首頁

2014年3月7日 星期五

*續--"上編28日的衛道''黑客者''精神--看看貪婪及邪惡的''比特幣''在哪個'支付宝'和'淘宝'將它成為一種交易貨幣後的结果!!!誰才是''黑客者''來擾亂市場上規模經濟的定案!?再來述[以往曾解柝過的]説HTML5的新一代-->被病毒不知不覺中侵入,--然後且看小型網站被病毒入侵現實狀...詳見內文...."-USA(en)-Continued - compiled on the 28th Wei Road'' by'' hacker spirit - look greedy and evil'' in which'' bitcoins 'Paypal' and 'Taobao' Will it be the result of a transaction currency after!! ! who is'' hacker'' to disrupt the market by the economies of scale come finalized state [solution Watchman had previously had] said HTML5 is the next generation -!?> invaded by the virus unknowingly, - then Let us look at the reality of small sites are viruses like ... see inside text .... "!!

**續--"上編28日的衛道''黑客者''精神--看看貪婪及邪惡的''比特幣''--
--在哪個'支付宝'和'淘宝'將它成為一種交易貨幣後的结果!!! 
?!誰才是''黑客者''來擾亂市場上規模經濟的定案!?--
-->再來述[以往曾解柝過的]説HTML5的新一代-->被病毒不知不覺中侵入,  
--然後且看小型網站被病毒入侵現實狀...詳見內文...."   
-USA(en)-Continued - compiled on the 28th Wei Road'' by'' hacker spirit -  
 look greedy and evil'' in which'' bitcoins 'Paypal' and 'Taobao'    
Will it be the result of a transaction currency after!!    
! who is'' hacker'' to disrupt the market by the economies of scale come finalized state [solution Watchman had previously had] said HTML5 is the next generation -!?> invaded by the virus unknowingly,   
- then Let us look at the reality of small sites are viruses like ....
. see inside text .... "!!*

*"淘宝和支付宝"-確認被--->
爆存漏洞 <---黑客可登任意账号操作"!!
2014-02-18 13:30 x0sec FreebuF
 (某不方便透露姓名的黑客者)
根據知名漏洞報告平台烏云網公佈的消息,
淘寶安全認證機制存在漏洞,
黑客可以簡單利用該漏洞登錄---
---他人淘寶/支付寶賬號進行操作——>任​​何人無需密碼,
只需通過搜索引擎、
便可直接獲取其他用戶的隱私
-(賬戶餘額、交易記錄、
收貨地址、姓名手機號碼等敏感信息),
目前不清楚是否影響餘額寶等業務。
[不貪婪.不壞心眼的人-->
便不會跟這個''比特幣"作交易=
=漠視擾亂真實貨幣兌換市場的規則,
也或許有什么樣的狡詐的人在進行''換洗黑暗金錢"么!!?
否則怎會對政府/全世界所否定的''比特幣"不成立,
而妄顧之卻高調地表示你們的接立使用,
這様是否稱作反行其正道??!
"因此,"正義之人"--現身,
給你們貪婪及邪惡的行為一個警告!!!
''正義與邪惡''徒然使現實中的人慾償之結果嘛?!!]   







