Security Blogs Lists

From: https://jaq.alibaba.com/community/art/show?articleid=601

1、We Live Security
简介:主要研究网络威胁和恶意软件。
文章更新频率:9篇/周
2、Intel Security | McAfee Blogs
简介:麦咖啡的安全博客。
文章更新频率:88篇/周
3、Krebs on Security
简介:Brian Kerbs的个人博客,致力于调查网络犯罪和计算机安全。
文章更新频率:4篇/周
4、Dark Reading
简介:Dark Reading提供了网络安全热点新闻和攻击,漏洞攻击分析,以及企业数据的保护策略。
文章更新频率:29篇/周
5、Schneier on Security
简介:Bruce Schneier的个人博客,一位国际知名的安全技术专家和作家。
文章更新频率:9篇/周
6、Threatpost
简介:卡巴斯基实验室推送世界各地的安全新闻、技术分析、人物访谈的首发博客平台。
文章更新频率:18篇/周
7、Naked Security
简介:提醒用户关于各种各样的电脑安全威胁,包括最新的Facebook诈骗和流氓行为。
文章更新频率:18篇/周
8、Google Online Security Blog
简介:谷歌在互联网安全的新闻和见解。
文章更新频率:3篇/周
9、Graham Cluley
简介:反病毒专家Graham Cluley的个人博客。
文章更新频率:17篇/周
10、Infosecurity Magazine – Information Security & IT Security
简介:致力于信息安全的策略、行业洞察、技术研究。
文章更新频率:29篇/周
11、CSO Online
简介:提供一系列安全与风险管理的新闻、分析和研究主题。重点领域包括信息安全、数据保护、社会媒体安全、社会工程、安全意识等。
文章更新频率:50篇/周

12、Symantec Connect – Security Response
简介:提供防止恶意软件、安全漏洞、垃圾邮件的研究分析等内容。
文章更新频率:63篇/周

13、Security Affairs
简介:Pierluigi Paganini的个人博客,一个道德黑客,安全传道者和分析师。他还会定期采访黑客。
文章更新频率:29篇/周

14、CIO Security
简介:主要提供数据泄露和互联网威胁的安全新闻、技术分析、行业洞察等内容。
文章更新频率:32篇/周

15、ZoneAlarm Blog
简介:提供网络安全新闻、威胁和安全实践。ZoneAlarm是一款防火墙和杀毒软件。
文章更新频率:1篇/周

16、Troy Hunt
简介:Troy Hunt的个人博客,他是微软-澳大利亚地区主管,他也是许多网络安全课程的最高评级作者。
文章更新频率:3篇/周

17、Speaking of Security – The RSA Blog and Podcast
简介:云安全及网络攻防的安全博客。
文章更新频率:4篇/周

18、Help Net Security
简介:提供日常信息安全新闻。
文章更新频率:30篇/周

19、Paul’s Security Weekly
简介:主要提供安全新闻、漏洞分析、黑客行为研究等内容。
文章更新频率:4篇/周

20、Zero Day | ZDNet
简介:提供最新的软件/硬件安全研究、漏洞分析、安全威胁和网络攻击等内容。
文章更新频率:11篇/周

21、PayPal Stories
简介:PayPal官方博客平台,提供安全支付等相关的安全内容。
文章更新频率:1篇/周

22、Security on TechRepublic
简介:提供了众多的安全行业资源,如安全博客、技术论文和安全数据。
文章更新频率:5篇/周

23、Cybersecurity – Microsoft Secure Blog
简介:微软官方安全博客,深入探讨网络安全和技术趋势的影响,提供安全新闻,趋势分析和实际的安全指导。
文章更新频率:1篇/月

24、Cisco Blog | Security
简介:思科官方安全博客。
文章更新频率:6篇/周
25、Threat Level | WIRED
简介:WIRED杂志是美国著名的网络电子类杂志,反映电脑技术应用于现代和未来人类生活的各个方面。
文章更新频率:3篇/周
26、SANS Institute Security Awareness Tip of the Day
简介:每天SANS会发布一个新的提示,关注并解释一个特定的主题,人们可以采取可行的步骤来保护自己,他们的家庭和他们的组织。
文章更新频率:7篇/周

27、Data and computer security | The Guardian
简介:《卫报》是英国的全国性综合内容日报。这是其数据和计算机安全版块。
文章更新频率:2篇/周

