双非是什么意思
|
女人喝什么茶叶好
|
什么水解渴
|
通讯地址是什么意思
|
毁谤是什么意思
|
1月12号是什么星座
|
头顶爱出汗是什么原因
|
胚轴发育成什么
|
麦穗是什么牌子
|
安陵容什么时候变坏的
|
凤毛麟角什么意思
|
来大姨妈不能吃什么水果
|
油面是什么
|
疮痈是什么意思
|
apm是什么
|
成也萧何败也萧何什么意思
|
落地成盒什么意思
|
吃什么最补胶原蛋白
|
休渔期是什么时候
|
7月30号是什么星座
|
脚疼是什么原因
|
闻鸡起舞是什么意思
|
牙龈疼是什么问题
|
伤感是什么意思
|
26周岁属什么
|
浑浑噩噩是什么意思
|
胃寒胃凉吃什么药
|
哨兵是什么意思
|
打黄体酮针有什么副作用
|
犄角旮旯是什么意思
|
刺激性干咳是什么症状
|
眼白有黄斑是什么原因
|
马口鱼是什么鱼
|
牛腩炖什么好吃
|
海之蓝是什么香型
|
826是什么意思
|
犒劳是什么意思
|
什么太阳
|
什么节气开始凉快
|
清宫和人流有什么区别
|
清真不吃什么肉
|
巧囊是什么原因形成的
|
血管很明显是什么原因
|
上午十点到十一点是什么时辰
|
结肠多发息肉是什么意思
|
双离合什么意思
|
肥皂水是什么
|
肺气肿是什么原因引起的
|
脚气是什么菌感染
|
5月31号什么星座
|
江苏属于什么方向
|
什么的桃花
|
脸色发黑发暗是什么原因
|
试孕纸什么时候测最准
|
因为我们没有什么不同
|
又吐又拉是什么原因
|
焖子是什么做的
|
小腿怕冷是什么原因
|
左侧小腹疼是什么原因
|
骨髓穿刺能查出什么病
|
浪琴名匠系列什么档次
|
部分导联t波改变是什么意思
|
hp是什么意思
|
腿肿脚肿是什么原因引起的
|
什么人容易得心脏病
|
降7是什么调
|
沙雕是什么意思
|
饮料喝多了有什么危害
|
牙痛用什么药
|
hcg值低是什么原因
|
风湿性关节炎吃什么药
|
结石能喝什么茶
|
印度为什么那么热
|
心脑血管疾病吃什么药
|
全套什么意思
|
硬气是什么意思
|
男人吃鸽子有什么好处
|
吃素对身体有什么好处
|
心脏供血不足吃什么
|
扁桃体肥大是什么原因造成的
|
脚发麻什么原因
|
女人阴道痒是什么原因
|
喜用神什么意思
|
可孚属于什么档次
|
花代表什么数字
|
7月去青海带什么衣服
|
胎儿偏小吃什么补得快
|
什么命的人会丧偶
|
狗狗能吃什么水果
|
少一个睾丸有什么影响
|
烤鱼一般用什么鱼
|
人吃什么才能长胖
|
结晶是什么
|
周杰伦为什么喜欢昆凌
|
blue是什么颜色
|
四气指的是什么
|
暴力倾向的人有什么表现
|
禄蠹是什么意思
|
捡肥皂什么意思
|
乌龟用什么呼吸
|
双星座是什么意思
|
走路摔跤是什么征兆
|
r级电影是什么意思
|
321是什么意思
|
水杨酸有什么作用
|
申的五行属什么
|
老年斑是什么原因引起的
|
彻夜难眠什么意思
|
火把节在每年农历的什么时间举行
|
阴虱长什么样
|
脑血栓是什么原因引起的
|
什么叫碳水化合物
|
免疫力低会引起什么病
|
梦见大火是什么意思
|
属兔的和什么属相最配
|
天空像什么的比喻句
|
五月初五是什么星座
|
什么样的闪电
|
鬼压床是什么原因造成的
|
陈赫什么星座
|
吃什么能治疗早射
|
什么情况吃通宣理肺丸
|
六月种什么菜
|
hrd是什么职位
|
今年温度为什么这么高
|
达瓦里氏什么意思
|
使婢差奴过一生是什么意思
|
cmv病毒是什么病毒
|
玉溪烟属于什么档次
|
吃力不讨好是什么意思
|
阴道瘙痒是什么原因
|
梦见婆婆去世预示什么
|
生理盐水敷脸有什么作用
|
下肢水肿吃什么药
|
每天坚持黄瓜敷脸有什么效果
|
什么食物含铅
|
载脂蛋白a1偏高是什么原因
|
蔬菜沙拉一般用什么蔬菜
|
狗狗身上有皮肤病用什么药
|
牛大力和什么泡酒壮阳
|
孩子为什么不愿意上学
|
白蚁吃什么
|
硫酸亚铁适合浇什么花
|
千金是什么生肖
|
丁目是什么意思
|
割韭菜是什么意思
|
cr医学上是什么意思
|
什么时候排卵
|
大林木命适合做什么行业
|
咳嗽用什么药
|
阿赖耶识是什么意思
|
大面积杀跳蚤用什么药
|
气血不足喝什么
|
气血两亏是什么意思
|
生日礼物送什么
|
co2是什么意思
|
什么的街道
|
什么地躺着
|
尿频尿急吃什么药
|
烧包是什么意思
|
宝宝干呕是什么原因
|
拔罐为什么会起水泡
|
扳机指是什么原因造成的
|
去离子水是什么水
|
淡定从容是什么意思
|
用甲硝唑栓有什么反应
|
豇豆不能和什么一起吃
|
419什么意思
|
