Information security technology 8 pa pa in

来源:elknot (伯乐在线/Linux爱好者 已获授权)https://zhuanlan.zhihu.com/p/26374755
前言:本文中的技术仅供交流,如有疏漏还请大家批评指正
信息安全管理体系ISMS实施课程
14号跟女票下班之后直接去电影院看速8,当然看完速8之后并没有去速八而是直接回了家。首先对电影给个正面的评价,但是本人作为一个信息安全从业者,有必要扒一扒里面的黑客技术。
里面涉及到黑客技术的东西主要有两个——天眼(The Eye)和僵尸车队(Zombie Cars)。
对于这两个东西其实和现实当中两项比较前沿的安全技术相关——汽车及物联网安全和攻击者溯源,对于汽车安全这一部分,[email protected],可惜人在HITB,所以我先很业余的说一些这方面的东西。
首先我们先来说说智能汽车和非智能汽车,智能汽车其实就可以当做一个物联网设备来解决,也就是说智能汽车的攻击面和其他IoT设备的攻击面是差不多甚至更多的。
其实汽车和计算机一样,内部通信依靠总线进行,汽车中的总线是CAN总线。CAN网络是由以研发和生产汽车电子产品著称的德国BOSCH公司开发的,并最终成为国际标准(ISO 11898),是国际上应用最广泛的现场总线之一。CAN总线协议目前已经成为汽车计算机控制系统和嵌入式工业控制局域网的标准总线,同时也是车载ECU之间通信的主要总线。当前市场上的汽车至少拥有一个CAN网络,作为嵌入式系统之间互联的主干网进行车内信息的交互和共享。
CAN总线的短帧数据结构、非破坏性总线仲裁技术、灵活的通讯方式等特点能够满足汽车实时性和可靠性的要求,但同时也带来了系列安全隐患,如广播消息易被监听,基于优先级的仲裁机制易遭受攻击,无源地址域和无认证域无法区分消息来源等问题。特别是在汽车网联化大力发展的背景下,车内网络攻击更是成为汽车信息安全问题发生的源头,CAN总线网络安全分析逐渐成为行业安全专家聚焦点。如2013年9月DEFCON黑客大会上,黑客演示了从OBD-II控制福特翼虎、丰田普锐斯两款车型实现方向盘转向、刹车制动、油门加速、仪表盘显示等动作。汽车车内CAN网络安全问题当前主要通过安全漏洞的分析和各种攻击手段进行挖掘,因为汽车车内网络安全的脆弱性和威胁模型的分析尤为关键。
这么说来,只要抓住了CAN总线,我们就相当于是抓住了汽车的神经,也就能对汽车进行控制,那么攻击CAN总线会引发什么后果呢?
第一个后果是失控:CAN总线主要应用之一是支持主动安全系统的通信,道路车辆行驶的时候,主动安全系统将是一把双刃剑,在它们发挥着不可替代的功能时候,但是考虑到主动安全系统的可操作和有能力调整正确的输入,也会引起驾驶者对主动安全系统的完全依赖。因此一个突然的故障会引起不可预知的危险后果。为了引发一个危险的条件,恶意的攻击者将会在CAN总线中注入错误帧,让主动安全系统失灵。例如,在牵引力控制系统里安装一个攻击,会造成车辆失去控制等危险。如果攻击者的目标是自适应巡航系统,将会导致汽车不会安驾驶者预期的那样停止。此外,为了最大可能的伤害汽车驾驶者,假如数据可以直接从CAN总线上获取,攻击者可以根据特定的条件,触发一个DoS攻击。例如汽车某一特定速度,特定的节气门百分比或者是某一确切的GPS位置等。
第二个后果就是勒索:一个恶意的攻击者将在CAN总线中某一目标帧中设置攻击,这将会导致驾驶者无法控制节气门的位置从而不能让汽车移动。尽管这些不会必定发生危险状态,一个以金钱为目的的攻击者,将会利用车载娱乐系统的漏洞,停止汽车,并在娱乐系统屏幕上显示消息,车主为了重新获取汽车的操控权而去付赎金。
第三个可能是盗窃:大部分现代昂贵的汽车门锁通过CAN连接到ECU来控制,通常通过OBD-II端口可连接。隔离负责控制锁/解锁车门的数据帧比逆向主动安全设备更简单、更快捷。因此,几分钟左右一个攻击者将会隔离负责锁车门的数据帧,编写他的设备程序-特定帧的DoS攻击,然后把设备插入到OBD-II的接口,阻止车门锁住。对于一个攻击者来说,这个攻击结果是可能的。通过低成本的花费就能进入到车内,随后就能够窃取车内任何贵重物品。
