Industry Information Station

According to a Fox News report, Saturday, the Anonymous hacker organizations on United Kingdom Web site of the Department of the Interior launched the attack to protest against the United Kingdom Government’s plans to develop a new email monitoring policy. United Kingdom Web site of the Department of the Interior, 9:30 attack, about 7th local time, before that Anomynous on Twitter, publish blog posts to the United Kingdom Home Office Web site attacks.

In more than an hour after that, the site is still inaccessible, Home still shows “server not found”. This not only reminiscent of former United States CIA (Central Intelligence Agency) and other organizations be Anomynous scenes of denial of service attacks.

Anomynous the United Kingdom Home Office website attack because, by the United Kingdom Prime Minister David Cameron (David Cameron) wishes to involve a coalition Government under the leadership of national security in the United Kingdom throughout the expansion of the scope of e-mail monitoring.

The new legislation would allow the United Kingdom Government to conduct secret trials, and allow government agencies to all United Kingdom citizens, including e-mail, telephone, text messaging, and online activities tracked.

United Kingdom Home Office spokesman said, “we are aware of the Web site of the Department of the Interior will become a target of protests. We have done all the preventive measures, and this will be closely watched. ”

Fenghuangwang technology

Thanks chnhack post
United States telecommunications company Verizon releases annual security report, as the hacker organizations active, 2011 global has about 100 million users of its data by hackers. By 2012, according to the hacker group Anonymous leader and one of the organizers, as well as Government informants revealed that famous Anonymous hacker organizations have so far arrested about dozens of active members. Judging from these statistics, information security was a fruitful year of 2011.

But according to Verizon Thursday annual data security survey report, in 2011, the hackers are more for people to feel their presence, information security conditions were much more severe than in the past, influence or even hackers in some aspects more than the financial criminals, because they tend to be free to modify data.

Verizon security team analysis of 855 data breach last year, 3% of them are by hackers. While looking at the percentage, the impact of hacker appears to be minimal, but Verizon Wade Baker, head of Security said, compared with the data before, increasingly serious hackers to steal user data. As in previous years, Verizon monitoring data show: hackers to steal user data as a proportion of the just is not 1%. In addition according to the exposure of the Anonymous hacker organizations attack targets, objects are now being attacked have become some of the large companies or organizations, while these users are attack events also rose to 25%.

According to actual records of the attack showed that under the influence of many radical hackers, just about 177 million of users data disclosed last year, of which 100 million related to a data breach hacker. Also worth mentioning are: in these statistical data, does not even include hacking on some website attacks denial of service attacks, or a defect, just focus on user data theft.

Vice President Bryan Sartin of Verizon corporate security and risk, the data in the event of theft, are essentially Anonymous hacker organizations and their affiliates. He explained that, in the data in the event of theft, at least three-fourths incidents of data theft is by Anonymous hacker organization, LulzSec and a branch of the Organization, and even post a message claiming to be a Roman Legion from the hacker community.

Verizon analysts said in a report, although the hacking is not a new phenomenon, but hackers are no longer confined to in the 1990 of the 20th century destroyed sites, rather than stolen huge amounts of data. Trend of hackers to steal user data of the most damaging development.

The most typical example of all is the Anonymous hacker organizations branch LulzSec,LulzSec has attacked United States Central Intelligence Agency, Fox, Sony and a number of financial institutions Web site, the loss of tens of thousands of user data at the same time, billions of dollars of losses for these companies.

And finally: also shown in the report, today’s hacker organizations have aimed at larger organizations or institutions, seeking to promote their, and no longer as unknown “work” they target shifted into profits in the company. In addition they attacked technical means of diversification, tactical, future global information security situation will become more and more complex and serious.

Thanks rental treasure drop
News source: solidot
Web site hosting provider Linode Server Admin password disclosure, worth $ 228,845 of bit cash theft. Theft of more than 43,000 bit coin is a bit Bitcoinica currency trading platform, 3,094 bit money to Czech programmers all Marek Palatinus, bit coin, Chief programmer Gavin Andersen has lost all of his 5-bit coin.

Linode said in a statement, hackers target the Bitcoin wallet is stored on the server. Bitcoinica initially said it had been stolen more than 10,000 bits coins, but CEO Zhou Tong followed confirmed the exact figures for 43,554 bit coin.

