PBWCZ.CZ v.1999.04
Poslední aktualizace v 28.06.2018 20:24:22
Tato verze vyjde 28.12.2017
----------------------------------------------------------------------------------
Novinky-
+ Nová sekce "Graf" - Ukazuje na grafu počet zranitelností.
+Desatero bezpečného nakupování na internetu
+Tipy pro zastavení Ransomware
+Linux - TLDR Linuxové příkazy - Veškeré příklady příkazů pro Linux.
Techblog:
+Online statistics - Je odkaz na stránky s denní statistikou.
+Jak zabezpečit IoT - Internet věcí (anglicky Internet of Things, zkratka IoT) je v informatice označení pro propojení vestavěných zařízení s Internetem.
+Přidáno menu jednotlivých sekcí
+Přidáno Top Attack - Seznam top útoků
+Nová sekce " Hacking Threats " - Hacking techniky, které se nyní využívají.
+Nová sekce " Crime Threats " - Kriminální techniky, které se nyní využívají.
+Nová sekce " Infiltration Threats " - Metody infiltrace podle jednotlivých kategorií.
+Nová sekce " Top Attack " - Seznam top útoků podle jednotlivých kategorií.
+Nová sekce " Communication Threats " - Komunikační hrozby podle jednotlivých kategorií.
+Nová sekce " Security Threats " - Bezpečnostní hrozby podle jednotlivých kategorií.
+Nová sekce " Security Protocol " - Bezpečnostní protokoly podle jednotlivých kategorií.
+TorMoil Bug - Co to je a jakou představují hrozbu.
+Přidány hrozby:
Tools found in the wild that target the public | Tools found in the wild that target the public | |
Safari JavaScript pop-up scareware (March 2017) | Lookout reported that scammers had "abused the handling of pop-up dialogs in Mobile Safari in such a way that it would lock out a victim from using the browser. The attack would block use of the Safari browser on iOS until the victim pays the attacker money in the form of an iTunes Gift Card. During the lockout, the attackers displayed threatening messaging in an attempt to scare and coerce victims into paying. However, a knowledgeable user could restore functionality of Mobile Safari by clearing the browser’s cache via the the iOS Settings — the attack doesn’t actually encrypt any data and hold it ransom." iOS 10.3 changed the handling of JavaScript pop-ups to prevent this problem, making pop-ups "per-tab rather than taking over the entire app". | |
AceDeceiver (March 2016) | AceDeceiver, reported by Claud Xiao of Palo Alto Networks, is malware for non-jailbroken iOS devices. It gets on non-jailbroken devices through a desktop application that exploits design flaws in Apple’s DRM mechanism to install a malicious iOS app from the App Store. It can install the malicious app even after the app is removed from the App Store, and it doesn't require misusing an enterprise certificate. | |
Youmi Ad SDK (October 2015) | This advertising SDK, mostly used by Chinese App Store developers, was discovered by SourceDNA to be abusing private APIs in order to collect more personal information than is allowed by Apple security and privacy guidelines, including the list of apps installed on a device, serial numbers of a device and internal components, and user's Apple ID email address. Youmi exploited a weakness in App Store review process and evaded detection by obfuscating private API calls using simple string manipulation. 256 apps with estimated 1 million downloads were found to be affected, including the official Chinese McDonald's app. | |
YiSpecter (October 2015) | Muda (also called AdLord), discussed by Claud Xiao, is a form of adware for jailbroken devices. It has been in the wild at least since October 2013. He writes "It spreads via third party Cydia sources in China, and only affects jailbroken iOS devices. Its main behaviors include to display advertisements over other apps or in notification bar, and to ask user downloading iOS apps it promoted. " | |
YiSpecter (October 2015) | YiSpecter, also discussed by Palo Alto Networks, is malware that uses private APIs to perform malicious actions on both non-jailbroken and jailbroken iOS. It gets installed in the form of apps signed with enterprise certificates. Palo Alto Networks says "On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server." | |
XcodeGhost (September 2015) | XcodeGhost is a form of malware that was found in some unofficial redistributions of Xcode targeted at Chinese developers (who often download redistributed copies because official Apple download speeds are slow in China). XcodeGhost infects apps compiled with those versions of Xcode, which included at least 39 apps published in the iOS App Store. Palo Alto Networks published a series of posts about it: original post explaining it, a list of additional infected apps on the App Store, more about its capabilities. It adds code that can upload device and app information to a central server, create fake iCloud password signin prompts, and read and write from the copy-and-paste clipboard. | |
