Shulou(Shulou.com)06/03 Report--

Since May 12, the WannaCry blackmail virus that has ravaged the world has made netizens around the world spend a week of gloom and panic, and made many ordinary netizens really realize that network security is not just a matter for network companies or security companies, but also a member of network security. It is understood that the WannaCry blackmail virus is a tool leaked by the "shadow broker" of the organization, and the organization has warned again that it will disclose more tools in June this year, mainly targeting routers, browsers, Windows 10, or mobile phones! That is to say, the first wave of blackmail viruses is mainly aimed at Windows systems, and the next one will involve every one of our mobile phones!

Before writing this article, I would like to ask a question: how far do you think network security is from you?

It is estimated that a week ago, many people would have replied, "is network security a matter for network companies and security companies? what does it have to do with me?"

Now, after experiencing the global WannaCry (want to cry) blackmail virus, I believe more and more people are beginning to realize that they are also a member of network security!

Since May 12, WannaCry blackmail virus has rapidly swept more than 150 countries and regions around the world, and nearly 300000 computers have been affected. China has also suffered. In addition to many individual users being blackmailed by the virus, many industries in China have also been greatly affected, including oil, education, public security, transportation and other important fields.

After the outbreak of the virus, major security manufacturers and technical experts have offered advice one after another, and the discussion and analysis of WannaCry blackmail virus has never stopped. The major companies have also urgently issued anti-virus guidelines for novice users! Let's take a casual look at two examples:

At the end of both reminders, without exception, both emphasize one thing: safety awareness!

Awareness and habits are the key to prevent network risks!

Cloud computing-Enwei-Chengdu: for security, do not go to Baidu network disk under things, consider that there may be virus files in the network disk. Do not click on unknown links, software and e-mail, let alone use Baidu network disk and U disk in the near future.

PHP- Dichin dQ- Guangzhou: do not download unknown files at will on the Internet. Many office computers at work used to be all kinds of strange game software, as well as 360,360, Jinshan, PC manager and other family buckets. People in the office don't know how they downloaded it. It is also possible to attract the virus. At present, in the special period, it is temporarily stipulated that you cannot download the software on your own, and the relevant downloads are subject to security check. ACL restrictions and terminal isolation have been done on the equipment, network equipment manufacturers have issued relevant security instructions, and our headquarters IT and network security department have sent three e-mails in succession.

At present, there is no complete solution. If the computer is poisoned, either pay or reinstall, the personal computer may not be particularly important, if the server or important data is gg.

Java+ Li Sai + Zhengzhou: inexplicable panic, Xiaobai will download randomly, download things to the official website, although there is no guarantee 100%. If the personal computer is caught, reinstalling the system can be solved, on the importance of data backup.

Shoveling shit officer ~ project manager ~ Beijing: so the network management banned the website, safety education can not be less, measures can not be less, after download to test the MD5 value, although it is a bit troublesome, but at least safe to lose. The fundamental problems have to be solved on their own. The data is tragic.

Sevenot- Chengdu: for novice users, it is enough to develop a good habit of surfing the Internet and using it and be able to defend against universality.

All right, let's take a look at the statement made by this international conglomerate Microsoft against WannaCry blackmail virus. In addition to telling users to add patches in time, in the end, it is also emphasized:

In order to protect the overall ecosystem of our customers, please keep the following principles in mind: some common networks often use phishing strategies or malicious attachments, and customers should be vigilant. Do not easily open documents from untrusted or unknown sources!

In the world of network security, no software is perfect and there are potential loopholes. We cannot pin our security entirely on security tools. Only by raising our awareness of network security, developing good Internet habits, not curiosity, not making random points, and backing up in time, can we protect ourselves from viruses and attacks. As netizens said, "only when you encounter a virus similar to WannaCry blackmail, do you know how important a good Internet habit is."

* Why is it possible to find system vulnerabilities without knowing the source code?

