Día da muller/deusa traballadora CPI A PICOTAismadeuhia
Celebración do día da muller traballadora, 8 de marzo, no CPI a Picota onde este ano se tratan os mitos e deusas como tema do centro. Relacionando todo isto, saleu a seguinte recoleción de traballos.
Mulleres que fixeron historia en moi diversas ramas: ciencia, historia, economía, literatura, artes, ....
Presentación da Biblioteca do IES da Pobra do Caramiñal
We are all learning most of the time, but we often don’t recognise this! Many people only feel they have had some development if they have been on a course. Courses can be a great way to develop people, though they can be expensive and people are not always able to put what they have learned into practice when they come back to the work place.
In this on demand webinar, Developing People with the 70/20/10 Model, Jayne McPhillimy has introduced different ways of recognising, and therefore encouraging the development of your people through a range of interventions.
These interventions are often more effective than a traditional course approach and are invariably a more cost effective option.
At the end of this practical on demand webinar recording, you will:
Understand the 70/20/10 Model for Learning & Development and how this approach could support the development of the people in your business.
Widen the scope for what is considered to be learning and development activity in your business.
Understand how you can use this approach to build a ‘Learning Culture’, where people firstly recognise the learning opportunities around them and then actively seek them out.
Be able to move people away from the idea that learning only happens on a Training Course
This webinar is aimed at all those involved in developing staff from HR Managers to Senior Business Leaders and Managers.
You can view the full webinar at the end of the slide deck and if you would like to view more on demand webinars or attend the live Shorebird RPO events, please visit http://www.shorebird-rpo.com/free-webinars
Poco más de 100 Mujeres que han hecho Historia de las cuales hemos recopilado Información desde la Red Social del conocimiento www.uimp20.es.
Propuesta creada para sumarnos al debate sobre el desarrollo de los objetivos del milenio desde una perspectiva de género
Día da muller/deusa traballadora CPI A PICOTAismadeuhia
Celebración do día da muller traballadora, 8 de marzo, no CPI a Picota onde este ano se tratan os mitos e deusas como tema do centro. Relacionando todo isto, saleu a seguinte recoleción de traballos.
Mulleres que fixeron historia en moi diversas ramas: ciencia, historia, economía, literatura, artes, ....
Presentación da Biblioteca do IES da Pobra do Caramiñal
We are all learning most of the time, but we often don’t recognise this! Many people only feel they have had some development if they have been on a course. Courses can be a great way to develop people, though they can be expensive and people are not always able to put what they have learned into practice when they come back to the work place.
In this on demand webinar, Developing People with the 70/20/10 Model, Jayne McPhillimy has introduced different ways of recognising, and therefore encouraging the development of your people through a range of interventions.
These interventions are often more effective than a traditional course approach and are invariably a more cost effective option.
At the end of this practical on demand webinar recording, you will:
Understand the 70/20/10 Model for Learning & Development and how this approach could support the development of the people in your business.
Widen the scope for what is considered to be learning and development activity in your business.
Understand how you can use this approach to build a ‘Learning Culture’, where people firstly recognise the learning opportunities around them and then actively seek them out.
Be able to move people away from the idea that learning only happens on a Training Course
This webinar is aimed at all those involved in developing staff from HR Managers to Senior Business Leaders and Managers.
You can view the full webinar at the end of the slide deck and if you would like to view more on demand webinars or attend the live Shorebird RPO events, please visit http://www.shorebird-rpo.com/free-webinars
Poco más de 100 Mujeres que han hecho Historia de las cuales hemos recopilado Información desde la Red Social del conocimiento www.uimp20.es.
