UniQue

安装原因：CentOS 4自带的vsftpd服务器在遇到中文名称时，用windows下的ftp客户端访问会出现乱码，为了解决这个问题，需要重装vsftpd。

  

已有前人发现并解决这个问题，根本原因是Linux的UTF-8编码与windows默认的编码GBK不兼容，如下帖：

(http://www...

在C:\WINDOWS\system32\drivers\etc\Hosts文件中加入一行：

66.249.89.104 encrypted.google.com

再访问https://www.google.com，自动重定向到https://encrypted.google.com，于是就可以搜索任何内容了。

 

如果想加密访问Google的Cache功能，请在Hosts文件...

1、安装

  很容易，直接解压就行了

2、嵌入到Cadence

  在/cadence root/tools/dfII/local/.cdsinit文件中加入以下两行

setSkillPath("/calibre root/ixl_cal_2007.1_24.22/shared/pkgs/icv/ixl/tools/queryskl")

load("calibre.skl")

  再启动...

在中国gdp世界第二，国内各大门户网站军事博客集体yy，国内一片he xie的大环境下，日本仅用了很小的代价就得到了diao yu dao，诺大一个13亿多人的中国却连个道歉也要不到，还派了专机才接回船长。

我在想，我们是不是把日本的军舰当成海盗了？好像只要把人和船放回来了就没事了？只可惜那海不是加勒比海，而是中国领海！ 那船也不是小小的海盗船，而是上千吨级的军舰…

中国拥有稀土和可能成为第二个中东的南海和东海，拥有几千年不间断的历史，天时地利尽占，只可惜被一个卖国zf统治着，真是悲哀…

等着美日登岛演习的时候中国再来一次集体抗议吧，然后过几个月就又没啥事了…

真是挺可悲的，一是民众向来挨打挨压迫没维权意识惯了，二是就算不想挨打了就算来个全民抗议也是屁用没有。

The blog will be updated more frequently.

沉寂很久了，今天终于爆发了一次，3mm波段功率合成单片功率放大器研制成功！

关键词：3mm波段(w波段)，单片微波集成电路(mmic)，功率合成

1年磨1剑，上次w波段流片到现在快2年了，现在我们组做mmic设计已经日渐成熟，GaN小组那边也捷报频传，在自己的工艺线流出了ku波段GaN基单片高功率放大器，我们HBT组也终于成功做出W波段单片功率放大器、振荡器、倍频器、分频器等集成电路。

这批片子早在半年前就从syb同学手中诞生，但直到今天它才正式测出增益，16指合成的两级放大器，在85GHz处有大于10dB的增益！

据我所知，这应当是国内第一片W波段功率合成的单片功放了。 最难能可贵是我们工艺是自己的，建模提参是自己的，仿真以及版图设计是自己的，测试平台也是自己的！

同时我们组还做超高速数模混合电路(主要是dds和adc)以及国际上很热门的石墨烯…

我想，全国范围内有条件做到这些，又如此精炼的队伍恐怕是寥寥无几了。

记住这个长长的名字：中国科学院微电子研究所微波器件与集成电路研究室HBT小组

我以在这个小组奋斗过为荣！

1、谷歌退出中国是因为竞争不过百度？

    不能说错，也不能说对。谷歌在中国的营收一直在增长，我不是学经济/金融的，不知道怎么查权威的数据，但是从网上查到的新闻稿看来，谷歌2009在中国营收大概2～3亿美金，百度09年营收是6.5亿美金，谷歌大概20%～30%的市场占有率，百度则高达60%，如此看来百度貌似比谷歌强大多了， 先别YY

    百度其实算不上是民族企业，具体参见“http://sexybusiness.blogbus.com/logs/4956446.html”，其实百度赚的大部分钱还是去了美国人腰包。 