KeyRaider (August 2015) | KeyRaider, as discussed in this article by Palo Alto Networks, is a piece of malware for jailbroken devices that "steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device." These security researchers said it has over 225,000 stolen accounts in its database. | |
Lock Saver Free (July 2015) | Lock Saver Free is a free tweak, originally distributed on a default repository (removed from the repository after discovery of the problem), that installs an extra tweak that hooks into ad banners to insert its own ad identifier, presumably in order to give ad revenue to the author of the tweak instead of to the author of the website/app where the ad was found. Discussion on Reddit. | |
Xsser mRAT (December 2014) | Xsser mRAT is a piece of malware that targets jailbroken devices. As described by Akamai: "The app is installed via a rogue repository on Cydia, the most popular third-party application store for jailbroken iPhones. Once the malicious bundle has been installed and executed, it gains persistence - preventing the user from deleting it. The mRAT then makes server-side checks and proceeds to steal data from the user's device and executes remote commands as directed by its command-and-control (C2) server." | |
WireLurker and Masque Attack (November 2014) | As discussed at Misuse of enterprise and developer certificates: according to Palo Alto Networks, WireLurker is "a family of malware targeting both Mac OS and iOS systems for the past six months...It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning." Masque Attacks are a related technique, also discussed by Palo Alto Networks: "an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier." | |
AppBuyer (September 2014) | AppBuyer, as discussed in this article by Palo Alto Networks, is malware that “will connect to C&C server, download and execute malicious executable files, hook network APIs to steal user’s Apple ID and password and upload to the attacker’s server, and simulate Apple’s proprietary protocols to buy apps from the official App Store by victim’s identity.” It targets jailbroken devices. | |
Unflod (April 2014) | Unflod is a malicious piece of software targeting jailbroken iOS devices, which attempts to capture the user's Apple ID and password by using MobileSubstrate to hook into the SSLWrite function of Security.framework and then listening to data passed to it. Once the Apple ID and password are captured, it is sent to a Chinese IP address. It was inadvertently discovered by a Reddit user on April 17th, 2014. Also called "Unflod Baby Panda" and "SSLCreds". | |
AdThief/Spad (March and August 2014) | AdThief (also called Spad) is malware targeting jailbroken iOS devices, which "tweaks a developer ID that’s intended to tell ad developers when their ads are either viewed or clicked and in turn, generate revenue. In the malware’s case, infected devices funnel those small payments away from the developers to the hacker", as explained by Kaspersky Threatpost. Security researchers estimated it had infected 75,000 devices. | |
Packages by Nobitazzz (August 2012 and September 2013) | A tweak developer who went by various names (Felix, FelixCat, isoftjsc, Martin Pham, Nitram88, Nobitazzz, Nobita.ZZZ, Sara_Nobita, sara_nobita_zzz, tuyentq2009, vietSARA) included adware in his tweaks. These were many free packages along with some paid packages sold via the Cydia Store, mostly distributed by default repositories (until the problem was discovered). The adware ran ads in the background of iOS, displaying off-screen so that the user wouldn't notice them, with the revenue from those ads going to this tweak developer. This was first reported in August 2012 on the ModMyi forum and analyzed in September 2013 (discussion on Reddit). Packages by this developer included: Animated ICS LockScreen & HomeScreen, BetterChrome, Chrome Download Enabler, ChromeMe, Enable Copy text in Facebook app, Enable WebGL, Facebook Photo Library integration, FacebookThis, Handwriting recognition, Insta9gag, InstaFacebook for NotificationCenter, Instagram Image saver, InstaSocial for Notification Center, InstaTwitter for NotificationCenter, iOS 6 Photos Menu, Make Gmail as default, Notification Lunar Calendar, Olympic 2012 Medal for Notification Center, PhotoFilters, Sara, Sara Dictation Keyboard, VoiceTweet. | |
"Find and Call" (July 2012) | Find and Call was an app on the App Store that automatically uploaded users' contact lists to the company's server, then spammed those contacts with a link to the app ("from" that user). This undisclosed, unwanted behavior makes the software fit the definition of a trojan. Articles: Kaspersky SecureList, Ars Technica, Sophos NakedSecurity. It is also called FindCall. | |