*(en)*"Taobao and Alipay" - confirmed by ---> 
Critical vulnerabilities exist <--- hackers can board any account operation "!! 
2014-02-18 13:30 x0sec FreebuF 
 (A hacker to disclose the names of persons) 
According to well-known loophole reporting platform cloud network announced the news, 
Taobao loopholes security authentication mechanism, 
Hackers can easily exploit the vulnerability Login --- 
--- Others Taobao / Alipay account to operate -> anyone without a password, 
Simply by search engines, 
Can directly access to other users' privacy 
- (Account balances, transaction records, 
Shipping address, name, phone number and other sensitive information) 
It is unclear whether the impact on the balance of treasure and other services. 
[Not greedy people who do not splenetic -> 
This will not work with'' Bitcoin "transaction = 
= Ignore disrupt real currency exchange market rules 
Perhaps what kind of cunning people making money'' dark wash, "What!!? 
Otherwise, how could the government / the world are denied the'' Bitcoin "is not true, 
Erwang Gu said you was high-profile use of the access legislation, 
This is known as the anti-line specifications of its right way??! 
"Therefore," justice of the people "- coming out, 
Give you a greedy and evil act a warning!!! 
'''' Vain and evil so that the results of the reality of human desire subordinated Well?!!] *   
* 
*--同樣出自烏云網的另一個漏洞報導稱,
淘寶認證缺陷導致可登錄--
--任意淘寶賬戶及支付寶。
烏云網報導稱該漏洞類型為--
--“設計缺陷、邏輯錯誤”,
並將危害等級標為“高”。
目前,該漏洞還在等待廠商進行處理。‍‍[冷哼一聲]!!*   





























*(en)*-Another loophole same from cloud network reported that 
Taobao Certification defects can be registered - 
- Arbitrary Taobao and Alipay account. 
Clouds Network reported that the vulnerability type - 
- "Design flaws, logic errors" 
And hazard class labeled "high." 
Currently, the vulnerability still waiting for vendors for processing. [Lengheng soon] *  

 




























*有網友甚至已經利用該漏洞--

--登陸了幾個淘寶賬戶並截圖證明~   
*Some netizens have even exploited - 
- Landed a few shots Taobao account and prove ~    

*目目 前,淘寶和支付寶正在對此漏洞進行排查。
如果你發現支付寶賬戶金額丟失,
可通過撥打客服熱線95188轉1進行諮詢,
轉2進行賬戶凍結。
如果得到來自阿里巴巴的進一步反饋,
我們會及時對此事件進行更新報導。

更新:收到阿里巴巴的反饋稱,
經過排查,
確認這是近期一個新業務規則--
--引起的短時漏洞目前,
他們已經完成了修復,
並確認沒有用户因為此漏洞引發資金風險及損失.
*[還要強詞説没有用户損失.金錢=要想再被''黑客者''--
--時常光顧才懂哭出來的鬼喔!!]
*Currently, Taobao and Alipay investigation is being carried out this vulnerability. 
If you find that the amount of lost PayPal account, 
Available for consultation by calling a customer service hotline 95188 rpm, 
Turn 2 is the account frozen. 
If you get further feedback from Alibaba, 
We will promptly update this incident reports. 

Updated: Alibaba received feedback that 
After investigation, 
Confirmed that this is a recent new business rules - 
- Due to loopholes in the current short-term, 
They have completed the repair, 
And confirm that no user because this vulnerability caused liquidity  
risk and loss. 
* [Even stronger word that there is no loss of customers.'' Money = To no longer be frequented by hackers who can understand'' ghost cry out Oh!!] 
----------------------------------------------------------------------------------------

**再來談--'新一代HTML5-- 從新功能談網站安全''

[原文網址: 新一代HTML5 從新功能談網站安全評估,Information Security 資安人科技網 http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=6874#ixzz2vK2fhL00]
HTML5為HTML下一個主要的修訂版本,
為了能夠更容易在網頁裡針對多媒體、
圖片等內容作處理,它添加了許多語法特徵。
也增加一些新元素跟屬性,
以便於更易於被搜尋引擎的索引整理、
視障人士使用和方便小螢幕的裝置。 

仍應關注舊問題、新威脅--
HTML5的發展越來越成熟,
逐漸取代傳統的Flash互動方式,
如果可以充分運用HTML5,
具有種種好處,
包括如離線功能、即時通訊、
檔案以及硬體支援、
語意化、多媒體等。
舉例來說,使用Gmail的時候,
可以把檔案拖拉到網頁裡作為附件,
這便是部分的HTML5的應用了。

HTML 5是新一代的內容規範,
其涵蓋網頁(Web)、
行動平台與電子書,
預期將成為接下來幾年的內容規格主流。
與一般印象不同的是,
HTML5不僅僅有前一版HTML4的內容規格,
尚且新增許多新的功能,
包含內容面的繪圖、影音;
儲存面的Storage功能、
通訊面的Web Socket與--
--系統多工的Web Worker、
操作面上的拖拉(Drag and Drop)與--
--語音輸入功能等(如上圖),
可以說是有劃時代的改良,
集大成於一身,
對於系統建構規劃與實作人員而言--
--是個不可忽視的新趨勢,
但新科技總會帶來新的威脅,
這句話用於HTML5是再恰當不過了! 