   但是30%也不是小数目了，要知道几年前这个数字才10%，那为什么谷歌要走？谷歌2009年在中国的营收才2～3亿，但是其全球的营收却又175亿美金，相比之下，百度只有它的1/27，那为什么谷歌在中国确竞争不过百度呢，其实喜欢谷歌产品的人非常多，应该说它在中国的发展潜力根本不是百度这种公司所能比得了的，竞争不过百度原因很多，但是我认为最重要的原因就是中国的审查制度。谷歌其实有很多附属产品，全球最大的视频网站youtube、Gmail、Blogger、Picasa、Google Docs、Facebook（国内的校内网、开心网则是完全盗版Facebook）等，还包括GPhone、Android等，参见“http://tech.163.com/06/0427/15/2FNONUSU00091589.html”，但是很多都在伟大的GFW封锁之下，应该说如果google在中国继续推行审查机制，那些相应网站都搞所谓中国版本比如youtube中国、blogger中国等等，它也能赚到钱，而且能很赚钱，毕竟它的技术是一流的，但是它不愿意这么做，百度可以无耻的推行竞价排名、删除负面信息，但是谷歌不愿意，因为如果它这样做了，它会失去更大的全球市场，所以相比之下，它更愿意牺牲中国这个“大型局域网”，局域网再大，也只不过是局域网。

    综上，不是谷歌竞争不过百度，而是谷歌不愿意继续用现在这种方式与百度竞争。

2、黑客事件

    谷歌以及几十家国外公司在同一时间段都声称遭到中国黑客攻击，谷歌称部分人权人士Gmail帐号被攻击，这个消息我一点都不意外，在中国这是非常正常的现象了，如果你在国内用国内的邮件服务，可要小心，你所发送的内容可都在监控之下，如果发了点什么违法的东西，尤其是政治相关的，那邮件商完全可以提供你的IP、登录时间等详细信息，而Gmail在国外，咱们zf管不了，攻击一下很正常，但是同时还在攻击那么多外企这个有点看不懂，国内黑客还不至于这么吃饱了撑着吧。

    当然，这个事件我估计也只是谷歌退出的借口之一，这种攻击可能是什么时候都有，只是现在想退出了才拿出来说事。 不管是不是借口，它所声称的黑客攻击事件应当是真实存在的，只是可能没我们想的那么严重。

3、谷歌退出中国意味着我们就不能用谷歌搜索了？

    错，谷歌只是说了他撤销了google.cn、g.cn（谷歌在国内的和谐版）搜索引擎，google.com，google.com.hk，google.com.tw等还是能正常使用，只是这些服务器都在大陆以外，zf管不着了，在内陆的人想用还是照样用，不过只是有可能啥时候咱们伟大的河蟹把它夹了，那样我们就真用不了google搜索了

4、谷歌发展前景

    google公司的发展只会更好，它可以把更多的精力放在核心业务上，而不必再为审查、屏蔽所烦恼了，在国内的员工们也不会有太大变化，搞产品研发其实跟所谓的搜索内容审查没什么关系。

    全球老大仍将继续辉煌，一个公司要想在这个复杂的多元化多极化世界里长久的强大，是需要有自己信条的，这点Google做的很好。

 

    以上仅个人观点，认不认可是大家的自由，言论本当自由

————————————————————————————

    这篇应当不会被河蟹吧？

转载自http://www.xynbnb.com/thread-72319-1-1.html

貌似很牛X，国外网站炒得很火，国内还是没啥消息，谁知道是真是假…… 等吧

微软承认IE漏洞导致Google被攻击
来自Microsoft Technet Blogs
http://blogs.technet.com/msrc/ar ... dvisory-979352.aspx

Thursday, January 14, 2010 1:31 PM by MSRCTEAM
Security Advisory 979352 Released
Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks.  Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer.  Additionally, we are cooperating with Google and other companies, as well as authorities and other industry partners.

Microsoft remains committed to taking the appropriate action to help protect our customers. We released Security Advisory 979352 to provide customers with actionable guidance and tools to help with  protections against exploit of this vulnerability. Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6 at this time. Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out of band.

