数据显示，我国青少年网民（ 19 岁以下）目前约占全体网民的 23%，达 1.6 亿。有 90.1% 的未成年人使用互联网，未成年人逐渐成为网民主力军，深受网络影响。
据美国媒体报道，美国将研发网络化的新一代核武器系统、同时解决联网的核武器系统如何防范黑客攻击的问题。美国空军科学顾问委员会主席 维尔纳·达姆 近日表示，美国一些核武器系统需要更新换代，其中包括新型 B－21 隐形轰炸机、新一代洲际弹道导弹和远程巡航导弹等。此前美国当选总统特朗普也已表示，将扩充和加强美国的核武库。
维尔纳·达姆 透露，新一代核武器系统与它们的“前任”迥然不同 —— 将与其他作战系统进行网络连接。尽管这一网络并非公共的互联网，但在安全保障方面仍面临新挑战，如核武器系统有可能遭遇黑客入侵，这意味着必须修改和补充美国国防部现行的核武器安全指令。
美空军科学顾问委员会日前宣布，它在 2017 年的任务将是研究未来核武器联网的安全保障问题，在核武器系统更新换代开始之前提出防范安全漏洞的解决方案。
2美国联邦贸易委员会起诉 D-Link 销售不安全的路由器和摄像头
美国联邦贸易委员会（ FTC ）周四向旧金山联邦法院起诉（PDF）台湾友讯科技（ D-Link ），FTC 指控 D-Link 的路由器和网络摄像头让数以千计的消费者面临被黑客攻击的风险。FTC 在起诉书中称，被告屡次未能采取合理的软件测试和防治措施保护路由器和网络摄像头免受已知的容易预防的安全漏洞，如硬编码用户凭证等后门、以及命令注入漏洞，这些漏洞允许远程攻击者控制消费者的设备。FTC 还指控 D-Link 以明文的方式储存用户登录凭证。
对此，D-Link拒绝承认FTC的指控，并表示要“taking steps to defend the action（采取保护措施）”。目前FTC的诉讼已经递交到了北卡罗来纳州地方法庭，申请针对D-Link产品的销售禁令。
据外媒报道，谷歌的巴西域名遭劫持，用户登录谷歌巴西官网，页面显示的不是“ Google ”标志而是一张日本漫画照片并配上一段英文文字。
谷歌官方迅速介入调查，并查明：谷歌域名并未遭黑客入侵，而是巴西当地的 DNS 服务提供商遭黑客入侵、篡改了 DNS 服务器配置信息。研究人员调查发现黑客篡改了该区域 DNS 解析服务器的配置，将“ google.com.br ”解析后的地址进行重定向，这种攻击被称为“域名劫持攻击”。谷歌立即将结果告知当地服务商并督促其紧急修复，30 分钟后 DNS 服务器问题被修复，用户可以继续访问 Google 页面。
接着，他们会发来一封包含了 .zip 附件的邮件（可能伪装成一份 Word 或 Excel 文档）。一旦激活了恶意代码，就会在受害者的计算机上安装勒索软件，并加密设备上的文件。
据 Action Fraud 所述，犯罪分子会索取高达 8000 英镑（9828美元）的赎金来解锁文件。
这个骗局并不难识破，因为英国“教育部”的正式名称为“Department for Education”，而不是“of”。
此次入侵者 CyberZeist 入侵的手法主要是利用了FBI 网站所使用的 CMS 内容管理系统的一个零日漏洞，而这个名为 Plone 的系统被公认为有史以来最安全的CMS内容管理系统。
据悉， CyberZeist 曾经是“匿名者”黑客组织 Anonymous 的一员，在业界也可谓“臭名昭著”。他此前还入侵过巴克莱银行、乐购银行以及英国军情五处。
CyberZeist 甚至还在 Twitter 上发起一个公开投票来决定下一个目标：政府组织、银行机构、军方、其他。仿佛听到了他内心的嘶吼：“还有谁!？”
当然，除了我们的冠军Android系统，荣获第二名的Debian Linux(319)和第三名的Ubuntu Linux(278)也非常值得关注，其中的很多漏洞都是因为某些第三方的Packages中原本就存在问题。
1 government initiatives outlined in the work of the 1 Xi Jinping net letter big strategy: there is no national security network security
National Network Information Office held recently held in beijing.
The meeting stressed the need to study and implement the general secretary Xi Jinping series of important speech and governing the new concept of new ideas and new strategy, firmly establish political awareness, overall awareness, awareness, awareness of the core line, do a solid job in 2017 net work, to create a good atmosphere for public opinion online, provides a powerful network security and information technology support. Eighteen years, Xi Jinping, general secretary attaches great importance to the network, attention to network security and information technology. In a number of occasions on the development of China’s network of letters important discussion, for China to build a network power direction.
