The Chinese Internet-a virtual world that seems to have been able to whisper, shop, store photos, and private letters-is opening up the last layer of danger when anyone can download a user's password library from several of the most popular websites.
Nearly half a month, CSDN, Tianya and other sites of users password database has been cracked and circulated online. A security crisis broke out for citizens ' personal information.
This may seem like an accident, but security insiders have judged that the CSDN site had been breached a few years ago, but that the "underground" flow of things, now ordinary people can get it. This may pull out a more complex chain. People in the internal security circle contacted by this newspaper said that many people were privately exchanging and sharing databases of various underground websites in the past two years. But it was just rumors, not sure.
A programmer for the security firm Qihoo 360 said the incident had broken the line of the hacker world-only to show off the technology or earn a little money and not spread it.
Black Christmas
2011 of December 25 is destined to be a restless Christmas.
Chinese developer Technology online community CS-DN database leaked news burst, the user's plaintext mailbox and password is not encrypted on the Internet, users can download.
The real outbreak, is four days before Christmas December 21 around 10 o'clock in the morning, a QQ users in a security field of the related QQ group said that they mastered the CSDN database, and then sent a link-the thunder of the shared link. The Thunder of this link is only installed the Thunderbolt software users can go to download. CSDN's database was first spread in the Thunderbolt.
Qihoo 360, a programmer to this newspaper said, at first he did not care too much, thought it was a joke, noon to eat before eating a try, the results really download success. He used the program statistics, a total of more than 6 million lines, all are plaintext mailbox and password, is a "universal ID", that is, can also be used to log in Jingdong, every guest or any what use the mailbox do user name website.
After verifying the authenticity of the library, the security vendor programmer removed the password library.
But to his shock is, Jinshan company, an employee of Han, the net named "Hzqedison" but chose another way, in the Thunderbolt fast disk sharing the full packet, the data download link immediately in the major hacker forum and QQ group quickly spread.
Things have escalated. "Leaked door" parties "Hzqedison" on the evening of 22nd published micro-Bo admitted to the spread, and to the vast number of netizens apologized.
Jinshan Company's interpretation of the matter is, in the meantime Hzqedison will part of the online Spread password library distributed to colleagues self-examination inadvertently be informed by outsiders, has been quickly deleted, only by individual colleagues to download.
Tiejun, a anti-virus engineer at Jinshan Poison PA, said to this newspaper, in the meantime, some part of the online spread cipher library to colleagues self-examination inadvertently by outsiders learned, and Hzqedison learned that the link has been known to outsiders, quickly deleted the link, according to the statistics before deletion, the link is not more than 5 colleagues to download, Did not cause proliferation-Han is not a rumor that the so-called hackers, not the culprit.
But on the Thunderbolt, links are wildly downloaded and spread. Thunderbolt Company after the start to clean up the leak link.
Of course, the recruit is not only csdn, online also broke the Tianya, century Jiayuan, treasure net and other well-known websites also use plaintext password, the user data is put online for public download.
January 4, the "Beijing Times" published in the Nineth edition of the News: never to participate in the online purchase of Mr. Wang also received several major E-commerce site delivery of goods, he did not order, but his name, contact the way are right. Asked the people around, Mr. Wang did not find the person to order.
"Smelly Boy" post
In this leaked incident, CSDN, Tianya and many small web sites of the total number of plaintext cipher has reached 70 million or 80 million. In addition, there is a large part of the ciphertext database, more than the plaintext password library.
Thereafter, CSDN's explanation for this is that the site used the early-text password (that is, when you save the password or network transfer password, using the visible characters, rather than after the encrypted ciphertext), using plaintext because and a third party chat program integration verification brought, This has not been processed by programmers in the future.
In fact, until April 2009, CS-DN programmers changed the way the password was saved and changed it to an encrypted password. But part of the old plaintext password has not been cleaned up, at the end of August 2010, CS-DN to the account database all plaintext password cleaned. 2011 New Year's Day, CSDN upgraded CSDN account management function, the use of strong encryption algorithm, account database from the Win-dowsserver SQL Server migrated to the Linux platform MySQL database, only to calculate the initial resolution of the CSDN account security issues.
In other words, before April 2009, the user's information on the CS-DN is a plaintext password library, after April 2009 is encrypted, but some plaintext password has not been cleaned up. All plaintext passwords were cleared at the end of August 2010--csdn said that since September 2010 all were safe, and that it might not be safe before September.
Many people in the domestic security circle contacted by this newspaper said that in the past two years many people were privately exchanging, sharing and selling various underground websites. But it was just rumors, not sure. This time, the user's password library has been downloaded to prove that about 20% is true, the rest is a long time ago, many accounts and passwords are no longer used.
Since then, the end of the world, 7k7k and many other companies are not the latest information, as early as December 4, these are in the "Cloud Net" published. Cloud Network is a platform for hackers to submit vulnerabilities to the enterprise, many hackers will be in the cloud online submission of loopholes.
