Nov 25
权当记事本一用。
◎document.write
\144\157\143\165\155\145\156\164\56\167\162\151\164\145
◎alert
\141\154\145\162\164
或:
\x61\x6c\x65\x72\x74
Nov 24
清除NOD32的密码保护
将 HKEY_LOCAL_MACHINE\SOFTWARE\Eset\Nod\CurrentVersion\Info 下的
PackageID 一项删除,可以清除保护密码。
Nov 24
Nov 21
据国外媒体报道,美国第二大互联网安全公司迈克菲日前评出了2008年十大安全趋势。
以下为迈克菲评出的2008年十大安全趋势:
1. 社交网站和Web 2.0网站成为黑客攻击目标。
2. “僵尸网络”将继续繁殖。
3. 通过IM传播的“flash”蠕虫将大规模爆发。
4. 在线游戏等虚拟社区将成为重要攻击目标。
5. Windows Vista将成为黑客攻击目标。
6. 广告软件数量下滑。
7. “钓鱼”式攻击将面向普通小型网站。
8. 寄生恶意软件明年增长20%。
9. 虚拟机安全问题突出。
10. VoIP攻击将直线上升。
McAfee predicts 2008’s worst security threats
Social sites likely to be big targets for cyber criminals
Rosalie Marshall, IT Week, 16 Nov 2007
a graphical representation of a virus
McAfee has forecast that nine security threats will increase in 2008, while it expects ad-serving software known as adware to decrease.
The forecasts are based on the development of attacks seen in the firm’s own lab. Greg Day, McAfee security analyst, said that Web 2.0 sites would increasingly be used by cyber criminals to distribute malware or steal volumes of data. Web 2.0 sites offering everything from consumer social networking to business relationship management could prove an easy form of attack, being “the internet version of a shopping mall or crowded city,” Day said.
The Storm Worm, also known as Nuwar, set a precedent in how botnets are likely to develop, said McAfee. Storm Worm’s creators “released thousands of variants and changed coding techniques, infection methods and social engineering schemes far more than any other threat in history” and “created the largest peer-to-peer botnet ever” said the report.
“In the old days bots were made to be indiscoverable and we worked to discover them, but now the trend is having more generals to command the trend,” Day added.
Attackers are also likely to focus on instant messaging, according to the security vendor. A threat spreads fast through instant messaging because attackers have a pre-existing list of targets in the address book and can automate the “flash” worm so a carrier does not know it is infected, said Day. In 2007 there have been 10 high-severity instant messaging risks, compared to none in 2006, according to McAfee.
Online gaming will be another common target for attacks as virtual objects in games gain in value, the firm predicts. “The number of password-stealing Trojans that targeted online games in 2007 grew faster than the number of Trojans that target banks,” reported the firm.
This is supported by news of the first European being arrested for stealing virtual objects—a Dutch 17-year-old who stole virtual property from the 3D cartoon world Habbo Hotel.
Criminals go after common environments and because adoption figures for Vista are on the increase, the Microsoft operating system will also make a heavy investment for attacks, said Day. Similarly, as virtualisation transforms information security “malware authors will begin looking at ways to circumvent the new defensive technology, continuing the classic game of cat and mouse,” said the report.
The seventh prediction McAfee makes is that phishers will shift focus to small, un-prepared transaction sites, rather than maintaining target on banking sites. Banks have been offering free anti virus protection to customers, creating more advanced password techniques and generally increasing their layers of protection, said Day. Therefore “smaller e-commerce sites will be the new target”, added Day.
Parasitic malware is a threat the firm expects to grow by 20 percent in 2008. Parasitic infectors are viruses that modify existing files on disk. “It is a technology that is old but has come back in recent years,” as seen with threats such as Grum, Virut and Almanahe, said Day.
The last type of threat predicted by McAfee to increase is caused by VoIP attacks. The threat is estimated to rise by 50 percent. “It is clear that VoIP threats have arrived and there’s no sign of a slow down,” said the report. “The technology is still new and defence strategies are lagging,” the report added.
The decline in adware that started in 2006 because of the government crackdown bringing a positive effect is expected to continue, said the firm.
Nov 19
来自:linux宝库
联系:linuxmine#gmail.com
分类:[vi]
作者:译者Elale
[vi-faq中文版]
0.0 - 引言 — 我怎样用这个FAQ
这个文档分为了几个部分.首先,第0节和第1节介绍了什么是vi;第2节则收录了很多新
学者的问题,一些对vi没有很多经验的人也经常问这些问题.这里面包括诸如“命令模式和插入
模式之间的区别”,以及“我怎样拷贝和粘贴”之类的问题.第3节是面向vi的中级用户的,它从
问题“我如何查找和替换”开始,逐步深入,直到对vi里面的宏(Macro)的用法讨论为止.第3
节还包括了一个vi的快速参考,有一个规范的vi命令列表.再下面,是一个有关“:set”命令的
列表,包含了所有能定制vi环境的变量,这些变量也可以在.exrc文件中定义.