It is important to note that complex attacks targeting specific corporate networks are becoming more prevalent in the threat landscape, therefore organizations should follow defense-in-depth best practices, and deploy multiple layers of protection to improve their security posture. In addition, Protected Mode in IE 7 on Windows Vista and later significantly reduces the ability of an attacker to impact data on a user’s machine. Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.

Customers can also set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones or configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. You can find details on implementing these settings in the advisory.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY).  Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov. Customers should follow the guidance in the advisory and our Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software (learn more by visiting the Protect Your PC web site). International customers can find their Regional Customer Service Representative http://support.microsoft.com/common/international.aspx.

We are also working with our Microsoft Active Protections Program (MAPP), the Microsoft Security Response Alliance (MSRA), authorities and other industry partners to help provide broader protections for customers. Together with our partners, we will continue to monitor the threat landscape and will take action against any web sites that seek to exploit this vulnerability.

The Security Advisory will be updated with any new developments so if you are not already subscribed to our comprehensive alerts, please do so in order to be alerted by email when new information is added.

-Mike Reavey

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Filed under: Security Advisory, Internet Explorer (IE), Workarounds, Defense-in-depth, Exploitability, Zero-Day ExploitAnonymous comments are disabled


-------



“Aurora” Exploit In Google Attack Now Public

McAfee CTO 发布blog说被命名为“极光”的攻击Google的恶意代码已经公开，微软已经采取措施
原文：http://siblog.mcafee.com/cto/“aurora”-exploit-in-google-attack-now-public/

Computer code that exploits the yet-to-be-patched Internet Explorer vulnerability used in Operation Aurora to attack Google and others in December has now been published on the Internet.
McAfee Labs researchers have seen references to the code on mailing lists and confirmed on Friday that the code was published on at least one Web site. The exploit code is the same code that McAfee Labs had been investigating and shared with Microsoft earlier this week, resulting in a security advisory from Microsoft that was published on Thursday.
The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability. The now public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit. This attack is especially deadly on older systems that are running XP and Internet Explorer 6.
As reported on Thursday by McAfee and confirmed by Microsoft, the security vulnerability affects Internet Explorer on all recent versions of Windows. An attacker could gain complete control over a vulnerable system by tricking a user to visit a rigged Web page. New versions of Windows make this exploitation harder, but not impossible.
McAfee Labs has been working around the clock, diving deep into the attack we are calling “Operation Aurora” that hit multiple companies and was publicly disclosed by Google on Tuesday. In our investigation of the attack we discovered that one of the malware samples involved in this broad attack exploits a new, previously unknown vulnerability in Microsoft Internet Explorer.
Many people are taking the matter seriously. The German government, for example, has recommended that its citizens stop using Internet Explorer and use alternative browsers instead.
One of the areas I continue to get questions on is how to stop zero day attacks. One technology is white listing, such as products from our Solidcore family (application control) help to protect against 0-day attacks without signatures and without applying a patch. This is especially important in cases like this, where patches have yet to be released.
McAfee continues to work closely with Microsoft, the government and others to investigate the attacks. Stay tuned to my blog and my Twitter account for more details.


--------

更多细节披露，来自著名的《连线》杂志

原文：http://www.wired.com/threatlevel/2010/01/operation-aurora/ （可能需要番羽土啬）

Google Hack Attack Was Ultra Sophisticated, New Details Show
By Kim Zetter   January 14, 2010  |  8:01 pm  |  Categories: Breaches, Cybersecurity, Hacks and Cracks
Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee.

“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,” says Dmitri Alperovitch, vice president of threat research for McAfee. “It’s totally changing the threat model.”

Google announced Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack originated from China, the company said.

The attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity, according to Alperovitch.

“The encryption was highly successful in obfuscating the attack and avoiding common detection methods,” he said. “We haven’t seen encryption at this level. It was highly sophisticated.”

