腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Network ] Split TCP -The fairness & throughput of TCP suffer when it is used in mobile ad hoc network, TCP wrongly attributes http://www.cs.ucr.edu/~swastik/SAWN-05-5.pdf&ved=0ahUKEwisxPD08v_MAhVXa1IKHRZUAVAQFggjMAE&usg=AFQjCNG-p4DrIJwC1o66RNtW3kB2m_o2Pg&sig2=29pW0TNxF7wd23OwoOKxkA
" 手机 Ad Hoc 网络中, TCP 的拥塞控制和吞吐量一直是个问题,作者提出 Split TCP 模型尝试解决这个问题。来自加州大学河滨分校的 Paper: https://t.co/zGkLMnVsd6"
-
[ Others ] Node.js security checklist <--- Useful for developers. https://blog.risingstack.com/node-js-security-checklist/
" Node.js 安全检查手册: https://t.co/CVx9cp4Irt"
-
[ Popular Software ] GraphicsMagick and ImageMagick popen() shell vulnerability via filename http://permalink.gmane.org/gmane.comp.security.oss.general/19669
" GraphicsMagick 和 ImageMagick 在处理 popen 打开文件时,如果遇到管道符,部分文件名会被当作命令执行,来自 OpenWall 的邮件列表: https://t.co/RbMwZ0JyUl "
-
[ Virtualization ] Spot on slides by @ hikerell: "Advanced Exploitation: Xen Hypervisor VM escape" : https://conference.hitb.org/hitbsecconf2016ams/materials/D2T2%20-%20Shangcong%20Luan%20-%20Xen%20Hypervisor%20VM%20Escape.pdf
" Xen Hypervisor 虚拟机逃逸技术,来自 HITB 2016 阿姆斯特丹会议: https://t.co/P4THerMum6"
-
[ Windows ] SxS backdoor and story of Windows UAC ridiculous fixes http://www.kernelmode.info/forum/viewtopic.php?f=11&p=28579#p28579 #uacme
"SxS 后门与 Windows UAC 荒谬补丁的故事,来自 KernelMode 论坛: https://t.co/tkmm0la8IW "