Cloud & Telecom Security

腾讯科技讯 10月22日消息，2009中国计算机网络安全应急年会于2009年10月21日至24日在湖南长沙召开，本届年会主题是“网络促进发展 安全创造价值”，腾讯科技作为独家网络支持媒体对大会进行了全程直播。杨哲先生是绿盟科技网络安全工程师，ZerOne无线安全团队负责人。下面，有请他带来“无线安全：有线安全的交汇点”的报告。 Read more…

在2009 CNCERT/CC安全年会上，中国移动通信集团公司网络部处长徐海东表示，移动互联网融合新凸显的安全面临网络安全、终端安全、业务安全三方面问题。徐海东还表示，移动互联网融合的安全对策可以有以下四点：

一是用户对网络透明，要抓住“可鉴权，可溯源”的技术优势，可以起到有效的威慑作用，降低各种安全威胁，提高网络的整体安全强度；
二是要关注网络自身安全，且对用户不透明，对用户隐藏网络拓扑，使得用户无法对网络节点发起攻击；
三是终端安全保护。对于智能终端的安全保护需要进行重点研究，由于智能终端的操作系统可能存在安全漏洞，在彩信、手机浏览网页、下载安装软件等多种情况下都可能感染病毒或遭到入侵；
四是业务的安全保护。互联网应用大幅增加后，通信对端更不可信，由此可能引发病毒感染、木马等一系列攻击，危害严重。需要对服务提供方进行严格认证，目前正在标准化的GBA/GAA是一种对业务服务器进行认证的有效解决办法。 Read more…

Gartner, the leading marketing analysis and strategy firm, released its newly-brew TOP 10 technology list today. They are:

• 1 Cloud computing. Cloud has been the top buzz-term in the past months. Gartner raised it from No.2 at 2009 to TOP1 at 2010.  With no doubt, this statement will be quoted by tons of articles and vendor solutions in the following seasons.
• 2 Advanced analytic.  I would rather explain it as data correlation and data mining tech. This seems to be similar to “business intelligence” (No.9 at 2009).
• 3 Client computing. Mostly client computing is critical for the security impact to the whole Internet.
• 4 Greet IT. It was No.1 at 2008, and No.10 at 2009. Anyway, it’s a concept, containing a lot of technologies, customs, culture, etc.
• 5 Reshaping the data center, with new designs and approaches that include building out incrementally in pod-based approaches, adding only power, chillers and generators to support initial needs.
• 6 Social computing. It has been deeply involved into daily life. Facebook, Twitter, LinkedIn, etc.
• 7 Security activity mornitoring.  A variety of complimentary (and sometimes overlapping) monitoring and analysis tools help enterprises better detect and investigate suspicious activity – often with real-time alerting or transaction intervention. Personally,  I think this is similar to the No.2.
• 8 Flash memory. It’s a new face to TOP 10.
• 9 Virtualization for availability. While virtualization has been melted into cloud computing and other diverse areas, Gartner leaves “availability”.
• 10 Mobile applications. No comments at this moment. There have been a lot of developers and app stores you can find at the web. It reflects the hotness. Read more…

This morning Twitter seems to be in trouble of performance issue.  Actually, this is not first time to get the below screen:

Read more…

WordPress released its 2.8.5 today. At this release, WordPress enhanced itself by:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

At the same time, WordPress 2.9 is in development and beta testing process.

CNCERT/CC 2009 Conference

CNCERT/CC 2009 Conference will be held at Oct.21, Changsha, Hunan Province, China. This is the consecutive 6th conference since 2004.  Here is the English agenda.

This annual event is generating more and more influence to not only China information security community, society, industry, but also the related parties at Asia Pacific and even worldwide.  You can find a number of famous regional CERT organizations and reps from carriers, large enterprises, vendors, say, SingCert, ThaiCert, VNCert, China Telecom, China Mobile, China Unicom, ICBC, CCB, etc. Read more…

Oct.18 2009(Beijing time), China CCTV news reported the release of national vulnerability database of China.