Dangdang risked damage to goodwill of significant risk throughout the network to freeze accounts of decision-making, has been the result of Congress give consent. 74 hours, what happened? On March 23, dangdang, Senior Operations Director Liang Jianpeng was surprised to find, from the 19th to the 22nd, 74 hours, dangdang, all of the user accounts were frozen only 6-bit call dangdang reflect account exception.

Another Liang Jianpeng more catch. 19th dangdang on approximately 500,000 accounts have balances and gift card issued to users of the SMS, the message. In accordance with their own ideas, you must have at least 80% customers to modify their own password. But in fact, these three days of data display, only 5% users cannot change their passwords.

Dangdang risked damage to goodwill of significant risk throughout the network to freeze accounts of decision-making, has been the result of Congress give consent, it was a miscalculation of the crisis? What prompted the dangdang CEO Francis Chan emergency made the decision, 74 after what happened in hours?

Signs

Dangdang abnormal user accounts as early as a month ago, there have been signs of the phenomenon.

According to dangdang Liang Jianpeng memories, head of customer service center, there are several sporadic user complaints in February, saying his password or login will not go on.

Dangdang temporary developed a number of targeted measures to help user return to normal use. But because of the distance from CSDN account was stolen two months have passed, the two most of the users of the Web site contact ratio is not high, and CSDN is user weapons leaks, exception occurred when dangdang was just a few users, dangdang and therefore cannot conclude that exception must CSDN event-related user accounts.

When dangdang analysis concluded that there may be users usually are not careful disclosure of your account information online-for example in public, or is revealed to his friends and family, disclosure of account number and password. Therefore only take Home notice reminding users on, due to a CS-DN event, requests the user to change the password to ensure your account security.

“Quiet”, in the first week of March, almost nothing happened.

But in the second week of March, suddenly began to have many users complained to dangdang, reflecting their account exception, unable to log in, the amount is wrong, or is there a strange order, sometimes as many as twenty or thirty complaints a day. Dangdang, customer service and technical staff have been aware that things are not so simple, much more serious than expected.

They urgently measures to dangdang, head of programmes at the same time the first time CEO Francis Chan reports on this matter.

Freeze all user account in the of balance and gift card, is 19th morning dangdang CEO Francis Chan convened of a times more sector meeting Shang made of decided–this by customer service center, and Technology Department, and method works Department and operation Department all sector responsibility who total seven people participation of emergency meeting actually in day morning and afternoon held has two times, morning of meeting by Francis Chan personally decided, decided freeze all has gift card and balance of account, by SMS and message of way notification all user Internet modified password, all user loss Dang Dang to compensation And alarm to the public security organs.

19th afternoon, Francis Chan meets again, summarizes the implementation of the decisions, and immediately set out to arrangement payment process improvements–before making payment to receive a verification code. Francis Chan to see the data is, freezing from mid-February to March 19 before user accounts, account exception reports a total of 197 cases, losses ranged from dozens of accounts amount to hundreds of, only a very high amount of individual accounts.

Dangdang subsequently issued a public statement recognized the fact that some user accounts being stolen. Francis Chan indicates, to by SMS, and message, all way notification all user quickly to dangdang up change password, and check themselves of account is has is piracy, to reduced user and Dang Dang themselves of loss–despite method works Department think Dang Dang may does not needs burden full responsibility, but Francis Chan adhere to loss of account to full, and batch compensation, plans time period is two week, course, to in verified the user does was has loss zhihou.

Francis Chan and his team to face at this time is the first difficult problem, how many user accounts being stolen, lost what? For the Internet company, only through their own website news, SMS and email reminders for users logged in your account, change your new password and check gift card balances, account for exceptions. In fact, they are most concerned about is that the user was stolen but have not yet noticed.

Another thorny issue is that the stolen money and loss of what-if is the order that has already occurred, dangdang, not only loss of the goods, compensation to the users, equivalent to twice the loss.

Francis Chan believed that although dangdang may not need all of the responsibility on the legal, but in reasonably dangdang, it cannot live up to the user’s trust, must be compensated in full – even millions of dollars.

Francis Chan in the hope that in three days time, most users updated their own password. He so much commitment to freeze all funds, gift card account and cost reasons, perhaps due to Chinese users on the importance of password security as if A4 paper color light.

Blame weak passwords

According to dangdang, judgment, are some criminals steal the account and password of the user to operate. In fact on some slightly more technically speaking this is easy, now that many users on different sites using the same account name and password, to leave the criminals a chance to steal.