2 China intends to develop the minor network protection regulations
Minors Network Protection Ordinance (Draft) announced the day before.
The draft provides for minors to implement cyber bullying, constitute a crime, will be investigated for criminal responsibility according to law. Reviewers pointed out that any organization and individual shall not be in the form of text, pictures, audio and video network threats, insults, attacks, harm minors. Guardians of minors, schools and other organizations and individuals that minors have suffered cyber bullying infringement, should take timely measures to rescue, when necessary to report to the public security organs or other relevant departments, received a report of the unit shall promptly accept. Family, school and society are responsible for prevention and intervention of Juvenile Internet addiction; prohibited for minors online game service in daily 0:00 to 8:00 during the use of minors; the network of personal information, subject to minor offenders himself or guardian consent, the maximum penalty of 500 thousand yuan.
Data show that China’s young Internet users (19 years of age) currently accounts for about 23% of all Internet users, up to 160 million. There are 90.1% minors using the Internet, minors gradually become the main force of Internet users, by the network.
3 U.S. Department of energy issued a warning: alert hackers attack on the grid
U.S. Department of energy (DOE) on January 6th issued a warning that the national grid may be facing imminent danger of being hacked. In a 494 page report, DOE pointed out that the power system maintained millions of lifeline America, key defense facilities and economic lifeline, the current network security of power system is very worrying, imminent danger.
If the attack by hackers to break through the power system, resulting in paralysis of the power grid will affect the health and safety of millions of U.S. citizens. In addition, the natural gas pipeline also plays an important role in the country’s power system. Natural gas pipelines also have the possibility of working under the network attack, which will cause serious problems related to infrastructure, endangering the reliability of the national power grid system.
4 boost network security and other security system to accelerate landing
In January 6th, jointly organized by the Third Research Institute of the Ministry of public security, China computer society computer security committee and Zhongguancun trusted computing industry alliance 2017 Chinese trusted computing and network security protection forum held in Beijing. The competent department of information security and the relevant person in charge of the field of information security experts and scholars said that the trusted computing technology plays a crucial role to enhance the important information system level protection level, the level of information security protection system to protect the national security of critical information infrastructure as the key is deeply implemented.
During 13th Five-Year, the Party Central Committee and the State Council has increased the importance of network security, and clearly stated in the economic and social development of the thirteenth five year plan, to further improve the important information system level protection system. The recently announced network security law provisions of article twenty-first, the national implementation of the network security protection system; the provisions of article thirty-first, the state of critical information infrastructure, the implementation of key protection based on network security protection system.
5 U.S. military nuclear weapons will be studied after the series of network intrusion prevention problems
According to U.S. media reports, the United States will develop a new generation of networked nuclear weapons systems, while solving the problem of how to prevent cyber attacks on the network of nuclear weapons. The United States Air Force Scientific Advisory Committee Chairman Werner Damm said recently that some U.S. nuclear weapons systems need to be upgraded, including new b-21 stealth bombers, a new generation of intercontinental ballistic missiles and long-range cruise missiles. After Trump was elected president of the United States also has said it will expand and strengthen America’s nuclear arsenal.
Werner Damm said that the new generation of nuclear weapons systems and their predecessors are very different – will be connected with other combat systems network. Although this is not a public Internet network, but in terms of security still faces new challenges, such as nuclear weapons systems may encounter hackers, this means we must revise and supplement the U.S. Department of Defense’s current nuclear weapons safety directive.
The United States Air Force Scientific Advisory Committee announced the day before, it will be the security network of future nuclear weapons mission in 2017, put forward the solution to prevent security vulnerabilities before the nuclear weapon system began upgrading.
2 network security events
1 the United States announced the latest declassified report, Putin ordered interference in U.S. elections
Released a new report declassified CIA, FBI and NSA three intelligence agencies identified 6, Russian President Vladimir Putin ordered to launch cyber attacks to influence the American election. The report said, the Russian military intelligence agency authorized by hackers and the Democratic National Committee over Democrat email server and email content leaked to WikiLeaks and three party. Reported that the Russian action also includes a large number of promotional campaigns. The Russian government through the official media and network Navy spread slander Democratic Party candidate, former Secretary of state Hilary negative news and false news in the traditional media and social media.
The report did not specify the means by which the United States intelligence agencies to collect relevant evidence, did not produce the evidence. The report also did not assess whether Russia’s actions affect the U.S. election results.
Russia has not yet responded to the latest U.S. intelligence report, Hilary and his team did not comment. Trump 6, listen to the intelligence report said that he would appoint a special team in his first 3 months to draw up a plan to prevent network attacks. Trump, 6, reiterated that Russia’s action on the election results, no effect.