长期以来,几乎整个汽车界都有这样的共识:CAN总线是没法保护的。两方面的原因,其一,ECU的计算处理能力不足;其二,车载网络的带宽有限。有些LIN总线使用的MCU甚至是16bit或8bit,但AES使用的加密算法只能处理16字节区块的数据,这意味着很多时候LIN总线根本就是处在“裸奔”的状态。所以汽车安全未来肯定是炙手可热的一部分。
接下来我们说说天眼,其实天眼的目标很简单——我知道一个人的一部分信息,如何根据一部分信息去拼凑出一个完整的信息,比如他去过什么地方,干过什么事情,目的是什么,用了什么东西,也就是广义上的了解你的敌人。对于安全工作者来说,转化到现实当中的问题就是甲方安全团队在找到攻击者之后如何让攻击者不再攻击你?单单从防御的角度上来说,我们可以上规则、上设备,但是这样并不能从根本上解决问题。继续说回电影,其实《赤道》中香港、韩国两方面只希望把武器送走,确保不在香港交易同时回到韩国,这样就解决了这个问题。但是宋总不是这么想,宋总站在了更高的角度上,他不希望把香港变成真正的地下武器贩卖中心,也就是要把地下武器交易这个链条彻底打碎。从解决问题的角度上来看这两者都没错。
回到正题,对于攻击者来说,攻击者一旦发起攻击就会在目标系统中产生数据,不管有用也好无用也罢,总之数据都会产生,诸如流量数据、操作日志、爆破记录、工具指纹、网络地址等信息。

Phase 1:从日志分析的角度上来讲,既然我们有这么多的设备,有这么多的日志,我们要做的就是把这些想关的攻击向量和行为日志收集起来,统一到一起,看看有什么线索。
Phase 2:既然我们已经收集到了很多的日志和数据,那么我们可以从日志中把这些信息拼凑成一个完整的攻击行为记录:即它是通过什么漏洞进来的,如何进来的,进来之后做了什么,对系统有什么影响。完完全全使之成为一个攻击的模型,这样的话也就完成了对入侵的推演。
Phase 3:我们既然知道了他是如何进来了的,从甲方安全运营的角度来讲,我们需要确认其他机器当中是否有相同的漏洞和配置错误,要避免其它的人利用相同的方法入侵系统,毕竟不能在一个坑栽倒两次。
Phase 4:我们现在有了攻击者的一些信息,我们是否可以通过外部威胁情报数据来看看这个攻击者是不是之前攻击过其他系统,攻击是不是有针对性,工具用的是进口的、国产的还是自己写的,是不是有其他的同伙或者帮手,他到底是怀揣着什么目的去攻击我们的系统。
Phase 5:如果我们确定他的身份是恶意的,并且对我们的系统造成了很严重的影响,我们是不是应该知道这个人是什么来头,他的个人信息(虚拟身份和真实身份)我们是不是要了解,我们是不是应该去用法律手段搞他,等等。
其实攻击溯源,其实是数据驱动的企业内部安全运营的一部分,需要大量数据的支撑以及分析才能找到攻击者,而企业内部我们见到最多的数据无非就是日志了,所以日志的分析和内网威胁情报的提取是非常重要的一环。
针对安全运营来说,我个人认为所有的攻击者不可避免的都会产生操作日志,针对内网内的安全设备也好,非安全设备也好,肯定或多或少的存在日志。
针对企业内部的日志,大体上可分为四类:安全设备日志、非安全设备日志、传感器日志和外部数据。
对于追踪来说一般有这么三种套路:
IP->域名->Whois信息->社交网络信息->真实信息:这个套路对于现在来说可能用处不是特别大,但是根据历史Whois信息也是可以得出一些启发性的结论的,当然这些威胁情报数据可能付费。
IP->VPN->IP->社交网络信息:这种情况一般是大多数,解决方法是通过查询IP反连记录,解析操作和一些fingerprint获得他的虚拟身份信息,当然也是要收费的

京东黄河三角洲云计算大数据中心奠基

IP->botnet->IP->社交网络信息:这种广泛分布于挖矿、刷票、DDoS这种肉鸡类型的,可以想办法截获起botnet样本进行逆向分析,获取其c&c服务器地址,然后对服务器进行反连查询。没错还是要收费的。

趋势科技指出产业需提高警觉 小心成骇客狙击目标

安全设备日志:这些日志来源可以是硬件也可以是软件,首先就硬件来说注入IDS/WAF或者SIEM中的日志、硬件防火墙等等日志,软件日志包括防病毒软件、安全Agent、准入系统等软件系统的日志。这些日志一般都是攻击者进行攻击时会进行被动触发,这样的话可以检索到很多攻击信息,诸如使用的IP、端口、工具指纹等等。