我們大致上可以將HTML5中的安全威脅分為三大類--
1. 原有安全問題於HTML5中出現:
如最常見的跨站腳本攻擊(XSS)與--
--資料隱碼攻擊(SQL Injection)
依舊會在HTML5的時代中繼續出現。 

2. 因HTML5新功能所衍生之新問題:
以HTML5所提供的新功能來實作完成威脅手法。
例如,以LocalStorage存放XSS攻擊程式--
--與shell code、HTML5為基礎的--
--殭屍網路(Botnet)
-- 透過Web socket API功能--
--達成C&C(Command & Control)--
--以及資料傳輸等;
利用HTML5 達到內部網路掃描,
一般而言,駭客要進入到內部網路--
--除了透過郵件攻擊方式外,
多半需要耗費不少功夫,
而透過HTML5就可以透過--
--使用者瀏覽網頁時就發動對內部網路的掃描。
此外,HTML5還可以在用戶授權下--
--取得GPS位置資料,
用戶隱私更容易暴露風險之中。 

3. 因新平台所衍生之新問題:
因為HTML5同時為許多新平台、
新瀏覽器(browser)的內容規格,
因此許多原先的平台與瀏覽器--
--便需要更新其版本與功能。
新平台的推出表示有更多的機會產生弱點,
尤其是要處理HTML5這樣功能豐富、
內容變異性高的內容規格,
可以預期在新平台與--
--新瀏覽器將有新一代的安全問題產生 .*  










** Then talk about - 'a new generation of HTML5 - new features to talk about site security'' 

Original URL: HTML5 new features to talk about a new generation of site security assessment, Information Security Technology Net capital Dorians http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=6874 # ixzz2vK2fhL00 
HTML5 is the next major revision of HTML one, 
To be able to more easily for multimedia on the page, the 
Images and other content for treatment, it adds a lot of grammatical features. 
Also add some new elements with attributes 
In order to be indexed in the search engines sorting easier, 
Easy to use and visually impaired small screen devices. 

Should still be concerned about old problems, new threats - 
HTML5 is becoming more and more mature, 
Gradually replacing the traditional interactive Flash, 
If you can make full use of HTML5, 
Has many benefits, 
Including features such as offline, instant messaging, 
Files and hardware support, 
Semantic, multimedia and so on. 
For example, when using Gmail, 
You can drag and drop the file as an attachment to a page where, 
This application is part of the HTML5. 

HTML 5 is the next generation of content specification, 
It covers Web (Web), 
Mobile platform and e-books, 
Expected to become mainstream in the next few years the content specifications. 
And the general impression is different, 
Not only have the previous version of HTML5 content HTML4 specifications, 
Yet it adds many new features, 
Contains the contents of surface graphics, audio and video; 
Storage Storage feature surface, 
Web Socket Communications surface and - 
- System multitasking Web Worker, 
Operating surface drag (Drag and Drop) and - 
- Voice input function (as shown above), 
Can be said that there is an epoch-making improvements, 
A master in one, 
Construction of the system in terms of planning and implementation staff - 
- Is a new trend can not be ignored, 
But new technology always brings new threats 
This sentence is more appropriate for the HTML5! 

Generally speaking, we can HTML5 security threats into three categories - 
1 original security issues appear in HTML5: 
As the most common cross-site scripting attacks (XSS) and - 
- Injection attacks (SQL Injection) 
Will still continue to appear in the HTML5 era. 

