Thawj: cov poj niam thiab cov txiv neej, cov lus no yog funny heev thiab nthuav heev, hnub no peb yuav los tham txog tej yam tiag tiag uas tau pom nyob rau hauv Internet. Qhov kev sib tham no txawv me ntsis ntawm cov uas peb tau siv los ntawm Black Hat cov rooj sib tham vim peb yuav tham txog yuav ua li cas cov neeg tawm tsam tau nyiaj los ntawm lawv qhov kev tawm tsam.
Peb mam li qhia koj qee qhov kev tawm tsam uas tuaj yeem ua rau muaj txiaj ntsig, thiab qhia koj txog kev tawm tsam uas tau tshwm sim hmo ntuj uas peb tau hla Jägermeister thiab tawm tswv yim. Nws yog kev lom zem, tab sis thaum peb sobered me ntsis, peb tham nrog cov neeg SEO thiab tau kawm tias ntau tus neeg tau txais nyiaj los ntawm cov kev tawm tsam no.
Kuv tsuas yog ib tug thawj coj hauv nruab nrab uas tsis muaj hlwb, yog li ntawd kuv mam li tso kuv lub rooj thiab qhia koj rau Jeremy thiab Trey, uas ntse dua kuv. Kuv yuav tsum muaj cov lus qhia ntse thiab lom zem, tab sis kuv tsis ua, yog li kuv mam li qhia cov slides no.
Cov slides uas qhia Jeremy Grossman thiab Trey Ford tau pom ntawm qhov screen.
Jeremy Grossman yog tus tsim thiab tus thawj coj thev naus laus zis ntawm WhiteHat Security, npe hu ua ib qho ntawm 2007 CTOs saum toj kawg nkaus los ntawm InfoWorld hauv 25, co-founder ntawm Web Application Security Consortium, thiab tus kws sau ntawv ntawm cross-site scripting attacks.
Trey Ford yog Tus Thawj Coj ntawm Kev Tsim Kho Vaj Tse ntawm WhiteHat Security, uas muaj 6 xyoo ntawm kev paub dhau los ua tus kws pab tswv yim kev nyab xeeb rau Fortune 500 tuam txhab thiab yog ib tus neeg tsim khoom ntawm PCI DSS them nyiaj daim npav cov ntaub ntawv kev ruaj ntseg tus qauv.
Kuv xav tias cov duab no ua rau kuv tsis muaj kev lom zem. Txawm li cas los xij, kuv vam tias koj yuav txaus siab rau lawv qhov kev nthuav qhia thiab tom qab ntawd nkag siab tias cov kev tawm tsam no siv li cas hauv Internet kom tau nyiaj.
Jeremy Grossman: Nyob zoo tav su, ua tsaug rau sawv daws tuaj. Qhov no yuav yog kev sib tham lom zem heev, txawm hais tias koj yuav tsis pom kev tawm tsam xoom hnub lossis cov thev naus laus zis tshiab. Peb tsuas yog sim ua kom lom zem thiab tham txog qhov tseeb uas tshwm sim txhua hnub uas tso cai rau cov neeg phem tau nyiaj ntau.
Peb tsis tau sim ua kom koj txaus siab rau qhov uas tau qhia hauv daim slide no, tab sis tsuas yog piav qhia peb lub tuam txhab ua dab tsi. Yog li, White Hat Sentinel, lossis "Tus Saib Xyuas Dawb Hat" yog:
- tsis txwv tus naj npawb ntawm kev ntsuam xyuas - kev tswj hwm thiab kev tswj hwm ntawm cov neeg siv khoom, muaj peev xwm luam theej duab qhov chaw tsis hais lawv qhov loj thiab qhov hloov pauv ntau npaum li cas;
- dav dav ntawm cov kev pab cuam - tso cai luam theej duab ntawm qhov chaw los xyuas cov kev tsis zoo thiab cov neeg siv kev sim los txheeb xyuas cov laj thawj yuam kev hauv thaj chaw ua lag luam tsis pom;
- tshem tawm qhov tsis zoo - peb pab neeg ua haujlwm tshuaj xyuas cov txiaj ntsig thiab muab qhov tsim nyog qhov hnyav thiab kev hem thawj;
- kev txhim kho thiab kev tswj xyuas kom zoo - WhiteHat Satellite Appliance system tso cai rau peb los ntawm kev pabcuam cov neeg siv khoom los ntawm kev nkag mus rau sab hauv network;
- kev txhim kho thiab kev txhim kho - kev soj ntsuam tiag tiag tso cai rau koj kom hloov kho qhov system sai thiab ua tau zoo.