我们已经在一个运行SunOS和UCB版本vi的机器上验证了快速参考.除了SunOS带的vi外,
每个命令都可以在系统V和UCB版本vi运行,但是我个人并没有验证这一点.
除非我们在文档中指明,缺省我们假定你处在命令模式下.
我们还尝试保留尽可能多的术语,因为在原始的vi文档中使用了这些术语,尽管我可能
忘了它的本来含义.
0.1 - 索引
第一个文件:
0.0 - 引言 — 我怎样用这个FAQ?
0.1 - 索引
0.2 - 我可以散发这个FAQ吗?
0.3 - 你能为这个FAQ做什么?
1.0 - 什么是vi?
1.1 - 关于vi有什么重大的交易吗? 为什么大家都用它? 更进一步说,为什么我要用它?
1.2 - 噢! 这听起来不错! 有没有理由不用vi?
1.3 - vi能在多少不同的操作系统下面运行?
1.4 - 好吧, 你说服了我. 我决定开始使用vi. 我该从哪儿开始?
1.5 - vi有其他一些可用的变种吗?
2.0 - vi入门
2.1 - 有什么游戏帮助我们学习vi吗?
2.2 - 命令模式和插入模式有什么区别?
2.3 - 等等,我的键盘没有
2.4 - 那些~s是什么东西?
2.5 - 我无法习惯用 hjkl, 你有什么建议吗?
2.6 - 我如何才能不存盘就退出?
2.7 - 我怎样插入一个文件?
2.8 - 我怎样查找文本?
2.9 - 我怎样搜索一个控制序列?
2.10 - 我怎样重新格式化文本?
2.11 - 我怎样复制文本?
2.12 - 啊! 我刚才敲了一个dG,然后我的论文就没有了! 我该怎么办?
(或者,我刚才犯了个错误,我该怎么办?)
2.13 - 我正在写我的论文,被告知我必须将每一节都放在不同的文件里,我该怎么办?
2.14 - 所有的:命令都是怎样处理的?
3.0 - 怎样查找和替换?
3.1 - 我怎样在vi中运行一个程序?
3.2 - 啊! 我正在写我的论文, 系统崩溃了! 怎么办?
3.3 - 有没有使vi对程序员更友好的窍门?
3.4 - 宏 — 我怎样写宏?
3.5 - 我怎样将一个功能键定义成一个宏?
3.6 - 有没有办法缩写文本?
3.7 - 我怎样在当前文档中做拼写检查?
3.8 - 我手头有一个硬拷贝的终端, 我还能用vi吗?
3.9 - 好了,是不是处在开放模式下的原因呀?! 但是我现在没有用硬拷贝终端,它还是在
开放模式呀?
第二个文件:
4.0 - vi档案的在线帮助在哪儿?
5.0 - 好玩的vi诀窍,无聊的宏
5.1 - 好玩的vi诀窍
5.2 - 好玩的宏
6.0 - 依字母顺序的vi快速参考
6.1 - 命令模式的输入选项(:命令)
6.2 - 设置选项(set)
7.0 - 建立 .exrc文件
7.1 - .exrc文件的样本
8.0 - vi的漏洞
9.0 - 术语表
10.0 - 关于vi的参考书目
Nov 18
1. 使用结构体的场合
用结构体明确数据关系
用结构体简化参数列表 (Windows 内核用的很多)
用结构体减小维护量
2. 指针
更正指针的大部分工作量便是找出它的位置。经常的错误是指针指向的位置不可读或者不可写,却进行了读或者写的操作。double free 或者null 指针问题。而指针指向的内容被破坏,这种错误却很难发现。
一些额外的技术可以避免一些问题:
a 同时声明和定义指针
b 在与指针分配相同的作用域中删除指针 (calloc free , new delete)
c 在使用指针和指针所引用的变量前先检查它 (防御式编程)
d 使用额外的指针变量提高代码的清晰度
e 按照顺序释放链表指针
f 在删除或者释放指针之后将它们设置为空值 (NULL)
g 使用非指针技术
Nov 17
1. 避免使用magic num 如: 11 ,多使用具名常量,优势在于便于理解,减小后期维护量
2. 注意编译器警告 有一种方法是将编译器的警告级别调为最大
3. 考虑变量范围避免整形溢出的问题,对浮点类型的计算要小心,结果往往和你想象的不一样
4. C style 的字符串长度什么名为CONSTANT+1
char name[ NAME_LENGTH+1 ] = {0};
5. 动态分配内存使用 calloc而不是 malloc,calloc 会初始化为0
6. 使用strncpy 等函数代替 strcpy 等函数,防止缓冲区溢出
7. 将枚举类型的第一个元素留作非法值,很多编译器将枚举类型的第一个值为0
8. 考虑使用一个类而不是使用typedef
Recent Comments