吃什么养肝护肝最好
|
尿毒清颗粒主治什么病
|
画作是什么意思
|
什么都没有
|
修罗道是什么意思
|
crp偏高说明什么
|
公交车是什么意思
|
不还信用卡有什么后果
|
r级电影是什么意思
|
冬至吃什么馅的饺子
|
甘草不能和什么一起吃
|
为什么尿酸高
|
气胸吃什么药
|
胆囊息肉样病变是什么意思
|
发烧流鼻血是什么原因
|
血糖高可以吃什么蔬菜
|
生长激素由什么分泌
|
夜盲症是什么
|
臀位是什么意思
|
尿路感染什么症状
|
夜明珠代表什么生肖
|
脂肪最终被消化成什么
|
adh是什么激素
|
无毛猫叫什么
|
什么叫转基因
|
75岁属什么
|
小腿痒痒越挠越痒是什么原因
|
什么叫人均可支配收入
|
平平仄仄是什么意思
|
什么花是白色的
|
3.17是什么星座
|
金榜题名是什么生肖
|
一什么床
|
胃不舒服可以吃什么水果
|
孩子发烧吃什么饭菜好
|
狗狗打疫苗前后要注意什么
|
脑白质疏松是什么意思
|
这是什么车
|
脚底板热是什么原因
|
尖锐是什么意思
|
bpm什么意思
|
贡缎是什么面料
|
贪狼是什么意思
|
ppq是什么意思
|
人怕冷是什么原因
|
两癌筛查主要查什么
|
jeans是什么品牌
|
梦见水果是什么意思
|
幼小衔接班是什么意思
|
八仙桌是什么生肖
|
单反是什么意思
|
骨折和骨裂有什么区别
|
秋葵什么季节吃
|
梅州有什么大学
|
唯我独尊指什么生肖
|
09年是什么年
|
玉米属于什么类
|
脑血栓是什么意思
|
爱马仕为什么要配货
|
总掉头发是什么原因女
|
粉玫瑰适合送什么人
|
72岁属什么
|
焦虑会引起什么症状
|
眼睛不舒服是什么原因引起的
|
血常规什么颜色的管子
|
假性宫缩是什么感觉
|
大便想拉又拉不出来是什么原因
|
一什么菜地
|
超能力是什么意思
|
什么是积
|
风采是什么意思
|
肺有问题会出现什么症状
|
什么的火车
|
动态密码是什么
|
夕阳什么意思
|
兵部尚书相当于现在的什么官
|
肌酐低是什么意思
|
缺维生素b吃什么食物
|
聚什么会什么
|
春的五行属性是什么
|
血脂稠是什么原因造成的
|
致电是什么意思
|
沼泽地是什么意思
|
净值是什么
|
吃三七粉有什么效果
|
什么减肥药最安全
|
身是什么结构的字
|
马齿苋能治什么病
|
十二月八号是什么星座
|
在屋顶唱着你的歌是什么歌
|
pa是什么
|
可是什么意思
|
营养性贫血是什么意思
|
清凉补是什么
|
印度什么时候独立的
|
吃什么可以护肝养肝
|
百度
Security Blog
The latest news and insights from Google on security and safety on the Internet
Compiler-based security mitigations in Android P
June 27, 2018
Posted by Ivan Lozano, Information Security Engineer
[Cross-posted from the
Android Developers Blog
]
Android's switch to LLVM/Clang as the default platform compiler in Android 7.0 opened up more possibilities for improving our defense-in-depth security posture. In the past couple of releases, we've rolled out additional compiler-based mitigations to make bugs harder to exploit and prevent certain types of bugs from becoming vulnerabilities. In Android P, we're expanding our existing compiler mitigations, which instrument runtime operations to fail safely when undefined behavior occurs. This post describes the new build system support for Control Flow Integrity and Integer Overflow Sanitization.