Yog li, peb tshawb xyuas txhua qhov chaw hauv ntiaj teb, peb muaj pab pawg loj tshaj plaws ntawm lub vev xaib thov pentesters, peb ua 600-700 qhov kev ntsuam xyuas txhua lub lis piam, thiab tag nrho cov ntaub ntawv koj yuav pom hauv qhov kev nthuav qhia no los ntawm peb qhov kev ua haujlwm zoo li no. .
Ntawm tus swb tom ntej koj pom 10 hom kev tawm tsam ntau tshaj plaws ntawm cov vev xaib thoob ntiaj teb. Qhov no qhia qhov feem pua ntawm qhov tsis zoo rau qee qhov kev tawm tsam. Raws li koj tuaj yeem pom, 65% ntawm txhua qhov chaw muaj kev cuam tshuam rau kev sau ntawv hla chaw, 40% tso cai rau cov ntaub ntawv tawm, thiab 23% muaj kev cuam tshuam rau cov ntsiab lus spoofing. Ntxiv nrog rau kev sau ntawv hla qhov chaw, SQL txhaj tshuaj thiab qhov tsis txaus ntseeg hla qhov chaw thov kev zam txim, uas tsis suav nrog peb lub kaum sab saum toj, muaj ntau. Tab sis daim ntawv teev npe no muaj kev tawm tsam nrog cov npe esoteric, uas tau piav qhia siv cov lus tsis meej thiab qhov tshwj xeeb uas yog lawv tau hais tawm tsam qee lub tuam txhab.
Cov no yog authentication flaws, tso cai txheej txheem flaws, cov ntaub ntawv xau, thiab hais txog.
Cov slide tom ntej no tham txog kev tawm tsam ntawm kev lag luam logic. QA pab pawg koom nrog hauv kev lees paub zoo feem ntau tsis saib xyuas lawv. Lawv sim qhov software yuav tsum ua, tsis yog nws ua tau, thiab tom qab ntawd koj tuaj yeem pom txhua yam koj xav tau. Cov tshuab luam ntawv, tag nrho cov thawv Dawb / Dub / Grey, tag nrho cov thawv ntau xim no tsis tuaj yeem ntes cov khoom no feem ntau, vim tias lawv tsuas yog kho ntawm cov ntsiab lus ntawm qhov kev tawm tsam tuaj yeem yog dab tsi lossis zoo li cas thaum nws tshwm sim. Lawv tsis muaj kev txawj ntse thiab tsis paub tias muaj dab tsi ua haujlwm lossis tsis ua.
Tib yam mus rau IDS thiab WAF daim ntawv thov firewalls, uas tseem tsis tuaj yeem kuaj xyuas kev ua lag luam tsis zoo vim tias HTTP thov zoo li qub. Peb yuav qhia koj tias kev tawm tsam cuam tshuam txog kev lag luam logic flaws tshwm sim tag nrho, tsis muaj hackers, tsis muaj metacharacters lossis lwm yam tsis zoo, lawv zoo li cov txheej txheem tshwm sim. Qhov tseem ceeb tshaj plaws yog cov neeg phem nyiam cov khoom no vim tias qhov tsis zoo ntawm kev lag luam logic ua rau lawv tau nyiaj. Lawv siv XSS, SQL, CSRF, tab sis cov kev tawm tsam no tau dhau los ua qhov nyuaj ntxiv, thiab peb tau pom tias lawv tau txo qis hauv 3-5 xyoo dhau los. Tab sis lawv yuav tsis ploj mus los ntawm lawv tus kheej, ib yam li qhov tsis txaus yuav tsis ploj mus. Txawm li cas los xij, cov neeg phem tab tom xav txog kev siv cov kev tawm tsam ntau dua vim lawv ntseeg tias "cov neeg phem tiag tiag" yeej ib txwm nrhiav kom tau nyiaj los ntawm lawv qhov kev tawm tsam.
