Shulou(Shulou.com)06/01 Report--

What is the 0day loophole, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

To tell you the truth, when I first came into contact with web security four years ago, I first heard of 0day vulnerabilities. Although I didn't know what 0day was, I just felt that this vulnerability was very powerful. But if you ask me to say what 0day is, I can't say it. I don't know what it looks like, and it can make a man who dug up 0day happy for a long time.

I believe that all of you will have heard of 0day vulnerabilities on the way to learning web security, but many people do not know what 0day vulnerabilities are. What kind of harm is there? Well, today the editor will introduce you to the 0day loophole.

0day vulnerabilities, also known as "zero-day vulnerabilities" (zero-day), have been discovered (and may not have been made public), and there are no official patches.

Generally speaking, apart from the vulnerability discoverer, no one else knows the existence of this vulnerability and can be effectively exploited, and the attacks launched are often very sudden and destructive.

The 0day schedule works as follows:

A person or company creates a software that contains a vulnerability, but the people involved in programming or distribution are not aware of it.

Before the developer has the opportunity to locate or solve the problem, someone (in addition to the person in charge of the software) has discovered the vulnerability.

The person who discovers the vulnerability creates malicious code to exploit the vulnerability.

The loophole was released.

The person in charge will be told to exploit and patch the vulnerability.

This vulnerability is no longer considered a 0day.

The patch is released.

In most cases, attacks against 0day vulnerabilities are rarely discovered immediately. Finding these defects can usually take days or months, or even longer. This is what makes such loopholes so dangerous.

"0day" is actually a form of transmission of Warez. "0day" does not mean that a crack expert "finishes" a piece of software in less than a day, but that he "unlocks" it and publishes it online in the shortest possible time. 0day really means "instant release" (though not really released on the same day), and you can think of it as a spirit.

"0day" is just a spontaneous online movement, and "warez" is a general term for cracking; if someone says that he belongs to a "0day organization", it does not mean that he really works in a cracking organization called "0day". The real meaning is that he belongs to a cracking organization that often publishes works to 0day. Many people say that "0day" is an evil organization, but in fact, they just release their cracked works as "0day" and share them with people all over the world.

How powerful is 0day?

As early as 2011, a Trojan horse named "Duqu" was discovered, and its goal is to obtain data information such as design files from system manufacturers of industrial facilities, which can be used to attack industrial control systems in various industries in the future.

In one attack, the attacker directed an email with a Microsoft Word attachment containing a zero-day core vulnerability that had not yet been published at the time. The emergence of Duqu indicates that the network attack technology has opened a new era, and the attacker will have enough ability to successfully carry out industrial espionage.

In August 2016, Apple's IOS system suffered the biggest vulnerability in history, named Trident because of its high quality and composed of three 0day vulnerabilities.

Users only need to click on the link sent by the hacker, and the phone will be jailbroken remotely. Hackers can instantly get the highest access to mobile phones. As we all know, iPhone jailbreak often requires the cooperation of several vulnerabilities. But using a link, you can completely control your iPhone remotely, and before this 0day came out, this level of iOS vulnerability has always been a myth.

Black market price of 0day loophole

Companies such as Microsoft and Apple can only take remedial measures and upgrade their systems in the face of 0day vulnerabilities. It's not that they don't want to collect vulnerabilities, but that those who find 0day prefer to sell 0day to underground industries rather than submit it to these companies for only one reason-the rewards submitted by vulnerabilities are far less than the proceeds from selling to underground industries.

How to prevent 0day vulnerabilities?

1. Update patches and fix vulnerabilities in real time: update system software in real time, update vulnerability patches in time, shorten the existence time of zero-day vulnerabilities in system and application software as much as possible, scan and repair system vulnerabilities regularly, and reduce the risk of attacks on the system.

two。 Real-time monitoring and active protection: to guard against zero-day attacks and reduce their impact, the best way is to detect and stop zero-day attacks in time when they begin. Build a real-time intrusion detection and intrusion prevention system to detect and block some zero-day attacks in time.

3. Strengthening the terminal system: the computer terminal is usually the weakest link in the whole network. Strengthening the security of the system is a good way to reduce the zero-day attack of the system.

4. Strengthening the security of network infrastructure: strengthening the security of network infrastructure can reduce the scope and severity of network impact caused by zero-day attacks.

5. Establish a perfect emergency response plan to deal with zero-day attack: no matter what kind of security measures are taken, the threat of zero-day attack can not be completely ruled out. A sound emergency response plan can help enterprises deal with and prevent attacks quickly and minimize their losses.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.