Control Flow Integrity
A key step in modern exploit chains is for an attacker to gain control of a program's control flow by corrupting function pointers or return addresses. This opens the door to code-reuse attacks where an attacker executes arbitrary portions of existing program code to achieve their goals, such as
counterfeit-object-oriented
and
return-oriented
programming. Control Flow Integrity (CFI) describes a set of mitigation technologies that confine a program's control flow to a call graph of valid targets determined at compile-time.
While we first supported LLVM's CFI implementation in select components in Android O, we're greatly expanding that support in P. This implementation focuses on preventing control flow manipulation via indirect branches, such as function pointers and virtual functions—the 'forward-edges' of a call graph. Valid branch targets are defined as function entry points for functions with the expected function signature, which drastically reduces the set of allowable destinations an attacker can call. Indirect branches are instrumented to detect runtime violations of the statically determined set of allowable targets. If a violation is detected because a branch points to an unexpected target, then the process safely aborts.
Figure 1
. Assembly-level comparison of a virtual function call with and without CFI enabled.
For example,
Figure 1
illustrates how a function that takes an object and calls a virtual function gets translated into assembly with and without CFI. For simplicity, this was compiled with -O0 to prevent compiler optimization. Without CFI enabled, it loads the object's vtable pointer and calls the function at the expected offset. With CFI enabled, it performs a fast-path first check to determine if the pointer falls within an expected range of addresses of compatible vtables. Failing that, execution falls through to a slow path that does a more extensive check for valid classes that are defined in other shared libraries. The slow path will abort execution if the vtable pointer points to an invalid target.
With control flow tightly restricted to a small set of legitimate targets, code-reuse attacks become harder to utilize and some memory corruption vulnerabilities become more difficult or even impossible to exploit.
In terms of performance impact, LLVM's CFI requires compiling with
Link-Time Optimization (LTO)
. LTO preserves the LLVM bitcode representation of object files until link-time, which allows the compiler to better reason about what optimizations can be performed. Enabling LTO reduces the size of the final binary and improves performance, but increases compile time. In testing on Android, the combination of LTO and CFI results in negligible overhead to code size and performance; in a few cases both improved.
For more technical details about CFI and how other forward-control checks are handled, see the
LLVM design documentation
.
For Android P, CFI is
enabled by default
widely within the media frameworks and other security-critical components, such as NFC and Bluetooth.
CFI kernel support
has also been introduced into the Android common kernel when building with LLVM, providing the option to further harden the trusted computing base. This can be tested today on the HiKey reference boards.
Integer Overflow Sanitization
The UndefinedBehaviorSanitizer's (UBSan) signed and unsigned integer overflow sanitization was first utilized when
hardening the media stack
in Android Nougat. This sanitization is designed to safely abort process execution if a signed or unsigned integer overflows by instrumenting arithmetic instructions which may overflow. The end result is the mitigation of an entire class of memory corruption and information disclosure vulnerabilities where the root cause is an integer overflow, such as the original Stagefright vulnerability.
Because of their success, we've expanded usage of these sanitizers in the media framework with each release. Improvements have been made to LLVM's integer overflow sanitizers to reduce the performance impact by using
fewer
instructions
in ARM 32-bit and removing
unnecessary
checks
. In testing, these improvements reduced the sanitizers' performance overhead by over 75% in Android's 32-bit libstagefright library for some codecs. Improved Android build system support, such as better diagnostics support, more sensible crashes, and globally sanitized integer overflow targets for testing have also expedited the rollout of these sanitizers.