2 U.S. Federal Trade Commission sued D-Link sales of unsafe routers and cameras
The Federal Trade Commission (FTC) on Thursday to the San Francisco federal court against Taiwan (PDF) D-Link Technology (D-Link), FTC accused D-Link of router and network cameras allow thousands of consumers at risk of being attacked by hackers. FTC said in the indictment, the defendant to prevent security vulnerabilities repeatedly failed to take reasonable measures to protect the software testing and prevention of router and network camera from known, such as hard as a back door, encoding user credentials and command injection vulnerabilities, these vulnerabilities allow remote attackers to control consumer equipment. FTC also accused D-Link of storing user login credentials in an explicit manner.
In this regard, D-Link refused to recognize the allegations of FTC, and said to be taking steps defend the action (take protective measures). At present, FTC’s lawsuit has been submitted to the North Carolina district court to apply for a ban on the sale of D-Link products.
3Google Brazil’s official website was hijacked domain attacks
According to foreign media reports, Google’s Brazil domain name was hijacked, the user log on Google’s official website in Brazil, the page is not displayed Google logo but a Japanese comic photo with an English text.
Google officials quickly involved in the investigation, and found out: Google domain name has not been hacked, but the local DNS service provider in Brazil was hacked, tampering with the DNS server configuration information. The researchers found that hackers tampered with the configuration of the DNS parsing server in the region, google.com.br after the analysis of the address redirection, this attack is known as the domain name hijacking attack. Google immediately informed the local service providers and urged their emergency repair, 30 minutes after the DNS server problem is fixed, the user can continue to visit the Google page.
Domain name hijacking attack should not be underestimated, potential threats are as follows:
(1) when a user’s request is redirected to a certain set of links, the user will be attacked by malicious code once they enter the page. Hackers often use the way to induce users to download the software to update the package, the malicious code implanted in them, thus completing the attack;
(2) the attacker can hijack the user’s e-mail, and steal the information;
(3) set up a SMTP (or IMAP, IMAPS) network server through the simulation, the attacker can be in the process of user authentication in the network, the theft of their identity document information.
4 cyber criminals lure British schools to install ransomware
Action Fraud cyber crime reporting center has issued a warning to the British educational institutions, cyber criminals may be unsolicited posing as government officials to tempt you to install the software in the system. From the beginning of this scam to educational institutions call telephone fraud, claiming to be the Ministry of education officials; after the victim asked the teacher \/ treasurer email or mobile phone number, claiming that it need to teacher to provide some form of mental health evaluation or guidance.
If the victim is wary of insufficient, very easy to fall into the trap, cyber criminals are cheat with have an ulterior motive of personal contact information. And they would say, because the file contains sensitive information, do not use the inbox provided by the school.
Next, they will send an email containing a.Zip attachment (which may be disguised as a Word or Excel document). Once the malicious code is activated, the malware is installed on the victim’s computer and the file is encrypted on the device.
According to Action Fraud, the criminals will receive up to 8000 pounds ($9828) to unlock the ransom documents.
This is not difficult to see through the scam, because the official name of the British Ministry of education to Department for Education instead of of.
5FBI website was hacked by the data after being exposed to ridicule
Recently, known as the history of the most secure FBI website hackers face, the website was hacked, website data was published on the Internet, leaked data includes FBI website user name, email address and password are encrypted by SHA1 algorithm and encrypted with the salt.
The intruder CyberZeist intrusion is the way of using the vulnerability CMS content management system used by the FBI website a day zero, and this system called Plone is recognized as the most secure CMS content management system in history.
It is reported that CyberZeist was a member of the anonymous hacker organization Anonymous, the industry can also be described as notorious. He had also invaded Barclays Bank, Tesco Bank of England and the five military intelligence.
CyberZeist has even launched a public vote on Twitter to decide on the next target: government, banking, military, and others. He seemed to hear the roar of the heart: who else!?
Experts advise: as long as the vulnerability has not been repaired, all the sites using the system are likely to face the same risks, including the EU network information and security agencies, as well as intellectual property coordination center, etc..
3 data statistics 1
Government agencies website vulnerabilities repair rate as high as 90%
Recently, the 2016 China website security vulnerability situation analysis report said the release of 360 Internet Security Center, a substantial increase of 80%, average repair loopholes in the site of high risk vulnerabilities rate was only 42.9% under the background of government website vulnerabilities repair rate is as high as 77.1%, high-risk vulnerabilities repair rate is as high as 90%, ranked five the first type of site. In contrast, the rate of repair of social groups, individuals and businesses need to be improved: the corporate website is 45.5%, the personal website is, and the social group website is 38.3%.
This shows that the network security has become a national strategy in the context of China’s government agencies at all levels of attention to the security of the site has been an unprecedented increase.
IT\/ Internet industry website vulnerabilities up to the highest rate of government agencies website vulnerability fixes