Along with the upsoaring of the Internet applications, the vulnerability number is also in a sharp growth. So the update and automation of vulnerability information is becoming more and more critical for the whole information ssytems. Vulnerability Database is used to research, collect, release, automate the lifecycle of vulnerability management, which is regarded the core of the related activities. Although there have been a series of open source vulnerability database(e.g. OSVDB, etc.), commercial maintained vulnerailibity database(e.g. CERT CVE, Bugtraq, NSFocus VDB, etc.), it’s still regarded very essential to setup one authoritive database for the industry, particularly for government and research organizations. Read more…

美国定十月份是信息安全意识月（Cybersecurity Awareness Month），奥巴马总统讲话阐述信息网络空间安全的重要性：

这个新闻能够告诉我们很多东西，例如： Read more…

上百万深圳山寨从业者何去何从？这些极具活力的山寨企业有无可能变成第二第三个华为？
http://www.sina.com.cn  2009年10月10日 02:04  21世纪经济报道 本报记者 程久龙 深圳报道

“生意越来越难做，走的人也越来越多。”说这番话的时候，老赵(化名)正在筹备他的新事业——远在外省的某处矿产项目。而仅在一年前，老赵正在为他的老本行——山寨手机业焦虑地忙碌着。 Read more…

So yes, President Barack Obama was awarded the Nobel Peace Prize earlier this morning, and Twitter (and the rest of the Web) immediately blew up.

The diagram is the tag cloud at this morning.

It helps refect that how twitter has been closely penetrating into daily life at USA.

Adope官方已经确认再爆新漏洞。该漏洞存在于Windows, Macintosh, Unix版本的Adobe Reader和Acrobat 9.1.3和以前的版本（CVE-2009-3459），有报告称已经发现针对Windows版本的利用。漏洞细节详见下文报道： Read more…

商店里的玩具机器人、能够打扫卫生的机器人到流水线上熟练操作的机器人，这些大家都非常熟悉了。电视里的机器人比赛节目是很多小朋友、大人们的最爱。华盛顿大学的专家开始对破解这些机器人进行了研究。研究发现当前设计的机器人很容易被远程控制，被控制的后果很严重，窃听、物理破坏、甚至人身伤害…都有可能，比当前传统的计算机黑客队我们的威胁来的更加直接。试想一下，在未来的某一天，家里买了个保姆机器人，然后就有些晚上开始有了动静，有个影子很有兴趣地在你的床边走来走去….

不知哈工大、北理工、清华等机器人专家们是否在机器人通信和控制、逻辑判断等问题考虑了这些现实的安全问题… Read more…

方滨兴：谢谢周总的介绍。尊敬的杨部长、各位来宾，今天我选择的主题是“我看云计算及云安全”。

过去搞大规模分布式集中计算主要是靠网格计算，网格计算已经很长时间没有动静了，通过关键词搜索可以看到对网格搜索到了2007年末2008年初已经被云计算的蜂拥而至取代了，而且网格计算基本不在媒体出现了。今年1月份国际上云计算组织专门还了一个会，大概推出了22种定义，这完全是一种不集中、不确定的定义，我也想给它做一个简单的陈述。 Read more…

Verizon是电信运营商，有大量的企业和个人客户，有雄厚的项目实施和市场推广能力；McAfee是网络安全厂商，有很好的安全技术和产品服务。在互联网和云计算安全商机面前，两者选择了合作。 Read more…

中国移动的飞信当然是个非常棒的应用。作为一个用户，使用它可以非常方便地和手机用户聊天，更为重要的是可以免费的聊天。考虑到现在美国，跨国短信的高昂资费，飞信更是开机必备，呵呵。在使用了一段时间后，和其它类似的产品比较，飞信还有很多值得提高的地方。它山之石，可以攻玉。下面这些开发建议供移动的朋友们，尤其是参与飞信开发或策划的朋友们参考。

1 更为方便的用户导入导出、好友添加功能。当前每次添加好友，都感觉不是太方便。界面上的布局和功能按钮等还需要优化提高。 不知为什么，飞信在这里设置了很多用户限制，添加用户时的消息定制不太友好，LinkedIn的用户邀请可以值得学习。在好友发现、通信本管理上，Skype的做法值得飞信借鉴学习。 Read more…