iKee and Duh (November 2009) | The Ikee-virus (also called Eeki) is a worm transmitted between jailbroken devices that have OpenSSH installed and haven't changed the default root password. It changes the lockscreen background to a photo of Rick Astley. Two weeks later, the similar Duh worm spread, which was "much more serious than the original Ikee worm because it is not limited to infecting iPhone users in Australia, and communicates with an internet Control & Command centre, downloading new instructions - effectively turning your iPhone into part of a botnet." | |
Tools used by governments (and similar) to target individuals | Tools used by governments (and similar) to target individuals | |
CIA "Vault 7" materials (March 2017) | On March 7, 2017, WikiLeaks released a collection of CIA documents called Vault 7, dated from 2013 to 2016, that include information about CIA hacking tools for iOS devices. The materials include documentation for CIA iOS exploitation research and a list of iOS exploits they have. | |
Cellebrite (February 2017) | As reported by Motherboard in February 2017, Cellebrite is "an Israeli firm which specializes in extracting data from mobile phones for law enforcement agencies". According to leaked information, "much of the iOS-related code is very similar to that used in the jailbreaking scene", such as limera1n and QuickPwn, with additions: "some of the code in the dump was designed to brute force PIN numbers". The leaked files are available online. | |
Pegasus (August 2016) | Pegasus is a spyware product for iOS built by NSO Group, sold to governments, which has been used for attacks against political dissidents. It uses a chain of exploits nicknamed Trident to silently jailbreak the target device, and then it installs malware. Lookout Security described it in a post and a technical analysis. Citizen Lab wrote a post about its use. In June 2017, the New York Times reported that the Mexican government used Pegasus to target human rights lawyers, journalists and anti-corruption activists. | |
XAgent (February 2015) | XAgent is a surveillance tool targeting specific people (such as people in governments, the military, and journalists) that can affect both non-jailbroken and jailbroken devices, as described in this article by Trend Micro. Also covered by PCWorld. | |
Inception (December 2014) | Inception is an "attack framework" from an unknown source that targets individuals to steal information, using phishing emails and other techniques along with malware for iOS and other mobile operating systems, described in this post by security researchers who identified it. According to the whitepaper from those security researchers, a target may receive a phishing email with a link that says it's a WhatsApp update, and if clicked on jailbroken iOS, it triggers "the download of a Debian installer package, WhatsAppUpdate.deb, also 1.2Mb in size. This application impersonates a Cydia installer, and can only be installed on a jailbroken phone" (page 23). It's unclear what they mean by "impersonates a Cydia installer", but a .deb file is the standard format for software packages installable via Cydia. The iOS malware collects the device's ICCID, address book, phone number, MAC address, and other information. Another group of security researchers also identified this attack framework and called it Cloud Atlas. | |
Hacking Team tools (June 2014 and July 2015) | Hacking Team is a company that "sells offensive intrusion and surveillance capabilities to governments and law enforcement agencies", including iOS spyware tools. The iOS spyware tools appear designed for targeting/attacking specific people, not for broad surveillance of the public. Their main tool (Remote Control System) requires a jailbroken device, and they were researching options for non-jailbroken devices. | |
DROPOUTJEEP (December 2013) | In December 2013, a conference presentation included information about a NSA tool called DROPOUTJEEP: "a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.” The information was from an internal NSA software catalog from 2008. The presenter speculated that Apple had helped build this tool, and Apple said it "has never worked with the NSA to create a backdoor in any of our products". | |
FinSpy Mobile (August 2012) | FinFisher is a suite of commercial surveillance tools sold to governments, which have been used to target activists and other people. The suite includes spyware tools for many mobile operating systems, including iOS. | |
Tools developed as part of research | Tools for sale to the public to target individuals | |
