March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
未来的安全
——
对话将来的攻击方式
|
223
8.3
设备交叉攻击
许多人每天都在使用一系列的计算设备——智能手机,个人和雇主发放的笔记本电脑和
工作站,平板电脑——完成他们个人事物和专业的工作。很多时候,数据跨越多个设备,
这样无论使用什么设备用户都可以访问所有的信息。例如,用户将手机的数据备份到笔
记本电脑。另一个例子是使用如
iCloud
这样的服务,跨设备同步文件夹、应用设置和联
系方式。这造成了一种情况,攻击者可以利用一个已经被攻击的设备访问存储在另外一
台设备或者通过云跨设备同步的信息。
想象有这样一种情况:一位病人的信息由医师存储在
Dropbox
上。如果医师的台式机被
钓鱼网站进行破坏,攻击者将修改文档内容,也许改变用药的计量。这个文档可能已经
同步更新到其他设备上,例如,医师可能在值班的时候使用的平板电脑。平板电脑可能
被配置为全盘加密,医院的管理者配置一些额外的安全控制,但是在这种情况下,这些
安全控制可能是无效的,因为文档已经在医生的台式机电脑中被破坏,并自动更新到笔
记本相同的
Dropbox
账户下。这展示了:在用户生态系统中,如何利用一台被破坏的设
备给其他设备的数据整体性带来负面影响。
存储在智能手机和平板电脑上的本地备份文件可能存储在工作站和笔记本电脑上,这也
是攻击者的目标。第
4
章我们分析了用于
SmartThings iOS
应用程序的
access_token
令牌,
由服务器成功认证后发送,有效期是
18 250
天。能够损坏
SmartThings
用户的工作站或
笔记本电脑的攻击者也能潜在窃取这样一个备份文件和手机 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.