非安全设备日志:诸如路由器、交换机、网关、网闸等硬件设备以及操作系统、应用软件、服务器软件日志等软件日志,这些日志中可以分析出攻击者的目的,是为了单纯渗透玩一下还是想要通过控制机器作为跳板机进行进一步的渗透工作,还是说仅仅是安全部门进行扫描产生的日志。
传感器日志:企业内部通常会部署一些蜜罐系统、流量传感器等,这些设备一方面可以有攻击预警和反横向渗透的效果,但是里面也会存在一些攻击者的行为,比如SSH蜜罐会存下攻击者在这台机器上的操作,流量传感器会对数据包进行DPI解析方便流量分析,这些数据中肯定残存着一些有用的信息可以帮助我们确定攻击者的行为、技能点,甚至可以进一步判断该攻击者的能力,是脚本小子还是大黑阔。
外部日志:一些常用服务的日志,比如说邮件、DNS等日常服务的日志,这些日志可以帮我们确定攻击者是否是一种APT攻击,或者是是否是来种植Botnet的。同样可以确定攻击者的动机。
说完了日志,我们紧接着可以说一下攻击者的动机判定,攻击者想要入侵一个系统肯定会对这个系统进行侦查,诸如端口扫描、脆弱性检测、exp测试等手段,这里面很容易和安全部门的安全常规巡检的日志起冲突,大多数公司都会把扫描机群放到白名单里。这样产生了类似的日志就会触发报警,我们可以进一步分析这些日志提取出一些攻击者的行为、动机等等,以及他的目的甚至他的技能点,我们都可以初步判断。
通过对以上日志的分析,我们可以基本上确定攻击者是什么途径进来的,用何种攻击方式拿到机器权限,有没有执行什么敏感的操作,是否有进一步渗透的趋势,是不是在尝试提权之类的操作等等,这样我们就对攻击者有一个大概的了解。
接下来我们就需要借助外部威胁情报的力量来获取攻击者的身份,我个人比较喜欢国内的微步在线和国外的PassiveTotal这两个平台,尤其是后者,数据比较全而且覆盖度很广。当然不差钱的各位可以选择去买威胁情报服务,更专业。
简单说一下威胁情报可以帮我们干什么,威胁情报其实就是根据上面获得残破的攻击者画像变得完整,威胁情报一般可以获得这个攻击者有哪些常用的IP,这些IP分别都是干什么的,有没有什么社交信息,社交信息又有什么关联。举个不恰当的例子就是相当于你知道一个人的身份证号,然后警察用这个身份证号去查这个人有多少钱,资产有多少等等。这样你就可以获得一个较为完整的攻击者画像。
到了这里其实我们知道了攻击者的信息,就可以选择怎么解决,拉倒办公室弹jj10分钟是一个解决方案,扭送到警察蜀黍那里也是解决方案,但是需要提醒大家注意执法力度和执法手段,不要知法犯法(逃。
说到以上大家会觉得我偏题了,你娃不是说要讲天眼么,怎么扯了一大堆安全运营上的事儿,这跟天眼有什么关系。那么接下来的事情就和天眼有关系了:
在电影中,飞车家族只需要输入一个名字就可以去找到这个人,确定他的位置,然后上门送温暖喝热茶。但是现实当中,重名的你懂得,所以我们现在从其他的地方下手:
Part 1:长相,这里无非就是涉及到人脸识别技术,没什么好说的(其实是我不懂)
Part 2:身份证号码,这个就比较重要了,身份证号码对于广大人民群众来说,变的机会基本为0,很多企业不管是干什么的也好都喜欢玩实名制,尤其是一些小的金融公司和P2P公司,总喜欢没事问你身份证号。鉴于我国信息泄露这个问题还是挺严重的,所以我们不能保证别人没有我们的身份证号。我们来说有了身份证号能干什么:先来造一张假的身份证,然后利用这张身份证(照片或者扫描件)去搞一些不需要实体身份证的东西,比如你懂得。这样我们就能把这个人的一些账户劫持了,能干啥你现在应该明白了。
Part 3:手机号码,一般我们通信都用手机号码,手机号码泄露更是屡见不鲜,和身份证号一样,许多企业都是动不动就跟你要。手机号码泄露更是一件蛋疼的事情,骚扰电话短信不说,由于现在很多手机号码和业务是绑定的,也就是用手机号码就可以登录相关的业务,这样的话手机号码的泄露很有可能就会联系到相对应的身份,举个最简单的例子:手机号码绑定QQ号码,然后QQ号码可以查询群关系,之后通过群关系能搞出很多信息,后果你懂的
Part 4:QQ号码,其实上面已经说了,QQ号码相当于虚拟版本的身份证号,很多东西都和QQ有关系,比如iCloud账号、游戏账号、甚至是一些信用卡账单啊什么的绑定的邮箱都是QQ的。QQ号码能查的东西那就太多了,上面就是个例子。