NeonEggShell (August 2015) | NeonEggShell is a command shell creation tool for iOS and OS X. The author says "This project is a proof of concept way to demon strate how easy it is to take over a whole device with a piece of code no bigger than a twitter post." The project includes tools for making payloads for jailbroken iOS, with features such as keylogging and location tracking. By default, the tool includes a "prompt that asks for permission before allowing any connection to the remote server." | |
XARA attacks (June 2015) | Security researchers found methods for "cross-app resource access" (XARA) attacks on OS X and iOS, and they submitted malicious proof-of-concept apps to the Mac and iOS App Store. Apple approved the apps, and the researchers immediately removed them from the stores. These XARA attacks were ways of bypassing the sandboxes that are supposed to prevent an app from accessing files that don't belong to that app, described by the security researchers in a paper. Ars Technica article. | |
Jekyll (August 2013) | At the USENIX Security Symposium in 2013, security researchers described a method for getting a malicious app approved for the App Store, "created with remotely-exploitable vulnerabilities built in, masked by legitimate features to evade detection during the App Store approval process, but ready to be triggered once the app was installed on an iOS device." They successfully got an app approved for the App Store with this method (which "was only active for a few minutes following its launch in March, and during that time it wasn't installed by anyone not involved in the experiment"). | |
Mactans (July 2013) | At the Black Hat 2013 conference, security researchers presented a tool called Mactans, a small device that looks like a charger but can insert malware if you plug an iOS device into it. The iOS device does not have to be jailbroken. | |
Instastock (November 2011) | Charlie Miller, a security researcher, submitted an app to the App Store called Instastock to demonstrate "a flaw in Apple’s restrictions on code signing on iOS devices". The app was initially accepted and then pulled from the store. | |
iSAM (June 2011) | iSAM is a malware tool developed by security researchers as a proof of concept. It affects both jailbroken and not-yet-jailbroken devices: it scans for jailbroken devices that have SSH running and the default root password, and it also includes a malicious version of the Star exploit (JailbreakMe 2.0) so it can jailbreak a device that isn't jailbroken yet. | |
Tools for sale to the public to target individuals | Tools developed as part of research | |
1mole | 1mole is a spying tool available to the public via their own repository, authored by Bosspy. It describes itself on its website as "For Parents" ("Have your children going home after school? Consult their GPS position to be sure."), "For individuals" ("You think about your lost or stolen mobile phone."), and "For Employers" ("Install the software on your business phones and locate them in real time"). Its feature list includes "Track GPS locations" and "Capture the lock sreen passcode" for free, and "Record text messages", "Log Calls details", "Website monitoring", and "Keylogger" as paid services. | |
Copy9 | Copy9 is a spying tool available to the public via the ModMyi repository (a default repository), authored by Copy9. It describes itself as "will be installed on target iDevice to find out a thief, cheating spouses, monitor chidren/employees or simply backup data from your devices to our cloud server. This is the best spyware on the world in spying field." Copy9 website. | |
Copy10 | Copy10 is a similar but separate spying tool available to the public via the ModMyi repository (a default repository), authored by IntelMobi/goldenspy. Their description includes "Are you having trust issues in your relationship? Sign that your kid's personality has changed and their behaviors, does your teenager hang out with friends you're concerned about? What if you believe one of your employees is a spy or is stealing company's technology, intellectual property or trade secrets?" IntelMobi website. | |
FlexiSPY | FlexiSPY is a spying tool available to the public presumably via their own repository (this isn't specified on their website, but it's specified that you need the device to be jailbroken), authored by Flexispy, Ltd. Their website says "If you have a committed relationship with your partner or are responsible for a child or employee YOU HAVE A RIGHT TO KNOW To protect your relationship, spy on their iPhone." | |
iKeyGuard Key Logger | iKeyGuard Key Logger is a keylogging tool available to the public via the BigBoss repository (a default repository), authored by iKeyGuard. Its description includes "Warning: Logging other people without their permission might be illegal in your country! Make sure you abide by your local law." | |