The hack attacks, which are said to have targeted at least 34 companies in the technology, financial and defense sectors, have been dubbed “Operation Aurora” by McAfee due to the belief that this is the name the hackers used for their mission.

The name comes from references in the malware to the name of a file folder named “Aurora” that was on the computer of one of the attackers. McAfee researchers say when the hacker compiled the source code for the malware into an executable file, the compiler injected the name of the directory on the attacker’s machine where he worked on the source code.

Minutes after Google announced its intrusion, Adobe acknowledged in a blog post that it discovered Jan. 2 that it had also been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Neither Google nor Adobe provided details about how the hacks occurred.

In the wake of Threat Level’s Thursday story disclosing that a zero-day vulnerability in Internet Explorer was exploited by the hackers to gain access to Google and other companies, Microsoft published an advisory about the flaw that it already had in the works.

McAfee has added protection to its products to detect the malware used in the attacks.

Although the initial attack occurred when company employees visited a malicious website, Alperovitch said researchers are still trying to determine if this occurred through a URL sent to employees by e-mail or instant messaging or through some other method, such as Facebook or other social networking sites.

Once the user visited the malicious site, their Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. The programs unloaded seamlessly and silently onto the system, like Russian nesting dolls, flowing one after the other.

“The initial piece of code was shell code encrypted three times and that activated the exploit,” Alperovitch said. “Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.”

One of the malicious programs opened a remote backdoor to the computer, establishing an encrypted covert channel that masqueraded as an SSL connection to avoid detection. This allowed the attackers ongoing access to the computer and to use it as a “beachhead” into other parts of the network, Alperovitch said, to search for login credentials, intellectual property and whatever else they were seeking.

McAfee obtained copies of malware used in the attack, and quietly added protection to its products a number of days ago, Alperovitch said, after its researchers were first brought in by hacked companies to help investigate the breaches.

Although security firm iDefense told Threat Level on Tuesday that the Trojan used in some of the attacks was the Trojan.Hydraq, Alperovitch says the malware he examined was not previously known by any anti-virus vendors.

iDefense also said that a vulnerability in Adobe’s Reader and Acrobat applications was used to gain access to some of the 34 breached companies. The hackers sent e-mail to targets that carried malicious PDF attachments.

Alperovitch said that none of the companies he examined were breached with a malicious PDF, but he said there were likely many methods used to attack the various companies, not just the IE vulnerability.

Once the hackers were in systems, they siphoned off data to command-and-control servers in Illinois, Texas and Taiwan. Alperovitch wouldn’t identify the systems in the United States that were involved in the attack, though reports indicate that Rackspace, a hosting firm in Texas, was used by the hackers. Rackspace disclosed on its blog this week that it inadvertently played “a very small part” in the hack.

The company wrote that “a server at Rackspace was compromised, disabled, and we actively assisted in the investigation of the cyber attack, fully cooperating with all affected parties.”

Alperovitch wouldn’t say what the attackers might have found once they were on company networks, other than to indicate that the high-value targets that were hit “were places of important intellectual property.”

iDefense, however, told Threat Level that the attackers were targeting source-code repositories of many of the companies and succeeded in reaching their target in many cases.

Alperovitch says the attacks appeared to have begun Dec. 15, but may have started earlier. They appear to have ceased on Jan. 4, when command-and-control servers that were being used to communicate with the malware and siphon data shut down.

“We don’t know if the attackers shut them down, or if some other organizations were able to shut them down,” he said. “But the attacks stopped from that point.”

Google announced Tuesday that it had discovered in mid-December that it had been breached. Adobe disclosed that it discovered its breach on Jan. 2.

Aperovitch says the attack was well-timed to occur during the holiday season when company operation centers and response teams would be thinly staffed.

The sophistication of the attack was remarkable and was something that researchers have seen before in attacks on the defense industry, but never in the commercial sector. Generally, Alperovitch said, in attacks on commercial entities, the focus is on obtaining financial data, and the attackers typically use common methods for breaching the network, such as SQL-injection attacks through a company’s web site or through unsecured wireless networks.

