Two or three things about hackers

With the news of Li June's two-degree imprisonment, the dormant name reappeared in an entertaining gesture, and as the leaks and prism doors escalated, hackers and cybersecurity-related topics were once again on the list of topics. 360 led the anti-virus software free tide, no longer appear similar to panda large-scale destructive virus, the internet world seems to be clean a lot of, even antivirus software began to use check software upgrades, computing boot time and other ways to find some sense of existence. But "in circles," it seems, the cyber threat is just another form of existence, outside the public eye, there is a rather interesting internet world.

Li June's tragedy: The bad reputation of technology and the prospect of ruin

June 13, "Panda incense" virus author Li June was arrested again, this time not because of poison, but gambling. Lishui local media exposed the "Panda incense" virus author Li June and Zhangshun for the casino in Lishui arrested, the original Li June did not think, after 6 years, about his news will be in a very ironic way in the microblogging and circle of friends spread.

In 2007, Li June wrote the worm variant "Panda incense" through a large area of infection to wreak havoc on the network, the mainstream anti-virus software almost all taken off, since then Li June was dubbed the "Poison King" title, and followed by the two years of prison time.

December 2009, Li June because of good performance in advance out of jail, and then to rising, Jiangmin and other companies interviewed repeatedly hit the wall, when Jinshan to Li June provided a customer service position, wages only 3000 yuan, let this famous former "Poison King" can not accept.

But in fact, Li June's level is not very good, with the former MSRC (Microsoft Security Response Center) in charge of Chen Ke (alias), said panda incense virus is only a PE program infection, in the case of knowledge of the loophole, there are programming based people within two hours can write a panda incense, The real scary virus is not known, the user does not feel the existence of it.

Innovation Workshop under the "Safety Bao" joint product vice president, the former Alibaba Group Information Security Center security expert Wu Hanqing introduced, at that time to do this kind of virus Trojan people are not a few, are used to put together a number of public technology, and no original technology in the inside.

"He has this technique in the viral circle no one would think he is very high level." "Security Treasure CEO Majnoon said. Lee was released in 2009, Majnoon is responsible for technology research and Development, Li June to the rising interview, Majnoon, and other technical departments of the responsible for each other ventilation, refused to June, on the one hand because of the technical level, and more is because of the black industry chain has been involved in the "criminal record."

"Hackers are not aimed at any economic interests, this is the true hacker spirit." Majnoon said, "The hacker who had done bad things before, but then confused, so now generally use white hat and black hat to distinguish." "Wu Hanqing is a white hat."

In Majnoon and Wu Hanqing, Li June's story is more of a humanistic tragedy, after the prison job hit, Li June with immature technology again embarked on the black industry chain, and when he got out of prison to society, the difficulties will be much greater than the first time.

Windows sadness: The 80 's has not completed the vulnerability of IE the most dangerous

"How do you make Windows XP safe?" "When it comes to loopholes in the system, Chen Ke asks reporters.

Since 2003, the network Worm "shock wave" raging, the virus will cause the computer crashes and frequent restart, while through the DCOM RPC vulnerability to the designated computer attack, from then on, Microsoft began to focus on system security. In Chen Ke's words, XP security at that time was 0 points.

Microsoft Security Response Center is responsible for the timely detection of system vulnerabilities, and the release of the corresponding patches, Chen Ke revealed, because the first time to write the Windows kernel did not consider security issues, resulting in Windows Vista before the system is porous, according to internal statistics, Microsoft introduced a system patch, Most of them are patching up 1988-1990 of years of system holes left behind.

In addition to the kernel, most of the vulnerabilities are IE's, Wu Hanqing added. It is understood that the Dutch hacker Peter Vreugdenhil in the Pwn2Own hacker competition to break a complete patch of Windows 7, it is the use of IE 8 of a vulnerability.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/

However, Chen Ke said that Windows was breached in fact not so knew, Windows Vista did not have a Windows computer in the case of a simple network to be breached, the hacker competition is breached if the user opened the hacker to the program or link, hackers can break through the loopholes.

In Chen Ke's view, the loophole is far more frightening than the virus itself. "The loophole is like the door of the bank and the safe, the virus just reaches into the hand that takes things, there is no technical content, the real technical content is to find and open the door." "Chen Ke said.

Chen Ke introduced, now the virus is not because the anti-virus software has become strong, Symantec, trend technology and other sand casino servers have been hacked, the real reason for the less virus is because system vulnerabilities are increasingly difficult to find and use.

Wu Hanqing says there have been few new innovations in attack techniques over the years, but the trend has shifted from hanging horses to mass theft and mobile internet viruses. After the leak of Csdn's library, Tencent, Taobao and Alipay all found that the detection of user name and password, the large Web site database stolen will bring a series of security problems.

Hacker Wars: Angry Youth and "mass production hackers" farce

The transnational hacking war is another topic that has been talked about on the internet, the "hacker wars" between China, the US, South Korea and Vietnam have not been stopped, and Chinese hackers have been enjoying the game of crashing US Web servers.

"Hackers" who are keen to invade foreign Web servers and change their pages into slogans have sealed themselves with another name-red.

2001 as a U.S. reconnaissance aircraft over Hainan Island crashed a Chinese plane, leading to the loss of pilot Wang Wei, the outbreak of a massive U.S.-China hacker war, both sides continue to attack the other country's website, and as a "record."

However, there is no other technical means besides the modification of the Web page. More interesting is that many Chinese hackers hacked some of China's web sites to express their "patriotic" enthusiasm.

Another "white hat" Wang Hao (alias) to reporters that do these things in general anger and "children" mostly, now very few people do such a thing, once renowned "Red Guest Alliance" has been dissolved in 2004.

Wang Hao said that these technology sites can be learned, and even has formed the production of hackers "pipeline", the invasion of a website has become very systematic and flow of things.

Perhaps in these red guests it seems to be patriotic, but on the one hand, the so-called hacker war is not so much legendary color, more rely on tactics, and on the other hand, the majority of the black is also some ordinary websites.

"It's as if you're against a country and you're going to go to the streets of that country and kill a civilian at random, which doesn't really mean you." "Majnoon said. Tsinghua University Information Network Engineering Research Center Dr Zhuge Jian Wei said this way does not reflect a country in the network information security soft power, "Red Guest Alliance" founder Lion in the previous interview also admitted that the hacker war is more of a kind of anger behavior.

The above is only the tip of the iceberg, the hacker's lake and the spread of a variety of legends, and even rumors that a hacker even see "X" is looking at the binary code, however, in addition to anecdotal rumors, hackers are shouldering more security responsibilities, in the words of Majnoon, use technology to maintain network security, rather than to destroy, this is the real hacker spirit.