iKeyMonitor keylogger | iKeyMonitor keylogger is a keylogging tool available to the public via the BigBoss repository (a default repository), authored by Awosoft Technology. Its website includes "How to monitor your children's cell phone to discover the truth and protect them from potential dangers? Now with iKeyMonitor you can uncover the truth by secretly monitoring mobile phones and tablets such as iPhone/iPad/iPod and Android device." | |
InnovaSPY | InnovaSPY is a spying tool available to the public via the ModMyi repository (a default repository), authored by Innovaspy. Its description says "Perfect iPhone spy app" and lists reasons to use it as "Protect your child from cyber predators" and "Find out THE TRUE from cheating spouse?" Related package: InnovaMonitor, a monitoring app for use with the spy tool. InnovaSPY website. | |
Mobile Spy | Mobile Spy is a spying tool available to the public via their own repository, authored by Retina-X Studios. Their website says "View your Child or Employee's Smartphone and Tablet Usage. Monitor text messages, GPS locations, call details, photos and social media activity. View the screen and location LIVE!" | |
MobiStealth | MobiStealth is a spying tool available to the public for both jailbroken iOS (presumably installed via their own repository) and non-jailbroken iOS ("All that you require is the Apple ID and password of the iPhone or iPad that you want to monitor to get remote access to"). Their website includes "Are your employees misusing company owned phones? Are your kids getting more possessed and do not want to share anything with you? Stop wondering and thinking all day long, Mobistealth iPhone spy app is exactly what you need." | |
mSpy | mSpy is a spying tool available to the public via the BigBoss repository (a default repository), authored by Mtechnology. Its description of itself: "mSpy is the best tracking and spy application that allows users to keep a check on the cell phone activities of their kids other family members or employees in order to avoid any unwanted behavior or for safety purposes." The mSpy website indicates that they also have a version for non-jailbroken devices. In May 2015, mSpy had a customer data breach. | |
OwnSpy | OwnSpy is a spying tool available to the public via the ModMyi repository (a default repository), authored by Antonio Calatrava. It describes itself as "Spy your own iPhone or iPad", with call recording, location tracking, and other features. It has a warning that says "Installing OwnSpy on a device that does not belong to you is a criminal offense and may be prosecuted. Mobile Innovations will help authorities if required." OwnSpy website. | |
Spy App | Spy App is a spying tool available to the public via the ModMyi repository (a default repository), authored by dmarinov. Its description includes "Remotely spy SMS, Emails, Call Logs, GPS Location, Key presses (Keylogger)" and other features. It says it is "absolutely invisible and undetectable." | |
SpyKey | SpyKey is a keylogging tool available to the public via the BigBoss repository (a default repository), authored by Kobi Snir. Its description includes "a simple app that let you monitor your PC Keyboard activity in real time, Simply connect your iphone to your compute using your Wifi or 3G connection and start monitoring." The SpyKey website includes "Great use for parental control purposes, protect your kids from chating with strangers!", "Discover usernames & passwords", and "Spy unfaithfull husband or wife." | |
StealthGenie | StealthGenie was a spying tool available to the public via their own repository. It also supported other mobile operating systems. In November 2014, the person who advertised and sold this product was charged with a federal crime and fined $500,000. The charge was "sale of an interception device and advertisement of a known interception device", a wiretapping crime. A Forbes article says "according to the FBI, Akbar and his team developed an internal business plan that revealed that — duh — the primary target audience for the app was people who thought their partners were cheating." The Forbes article points out #Mobile Spy, #mSpy, #FlexiSPY, and #MobiStealth as similar products. | |
Trapsms | Trapsms was an early spying tool available to the public, described in this post by a security researcher in July 2009. She says: "The spyware installs on any jailbroken iPhone. In Cydia (an iPhone front-end to help installing third-party applications), you first add the URL of the spyware's repository and then install the two spyware packages." |
+Ransomware Blog - Blog zabývající se ransomwarem.
+IoT Blog - Blog zabývající se IoT.
Obsah
+Přidána nová stránka obsahující články "37".
+Přidána nová stránka obsahující články "38".
+Přidána nová stránka obsahující články "39".
+Přidána nová stránka obsahující články "40".
+Přidána nová stránka obsahující články "41".
+Přidána nová stránka obsahující články "42".
