/08/whatsapp-forensics-decryption-of-encrypted-databases-and-extraction-of-deleted-messages-on-non-rooted-android-devices

 

矩阵式监控理论与实操

https://mp.weixin.qq.com/s/9W4mnzeN1-uZwy3RhPnRrA

 

对 Linux KPTI (#Meltdown/#Spectre) 修补程序的性能分析

http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html

 

Python http.server和web.py的URL跳转漏洞实践

http://www.polaris-lab.com/index.php/archives/435/

 

Django的Secret Key泄漏导致的命令执行实践

http://www.polaris-lab.com/index.php/archives/426/

 

UEBA在企业安全领域应用的现状和挑战

https://mp.weixin.qq.com/s/0fxt_ZYJM3LYnUoMWcYG_Q

 

 

SRCHunter一款基于python的开源扫描器

http://www.cnnetarmy.com/srchunter%E4%B8%80%E6%AC%BE%E5%9F%BA%E4%BA%8Epython%E7%9A%84%E5%BC%80%E6%BA%90%E6%89%AB%E6%8F%8F%E5%99%A8/