“Cyber criminals are good … but they cut corners. They don’t spend a lot of time tweaking things and making sure that every aspect of the attack is obfuscated,” he said.

Alperovitch said that McAfee has more information about the hacks that it’s not prepared to disclose at present but hopes to be able to discuss them in the future. Their primary goal, he said, was to get as much information public now to allow people to protect themselves.

He said the company has been working with law enforcement and has been talking with “all levels of the government” about the issue, particularly in the executive branch. He couldn’t say whether there were plans by Congress to hold hearings on the matter

------------

前面一些信息的汇总翻译 来自CSDN

【滚动更新】Google受攻击技术细节曝光
原文地址：http://news.csdn.net/a/20100115/216509.html


【1月17日更新】

McAfee CTO George Kurtz在发表了新的博客文章，称之前提到的极光行动中使用的针对IE漏洞的恶意代码已经在网上发布，但他没有说明是哪个网站。

稍早前媒体报道，Yahoo应该在Google受攻击之前就遭到了攻击，但它没有公开，只是自己加强了安全防范。

【1月16日7:30重要更新】



《连线》杂志文章给出了大量攻击细节，非常值得一读。

文章引述McAfee公司的话，说（攻击Google的）黑客使用了前所未有的战术，组合了加密、隐秘编程技术和IE中的未知漏洞，意图是窃取Google、Adobe和许多其他大公司的源代码。

该公司威胁研究副总裁Dmitri Alperovitch说：在国防工业之外，我们从未见过商业行业的公司遭受过如此复杂程度的攻击。

Alperovitch说，攻击者使用了十几种恶意代码和多层次的加密，深深地挖掘进了公司网络内部，并巧妙掩盖自己的活动。在掩饰攻击和防范常规侦测方法上，他们的加密非常成功。我们从未见过这种水平的加密。非常高超。

McAfee之所以将这种攻击命名为Auroro（极光），是因为他们发现，黑客在将恶意代码编译为可执行文件时，编译器将攻击者机器上的路径名插入代码中。

在IE漏洞被曝光后，微软很快发布了针对性的安全建议书。而McAfee也在其产品中增加了侦测这种攻击所用恶意代码的功能。

虽然最初的攻击始自公司雇员访问恶意网站，但是研究人员还在试图确定网站的URL是通过邮件、聊天程序还是其他方式，比如Facebook或者其他社会化网站。

当用户访问恶意网站的时候，他们的IE浏览器将被袭击，自动而且秘密地下载一系列恶意代码到计算机中。这些代码就像俄罗斯套娃那样，一个跟着一个地下载到系统中。

Alperovitch表示，最初的攻击代码是经过三次加密的shell code，用来激活漏洞挖掘程序。然后它执行从外部机器下载的程序，后者也是加密的，而且会从被攻击机器上删除第一个程序。这些加密的二进制文件将自己打包为几个也被加密的可执行文件。

其中一个恶意程序会打开一个远程后门，建立一个加密的秘密通道，伪装为一个SSL链接以避免被侦测到。这样攻击者就可以对被攻击机器进行访问，将它作为滩头阵地，继续进攻网络上的其他部分，搜索登录凭据、知识产权和其他要找的东西。

McAfee因参与攻击调查，从被攻击公司那里得到了攻击所用的一些恶意代码副本，并在几天前加强了自己的产品。

对于另一家安全企业iDefense之前所说的有些攻击使用了Trojan.Hydraq木马，Alperovitch表示，他发现的恶意代码此前任何反病毒厂商都不知道。

iDefense还说攻击者使用了恶意PDF附件和Adobe PDF程序的漏洞，而Alperovitch说，他调查的公司里没有发现这种情况。但他表示攻击不同公司的方法可能不同，不限于IE漏洞。