28、Forbes – Security
简介:提供最新的网络安全资讯。
文章更新频率:32篇/周

29、Techworld – Security
简介:Techworld是商业技术行业的领导者,由IDG出版。其安全部分致力于分析最新的恶意软件威胁和0day漏洞。
文章更新频率:1篇/月

30、Connected – Official Blog of Connection, Inc.
简介:Stephen Nardone的个人博客,Stephen Nardone是一名安全主管,有34年在政府和商业方面业务安全的工作经验。
文章更新频率:5篇/周

My paper list to read

www17

  • Peizhe Cheng, Shuaiqiang Wang, Jun Ma, Jiankai Sun and Hui Xiong. Learning to Recommend Accurate and Diverse Items. The 26th International World Wide Web Conference (WWW)
  • Dimitrios Serbos, Shuyao Qi, Nikos Mamoulis, Evaggelia Pitoura and Panayiotis Tsaparas. Fairness in Package-to-Group Recommendations
  • Exploring Rated Datasets with Rating Maps

 

 

 

 

NDSS17

A Large-scale Analysis of the Mnemonic Password Advice
Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps

 

A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations
Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis
Dachshund: Digging for and Securing (Non-)Blinded Constants in JIT Code

 

Ramblr: Making Reassembly Great Again
BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments
A Broad View of the Ecosystem of Socially Engineered Exploit Documents
Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps
ASLR on the Line: Practical Cache Attacks on the MMU
Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit
Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones
HOP: Hardware makes Obfuscation Practical
TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation
Broken Hearted: How To Attack ECG Biometrics

 

DELTA: A Security Assessment Framework for Software-Defined Networks
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
A2C: Self Destructing Exploit Executions via Input Perturbation
Address Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity

USENIX2016 

You are Who You Know and How You Behave: Attribute Inference Attacks via Users’ Social Friends and Behaviors 

Stealing Machine Learning Models via Prediction APIs

FlowFence: Practical Data Protection for Emerging IoT Application Frameworks

Towards Measuring and Mitigating Social Engineering Malware Download Attacks

Specification Mining for Intrusion Detection in Networked Control Systems

APISan: Sanitizing API Usages through Semantic Cross-checking

Undermining Entropy-based Information Hiding (And What to do About it)

zxcvbn: Low-Budget Password Strength Estimation

Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud

ARMageddon: Cache Attacks on Mobile Devices 

Hidden Voice Commands

OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels

Trusted Browsers for Uncertain Times

Virtual U: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos

One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation

All Your Queries Are Belong to Us:The Power of File-Injection Attacks on Searchable Encryption

Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks

SGX-Enabled Oblivious Machine Learning

Poking Holes into Information Hiding

Off-Path TCP Exploits: Global Rate Limit Considered Dangerous

Request and Conquer: Exposing Cross-Origin Resource Size



Sigcomm

WebPerf: Evaluating What-If Scenarios for Cloud-hosted Web Applications

Taking the Blame Game out of Data Centers Operations with NetPoirot 



SAC
 
Accurate Spear Phishing Campaign Attribution and Early Detection

Rich Cloud-Based Web Applications with CloudBrowser 2.0 
Controlling the Elasticity of Web Applications on Cloud Computing

AsiaCCS

StormDroid: A Streaminglized Machine Learning-based System for Detecting Android Malware

Bilateral-secure Signature by Key Evolving

Efficient Authenticated Multi-Pattern Matching

Attestation Transparency: Building secure Internet services for legacy clients

Congesting the Internet with Coordinated And Decentralized Pulsating Attacks

Privacy and Utility of Inference Control Mechanisms for Social Computing Applications

StemJail: Dynamic Role Compartmentalization

Your Credentials Are Compromised, Do Not Panic: You Can Be Well Protected


DSN
Power-aware Checkpointing: Toward the Optimal Checkpointing Interval under Power Capping

A Sharper Sense of Self: Probabilistic Reasoning of Program Behaviors for Anomaly Detection with Context Sensitivity

Characterizing the Consistency of Online Services

Balancing Security and Performance for Agility in Dynamic Threat Environments
Specification Mining for Intrusion Detection in Networked Control Systems



CCS 2016
SmartWalk: Enhancing Social Network Security via Adaptive Random Walks

Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence

Content Security Problems? Evaluating the Effectiveness of Content Security Policy in the Wild

CSP is Dead, Long Live CSP: On the Insecurity of Whitelists and the Future of the Content Security Policy

CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-World Websites

A EpicRec: Towards Practical Differentially Private Framework for Personalized Recommendation

Generic Attacks on Secure Outsourced Databases

Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks

Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service