+Nová sekce " Jak zabezpečit mobil " - Postupy jak zabezpečit mobilní telefony s platformami Android a iOS.
+ Přidány odkazy na bezpečnostní protokoly, které jsou rozděleny do několika sekcí.
+Nová sekce " Jak zabezpečit Tablet " - Postupy jak zabezpečit tablet s platformami Android a iOS.
+Nová sekce " Jak zabezpečit OS " - Postupy jak zabezpečit OS.
+Nová sekce " Jak zabezpečit pomocí hardwaru " - Jak zabezpečit pomocí hardwaru.
Nové studijní materiály
Na rozdíl od centralizované správy sálových počítačů (obsluha operačního systému a správa systémových zdrojů) se správa distribuovaných výpočetních systémů rozrůstá mj. i o správu všech zařízení, která umožňují vzájemnou komunikaci všech serverů a uživatelů. | ||
QoS, network policy apod. jsou dnes módní pojmy. Ne každý si však dokáže představit, co znamenají a především jaký může být jejich praktický přínos. V současné době lze vidět dva základní trendy jak zajistit kvalitu služeb v síti. | ||
H.323 je v informatice doporučení ITU Telecommunication Standardization Sector (ITU-T), které definuje protokoly pro audio-vizuální relace komunikace v jakékoli paketové síti. Je v současnosti implementován v několika Internetových real-timeových aplikacích, například NetMeeting nebo Ekiga, která využívá implementaci OpenH323. Je součástí rodiny protokolů H.32x. H.323 je běžně využíván při komunikaci pomocí VoIP (Internetová telefonie) a videokonferencích založených na IP. Jeho účel je tedy podobný účelu SIP. | ||
Funkční oblast managementu pro počítačové sítě. | ||
Jaké technické vybavení má počítač. | ||
COBIT je framework vytvořený mezinárodní asociací ISACA pro správu a řízení informatiky (IT Governance). Jedná se o soubor praktik, které by měly umožnit dosažení strategických cílů organizace díky efektivnímu využití dostupných zdrojů a minimalizaci IT rizik.Prakticky je tedy určen především top manažerům k posuzování fungování ICT a auditorovi pro provádění auditu systému řízení ICT. Na rozdíl od ITIL, který je určen více manažerovi IT (CIO). | ||
Stále se setkáváme s případy, kdy jsou základní informace o elektronickém podpisu podávány poněkud „deformovanou“ formou, takže v nich méně znalý uživatel může mít „trošku zmatek“. V tomto krátkém seriálu se vám budeme snažit problematiku šifrování a elektronického podpisu přiblížit srozumitelnou formou jak z teoretické, tak i praktické stránky. | ||
"Čipová karta" a "USB token" obsahují stejný čip, tak jaký je v nich rozdíl? To se dozvíme v našem novém seriálu. Je určen pro všechny, kteří se přihlašují do operačního systému, k VPN, bezpečnému webu, používají eBanking, šifrují, či digitálně podepisují emaily nebo soubory..., prostě pro všechny, kterým není bezpečnost jejich důležitých dat lhostejná. | ||
Penetrační testy tvoří důležitou součást bezpečnostní analýzy. Za použití různých nástrojů jsou prováděny pokusy proniknout do různých částí informačního systému zvenčí či zevnitř. Výsledkem těchto testů je odhalení slabých míst v ochraně informačního systému. | ||
Objasňuje jeden ze způsobů zabezpečení bezdrátových sítí a LAN sítí vybavených přepínači. Pochopení co přináší specifikace IEEE 802.1x znamená pochopení 3 technologií - PPP, EAP (Extensible Authentication Protocol) a IEEE 802.1x samotné. | ||
Spojení SSL VPN, tj. využití SSL pro VPN, je pro mnoho lidí stále velice překvapivé a nezvyklé. A skutečně se jedná o relativně novou technologii. První produkty se začaly objevovat v roce 2000 a v nejbližších letech se čeká obrovský boom. Oč se jedná? | ||
Internet dnes využívají miliony uživatelů a používají jej i pro obchod nebo jiné aplikace, u kterých by mělo být zajištěno soukromí. Protokol SSL zajišťuje toto soukromí a spolehlivost pro komunikující aplikace, chrání data před odposloucháváním, zfalšováním a paděláním. | ||