The largest manufacturers of network security 360 Safety Center at the end of 2011 has published a guide to the password security, according to the national list of popular dictionary of password cracking software break, finishing up 25 most commonly used among Chinese Internet users “weak”.

According to the 360 security experts to provide this information, Chinese Internet users commonly used TOP25 “weak”, there are 9 identical to foreign Internet users habits. Which, with the exception of password, abc123, ILOVEYOU, QWERTY, the world’s definitive “weak”, the rest are digital combination.

Simple number combinations, seems more is the most loved Chinese Internet users, account for nearly half of the list. For example, “666,666″ and “888,888″ auspicious number, almost all Chinese hackers of passwords in the dictionary, and “5,201,314″ (I love you forever) apparently placed by people of strong feelings, for Chinese characteristic “weak”.

Common Internet users “weak” mainly includes the order of simple number combinations, combinations of characters, combination of adjacent character combinations and special meaning, the four categories. And from the Chinese version of “weak” list, domestic Internet users accustomed to setting 6-character password. TOP25 18 6-bit characters, are up to 72%. In addition, “a1b2c3″ and “p@ssWOrd” password of such combination may seem complex, is also in the hackers to focus in the password list.

If the system account or other Accounts using these “weak” password can easily be exploited by hackers dictionary automatically “Mongolia”, resulting in leakage of personal information, and even property damage.

Francis Chan accounts frozen for three days in an attempt to 80% the dangdang users to set a strong password for their account. However three days down and exception report 6 user accounts and user to change the password of the 5% was not only the fact that Congress give consent.

What causes so that customers do not care about their property in the account?

Perhaps it is because the amount of money in the account is less, probably because some users have not received messages from dangdang accounts can be stolen, may be obtained because the gift card does not work, maybe-they don’t care about why, exactly what a dangdang staff unwilling to believe that one reason, but the possibility is very high – Francis Chan “full compensation” commitment. Also not lost if lost, why would you bother to change a password? (Text/economic observer)

Thank rain post road
Anonymous hacker organization “close Internet plan” has not really occurred , the domain name system on March 31, Saturday all day are safe but the administrator to back up the system, because they are afraid of anonymous hacking attacks.

“The paralysis in the world,” an anonymous member said Saturday afternoon, the group does not hold a day mass action, an anonymous hacker organizations “close Internet plan” as a lie.
Simple threat enables network engineers to save millions of megabytes of data within a very short period of time, is interesting, almost no attacks occurred.

Source: Tecvilla this article from: rain path translation

In life, one must remember how many group password? I’m afraid no one specializes in statistics. But with a look, you will see that before you know it, require a password of at least 10 groups: access password, safe passwords, computer power on password, MSN password, blog QQ password, email password, passwords, Twitter password, Taobao (Jingdong/excellence/dangdang/Fanke sth ) Login password password passwords, PayPal, mobile phone services, bank cards, online banking logon/query/payment password sth Even access a friend’s personal home page, you have to enter the password.

A password for all accounts are obvious risks is too big, it’s “a stolen, all bets are off”, but each account has a password, it is estimated that few people can remember. This is the password for added security, has become a big worry now.

Protect your passwords well, has become one of the essential skills in economic life. “Know thyself, and fight a hundred battles with no danger of defeat,” Liaoning Bo technologies limited said Zhang Lei, “after the possible ways to know the password is stolen, may be able to improve his ability to defend the password. ”

Stolen secret technique known

Commonly used by hackers to steal passwords is a brute, this type of account is for password is not complex. If hackers know the account number, such as e-mail accounts, QQ user account, online bank account, and the user’s password is set up is very simple, for example with a simple number combinations, hackers use brute force tools will soon be able to crack the password. Such as the default account, such as password and 123,456, is vulnerable to being stolen by type.

If a user password is complex, hackers are difficult to use violent means to crack, hackers often through to install Trojans and viruses, design “keystrokes” program, record and monitor the user’s keystrokes, and then through a variety of methods to record keystrokes of the user content transmitted to a hacker, hacker through analysis users keystrokes you can crack the password of a user.

In order to prevent keystroke logging tools, producing a picture using the mouse and input password, hackers can use the program to the user’s screen screen and record the location of the mouse click, comparative screen picture by recording the mouse position, which explains this method the user password.

Stolen key relative to the above simple way, “phishing” is a little complex. Phishing refers to the attacks use fraudulent e-mails and fake Web sites landing sites for fraud. Victims will often disclose their sensitive information (such as user name, password, account number, PIN number, or credit card details), main lure users by sending e-mail phishing login fake online banking, online brokerage Web site so as to obtain implementation of user account password theft.