Part 5:电子邮箱,这个在国内似乎用的比较少,但是企业内部的电子邮箱是讨论的重点,企业内部电子邮箱是很多攻击者最喜欢的地方,因为可以以此为突破口获取企业内部的一些信息。当年在甲方做安全运营的时候经常收到各种同时转发过来的钓鱼邮件,就是用来骗取Exchange邮箱账户的,这些对企业内部安全构成了严重的威胁。
补充:有个网站可以查到某个邮箱/手机号注册了什么网站。。。。。
所以,天眼的实现基础,其实是背后的数据在做支撑,数据,其实就是泄露的数据,民间收集的数据来源主要还是各大数据库泄露的SQL文件等,当然不排除有些万恶的黑产玩无间道,此处有句xxx我一定要讲。
其实《速度与激情8》里面的黑客技术就现在看来是可以完全实现的,只是实现的成本有高有低,但是搞攻防的话,一定要站在攻击成本的角度上去考虑,安全无绝对,所以大家也没有必要为这些事情担心,安全研究院和厂商之间的互动越来越多也从侧面证明了现在大家对安全的重视,作为安全工作者,我们也非常愿意帮助厂商做好安全这一部分。先说这么多吧,此文仅作为科普,如需讨论细节还请回复或者发私信。
看完本文有收获?请分享给更多人
选择安盛学城,就业不是问题
深圳安盛集团是一家集软件开发、信息安全、企业人才技术内训,IT人才岗前实训为一体化的高新科技企业。公司专注于IT行业中的软件研发、软件外包、技术转让、互联网产品硬件、信息安全等多项核心业务。
微信号:安盛学城
英文ID:anseonedu
见山 见世界
安盛 安未来
长按二维码向我转账
受苹果公司新规定影响,微信 iOS 版的赞赏功能被关闭,可通过二维码转账支持公众号。
微信扫一扫关注该公众号
Source: elknot (Bole online \/Linux enthusiasts have been authorized) https:\/\/zhuanlan.zhihu.com\/p\/26374755
In this paper, the technology is only for communication, if there are omissions, please criticize
No. 14 with the ticket directly after work to go to the cinema to see 8, after the course finished 8 did not go on but directly back home. First of all, to give a positive evaluation of the film, but I as an information security practitioners, it is necessary to take a taxi inside the hacker technology.
Which involves hacking things for two – day (The Eye) and the zombie team (Zombie Cars).
For these two things in fact and reality two advanced security technology related to automobile and Internet Security and traceability for the attacker, car safety part, my bestie suck are @Selfighter is brick house in brick home, but in the HITB, so I’m very amateur to say something in this regard something.
First we say non smart cars and smart cars, smart cars actually can be used as a networking equipment to solve, that is to say the attack surface attack surface of intelligent vehicles and other IoT equipment is almost even more.