We've prioritized enabling integer overflow sanitization in libraries where complex untrusted input is processed or where there have been security bulletin-level integer overflow vulnerabilities reported. As a result, in Android P the following libraries now benefit from this mitigation:
libui
libnl
libmediaplayerservice
libexif
libdrmclearkeyplugin
libreverbwrapper
Future Plans
Moving forward, we're expanding our use of these mitigation technologies and we strongly encourage vendors to do the same with their customizations. More information about how to enable and test these options will be available soon on the
Android Open Source Project
.
Acknowledgements: This post was developed in joint collaboration with Vishwath Mohan, Jeffrey Vander Stoep, Joel Galenson, and Sami Tolvanen
Better Biometrics in Android P
June 21, 2018
Posted by Vishwath Mohan, Security Engineer
[Cross-posted from the
Android Developers Blog
]
To keep users safe, most apps and devices have an authentication mechanism, or a way to prove that you're you. These mechanisms fall into three categories: knowledge factors, possession factors, and biometric factors.
Knowledge
factors ask for something you know (like a PIN or a password),
possession
factors ask for something you have (like a token generator or security key), and
biometric
factors ask for something you are (like your fingerprint, iris, or face).
Biometric authentication mechanisms are becoming increasingly popular, and it's easy to see why. They're faster than typing a password, easier than carrying around a separate security key, and they prevent one of the most common pitfalls of knowledge-factor based authentication—the risk of
shoulder surfing
.
As more devices incorporate biometric authentication to safeguard people's private information, we're improving biometrics-based authentication in Android P by:
Defining a better model to measure biometric security, and using that to functionally constrain weaker authentication methods.
Providing a common platform-provided entry point for developers to integrate biometric authentication into their apps.
A better security model for biometrics
Currently, biometric unlocks quantify their performance today with two metrics borrowed from machine learning (ML): False Accept Rate (FAR), and False Reject Rate (FRR).
In the case of biometrics, FAR measures how often a biometric model accidentally classifies an incorrect input as belonging to the target user—that is, how often another user is falsely recognized as the legitimate device owner. Similarly, FRR measures how often a biometric model accidentally classifies the user's biometric as incorrect—that is, how often a legitimate device owner has to retry their authentication. The first is a security concern, while the second is problematic for usability.
Both metrics do a great job of measuring the accuracy and precision of a given ML (or biometric) model when applied to random input samples. However, because neither metric accounts for an active attacker as part of the threat model, they do not provide very useful information about its resilience against attacks.
In Android 8.1, we
introduced two new metrics
that more explicitly account for an attacker in the threat model: Spoof Accept Rate (SAR) and Imposter Accept Rate (IAR). As their names suggest, these metrics measure how easily an attacker can bypass a biometric authentication scheme. Spoofing refers to the use of a known-good recording (e.g. replaying a voice recording or using a face or fingerprint picture), while impostor acceptance means a successful mimicking of another user's biometric (e.g. trying to sound or look like a target user).
Strong vs. Weak Biometrics
We use the
SAR/IAR metrics
to categorize biometric authentication mechanisms as either strong or weak. Biometric authentication mechanisms with an SAR/IAR of 7% or lower are strong, and anything above 7% is weak. Why 7% specifically? Most fingerprint implementations have a SAR/IAR metric of about 7%, making this an appropriate standard to start with for other modalities as well. As biometric sensors and classification methods improve, this threshold can potentially be decreased in the future.
This binary classification is a slight oversimplification of the range of security that different implementations provide. However, it gives us a scalable mechanism (via the tiered authentication model) to appropriately scope the capabilities and the constraints of different biometric implementations across the ecosystem, based on the overall risk they pose.
While both strong and weak biometrics will be allowed to unlock a device, weak biometrics:
require the user to re-enter their primary PIN, pattern, password or a strong biometric to unlock a device after a 4-hour window of inactivity, such as when left at a desk or charger. This is in addition to the 72-hour timeout that is enforced for both strong and weak biometrics.
are not supported by the forthcoming
BiometricPrompt API
, a common API for app developers to securely authenticate users on a device in a modality-agnostic way.
can't authenticate payments or participate in other transactions that involve a KeyStore auth-bound key.
must show users a warning that articulates the risks of using the biometric before it can be enabled.
These measures are intended to allow weaker biometrics, while reducing the risk of unauthorized access.