“In fact, relative to program stole the key, more technical reasoning stolen key. “Zhang Lei, if you use more than one system, hackers can crack more simple system of user passwords, and then have to crack passwords out of other users of the system password. “Many famous hackers to crack passwords is not what cutting-edge technology, but rather to psychology, from the user’s mental approach, starting from small to analyze user information, analysis of user psychology, to crack the password. ”

Secret skill points

Ancient: “soldier, and shuilaituyan”, password is not continuing, people only too lazy to secure.

Password protection is the most common means of using complex passwords. This applies to the MSN Instant Messaging tools, such as email and website such as. Brute force password for simple short passwords are valid, but if the network user passwords are longer and there’s no obvious characteristics of law (such as letters with some special characters and numbers), then explains the process of exhaustive cracking tools became very difficult.

Zhang Lei, passwords should be at least a length greater than 6, the best greater than 8-bit, best contain only letters, numbers, and symbols in the password, do not use pure digital’s password, do not use a combination of common English words, not to use his name and date of birth as your password.

Prevent keystroke logging, the more common method is through the soft keyboard input. When users enter a password, open soft keyboard, and then use the mouse to select the letters entered, so you can avoid Trojan records keystrokes. In addition, to further protect the password, the user password can also upset the order, which would further increase the difficulty of hackers to crack passwords.

“Password protection is not skill, is used. “Zhang Lei said to save the password on the network is in fact a very bad habit, if local is not a very good encryption policy, it would open the door for hackers to crack your password. “Mailbox and try not to save the password of any other account information, or once the mailbox has been stolen, other accounts will be a loss for both sides. ”

Zhang Lei think, secrets of the best ways is to change them on a regular basis, monthly or quarterly change. Do not write the password on a piece of paper, the password is not easily guessed by others. Not all systems use the same password. For those who occasionally log on the Forum, you can set up a simple password; for important information, such as e-mail, online banking, set a complex password. Do not set into forums, email and bank account with a password.

What password loss

Most of the lost password will not immediately after causing economic losses, but because of the popularity of network interaction, almost all accounts are commonly used contact, if you do not find accounts in a timely manner, and still be innocent.

General account passwords can be bound by mailbox recovered. Such as MSN, QQ, mailbox password is lost, you can send the request message to a system, the system can automatically send password reset email to bind mailbox reset.

If you forget your password phone service, as long as based on identity cards belonging to Hall complete the reset on the line.

Password reset costs involved, more appear in the banking system. Password reset on the project, many banks are charging. Last March, Central Bank and the Commission jointly issued the China Banking Regulatory Commission on banking institutions exempt from notification requirements for some service fees, overhead charges, including personal savings account password reset, account book fee, electronic billing charges, 11 34 bank service charges will be waived.

Recently, this reporter learned from the Bank of China, ICBC, China Construction Bank and agricultural Bank, current password reset service on this line is in Beijing does not charge a fee.

The business journal

Thanks Jarett post
Anonymous is already famous, Anonymous recently released operating system named Anonymous-OS, based on Ubuntu 11.1, provides a variety of Web penetration testing tools, including:

- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap
Lists of just part of it, in which there are more tools.
System user password MD5: 2ae66f90b7788ab8950e8f81b829c947, after decryption: anon

Official website: http://anonymous-OS.Tumblr.com/
Download: http://sourceforge.NET/projects/anonymous-OS/

United States National Aeronautics and Space Administration (NASA) Chief Inspector baoluo·Ma Ting (Paul Martin) testified in a congressional hearing this week, hacker intrusion activity over the last 13 major network stole the body of staff certificates and access to critical project data, which could threat to United States national security. Martin said in his testimony on Wednesday, NASA last November found that hackers penetrated the Agency’s Jet Propulsion Laboratory (Jet Propulsion Laboratory) network. As one of the Agency’s most important laboratories, Jet Propulsion Laboratory 23 space missions, including Jupiter, Saturn and Mars missions.

He said hackers gained access to the system as a whole, you can modify, copy, or delete sensitive files, create a new user account and upload a hacker tool to steal user credentials and disrupt other NASA system. They can even modify the system log to hide infringements.

In last year’s attacks, intruders stole 150 NASA employee access certification. Martin and his colleagues in the 2010 and 2011 in the amount found thousands of computer security incidents.