I believe many people will have doubts: Windows is not open source, every large-scale outbreak of the network * * is related to Windows vulnerabilities. Like this outbreak of WannaCrypt virus, why can you dig a loophole without looking at the source code? Let's take a look at what our friends in the group of 51CTO developers say:

Java+ Lisai + Zhengzhou: scan the open port, constantly transfer data, and watch the changes in the returned data? Like brute force cracking?

Cloud computing-Enwei-Chengdu: but the most important thing is Windows, that is, Microsoft acquiesced in this behavior, otherwise there is no security vendor in the world. General software testing, will leave the back door or shortcut keys, the Windows system is large, so there are many loopholes. For example, there must be a lot more mistakes when you write 10000 lines of code than you do.

People who are not saints can make mistakes, and when compiling Windows (that is, the developer's programming level is not very high and the consideration is not wide), it will more or less leave loopholes, and these loopholes will be found by malicious people after release. At the same time, Windows relies on a large number of complex components to provide a variety of functions in order to adapt to a variety of different hardware and meet the needs of the PC operating system. In order to occupy the market, Windows provides developers with a lot of authority. There is a decompilation technology called "shelling", which is almost impossible. As long as you release a patch, someone will take advantage of it, and of course, you can also catch package analysis, so there are many techniques, tools and ideas for finding certain software vulnerabilities. To sum up, there are the following reasons:

1. Many people use Windows, so the probability of finding bug is high.

2. WIndows provides Win32API interface, framework and dll class library for developers. Sometimes there are code defects and vulnerabilities.

3. Windows has many dependencies on service, port, policy and registry. Once there is a loophole on one side, it will affect others.

4. A lot of Windows software and underlying logic are not very strict.

5. The chain reaction caused by the leakage of the code of technicians within Microsoft or leaving to work in other industries.

6. Many security optimization software take over the firewall, security IPsec policy and anti-software functions of Windows.

7. WindowsNT kernel problems, and Windows operating systems need a lot of protocols to support hardware. Once there is a problem with that protocol or standard, it will affect the upper layer or the whole world.

8. With the continuous development of compilation and decompilation, encryption and decryption, network and other technologies, various tools and software have been developed continuously, which poses a danger to the system.

Front-end-Yang Yida-Chengdu: Apple and Android are mainly app store application certificate security whitelist mechanisms, just like Android can read and monitor a lot of information on your phone without root.

PHP-Coeus- Anhui: in fact, it is because there are no open source BUG and loopholes, just like our front end.

You don't need to know the source code to know the address and parameters of your ajax request, and then try to XSS.

Android-arige- Beijing: in fact, the vulnerabilities of every platform are the same, but the impact of window vulnerabilities is large, so we all know. In addition, window has a large market, is more favored by the government, and is more willing to make efforts to dig its loopholes.

R & D management-Peng-Shenzhen: shelling is for encryption, and many loopholes can be revealed from black box tests. General company tests do not look at the code, experienced tests can find a lot of bug, but the use of bug such as stack overflow after the execution of specific code requires programming skills, found that the 0day is Daniel, the first to come up with a certain way is also Daniel, other people as long as along this line of thinking to keep trying * system, you can find a lot of loopholes. This does not need to look at the source code, such as sql injection, now a lot of tools for you to use.

Other vulnerabilities are street sweeping, for example, you send some specific data to a web server, and then it crash, or come out a bunch of inexplicable output, indicating that there is a vulnerability, probably an overflow, and then you try to change the sent data, analyze the binary data code there, and maybe find a new loophole.

Java- Shengxin-Dalian: in fact, it feels the same after doing background development to scan the code to the code vulnerability scanning tool.

Blackmail virus sounded the alarm, how to ensure the security of mobile payment?

It is understood that the global WannaCry blackmail virus is a tool leaked by the "shadow broker" of the organization, and the organization has warned again that it will disclose more tools in June this year, mainly aimed at routers, browsers, Windows 10, or mobile phones! That is to say, if the first wave of blackmail virus is mainly aimed at Windows systems, then the next * will be aimed at each of our mobile phones! This is undoubtedly a heavy blow to the students who go out without cash and are used to mobile payment. In today's rampant mobile payment, how to ensure the security of mobile payment?