BiometricPrompt API
Starting in Android P, developers can use the
BiometricPrompt API
to integrate biometric authentication into their apps in a device and biometric agnostic way. BiometricPrompt only exposes strong modalities, so developers can be assured of a consistent level of security across all devices their application runs on. A support library is also provided for devices running Android O and earlier, allowing applications to utilize the advantages of this API across more devices .
Here's a high-level architecture of BiometricPrompt.
The API is intended to be easy to use, allowing the platform to select an appropriate biometric to authenticate with instead of forcing app developers to implement this logic themselves. Here's an example of how a developer might use it in their app:
Conclusion
Biometrics have the potential to both simplify and strengthen how we authenticate our digital identity, but only if they are designed securely, measured accurately, and implemented in a privacy-preserving manner.
We want Android to get it right across all three. So we're combining secure design principles, a more attacker-aware measurement methodology, and a common, easy to use biometrics API that allows developers to integrate authentication in a simple, consistent, and safe manner.
Acknowledgements: This post was developed in joint collaboration with Jim Miller
End-to-end encryption for push messaging, simplified
June 5, 2018
Posted by Giles Hogben, Privacy Engineer and Milinda Perera, Software Engineer
[Cross-posted from the
Android Developers Blog
]
Developers already use HTTPS to communicate with Firebase Cloud Messaging (FCM). The channel between FCM server endpoint and the device is encrypted with SSL over TCP. However, messages are not encrypted end-to-end (E2E) between the developer server and the user device unless developers take special measures.
To this end, we
advise
developers to use keys generated on the user device to encrypt push messages end-to-end. But implementing such E2E encryption has historically required significant technical knowledge and effort. That is why we are excited to announce the
Capillary open source library
which greatly simplifies the implementation of E2E-encryption for push messages between developer servers and users' Android devices.
We also added functionality for sending messages that can only be decrypted on devices that have recently been unlocked. This is designed to support for decrypting messages on devices using
File-Based Encryption
(FBE): encrypted messages are cached in Device Encrypted (DE) storage and message decryption keys are stored in
Android Keystore
, requiring
user authentication
. This allows developers to specify messages with sensitive content, that remain encrypted in cached form until the user has unlocked and decrypted their device.
The library handles:
Crypto functionality and key management across all versions of Android back to
KitKat
(API level 19).
Key generation and registration workflows.
Message encryption (on the server) and decryption (on the client).
Integrity protection to prevent message modification.
Caching of messages received in unauthenticated contexts to be decrypted and displayed upon device unlock.
Edge-cases, such as users adding/resetting device lock after installing the app, users resetting app storage, etc.
The library supports both RSA encryption with ECDSA authentication and
Web Push encryption
, allowing developers to re-use existing server-side code developed for sending E2E-encrypted Web Push messages to browser-based clients.
Along with the library, we are also publishing a demo app (at last, the Google privacy team has its own messaging app!) that uses the library to send E2E-encrypted FCM payloads from a gRPC-based server implementation.
What it's not
The open source library and demo app are not designed to support peer-to-peer messaging and key exchange. They are designed for developers to send E2E-encrypted push messages from a server to one or more devices. You can protect messages between the developer's server and the destination device, but not directly between devices.
It is not a comprehensive server-side solution. While core crypto functionality is provided, developers will need to adapt parts of the sample server-side code that are specific to their architecture (for example, message composition, database storage for public keys, etc.)
You can find more technical details describing how we've architected and implemented the library and demo
here
.
Insider attack resistance
June 1, 2018
Posted by Shawn Willden, Staff Software Engineer
[Cross-posted from the
Android Developers Blog
]
Our smart devices, such as mobile phones and tablets, contain a wealth of personal information that needs to be kept safe. Google is constantly trying to find new and better ways to protect that valuable information on Android devices. From partnering with
external researchers
to find and fix vulnerabilities, to adding new features to the Android platform, we work to make each release and new device safer than the last. This post talks about Google's strategy for making the encryption on Google Pixel 2 devices resistant to various levels of attack—from platform, to hardware, all the way to the people who create the signing keys for Pixel devices.
We encrypt all user data on Google Pixel devices and
protect the encryption keys in secure hardware
. The secure hardware runs highly secure firmware that is responsible for checking the user's password. If the password is entered incorrectly, the firmware refuses to decrypt the device. This firmware also limits the rate at which passwords can be checked, making it harder for attackers to use a brute force attack.