Jak tedy systém DNS pracuje? Obecně se na celý systém DNS dá pohlížet jako na decentrali¬zovanou hierarchickou databázi, jejíž hlavní smysl je poskytovat informace nutné pro překlad jmen na IP adresy. Informace uložené v DNS se ukládají ve formě, která se nazývá Resource Record (dále též RR záznam). Protože data uložená v RR záznamech jsou spíše statického charakteru, mají samotné informace i specifikaci maximální doby platnosti záznamu, tzv. TTL (Time to Live). Celá struktura jednoho RR záznamu obsahuje vlastníka (owner), třídu (class), typ (type), ttl a data (rdata – resource data). | ||
• IPv6 protokol je nekompatibilní s protokolem IPv4. V praxi to tedy znamená, že pokud je nějaké zabezpečení v síti již realizováno pro protokol IPv4 (například firewall), nic to neříká o bezpečnostních pravidlech aplikovaných na IPv6. Toto platí samozřejmě i obráceně. | ||
Slovo virtualizace se v poslední době objevuje všude. Ať už v odborných kruzích či v laické literatuře o informatice. Tento pojem se uvádí nejčastěji v souvislosti s procesory, pamětí, úložným prostorem ale vyskytuje se i ve spojení s desktopy či servery. Virtualizační software umožňuje spustit několik instancí operačních systémů a aplikací na jednom fyzickém serveru či také „hostiteli“. Každý z těchto virtuálních strojů je soběstačný, je izolován od ostatních a funguje autonomně. Využívá výpočetní zdroje a přidělené systémové prostředky hostitele, dle svých požadavků. | ||
je vysokoúrovňový skriptovací programovací jazyk, který v roce 1991 navrhl Guido van Rossum. Nabízí dynamickou kontrolu datových typů a podporuje různá programovací paradigmata, včetně objektově orientovaného, imperativního, procedurálního nebo funkcionálního. Python je vyvíjen jako open source projekt, který zdarma nabízí instalační balíky pro většinu běžných platforem (Unix, MS Windows, macOS); ve většině distribucí systému GNU/Linux je Python součástí základní instalace. Mimo jiné je v něm implementován aplikační server Zope, instalátor a většina konfiguračních nástrojů Linuxové distribuce firmy Red Hat. | ||
často jednoduše Postgres, je objektově-relační databázový systém (ORDBMS).Vydáván je pod licencí typu MIT a tudíž se jedná o free a open source software. Stejně jako v případě mnoha dalších open source programů, PostgreSQL není vlastněn jedinou firmou, ale na jeho vývoji se podílí globální komunita vývojářů a firem. PostgreSQL je primárně vyvíjen pro GNU/Linux resp. pro unixové systémy obecně, nicméně existují i balíčky pro platformu Windows (vyžadovány aspoň Windows 2000 SP4). | ||
C++ je multiparadigmatický programovací jazyk, který vyvinul Bjarne Stroustrup a další v Bellových laboratořích AT&T rozšířením jazyka C. C++ podporuje několik programovacích stylů (paradigmat) jako je procedurální programování, objektově orientované programování a generické programování, není tedy jazykem čistě objektovým. V současné době patří C++ mezi nejrozšířenější programovací jazyky. | ||
Jde o jeden z nejpoužívanějších programovacích jazyků na světě. Podle TIOBE indexu je Java nejpopulárnější programovací jazyk.Díky své přenositelnosti je používán pro programy, které mají pracovat na různých systémech počínaje čipovými kartami (platforma JavaCard), přes mobilní telefony a různá zabudovaná zařízení (platforma Java ME), aplikace pro desktopové počítače (platforma Java SE) až po rozsáhlé distribuované systémy pracující na řadě spolupracujících počítačů rozprostřené po celém světě (platforma Java EE). | ||
Při použití PHP pro dynamické stránky jsou skripty prováděny na straně serveru – k uživateli je přenášen až výsledek jejich činnosti. Interpret PHP skriptu je možné volat pomocí příkazového řádku, dotazovacích metod HTTP nebo pomocí webových služeb. Syntaxe jazyka je inspirována několika programovacími jazyky (Perl, C, Pascal a Java). Jazyk PHP je nezávislý na platformě, rozdíly v různých operačních systémech se omezují na několik systémově závislých funkcí a skripty lze většinou mezi operačními systémy přenášet bez jakýchkoli úprav. | ||