Back-end interface development-Liu Shengjie-Chengdu: what we most need to do for mobile payment is to turn off some unnecessary secret-free payments, such as canceling fingerprint setting for mobile phones. Pay treasure free password payment, too security risks, if enterprises design their own payment category of third-party products, must consider these. For example, through a certain data collection and analysis of the user's consumption habits, if found abnormal, directly remind the user, but analyze the user's consumption habits. It is not easy to define what is abnormal consumption, so user habits are the key.

51CTO-Xiaoguan-Operation: if payment is involved in the product, you can call Alipay plug-in and integrate the interface. But there is no security issue officially stated by Alipay.

PHP-Coeus- Anhui: in the final analysis, it is still said a long time ago that safety is mainly based on people, no matter prevention or *, talent is the biggest loophole. There is no security on the Internet, there are some shady activities under the dark net, and the Internet we use now is only a drop in the bucket of the whole Internet.

Network & interest: the security of Linux on the server is much higher than that of win. Coupled with the fact that large companies generally have very high-end and complete security equipment for export and maintenance, it is still very difficult to break through. Payment passwords on mobile phones are also encrypted and transmitted. Even if they are captured, it is difficult to crack if they do not understand cryptography.

Cloud computing-Enwei-Chengdu:

The scenario division of mobile payment mainly includes remote payment and near-field payment.

On how to ensure the security of mobile payment, let me talk about my analytical ideas.

1. What are the current situation and characteristics of mobile security? (theory and reality)

2. What are the security factors that affect mobile payment? (protection has to find the source)

3. What should the designers, developers and product operators of mobile payment software do? (details and purpose)

Technical protection: source code protection, file risk detection, APK to prevent secondary packaging, so library encryption, dex triple protection, security assessment and processing.

Social logic protection:

1. Dual authentication (APP and mobile authentication)

two。 Use the payment app of the official app store

3. Strengthen the security of the equipment itself

4. Use credit cards instead of debit cards

5. Use a trusted Internet connection

6. Set up account change alerts

7. Determine the transferor's information

8. Change password from time to time if necessary

In the remote payment, the terminal APP mostly completes the network secure connection between the user and the remote server through the TLS/SSL protocol, realizes the double-terminal identity authentication through the digital certificate, and uses the negotiated symmetric session key to encrypt and protect the integrity of the subsequent transaction information. In particular, andriod, due to the open source of the system, the underlying vulnerabilities will lead to mobile payment security (including screencap, hijacking data packets, * *, saving passwords, etc.).

Java- Yongbo-Beijing: scan the payment although fast, but as long as you open the payment interface, the so-called security in the phone unlocked and software unlocked 2. It's better to use the password, but it's not convenient. Therefore, Alipay Wechat, or put less money to unbind all bank cards, credit cards, in terms of security, there is no absolute security, or the use of habits.

Sevenot- Chengdu: in fact, biometric passwords are not as secure as we thought. Once biometrics are not stolen, we basically bid farewell to any security system, because we can't change our biometrics. For ordinary users, a good habit of use is more practical than learning security knowledge, and it is enough to be able to defend against universality.

Back-end interface development-Liu Shengjie-Chengdu: in fact, as long as we protect a lot of our personal information, especially the payment password must be inconsistent with the password of other platforms. At present, many APP will collect personal information from mobile phones, and the passwords of many websites do not know whether they are encrypted or not, so we must make sure that the payment password is different from that of other platforms.

Write at the end

Before the remaining temperature of WannaCry ransomware has cooled down, the mobile phone will become one of their targets. This article summarizes many technical people's views on security, especially the security of mobile payment, hoping to give you some inspiration and take protective measures in advance when the virus attacks. Finally, to paraphrase "Cloud Computing-Enwei-Chengdu": there are guards, financial security!

Welcome to the discussion of 51CTO developer QQ Exchange Group 312724475.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.