当黑客进入系统后，他们将数据发送给位于美国伊利诺依州和得克萨斯州以及中国台湾的指挥控制服务器。Alperovitch所没有识别到美国的系统牵涉到这次攻击，也没有提到攻击者的战果。但Rackspace报告他们无意中在攻击中发挥了少量作用。而iDefense则表示攻击者的目标是许多公司的源码库，而且很多情况下都成功得手。

Alperovitch说攻击看上去是从12月15日开始的，但也有可能更早。似乎结束于1月4日，那一天，用来与恶意代码传输数据的指挥控制服务器被关闭。

他说：我们不知道服务器是由攻击者关闭的，还是其他组织关闭的。但是从那时起，攻击停止了。

Aperovitch还指出，攻击的时机非常好，是在假日期间，公司的运营中心和安全响应团队人手很少。攻击的复杂程度令人印象深刻，是那种此前仅针对国防工业的攻击类型。一般对于商业部门，攻击只是为了获取财务方面的信息，通常是通过SQL注入攻击公司的网站，或者攻击公司不安全的无线网络。网络罪犯一般不会花大量的时间把攻击精雕细刻到如此程度，每个方面都采取混淆/加密防范。

McAfee还掌握了更多攻击细节，但目前不准备公布。他们已经与美国执法部门合作，并将这一问题告知美国各级[好人你好,好人再见]。

对于Google可能退出中国声明中提到的此前所受到的攻击，安全技术界给出了各种解释。

VeriSign公司的iDefens实验室的安全分析师发布了一份媒体公告，称黑客攻击了主要的源代码库。

VeriSign说超过30家技术公司遭到了一系列攻击，这有可能始于七月份的一种类型相近的攻击，这一攻击通过包含恶意PDF文件的电子邮件信息攻击了100个IT公司。金融和防御机构也有可能遭到了攻击。
VeriSign iDefense在其公告中称：据熟悉这种攻击的人员透漏，攻击者采取了传播针对Google的恶意代码的方式和使用PDF作为电邮附件的攻击方式；这些文件的特征和去年7月份一次攻击的特征很相似。这两起攻击中，恶意文件都在Windows DLL中安插了一个后门木马。
VeriSign说这两起攻击使用了相似的IP地址，并使用了相同的命令和控制结构。这些IP地址都属于Linode（一家美国的虚拟私有服务器主机供应商）所有。

VeriSign说：考虑到它们是如此接近，有可能这两种攻击就是同一种攻击。那些遭到硅谷攻击的组织自七月以来就一直处于威胁之中。

类似的分析在《MIT技术评论》的这篇文章中有比较全面的介绍。

而McAfee CTO George Kurtz（也是《黑客大曝光》一书的作者之一）则明确不同意这种观点，他在博客中称，Google所受攻击应该源于一种新的此前不大为人所知的IE漏洞。McAfee已经向微软通报了此漏洞，预计不久微软将提供相关建议。他表示，攻击主要针对某些能够访问重要知识产权的特定人员，攻击者向他们发送像是来自一个信任来源的链接或者附件，诱使目标点击，不知不觉中下载和安装恶意软件，为攻击者打开后门，进入所属公司的网络。

Kurtz将这种攻击命名为Aurora（极光）。他在文中还说到，安全威胁已经进入了一个新时代，类似的攻击只是冰山之一角。与之前常见的影响广泛的病毒如红色代码不同，这种攻击需要复杂而精巧的社交工程配合，一般目标极为明确，往往指向有利可图或者机密的知识产权。

【更新】

微软已经在自己的网站发布了一个关于Kurtz所述IE漏洞的安全建议，其中指出，漏洞是IE中的一个无效指针引用。在一些情况下，这个指针可能在对象删除之后仍然能够访问。在精心设计的攻击中，通过试图访问已被释放的对象，IE可以被用来允许远程代码的执行。

微软表示，该漏洞将影响Windows各版本上的IE 6到IE 8浏览器。只有较老的IE 5.01 SP4不受影响。如果怀疑自己的电脑已经受到这一漏洞的影响，可以访问https://consumersecuritysupport. ... spx?mkt=en-usscrx=1。

