12306 Web site calls for users to find the most vulnerable to a reward of 2000 yuan

Absrtact: In recent days, 12306 of Web site user data leaked to become the focus of public attention, railway police quickly captured leaked suspects. Yesterday 12306 Web sites have joined the world's largest vulnerability response platform to start bug fixes. Website Supervisor China Railway Science

In recent days, 12306 of Web site user data leaked to become the focus of public attention, railway police quickly captured leaked suspects. Yesterday 12306 Web sites have joined the world's largest vulnerability response platform to start bug fixes. Web site Director of the Chinese Academy of Railway Science, the highest reward 2000 yuan, call users to find loopholes.

Prior to this, media reports said that a large number of 12306 Web site user information was leaked, known publicly disseminated database involving more than 130,000 user data, disclosure of information, including user accounts, plaintext password, ID card, mailbox and so on.

12306 Access vulnerabilities corresponding platform

It is reported that 360 "fill the sky" is the first cash reward loopholes in the platform. Security experts and hackers to submit vulnerability reports to the enterprise, according to the extent of vulnerability and impact of the scope of the enterprise cash rewards, so as to help enterprises to proactively identify and repair vulnerabilities, improve the level of Internet security protection.

Yesterday, a netizen named "Zhao 360" published micro-blog said, 12306 has been connected to the world's largest vulnerability response platform, the establishment of private security Emergency Response Center, actively collect and deal with the vulnerability, the certification for the security software author's users want security experts to help 12306 to submit and assist in vulnerability repair.

Earlier, 360 security experts said 12306 was "hit the Library" (hackers will get the data in other sites to try to login), it is likely that its mobile phone app loophole, after the patch platform detection, found that 12306 of mobile phone app has a loophole, its login interface can be hackers malicious use, Unlimited attempts to hit the library cracked.

Yesterday, 360 said the leak had been reported to the Chinese Railway Customer service Center for repair, 12306 responded positively and added a vulnerability response platform.

The total amount of the vulnerability reward has reached 3050 yuan

Reporter yesterday to fill the hole response platform, found that the real name certification for "China Railway Science Research Institute" manufacturers have registered and released a reward information. And one of the copyright owners of the 12306 website is China Railway Scientific Research Institute.

Site records show that in just 3 days, several netizens have provided more than 10 vulnerabilities. China Railway Scientific Research Institute with the highest award of 2000 yuan to the way we hope that everyone actively provide loopholes. The current cumulative amount has reached 3050 yuan.

360 security experts introduced, during the inspection process, they also found 12306 other sites security risks, 12306 to join the platform to help users to discover and assist in the repair of vulnerabilities.