In fact, the car and the computer, the internal communication depends on the bus, the bus is CAN bus. The CAN network is developed by the German BOSCH company, which is famous for the research and development of automobile electronic products, and finally becomes the international standard (ISO 11898), which is one of the most widely used Fieldbus in the world. The CAN bus protocol has become the standard bus of the computer control system and the embedded industrial control area network, and it is also the main bus of the ECU. At present, there are at least one CAN network in the market, which is the backbone of the embedded system.
The characteristics of short frame data structure, non destructive communication bus arbitration technique, flexible CAN bus can meet the real-time and reliability requirements of the car, but also brought a series of safety problems, such as broadcast news to be monitored, the arbitration mechanism of priority are vulnerable to attacks based on passive address domain and no authentication domain can not distinguish between sources and other issues. Especially in the development of automobile network under the background of network attack, the car is a car has become the source of the problem of information security, analysis of CAN bus network security has gradually become the focus of industry safety experts. Such as the September 2013 DEFCON hacker conference, hackers demonstrated from the control of Ford OBD-II maverick, TOYOTA Prius two models to achieve steering, braking, acceleration, dashboard display action. The security problem of CAN network in vehicle is mainly based on the analysis of security vulnerabilities and various kinds of attack methods, because the vulnerability and threat model analysis of the network security in the vehicle is very important.
So, as long as the capture of the CAN bus, we will be able to seize the car’s nerves, but also to control the car, then attack the CAN bus will lead to what consequences?
The first result is out of control: one of the main application is CAN bus communication support active safety system, road vehicle, active safety system is a double-edged sword, play the function of it can not be replaced in them, but taking into account the active safety system can be operated and has the ability to adjust the correct input. The driver can also cause complete dependence on the active safety system. So a sudden failure can cause unpredictable consequences. In order to trigger a dangerous condition, a malicious attacker will inject an error frame in the CAN bus, so that the active security system failure. For example, the installation of an attack in the traction control system, will cause the risk of loss of control of the vehicle. If the attacker’s goal is to adapt to the cruise system, the car will not cause the driver to stop as expected. In addition, in order to maximize possible damage to the car driver, if the data can be obtained directly from the CAN bus, the attacker can be based on specific conditions, triggering a DoS attack. For example, a particular speed of the car, a specific throttle percentage or an exact GPS position, etc..
The second consequence is blackmail: a malicious attacker will set up an attack on a target frame in the CAN bus, which will cause the driver to control the position of the throttle and not allow the car to move. Although these do not happen in a dangerous state, the money for the purpose of the attacker, will use the vehicle entertainment system vulnerabilities, stop the car, and displays a message in the entertainment system on the screen, the owner in order to regain control of the car right to pay the ransom.
The third is likely to be theft: most of the modern expensive car door locks are connected to the ECU via CAN to control, usually connected via the OBD-II port. Isolating the data frame that is responsible for controlling the lock \/ unlock door is simpler and quicker than the reverse active safety device. Therefore, a few minutes or so an attacker will be responsible for locking the door lock the data frame, writing his device program – a specific frame of the DoS attack, and then insert the device into the OBD-II interface, to prevent the door locked. For an attacker, this attack is possible. Through low-cost access to the car, and then be able to steal any valuables in the car.
安全年报显示网络罪犯转身移动设备特别是可穿戴式设备,移动设备的安全要火起来啦!您有应对好吗?
For a long time, almost all of the automotive industry has such a consensus: CAN bus is not protected. Two reasons, first, the lack of computing capacity of ECU; second, the limited bandwidth of the vehicle network. Some LIN bus using MCU or even 16bit or 8bit, but the AES encryption algorithm can only deal with 16 byte block data, which means that a lot of time the LIN bus is simply in the streaking state. Therefore, the future of automotive safety is certainly a hot part.
Next we talk about the eye, eye actually goal is very simple – I know a part of the information of a person, according to a part of the information to put together a complete information, such as what he had been doing, what, what is the purpose for what is the broad sense of knowing your enemy. For security workers, the problem is transformed into the reality of the security team is how to find an attacker after the attacker to attack you? From the defense point of view, we can on the rules, equipment, but this does not fundamentally solve the problem. Continue to say back to the film, in fact, the equator in Hongkong, South Korea, two aspects only want to send weapons, to ensure that the transaction is not returned to South Korea at the same time in Hongkong, so as to solve the problem. But the song is not always think so, the song terminus in a higher angle, he did not want to turn Hongkong into a real underground weapons sales center, which is to break the chain of underground arms trade completely broken. From the point of view of solving the problem, both of them are right.
