If you get rid of it, it's not at the point you think.

Source: Internet
Author: User

If you get rid of it, it's not at the point you think.

 

I am still looking forward to my speech in QCon Shanghai in October 18 on the topic "programmers and hackers". I have made a lot of effort on this topic, I used my programmers and hackers' career as a primary key.

 

These two roles are very interesting in the face of security issues :)

 

Why am I writing this article today?

 

For holidays ......

 

It took a lot of courage to see @ Occam Razor and a large number of security personnel/hackers in PK. Later @ Wang Sicong and @ Zhou Hongyi came to join in, so the topic became popular, PK's fuse is as follows:

 

Note: Let's look at Weibo accounts.

 

Red box:

「 The online banking password is encrypted, and WIFI is only a channel, so it is impossible to obtain the bank card password .」

 

This is the key point of the PK. From the perspective of hackers, this sentence is definitely not true:

1. Is the encryption algorithm reliable? Is this algorithm reliable? Do you still remember this defect of Apple SSL?

 

2. Is the bank card password obtained in a Wi-Fi environment encrypted? If an ssltrip-like man-in-the-middle phishing attack is executed, the plaintext password may be obtained, and the phishing method can be more than ssltrip.

 

3. Another even more terrible idea is to implant Trojans into mobile phones by all the cumbersome means.

 

Of course, if someone regards this as only an academic PK for password security, they can ignore the hacker group because hackers do not play with Cryptography at all.

 

For hackers :「If you get rid of it, it's not what you think.This is why many people do not understand the real hacking process.

 

Let's continue with some examples.

 

For example, in a mailbox, I thought it was really safe to ensure all SSL communication. I was not dragged into the database yet, And XSS was full of sky, so it was easy to use the XSS vulnerability to take your mailbox account.

 

The other day, the only cloud service in the world that is not afraid of hackers. Cloud storage like Dropbox, uses an encrypted file to crack hackers all over the world. In this way, I dare to say that "the only one in the world is not afraid of hackers". Why are there so many cloud vulnerabilities? Which hacker will be dumb to get the encrypted file? :)

 

There are a lot of such examples. In the final analysis, hackers are not familiar.When your system is dealing with hackers, it is all-encompassing. Defense is a whole! As long as Hackers break through any point, you will lose.It is possible to lose money.

 

In other words, science popularization requires a lot of courage. I have also done a lot of science popularization and helped many people over the past year, but I have also been ridiculed by some people. Of course, I am not afraid, because I can beat some people at the technical level, but I still have some brainless brains. For example, I have to let him be hacked. If he really has the value of being hacked, I would like, however, it is worthless to be mentally handicapped.

 

@ Ocham razor I respect myself. It really takes courage to popularize science! In particular, you have the courage to acknowledge your shortcomings.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.