Propuesta creada para sumarnos al debate sobre el desarrollo de los objetivos del milenio desde una perspectiva de género
18. 2. 安全趋势
(1) 安全统计
■一月份微软安全更新现况
这次微软发表的更新项有两个。
[图 2-1]按攻击对象为标准的 MS 安全更新
危险度 漏洞 PoC
重要 MS11-001 Windows 备份管理者的公开漏洞 有
MS11-002 Microsoft Data Access Components 漏洞(DSN
紧急 无
Overflow)
19. MS11-002 Microsoft Data Access Components 漏洞(ADO Record
紧急 有
Memory)
[表 2-1] 2011 年 1 月 MS 主要安全更新
本月发表了两个 Patch。MS11-01 是 Windows 备份管理员在特定制作的库文件和相同网
络路径下打开文件时执行的远程代码漏洞。MS11-02 是 Microsoft Data Access
Components 漏洞,在打开改造的网页时执行远程代码使攻击者获取用户权利的漏洞。
由于一部分 PoC 公开,需要引起注意。还有,一月初发表的 0-day 相关漏洞 CVE-
2010-3971(IE CSS 漏洞), CVE-2010-3970(MS 图像引擎漏洞)本月没有包含在内。
■病毒侵害网站现况
[图 2-2] 2011 年 1 月侵害网站现况
以上统计为按月份整理的侵害网站现况图,比上个月有所增加。这次发现特别内容将
在‘3. 网站安全趋势’里详细说明。
20. (2) 安全疫情
■Windows Graphics Rendering Engine漏洞. CVE-2010-3970
在 Windows Graphics Rendering Engine(Shimgvw.dll)处理 thumbnail image 的时候
所发生的 Stack-based Buffer Overflow 来执行任意代码。
[그림 2-3] 윈도우 그래픽 렌더링 엔진 취약점. CVE-2010-3970
이 취약점은 국내 보안 콘퍼런스에서 Moti & Xu Hao 가 발표한 것으로, 아직
공격사례는 발생하고 있지 않으나 PoC 가 공개된 만큼 각별한 주의가 필요하다.
또한, 해당 취약점은 사용자가 폴더 보기옵션 중 ‘미리 보기’를 설정할 때만
발생하므로 이 옵션이 불필요한 경우 해제하는 것이 좋다.
■ 2011 스톰웜 봇넷
StormWorm 是木马病毒,是在 2007 年 1 月 17 日发现的,同年 1 月 19 日急速扩散,感
染了全世界 PC 的 8%。这个病毒是通过电子邮件伪装成天气紧急新闻,使用户下载执
行文件。2008 年出现了伪装成‘FBI vs FaceBook’的 Strom Worm。就像这样伪装成
社会疫情的关键词,通过邮件传播的蠕虫叫 Strom Worm 或者 Wale Dac 来命名。2010
年 12 月 30 日出现了伪装成年末休假的垃圾邮件。Steven Adair 把这个命名为
Waledac 2.0 或者 Storm Worm 3.0。下载并执行垃圾邮件所包含的伪装链接或文件,
会感染蠕虫。感染的 PC 将被恶意使用为垃圾邮件的发送地。连接被蠕虫感染的网站或
21. 服务器,33byte 或 417byte 有效载荷里包含以“0102010101010201”开始的数据。
[图 2-4] Storm Worm 有效载荷
到目前为止恶性样本持续增加,主要通过邮件来传播,所有不要随意阅读或打开疑似
邮件。
病毒按类型分布中,间谍软件 22,371 个占 28.3%为第一位,释放(Dropper)有 22,183
个占 28.1%为第二位。
■病毒分布顺序
顺序 升落 病毒名 数量 比率
1 - Win-Adware/Shortcut.InlivePlayerActiveX.234 13,938 29.3 %
2 1 Win-Adware/Shortcut.Tickethom.36864 5,275 11.1 %
3 NEW Win32/Virut.D 4,853 10.2 %
4 NEW Dropper/Natice.52224 4,839 10.2 %
5 NEW Win-Trojan/Qqpass.37376.B 4,767 10 %
6 NEW Dropper/Onlinegamehack.36864.J 3,989 8.4 %
7 NEW Dropper/Win32.Natice 2,676 5.6 %
8 NEW Win32/Virut.F 2,526 5.3 %
9 NEW Dropper/Win32.Infostealer 2,434 5.1 %
10 NEW Trojan/Win32.Qqpass 2,200 4.6 %
[表 3-3]通过网络分布的病毒 Top 10