2 new problems arising due to the new features of HTML5: 
HTML5 provides a new functionality to implement complete the threat practices. 
For example, LocalStorage stored XSS exploits - 
- With shell code, HTML5-based - 
- Botnets (Botnet) 
- Through Web socket API function - 
- Reach C & C (Command & Control) - 
- As well as data transmission, etc.; 
Use HTML5 to reach the internal network scanning, 
In general, the hackers to enter into the internal network - 
- In addition to outside attacks through the mail, 
Probably need to spend a lot of effort, 
And through HTML5 can through - 
- Users browse the web on the internal network to launch a scan. 
In addition, HTML5 can be in the user authorization - 
- Get GPS location information, 
More likely to be exposed to user privacy at risk. 

3 new problems arising as a result of the new platform: 
Because while many of the new HTML5 platform 
New browser (browser) content specifications, 
So many platforms and browsers original - 
- They need to update their version and functionality. 
The launch of the new platform have more opportunities to produce weakness, 
HTML5 in particular, to deal with this feature-rich, 
Content content specification high variability, 
In the new platform can be expected - 
- The new browser will have a new generation of security problems.     *








*HTML5的網站、原始碼安全未臻成熟--[??]
值得注意的是,
目前針對網站安全、
原始碼安全的方案--
--鮮少針對HTML5的新功能有相對應的--
--測試與驗證項目,
若您的網站已經採用HTML5的內容格式,
或者您經常使用的網站已經升級到HTML5,
很有可能在安全功能的測試上還沒有充分的保證,
這也將是在資安工具應用上可能的發展方向之一。
這樣的威脅手法可以被運用--
--於遠端攻擊web伺服器、
資訊蒐集、
建立遠端的控制命令模式(remote shell)、
造成機敏資訊的暴露、
網頁式的殭屍網路(botnet)、
DDoS攻擊網站的新方法等。

*HTML5 website, source security not matured -{?? @}
It is noteworthy that, 
Currently for site security, 
Source security solutions - 
- Rarely for the new features of HTML5 have a corresponding - 
- Testing and validation projects 
If your site has content using HTML5 format, 
Or you frequently use the site has been upgraded to HTML5, 
Is likely to test the safety features on yet fully guaranteed, 
This will also be one of the possible applications of information  
security tools development. 
Such techniques can be utilized threat - 
- On a remote web server attacks, 
Information gathering, 
Create a remote control command mode (remote shell), 
Resulting exposure alert information, 
Web-based zombie network (botnet), 
A new method of DDoS attacks and other sites. *
-------------------------------------------------

**病毒--->也玩手機--->中毒變“肉雞”!!
在智能手機更新換代的今天,
手機病毒也已經悄然進入到了人們的信息生活!!
** Virus ---> also play phone ---> poisoning becomes "chicken"!! 
In today's smartphone replacement, 
Mobile phone virus has quietly entered the information into people's lives. !!  













*你可別小看了手機病毒,
它會悄悄潛伏,偷偷轉移你的話費,
還可能竊取你的個人隱私,
如果一不留神,
你日常使用的手機還有可能變成“肉雞”。

病毒有硬也有軟--
近日,李女士外出旅遊,
可當5天后她回到家時卻大吃一驚:
她的手機話費竟然欠費多達400元。
李女士到營業廳查詢自己的話費清單發現:
自己的手機與某個不認識的號碼每分鐘--->
--->有近20條短信來往!可是,
手機上並沒有顯示收發的短信。
經過向專業人士諮詢,
李女士才得知手機是因為中了木馬病毒,
導致手機自動收發短信,
因此產生高額話費。

1月20日,記者就此問題諮詢--
--了虹橋電信天翼大世界手機售後服務中心張經理。
他告訴記者,手機病毒有硬病毒也有軟病毒。
一般來說,硬病毒是指一些手機出廠時就有的,
其原理就是通過手機內部的軟件“消費”、盜取信息。
而軟病毒即惡意病毒軟件,
就像電腦病毒一樣,
是一種會損害用戶利益的軟件,
有些會讓你的手機自動大量發送彩信從而產生高額話費。
像“手機骷髏”就是目前比較常見的軟病毒,
中毒後,手機會自動給通訊錄裡的號碼發送短信。

