SPIT是指Spam over Internet Telephony,在互联网电话(稍微不同于IP电话)上的垃圾骚扰性活动,可能是个莫名奇妙的留言、广告,或者一段自动播放的恶意、其他蓄意的电话等。很多报道和文章中都将它列为VoIP的一个重要安全威胁之一。换句话说,那时的电话不像当前的PSTN那样被运营商严格控制,从信令到话音信息都在当前这个极具威胁的互联网上传输,这样就可能会被Man-In-The-Middle攻击,可能会被窃听,可能会被劫持,可能会被插入,欺骗等等。
Gartner的专家Lawrence Orans在一篇报道中指出SPIT不会和当前的SPAM这样泛滥起来,原因是SPIT没有SPAM那样的业务模式 – business model.
SPAM – 发出垃圾邮件,用户看到了其中的诱惑性内容,点击链接,引导到某个网站,可能完成某种交易或者操作。从而,SPAMMER就盈利了。而SPIT则不会,播放一段录音,用户即使耐心的听完,也不可能、不方便拿笔记下来某个链接,到某个website上输入,完成某个交易。所以,SPIT不会带来特别明显的利益,所以也就不会泛滥。
据说未来可能会出现,听广告、打免费电话的业务。LO的观点有道理,但是SPIT也可能会出现新的业务模式,从而带来前来的利欲熏心者。
According to Zeroday Initiative report, Skype has a vulnerability, which could result in a denial of service or arbitrary code execution. A remote attacker could attempt to exploit this issue by convincing a user to visit a specially-crafted Web page. To remove this vulnerability, all clients need to be updated or installed as of 11/15/2007 or later versions.
In order to avoid other guys to break into your computer, please upgrade your Skype to 3.6. Read more…
读到一则关于安全专家Bruce的采访,内容非常生动有趣,和大家分享一下其中精彩之处。
>复杂是安全最大的敌人,系统越是负责,就会变得越不安全。
Complexity is the worst enemy of security; as systems become more complex, they get less secure.
>另外,关于口令,Bruce也谈了自己独特的见解。复杂是最大的敌人同样适用。要使自己方便记住,将不是很重要的口令设置成一个。将一些其他的口令记在一些小纸条上,放在钱包里;使用口令管理程序Password Safe…
One, I choose the same password for all low-security applications. There are several Web sites where I pay for access, and I have the same password for all of them. Two, I write my passwords down. There’s this rampant myth that you shouldn’t write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet. And three, I store my passwords in a program I designed called Password Safe.
下面是采访的原文… Read more…
接到同学们的通知,北京大学1987级校友正在组织入学20年周年纪念聚会,时间定于2007年12月8日,就是这周六,下午四点报到,具体内容请访问北大1987校友论坛.
如果偶然哪位校友还没有收到通知,赶紧到校友论坛报到。
Recent Comments