1. 安全性 黑莓的安全性没的说的:重启自检,虽然重启慢的一塌糊涂。没有病毒,且没有杀毒软件表示要做黑莓版杀毒软件。不然奥巴马怎么敢用黑莓呢?此外,黑莓对 API 的调用只能通过一个软件:如邮件弹出,不能装两个类似的软件。另外,黑莓不能随意篡改系统文件。 iPhone 和 Android的安全性一般,系统文件可以随意篡改。很多底层的软件包括内置软件都会出现不稳定的情况,第三方应用更是容易崩溃。 Continue reading »
8 月 232011
ocean
8 月 232011
SSL协议由美国 NetScape公司开发的,V1.0版本从没有公开发表过;V2.0版本于1995年2月发布。但是,由于V2.0版本有许多安全漏洞,所以,1996年紧接着就发布了V3.0版本。
SSL协议 V2.0 主要安全漏洞:
(1) 同一加密密钥用于消息身份验证和加密。
(2) 弱消息认证代码结构和只支持不安全的MD5哈希函数。
(3) SSL握手过程没有采取任何防护,这意味着非常容易遭遇中间人攻击。
(4) 使用TCP连接关闭,以指示数据的末尾(没有明确的会话关闭通知)。这意味着截断攻击是可能的:攻击者只需伪造一个TCP FIN,使得接受方无法识别数据结束消息的合法性。
(5) 仅能提供单一服务和绑定一个固定域名,这与Web服务器中的虚拟主机标准功能有冲突,这意味着,许多网站都无法使用SSL。
因为SSL v2.0协议存在许多安全漏洞问题,容易遭遇中间人攻击和容易被破解。但是,由于许多系统和Web服务器都还支持SSL v2.0协议,所以为了增强用户浏览网页的安全,目前所有主流新版浏览器都已经不支持不安全的SSL v2.0协议。 Continue reading »
8 月 232011
你的SSL 服务器是否存在着错误的配置和已知的漏洞?这些不安全的因素会给企业网络带来极大的安全风险。遵循下面这些技巧可以使你避免一些常见的SSL安全错误,让你远离风险。
1、禁用对SSLv2的支持。该版本的SSL协议在15多年前就被证明是不安全的,但如今有许多Web服务器仍在使用它。
禁用此协议用了不多少时间。例如,在Apache v2中,你需要对默认为配置进行改变:
将:SSLProtocol all
变为:SSLProtocol all -SSLv2
2、禁用对弱加密的支持。几乎所有的Web服务器都支持强加密算法(128位)或极强的加密算法(256位),但许多服务器还在支持弱加密,黑客们会利用这个漏洞来损害企业网络安全。我们没有理由支持弱加密,只需用很短的时间来配置服务器就可以禁用弱加密: Continue reading »
8 月 192011
下边的表格对比的很详细,简单一句就是,openvpn是个人用户最好的选择.
 |
 |
 |
|
|---|---|---|---|
| Background | A very basic VPN protocol based on PPP. PPTP was the first VPN protocol supported on the Microsoft Windows platform. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. | An advanced protocol formally standardized in IETF RFC 3193 and now the recommended replacement for PPTP where secure data encryption is required. | OpenVPN is an advanced open source VPN solution backed by the company ‘OpenVPN technologies’ and which is now the de-facto standard in the open source networking space. It uses uses the mature SSL/TLS encryption protocols. |
| Data Encryption | The PPP payload is encrypted using Microsoft’s Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys. | The L2TP payload is encrypted using the standardized IPSec protocol. RFC 4835 specifies either the 3DES or AES encryption algorithm for confidentiality. iVPN uses the AES algorithm with 256 bit keys. (AES256 is the first publicly accessible and open cipher approved by the NSA for top secret information) | OpenVPN uses the OpenSSL library to provide encryption.OpenSSL supports a number of different cryptographic algorithms such as 3DES, AES, RC5, Blowfish. As with IPSec, iVPN.net implements the extremely secure AES algorithm with 256 bit keys. |
| Setup / Configuration | All versions of Windows and most other operating systems including mobile platforms have built in support for PPTP. PPTP only requires a username, password and server address making it incredibly simple to setup and configure. | All versions of Windows since 2000/XP and Mac OSX 10.3+ have built in support for L2TP/IPSec. Most modern mobile platforms such and iPhone and Android include built in clients. | OpenVPN is not included in any operating system release and requires the installation of client software. The software installers are very user friendly and installation typically takes less than 5 minutes. |
| Speed | With 128 bit keys, the encryption overhead is less compared to OpenVPN which may make the VPN feel slightly faster than with 256 bit keys although the difference is negligable. | L2TP/IPSEC encapsulates data twice making it less efficient and slightly slower than its rivals. | When used in its default UDP mode, OpenVPN provides the best performance. |
| Ports | PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol. | L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports. | OpenVPN can be easily configured to run on any port using either UDP or TCP. To easily bypass restrictive firewalls, OpenVPN can be configured to use TCP on port 443 which is indistinguihasble from standard HTTP over SSL making it extremely difficult to block. |