還有一種手機病毒則更可怕,
它們會把用戶的信息,
包括短信、通話記錄,甚至手機位置,
都上傳給不法分子,
或者上傳到特定的網站,
如果用戶在短信中涉及到銀行賬號等個人隱私,
那後果就會很嚴重。
張先生稱:"“總之,你的手機一旦中毒就有可能成為'肉雞'。
如果手機病毒​​大規模爆發,
整個​​手機上網速度也會慢下來。”

智能手機易中毒--
那究竟什麼樣的手機容易中毒呢?
三星售後服務公司的李先生說:
'“手機病毒通常感染的都是智能手機。'
因為,手機病毒和電腦病毒一樣需要通過系統傳播,
因為智能手機上網較多,
更易被感染病毒。
但這和智能手機安裝的系統無關,
任何系統都有被感染的可能。”'

“通過手機外觀是無法判斷手機中沒中毒的,
對於個人來說,
主要的還是經常查詢通話、短信流量,
看是否有異常。”張經理說。

相關鏈接--
#-->三招有效預防手機變“肉雞”--
1).用戶手機在收到不明來歷的短信、
彩信、圖片、網址鏈接,
千萬不要輕易打開。
2).不要將手機,
特別是智能機隨便藉給別人使用,
防止被裝惡意軟件。
如遇手機維修,
最好把SIM卡拔出來。
另外,藍牙等功能,不用時最好關掉。

3).可以給智能手機安裝防病毒軟件,
並定期進行升級。
但需要提醒大家的是,
防病毒軟件相對於最新病毒來說,
會有滯後期,
所以不能完全依賴它防止所有病毒的入侵,
還是要經常查看手機流量等使用情況是否有異常。

*You can not underestimate the mobile phone virus, 
It will quietly lurking secretly transfer your calls, 
May also steal your personal privacy, 
If an inattentive, 
Daily use of the phone you may also become a "chicken." 

There are also hard-virus software - 
Recently, Lee travel, 
But when she got home after 5 days Shique surprise: 
Her phone bill actually owe as much as $ 400. 
Ms. Lee to the operating room to check their list of calls that: 
Own a mobile phone and do not know the number per minute ---> 
---> There are nearly 20 text messages between! However, 
Do not show the phone to send and receive text messages. 
After a consultation to professionals, 
Lee learned that the phone is because the Trojan virus, 
Cause the phone to automatically send and receive text messages, 
Resulting high charges. 

January 20, this reporter Advisory - 
- Hongqiao World Telecom Tianyi Zhang phone service center. 
He told reporters that mobile phone viruses are also hard-virus software virus. 
In general, hard-virus refers to the number of mobile phone factory there, 
The principle is through the phone's internal software "consumption", to steal information. 
The soft-virus software that is malicious viruses, 
Like computer viruses, 
Is a software that will damage the interests of users, 
Some will make your phone automatically send MMS to generate a large number of high charges. 
Like "phone Skull" is now more common soft virus, 
After the poisoning, the phone will automatically be sent to the address book in the number of text messages. 

There is also a mobile phone virus is even more terrible, 
They turn the user's information, 
Including text messages, call logs, and even cell phone location 
Are uploaded to the criminals, 
Or upload to a specific website, 
If a user comes to bank accounts and other personal privacy in the message, 
Then the consequences will be very serious. 
Zhang said: "" In short, once your phone is likely to become poisoned 'broilers'. 
If the phone is a major outbreak of the virus, 
Entire mobile Internet speed will slow down. " 

Smartphone Easy poisoning - 
What kind of phone that easily poisoned it? 
Lee said Samsung's service: 
'"Mobile phone virus infections are usually smart phone.' 
Because mobile phone viruses and computer viruses spread through the system, 
Because the smart mobile Internet more, 
More susceptible to infection. 
But smart phones and installed system-independent, 
Any system may have been infected. "' 

"With the appearance of the phone is unable to determine the phone did not poisoning 
For individuals, 
The main thing is often a query calls, SMS traffic, 
See if there are abnormalities. "Zhang said. 