Back to the topic, for the attacker, the attacker attacks will generate data in the target system, useful or useless no matter or in short data will be generated, such as data flow, operation log, blasting records, fingerprints, network address and other information tools.
Phase 1: from log analysis perspective, since we have so much equipment, there are so many logs, we have to do is to collect them to shut the attack vector and the log, together, see what clues.
Phase 2: since we have collected a lot of log and data, then we can put these information together into a complete attack from the log records: it is through what vulnerabilities come in, how come in, come in after doing what, what is the impact on the system. To make it a model of the attack, so that the completion of the invasion of the deduction.
Phase 3: since we know how he came in, from the perspective of a safe operation, we need to confirm whether there are loopholes and other machines among the same configuration error, to avoid other people invade the system by using the same method, after all, not in a pit fall two times.
Phase 4: we now have some information for attackers, whether we can through the external threat intelligence data to look at this is not before the attacker attacked other systems, attacks are not targeted, tools used are imported, domestic or write your own, is there any friend or helper, he in the end with what purpose to attack our system.
Phase 5: if we determine his identity is malicious, and caused a very serious impact on our system, we should not know this person is what position, his personal information (virtual identity and identity) we are not to understand, we are not to engage him should use legal means, etc..
In fact, the attack source, is actually a part of the internal security operations data driven, requires a lot of data support and analysis to find the attacker, and enterprise we see most of the data is nothing more than a log, so the log analysis and network threat information extraction is a very important part of.
For safe operation, I personally think that the inevitable attackers will produce all the operation log, safety equipment for internal network or non safety equipment or there are more or less sure of the log.
There are four kinds of log in the enterprise, such as the security device log, the non secure device log, the sensor log and the external data.
There are so many three routines for tracking:
IP- > domain name – Whois information – social networking information –
IP- > VPN- > IP-
IP-
Safety equipment: the log log can be a source of hardware can also be the first software, hardware, hardware firewall log into IDS\/WAF or SIEM etc. in the log log software, including anti-virus software, security Agent, access system software system log. These logs are generally carried out when the attacker will be passive trigger, so that you can retrieve a lot of attack information, such as the use of IP, port, tool fingerprints, etc..
Non safety equipment such as routers, switches, log: gateway, gateway hardware and operating system, application software, server software and other software log log, the log can be analyzed for attackers to penetrate pure play or want to control the machine through the machine as a springboard to penetrate further, or just the Security Department of the resulting log.
The sensor logs: inside enterprise will usually deploy honeypot system, flow sensor, can attack early warning and anti lateral penetration effect of these devices on the one hand, but there also exist some of the attacker’s behavior, such as the SSH honeypot will save the attacker in the machine’s operation, flow sensor data packets DPI analysis of these data in convenient traffic, certainly some remnants of useful information can help us to determine the behavior of the attacker, skill points can even further judgment of the attacker, is small or large black wide script.
Some of the commonly used external log service log, such as e-mail, DNS and other daily service log, the log can help us determine whether an attacker is a APT attack, or whether it is to grow Botnet. Can also determine the motives of attackers.
With the log, then we can talk about the motives of the attackers to determine, the attacker wants to invade a system will carry out investigation of this system, such as port scanning, vulnerability means of detection, exp testing, safety routine inspection which is easy and security log conflict, most companies have to scan on the white list in the cluster. This is similar to the log will trigger the alarm, we can further analyze these logs extracted some of the attacker’s behavior, motivation and so on, and his purpose and his skills, we can preliminary judgment.
Through the analysis of the above log, we can basically determine what way the attacker is in, what attack to get the machine there is no executive authority, what sensitive operation, if there is further penetration of the trend is not to mention the right type of operation and so on, so that we have a general for the attacker understand.
Next we will need the help of external threat intelligence force to obtain the identity of the attacker, I personally love the domestic and foreign online micro PassiveTotal two platform, especially the latter, the data is all but a very wide coverage. Of course, not bad money you can choose to buy threat intelligence services, more professional.