To prevent attackers from replacing our firmware with a malicious version, we apply digital signatures. There are two ways for an attacker to defeat the signature checks and install a malicious replacement for firmware: find and exploit vulnerabilities in the signature-checking process or gain access to the signing key and get their malicious version signed so the device will accept it as a legitimate update. The signature-checking software is tiny, isolated, and vetted with extreme thoroughness. Defeating it is hard. The signing keys, however, must exist somewhere, and there must be people who have access to them.
In the past, device makers have focused on safeguarding these keys by storing the keys in secure locations and severely restricting the number of people who have access to them. That's good, but it leaves those people open to attack by coercion or social engineering. That's risky for the employees personally, and we believe it creates too much risk for user data.
To mitigate these risks,
Google Pixel 2 devices
implement
insider attack resistance
in the tamper-resistant hardware security module that guards the encryption keys for user data. This helps prevent an attacker who manages to produce properly signed malicious firmware from installing it on the security module in a lost or stolen device without the user's cooperation. Specifically, it is not possible to upgrade the firmware that checks the user's password unless you present the correct user password. There is a way to "force" an upgrade, for example when a returned device is refurbished for resale, but forcing it wipes the secrets used to decrypt the user's data, effectively destroying it.
The Android security team believes that insider attack resistance is an important element of a complete strategy for protecting user data. The Google Pixel 2 demonstrated that it's possible to protect users even against the most highly-privileged insiders. We recommend that all mobile device makers do the same. For help, device makers working to implement insider attack resistance can reach out to the Android security team through their Google contact.
Acknowledgements: This post was developed in joint collaboration with Paul Crowley, Senior Software Engineer
Labels
#sharethemicincyber
#supplychain #security #opensource
AI Security
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2025
Jul
Jun
May
Apr
Mar
Feb
Jan
2024
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2023
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2022
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2021
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2020
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2019
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2018
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2017
Dec
Nov
Oct
Sep
Jul
Jun
May
Apr
Mar
Feb
Jan
2016
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2015
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
2014
Dec
Nov
Oct
Sep
Aug
Jul
Jun
Apr
Mar
Feb
Jan
2013
Dec
Nov
Oct
Aug
Jun
May
Apr
Mar
Feb
Jan
2012
Dec
Sep
Aug
Jun
May
Apr
Mar
Feb
Jan
2011
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
2010
Nov
Oct
Sep
Aug
Jul
May
Apr
Mar
2009
Nov
Oct
Aug
Jul
Jun
Mar
2008
Dec
Nov
Oct
Aug
Jul
May
Feb
2007
Nov
Oct
Sep
Jul
Jun
May
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
如法炮制是什么意思
山竹里面黄黄的是什么
场所是什么意思
什么动物吃猫
处女座属于什么星象
子鼠是什么意思
菊花泡水喝有什么功效
腰果不能和什么一起吃
白带什么时候来
桉字五行属什么
什么笔不能写字
吃饭掉筷子有什么预兆
头是什么意思
摩卡是什么意思
range rover是什么车
晟是什么字
痛经喝什么药
什么颜色加什么颜色等于什么颜色
羊水破了有什么感觉
后脑勺白头发多是什么原因
什么果hcv9jop5ns5r.cn
泡打粉可以用什么代替hcv9jop1ns1r.cn
血管瘤是什么东西hcv8jop0ns7r.cn
法西斯战争是什么意思hcv9jop5ns3r.cn
梦见来月经是什么意思hcv8jop2ns4r.cn
用酒擦身体有什么好处hcv8jop0ns7r.cn
哆啦a梦为什么没有耳朵hcv8jop3ns3r.cn
儿童说话不清楚挂什么科wzqsfys.com
数农是什么hcv9jop4ns2r.cn
查过敏原挂什么科hcv8jop3ns3r.cn
金刚是什么意思hcv8jop2ns4r.cn
逆行是什么意思hcv7jop6ns8r.cn
grace什么意思中文hcv7jop9ns1r.cn
建档需要准备什么资料hcv8jop7ns8r.cn
男生为什么要做包皮手术hcv7jop6ns1r.cn
痛经可以吃什么水果hcv9jop6ns4r.cn
学海无涯苦作舟的上一句是什么naasee.com
阴道痒是什么原因wuhaiwuya.com
势均力敌是什么意思hcv8jop7ns8r.cn
病是什么偏旁hcv8jop4ns1r.cn
百度
Follow