微软公司已经承诺尽快推出补丁。

McAfee的威胁研究副总裁Dmitri Alperovitch表示，这种攻击非常复杂，此前往往针对的是[好人你好,好人再见]和国防部门，应该不是业余者所为。McAfee之所以将这种攻击称为Aurora（极光），是因为该恶意代码的二进制文件路径名是这个单词。相信这是攻击者自己为这种攻击所起的名字。

另据IOActive公司渗透测试总监Dan Kaminsky说，Windows XP及以上版本的DEP（数据执行保护）功能有助于防范此类攻击。另外，虽然Google所受攻击用到的恶意代码只影响IE 6，但这个漏洞仍然可以用来攻击更高版本。不过，Windows Vista和Windows 7采用了ASLR（地址空间布局随机化，address space layout randomization）的保护技术，大大增加了攻击的难度。

【1月15日20:17更新】

《华尔街日报》文章说：据了解（对Google）攻击的知情人士透露，黑客试图通过六个台湾的网络地址来掩饰自己的身份，这是中国大陆黑客的惯常策略。

六个地址中，有五个为提供网络电视电影的年代数位媒体股份有限公司(Era Digital Media Co.)所有。该公司表示对攻击并不知情，并拒绝发表更多评论。第六个地址为金融软件提供商奇唯科技股份有限公司所有。奇唯表示，已于6月份弃用相关地址。

台湾内政部警政署科技犯罪防制中心主任李相臣表示，两家公司本身可能都是受害者。

【1月16日5:15更新】

读写网报道，在影响Google安全的IE漏洞曝光后，德国[好人你好,好人再见]呼吁不要使用微软的浏览器。因为其他黑客也会利用这一漏洞。

另有网友爆料，Google中国公司上海办公室有程序员涉嫌盗窃Gmail源代码。此消息未经Google公司证实。

纽约时报报道，Google受到的攻击可能牵涉到的其他著名公司又增加了国防工业的Northrop Grumman和知名安全厂商Symantec。

    继DDS之后，下一步要做类似下面所说的东东，2~4GSps 8bit ADC，如Maxim的MAX109，National的ADC083000，E2V的EV10AQ190。这些ADC芯片指标都是世界级的，全部都是禁运产品，所以这项任务有很大的挑战，半年后能否成功拭目以待吧！

    国产、实用化GSps以上8bit单片ADC一旦研制成功，不论对军用市场还是民用市场来说都是一个大喜讯。GSps以上超宽带通信、数字阵列雷达、软件无线电、高频示波器等领域均对高速ADC有着迫切的需求。

   就说这些，开始努力吧！

 

 

Max109框图：

ADC083000框图：

 

 

 

 

EV10AQ190框图：

 

————————————————————————————

    ISSCC被拒了，明年再冲一次！

 

    虽然美中有一点点不足的是输出波形有一点点失调，SFDR离仿真结果有一定差距，但是已经达到我们预计的目标了，DDS2中的ROM正常工作，输出波形正确，SFDR在40%时钟频率范围内能达到40dBc，在50%范围内能达到30dBc以上，直接上图：

  这款DDS芯片最高时钟频率为5GHz，频率控制字为8位。下面的波形是用泰克12.5GHz/50GSps示波器抓到的，那示波器可是个大家伙，也很贵……

  5GHz时钟频率，控制字为1，输出频率为19.5MHz：

   5GHz时钟频率，控制字为127，输出频率为2.48GHz：

  5GHz时钟频率，控制字为93，输出频率1.816GHz，频谱照片：

    由于我们采用全差分设计，输入输出都是差分的，但是测试设备有限只能用单端测试，可以看到控制字93时还有39.84dBc的SFDR，如果用差分测试则完全可以达到40dBc。

    控制字127时时域波形是不是特像个糖葫芦啊~

    下一步就是做Demo板了，一定要做的炫一点，嘿嘿~