A registered user who claims to be a "smelly Kid" has published a vulnerability report titled "China's major sites database exposure (Tencent also has)," described as "a large number of user information leakage", the harm level "high".
"Smelly Boy" post came out not long immediately let cloud network security enthusiasts fried Pot-10:30, the net named "Zerack-er" of the security enthusiasts first to "smelly boy" behavior commented, and posted the "People's Republic of China criminal law" and " Relevant provisions of the Standing Committee of the National People's Congress on the decision of safeguarding Internet security.
Security enthusiasts "Xsser" that "smelly kid" is necessary--do not let the network companies are not aware of the importance of security, enterprises will think that a strong password is safe. "Xsser" said the company's practice as "put the head in the sand" ostrich behavior.
Yes, some of the security enthusiasts are in favor of "Smelly Boy", others think that there is no need to post it, this is to make trouble for themselves, but also too love dazzle.
However, all do safe programmers know that the internet world is not absolute security! Because "villains, outsmart"!
The bottom line of being abandoned
CSDN's user information base was leaked and the cloud-owner felt it was "a bit fast" – in his experience, although the CSDN site had been breached several years ago, the "underground" flow of things that ordinary people can now get is enough to shock him- The user's password library was compromised and spread so fast.
In his view, in the virtual world of cyberspace, those who have mastered these passwords actually have the supreme power--in the presence of hackers, you are already naked. "Library This thing is like underwear you can have, but don't have to prove in public that you have" ... And when the underwear was made public, the ugliest side of the internet was also exposed.
There are few big sites on the list of leaked passwords, but because many users are registered in each website is the same mailbox and password, so the leak incident so that the entire industry jittery-American network in the discovery of the network has leaked the incident also to the relevant many users sent a reminder message, Tell the users who are now being compromised to change the US password as soon as possible.
A senior person who used to be a hacker said that in 2005 it would take only 10 minutes to break a website. Today, even with a supposedly--md5 encryption method, hackers can crack them for two weeks if they have time and energy.
Everything seems out of control.
These leaked user profiles, though largely proven to be no longer in use-only 20% are valid, but such a massive leak is the first time in China's internet history.
Cloud Net responsible told this newspaper, the password event spread so fast to his surprise. However, in his view, the leak is "accidental inevitable."
Yes, the user database of many websites is "towed" (towed, hacker jargon, that is, copied) is something that has happened long ago. These towed "libraries" have two kinds of fate, one is that hackers just to show off the technology and attack, not to make money, just do their own screenshots and other hackers than the technology as proof. The other is being used by some hackers to "make a little money"-to sell to companies that need them, or to steal the assets of their users ' accounts.
The hacker community has some of the most basic rules of the game, some of them follow the "Goodfellas" principle, including not in public to describe the details of cyber attacks, not to teach minors or training hacker technology, the proper preservation of potential social risk of user information and so on.
But now, there is no way to determine whether the former hacker is more or the latter one is the mainstream. The former is called "White Hat"-security engineers, security researchers and security technology enthusiasts, these "white hats" mostly have their own jobs, they find another site loophole, submitted to the cloud online.
Hackers and white hats
A simple logic is that when a privacy database is initially "towed" away, the hacker spends the most time and energy, and the value of the library is more valuable--unless he uses it to get enough resources and benefits, he will not disclose or disclose it. Slowly this thing more and more people have, the more people in the circle of the flow of the more, and the more uncontrollable-when the library finally published, it means that has been sold too wide.
Previously, "white hat" most of the loopholes submitted by webmasters do not pay attention to, cloud network was the creation of one of the original intention to have them and the site to establish a platform for communication between the meaning.
Now, these white hats for filing holes are starting to get the attention and respect of the Web site-they can even get some small gifts from companies by submitting vulnerabilities, mostly T-shirts, pens, cups and so on, as a token reward. On the cloud site, you can see that even Tencent has given a "gift" to a white hat.
However, the cloud platform was already inaccessible on December 29, 2011 due to system upgrades.
Cloud network Responsible said that the recent frequent disclosure of security incidents and the impact of the show, on the one hand, the overall security construction of enterprises is not perfect, but also feedback from the cloud platform and the community whether the communication channels or feedback and response mechanisms have some serious problems.
And in the in-depth discussion of the password leak problem, the Internet Senior analyst Bo (micro-Bo) said, can not be ruled out that there are individual hackers in the real name of a way to take.
One of the earliest hackers in China, who did not want to be named, estimated that there should be at least three people involved in the incident, at least one of whom was trying to remind netizens how terrible it would be if the real information were leaked.
In the head of cloud nets, the leaks are giving people a lesson: the Internet is unsafe.
Yes, only people who are safe know how insecure the online world is.
After the leak, Qihoo 360 said to this newspaper, the main reason for the site database leakage is that the Web site vulnerabilities are exploited by hackers, users of the computer security is also useless. Qihoo 360 through the company's security testing platform found that there are still 83% of the web site loopholes, 34% high-risk vulnerabilities.