C# (vyslovované anglicky jako C Sharp, /siː šaːp/, doslova to označuje notu cis) je vysokoúrovňový objektově orientovaný programovací jazyk vyvinutý firmou Microsoft zároveň s platformou .NET Framework, později schválený standardizačními komisemi ECMA (ECMA-334) a ISO (ISO/IEC 23270). Microsoft založil C# na jazycích C++ a Java (a je tedy nepřímým potomkem jazyka C, ze kterého čerpá syntaxi). | ||
Perl je interpretovaný programovací jazyk vytvořený Larry Wallem v roce 1987. S rozvojem internetu se Perl stal velmi populárním nástrojem pro tvorbu CGI skriptů. Perl zahájil svou éru jako skriptovací jazyk, náhrada jazyka AWK a interpretru sh. Největšího rozšíření dosáhl ve verzi 4 z roku 1991. Verze 5 přinesla četná vylepšení, především výkonné datové struktury a možnost objektového programování. V poslední době získal Perl oblibu mimo jiné v bioinformatice. |
o několik sekcí kurzů:
Počítačové sítě (7)
Linux (1)
Administrace (3)
Technologie (2)
Management (4)
Programování (5)
Bezpečnost (9)
Celkový počet: 35
Jaké jsou požadovány znalosti, certifikace a schopnosti
Seznam firem nabízející školení nebo možnost certifikačních zkoušek:
+MVA
+Nová sekce " Časopisy " Obsahuje IT časopisy v anglickém jazyce, které jsou volně šířeny.
+VB2017" - Konference Virus Bulletin 2017.
+Časopisy -
+Tipy -
+Jaké existují normy bezpečnosti:
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. | ||
The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body composed of five banking regulators that is "empowered to prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions".It also oversees real estate appraisal in the United States.Its regulations are contained in title 12 of the Code of Federal Regulations. | ||
Long title An Act To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes. | ||
The North American Electric Reliability Corporation (NERC) is a nonprofit corporation based in Atlanta, Georgia, and formed on March 28, 2006, as the successor to the North American Electric Reliability Council (also known as NERC). The original NERC was formed on June 1, 1968, by the electric utility industry to promote the reliability and adequacy of bulk power transmission in the electric utility systems of North America. NERC's mission states that it is to "ensure the reliability of the North American bulk power system." | ||
The Sarbanes–Oxley Act of 2002 (Pub.L. 107–204, 116 Stat. 745, enacted July 30, 2002), also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability, Responsibility, and Transparency Act" (in the House) and more commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation. | ||
The National Institute of Standards and Technology (NIST) is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include Nanoscale Science and Technology, Engineering, Information Technology, Neutron Research, Material Measurement, and Physical Measurement. | ||
The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015 by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens.US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU Data Protection Directive and with Swiss requirements. | ||
The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, (Pub.L. 106–102, 113 Stat. 1338, enacted November 12, 1999) is an act of the 106th United States Congress (1999–2001). It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.The legislation was signed into law by President Bill Clinton. |
Změny-
Hlavní stránka-
-Grafická úprava nadpisů.
+Grafická úprava.
Spojení sekcí "Trendy Top threats Methods of infiltration" Do jednoho menu a odstraněny zbytečnosti.
-Graficky upraveny vzhled jednotlivých sekcí.
- Sekce " Top Attack " Přesunuta do nové části hrozby.
-Tipy - Jaké jsou typy byly jsem přesunuty z hlavní stránky.
-Nový Grafický vzhled
MENU
-Přesunut do sekce menu "Bezpečnost"
-Grafická změna a vylepšení přidání
Opravy-
Celkový počet chyby-
Kritických : 1
Vážných : 15
Nízkých : 24
Celkový počet : 40
Aktualizace-
Ransomware - Popisky - Aktualizace