Related links - 
# -> Three strategies to effectively prevent the phone becomes "chicken" - 
1) The user receives phone messages from unknown sources, 
MMS, pictures, URL links, 
Do not be easily opened. 
2) Do not phone, 
In particular, the use of intelligent machines just to lend, 
Prevent malicious software being installed. 
In case of mobile phone repair, 
Best to pull out the SIM card. 
In addition, Bluetooth and other functions, is not the best time to switch off. 

3) can be to install anti-virus software, smart phones, 
And regularly upgraded. 
But the need to remind everyone that, 
Anti-virus software with respect to the latest viruses, the 
Will lag, 
So you can not completely rely on it to prevent any virus invasion, 
Or should always check whether the use of mobile phones flow abnormalities. 

-------------------------------------------------- ---------------------------   

*"一個小型網站"的電腦病毒求解版塊[於香港地區]---
>實例描述----->詳見連結點----->
該論壇太差了,哪個版主跟電腦''中毒者''説
只是廣告病毒---??!!我們為之側目(感覺好笑!)
不懂便是不懂...呵呵~而且他哪兒的人們=
=只會''靠着面子要緊第一喔!!=上天的神來報應了!!
各位專家們請按一下連結點吧 =
  http://computer.uwants.com/forumdisplay.php?fid=1091      

--是否看見很多有顏色的求解毒者的帖子..!
可惜是哪兒的人囂張自大@,[不可救也!佛祖家也閉目休息了~]
各位有否感覺到"它的''html在緩慢地移動??
已經被植入''非常病毒碼"喔!
專家定必知道是什么=不能說的秘密喔!~哈哈..*     
*"A small site" computer virus solving forum [in Hong Kong] --- 
> Instance description -----> See links point -----> 
The forum is bad, what with the computer'' moderators'' said poisoning 
Just ad virus ---??!! Our look askance (feel funny!) 
Do not know do not know ... Oh ~ And that is where his people = 
='' Will bear against the face of the first Oh!! = God's retribution of God!! 
Experts you click the link point of it = 
  http://computer.uwants.com/forumdisplay.php?fid=1091   

--Are there a lot of color to see who's seeking detoxification posts ..! 
Unfortunately, where the person is arrogant arrogant @,   
[can not save it! Buddha family also turn a blind eye to rest ...] 
Whether you have felt "it'' html slowly moving in?? 
'' Very virus has been implanted, "Oh! 
Experts will certainly know what = Secret Oh! ~ Haha .....*

*續--"上編28日的衛道''黑客者''精神--看看貪婪及邪惡的''比特幣''--
--在哪個'支付宝'和'淘宝'將它成為一種交易貨幣後的结果!!!   
誰才是''黑客者''來擾亂市場上規模經濟的定案!?--
再來述[以往曾解柝過的]説HTML5的新一代-->被病毒不知不覺中侵入,-  
-然後且看小型網站被病毒入侵現實狀...詳見內文....   
"-USA(en)-Continued - compiled on the 28th Wei Road'' by'' hacker spirit - look greedy and evil'' in which'' bitcoins 'Paypal' and 'Taobao' Will it be the result of a transaction currency after!! ! who is'' hacker'' to disrupt the market by the economies of scale come finalized state--
-- [solution Watchman had previously had] said HTML5--
-- is the next generation -!?> invaded by the virus unknowingly,   
- then Let us look at the reality of small sites are viruses like ...
.. see inside text .... "!!*===THE   END===Melody.Blog~===>/

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&


沒有留言:

張貼留言


if you like make fds, wellcome you here~~anytime***

my free place for everyones who want the good software,

come & download them~ wellcome!!