He also said that the slow pace of laptop data encryption program of NASA, may cause the information falling into the wrong hands. More unencrypted laptops lost, in one of the laptop contained control codes of the international space station and NASA “Constellation” and “Orion project” sensitive data.

NASA spokesman said Friday that the organizations are deploying Martin’s recommendations. He said: “NASA attaches great importance to IT security problems, never because data breaches the international space station at risk. ”

SINA technology

Rising after former CTO Liu gang left the post in August 2011, carrying a number of technical backbone to start “Tinder Lab”, dedicated to network security research and development of core technologies. Recently, the “Tinder Lab” first product started small scale tests, from companies such as rising, 360, Tencent and kingsoft research and Development Department baiyuming industry experts are invited to participate in the test. After just 2 weeks of testing and assessment, performance and stability of the products with you and universally accepted, will be released in the near future.

Former CTO for rising Liu gang

The products temporarily named for “spunk of sword-Internet security analysis software”, target user group is general Internet security in China, it to help security engineer were quickly, and accurate to analysis out virus, and Trojans, and rogue software of attack behavior, for various security software of virus library upgrade and defense program of update provides help, can in significantly upgrade security engineer efficiency of while, effective reduced security products of misjudgment and manslaughter behavior.

“Sword of spunk” capable of rapid analysis of violations of the commercial software and business Web sites, complete exposure of the major commercial companies against consumers a variety of gray “hooliganism”.

According to reports, the “Tinder Lab” positioning in Internet security research and development of core technologies, provide core support for Internet security industries and professional analysis tools, for high and intermediate users will also be introduced in the near future enthusiasts and professional defense of network security software.

“Tinder Lab” CEO Liu gang believed that the laboratory and other security companies are not competitive relationship, “in the fierce market competition, various security companies are scrambling to launch commercial products for market, and lack of calm, hard and long in core technology research and exploration

Article/DoNews

According to foreign media reports, the security experts of the Kaspersky Lab luoyier·shuwenboge (Roel Schouwenberg) recently issued a warning that Google’s Chrome OS, iCloud application design flaws, not for commercial. Roel schouwenberg commends Google’s system reliability from a security perspective, but warning users can still use the browser application was attacked.

Roel schouwenberg, said: “everyone knows that Android malware rapidly increasing, many of which can be found in the Android market. The same problem also exists in the Chrome of the online market. “Roel schouwenberg believes that while the Chrome of a malicious application less popular than malicious mobile applications, but are difficult to find in the Chromebook. Because they are not subject to anti-malware software to protect. As an example, Roel schouwenberg indicates a Kaspersky Lab detected a malicious application Chrome. The malicious program attempts to steal the user’s Facebook account.

Roel schouwenberg Google issued a statement saying: “we are grateful to Mr Roel schouwenberg found safety design of Chrome and Chrome OS a strong, but he left out some key. Mr Roel schouwenberg failed to properly describe the Android and Chrome Web store the current state of the market. We have recently announced that the decline in malicious software in the Android market to download 40%, and Chrome Web store even better. Design Chrome extensions system from that day on, we keep in mind the safety concept. After the system release, the system security level has been enhanced through a variety of techniques. Yesterday, we announced that we activate these security features by default. In the Chrome system is not accurate to say that no malware protection programs. First, the Chrome itself has built-in malware protection features. For developers, we extend the software interface for anti-virus software vendors to provide a programming tool. This expanded programme can run on different platforms, and good integration with other platforms. ”

Roel schouwenberg pointed out that Apple’s iOS operating system and iCloud could face several risks. He believed that the main risk is that data breaches. Also, Apple does not use a typical SMS protocol instead of SMS as a data processing. “Can I remove the SIM card from the iPhone, and put into another handset. After get cards, another cell phone I can receive SMS messages. “Roel schouwenberg said.

Roel schouwenberg, even turned off sharing, Apple will also share information that he created on the Apple devices, and it may appear in the message.

In addition, the third risk is using Apple iOS systems, the system sometimes ignore user settings, and links for available wireless networks. Roel schouwenberg, said: “If the network connection is not safe, then the data may leak. This feature is very convenient, but it is not secure. ”

Security Organization noted that over the years, some malicious software may be purchased through iTunes account without authorization. Roel schouwenberg, Apple requires users to report any suspicious buying behavior, but it has never been officially announced that cyber crime exists.

It is reported that Apple is not currently respond to the comment of Roel schouwenberg.

NetEase science and technology