Brief Threat Intelligence can help us to do what, according to the above obtained Threat Intelligence is actually broken complete portrait of the attacker, the attacker can obtain the general threat intelligence which commonly used IP, IP these are what, what to have social information, social information and what relevance. An inappropriate example is that you know a person’s identity card number, and then the police use the ID number to check how much money the person has, the number of assets, etc.. So you can get a more complete picture of the attacker.
Here we know the information, you can choose how to solve, or office bomb JJ10 minutes is a solution, there is niusong to the police Milo solution, but need to remind you that the law enforcement and criminal law enforcement tools, don’t know (escape.
When it comes to more than you would think I pianti, your baby is not telling the eye, how to pull a lot of safe operation of the matter, what does this have to do with the eye in the sky. So the next thing and there is a relationship between the eye in the sky:
In the movie, the family just need to enter a name can go to find this person, determine his position, and then come to the warm drink hot tea. But in reality, you know, so now we are from other places:
Part 1: looks, here is nothing more than a face recognition technology, there is nothing to say (in fact, I do not understand)
Part 2: ID number, this is important, ID number for the masses, the opportunity is 0, many enterprises no matter what you love to play the real name system, especially some small financial company and P2P company, always love to ask you all right ID number. In view of the problem of information disclosure in our country is still very serious, so we can not guarantee that people do not have our identity card number. We have the identity card number can do: first to create a fake ID card, and then use this ID card (photos or scanned) to do something that does not require physical identity card, such as you know. So we can hijack some of this man’s account and do what you should know now.
Part 3: cell phone number, in general, we use the phone number of communication, mobile phone number is more common, and identity card number, many companies are moving with you. Mobile phone number out is a awful thing, harassing phone messages do not say, because now a lot of mobile phone number and service is bound, also is to use mobile phone number you can log related business, then leaked mobile phone number will be linked to the corresponding identity, for the most simple for example: mobile phone number is bound to the QQ number, and QQ number can query the group relation, then come up with a lot of information through the group, you know the consequences
Part 4:QQ number, in fact, it has been said, the QQ number is equivalent to a virtual version of the ID number, a lot of things are related to QQ, such as iCloud account, game account, and even some of the credit card bill what binding mailbox is QQ. QQ number can check things too much, the above is an example.
Part 5: e-mail, this seems to be at home with a relatively small, but the electronic mailbox inside the enterprise is the focus of discussion, the internal e-mail is a lot of love where the attacker, because you can get some information within the enterprise as a breakthrough. At that time in the first party to do the safe operation of the time to receive a variety of forwarding at the same time the phishing e-mail, is used to cheat Exchange mailbox account, which poses a serious threat to the internal security.
There is a web site can be found in a mailbox \/ phone number registered website…..
So, based on the eye, is actually behind the data do support, data is leaked data, collected folk source of data or the database leaked SQL document, of course, do not rule out that some evil black production play Infernal Affairs, here I will talk about the sentence xxx.
In fact, the fast and the furious 8 inside hacking technology now appears to be fully realized, but the implementation costs are high and low, but to engage in offensive and defensive words, must stand up to consider the attack cost angle, no absolute security, so you also don’t need to worry about these things, more and more interaction between security research hospital and manufacturers but also from the side that now we emphasis on safety, as the safety of workers, we are very willing to help manufacturers to ensure the safety of this part. Said so much, this article only as a science, for details please reply or send private messages.
After reading this harvest? Please share with more people
Selection of AXA Xuecheng, employment is not a problem

四川抢占信息安全产业高地

Shenzhen AXA Group is a set of software development, information technology, enterprise security personnel training, pre job training IT talents for the integration of high-tech enterprises. The company focuses on the IT industry, software development, software outsourcing, technology transfer, Internet product hardware, information security and many other core business.
Micro signal: AXA Science City

使用真名的时候,人们的行为规矩得多……如果大家必须使用真实身份,而且还能够被安全部门追踪到,言论自由就会受损。

猜您喜欢

大石街五举措强化校园及周边综合整治
闲话安全意识培训的价值
海外安全培训课件课程,让企业外派人员轻松适应海外环境,正确应对恐怖袭击:
北京三里屯“脏街”综合整治拆墙打洞
BECOMINGJIHYE CROWNCRANCH
防泄密在线课程