| Stability / Compatibility | PPTP is not as realiable, nor does it recover as quickly as OpenVPN over unstable network connections. Minor compatibility issues with the GRE protocol and some routers. | L2TP/IPSec is more complex than OpenVPN and can be more difficult to configure to work reliably between devices behind NAT routers. However as long as both the server and client support NAT traversal, there should be few issues. In practice L2TP/IPSec has shown itself it be as reliable and stable as OpenVPN for iVPN.net customers. | Very stable and fast over wireless, cellular and other non reliable networks where packet loss and congestion is common. OpenVPN has a TCP mode for highly unreliable connections but this mode sacrifices some speed due to the ineffeciency of encapsulating TCP within TCP. |
| Security weaknesses | The Microsoft implementation of PPTP has serious security vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly recommends upgrading to IPSec where confidentiality is a concern. | IPSec has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES. | OpenVPN has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES. |
| Client compatibility |
|
|
|
| Conclusion | Due to the major security flaws, there is no good reason to choose PPTP other than device compatibility. If you have a device on which neither L2TP/IPsec or OpenVPN is supported then it may be a reasonable choice. If quick setup and easy configuration are a concern then L2TP/IPsec should be considered. | L2TP/IPSec is an excellent choice but falls slightly short of OpenVPN’s high performance and excellent stability. If you are using a mobile device running iOS (iPhone) or Android then it is the best choice as OpenVPN does not currently support these platforms. Additionally if a quick setup is required, L2TP/IPSec may be a better option although this should not be an important consideration. | OpenVPN is the best choice for all users of Windows, Mac OSX and Linux desktops. It is extremely fast, secure and reliable. Additionally, the iVPN.net multihop network is only available when connecting via OpenVPN. The only downside is its current lack of support for mobile devices and the requirement to install a 3rd party client. |
| Rating |  |
 |
 |
8 月 192011
印度政府日前证实,安全部门仍无法解密RIM公司使用黑莓电子邮件等平台收发的加密通讯。
印度政府一直在寻求入侵黑莓信息系统的方法,并曾威胁如果RIM不提供访问将禁止黑莓在印度销售。
而RIM公司先前已表示,没有一个单一的主密钥可以访问所有账号,因此监控信息是不可能的。这可以理解为经要求可能做到解密个别的账号,但系统范围的解密是不可能的。
“通过电信运营商的合法拦截和监控设施,安全机构能够访问多国电信供应商包括黑莓的加密数据和虚拟专网数据传输。但是安全机构暗示他们无法解密截获的加密通讯为可读的格式。”印度电信部部长卡皮尔·西巴尔(Kapil Sibal)在一份提交印度下议院的书面回复中写道。
印度政府已成立了一个技术委员会,试图找到一个折中的方法,但始终未能达成一致决定。
8 月 172011
网易科技专栏作家 冀勇庆
昨天,在北京798工厂,雷军领衔的小米发布了自己的第一款小米手机。单纯从硬件配置来看,这款手机无疑已经达到了目前智能手机的顶峰:它在业界第一个采用了1.5GHz双核处理器,内存则是高达1GB的RAM和4GB的ROM,现在很多智能手机的外设SD卡才达到了这个水平。手机屏幕则是4英寸的巨屏,超出了目前以iPhone 4为代表的3.5英寸的主流标准。有了如此强悍的配置,还要保证手机的待机时间,小米手机只能采用1930毫安的电池了。
这么顶级的配置,它的价钱又是如何呢?只有惊人的1999元!写到这里,我不禁都要想起电视购物里卖山寨手机的那位导购员声嘶力竭的大喊:“还等什么呢?赶快拿起电话,拨打……”要知道,同等配置的三星Galaxy S2(i9100)可是需要4000块大洋呀!
可是,这款手机你买得到吗?从8月底开始,你只能通过小米科技的网站进行预订,最早会在10月份拿到这款手机。小米手机将只通过自己的网站销售,并借用凡客的供应商进行物流和配送。
说到这里,问题也就出来了:只通过流量不大的小米科技自己的网站来做销售,小米手机能够放量吗?如此低的价格,小米能够挣钱吗?
实际上,小米的阳谋已经明明白白地摆在了桌面上了。与卖出多少部手机相比,小米更关注由于发售这款手机所带来的轰动效应。通过制造这样一种轰动效应,小米能够让众多小米手机的狂热追随者来到自己的网站注册,然后通过给予他一个小米号码,让其同时也成为MIUI手机操作系统和米聊的粉丝和用户。 Continue reading »
8 月 172011
8月17日 消息:作为一家主流的第三方域名系统(DNS)供应商,OpenDNS刚刚正式宣布为IPv6协议提供DNS支持。该公司声称:“OpenDNS是全球范围内第一家可以提供此种服务的递归DNS服务供应商。”
尽管我并不清楚他们到底是不是属于真正的第一,但我知道对于网络管理员们来说,这属于一个重大的进步。就个人而言,我利用OpenDNS来进行DNS查验。与使用过的由ISP提供的DNS相比,它的查验速度更快;并且,与很多家ISP的DNS服务器相比,它的可靠性也更高。
2620:0:ccc::2
2620:0:ccd::2 Continue reading »
8 月 172011
blackhat 发表于 2011年8月16日 17时00分 星期二
匿名读者 写道 “官方媒体《光明日报》发表文章称,要警惕新任华裔驻华大使带来“新殖民主义”。
文章称,“我们就不会被骆家辉的表面现象所迷惑,这个华裔的驻华大使是为了美国不是为了全人类的整体利益而来,华裔的身份使得他可以吸引全世界华人的目光而召集民意,可以使他能够对中国的普通民众产生亲和力,而谁又知道,这恰恰暴露了美国以华治华、煽动中国政治动乱的卑鄙用心呢?果不其然,刚到中国的骆家辉,一下飞机就给中国的官员们来了一个下马威,没有随从、没有警卫、没有鲜花和掌声以及热烈欢迎的豪华排场、全家拎着大包小包抵达北京,活脱脱一派平民作风,显然,这种做派更能赢得中国普通民众的好感。
但这是什么做派呢?这是中国共产党当年与人民群众同甘共苦打成一片的作风,这是当年中国共产党不摆架子不讲排场务实求是的作风,这种作风与众多官僚权贵们的高高在上形成鲜明的对比和讽刺——走马还未上任的骆家辉先声夺人,给中国的官员们上了一堂重拾共产党人优良作风的行为艺术课。 Continue reading »