Kuv xav qhia koj cov lus dag tiag tiag uas koj tuaj yeem nqa ntawm lub nkoj thiab siv lawv txoj hauv kev los tiv thaiv koj txoj kev lag luam. Lwm lub hom phiaj ntawm peb qhov kev nthuav qhia yog tias koj yuav xav paub txog kev coj ncaj ncees.
Online polls thiab pov npav
Yog li, txhawm rau pib peb qhov kev sib tham ntawm qhov tsis txaus ntawm kev lag luam logic, cia peb tham txog kev tshawb fawb online. Kev xaiv tsa hauv online yog txoj hauv kev zoo tshaj plaws los nrhiav lossis cuam tshuam rau pej xeem kev xav. Peb yuav pib nrog cov txiaj ntsig ntawm $ 0 thiab tom qab ntawd saib cov txiaj ntsig ntawm 5, 6, 7 lub hlis ntawm kev dag ntxias. Cia peb pib los ntawm kev ua ib qho kev ntsuam xyuas yooj yim heev. Koj paub tias txhua lub vev xaib tshiab, txhua qhov blog, txhua qhov xov xwm portal ua kev tshawb fawb online. Uas tau hais tias, tsis muaj niche loj dhau lossis nqaim dhau, tab sis peb xav pom cov kev xav rau pej xeem hauv thaj chaw tshwj xeeb.
Kuv xav kos koj cov xim rau ib qho kev tshawb fawb hauv Austin, Texas. Vim hais tias Austin beagle yeej qhov Westminster Dog Show, Austin American Statesman txiav txim siab los ua ib qho online Austin's Best in Show poll for Central Texas a dog owners. Ntau txhiab tus tswv tau xa cov duab thiab pov npav rau lawv cov nyiam. Zoo li ntau lwm yam kev tshawb fawb, tsis muaj nqi zog dua li txoj cai bragging rau koj tus tsiaj.
Ib daim ntawv thov Web 2.0 system tau siv rau kev pov npav. Koj nyem "yog" yog tias koj nyiam tus dev thiab pom seb nws puas yog tus dev zoo tshaj plaws hauv cov tsiaj los tsis yog. Yog li koj tau pov npav rau ntau pua tus dev tso rau ntawm lub xaib raws li cov neeg sib tw rau tus yeej ntawm qhov yeeb yam.
Nrog rau txoj kev pov npav no, 3 hom kev dag tau ua tau. Thawj yog qhov kev pov npav tsis kawg, qhov twg koj pov npav rau tib tus dev ntau zaus. Nws yooj yim heev. Txoj kev thib ob yog qhov tsis zoo rau ntau qhov kev pov npav, qhov twg koj pov npav ntau zaus tawm tsam tus dev sib tw. Qhov thib peb txoj kev yog hais tias, lus nyob rau hauv lub xeem feeb ntawm kev sib tw, koj tso ib tug tshiab aub, pov npav rau nws, yog li ntawd qhov muaj peev xwm ntawm tau txais kev pov npav tsis zoo yog tsawg, thiab koj yeej los ntawm tau txais 100% zoo pov npav.
Ntxiv mus, qhov yeej tau txiav txim siab raws li qhov feem pua, thiab tsis yog los ntawm tag nrho cov neeg pov npav, uas yog, koj tsis tuaj yeem txiav txim siab tus dev twg tau txais qhov siab tshaj plaws ntawm qhov kev ntsuam xyuas zoo, tsuas yog qhov feem pua ntawm qhov zoo thiab qhov tsis zoo rau ib tus dev tshwj xeeb raug xam. . Tus dev nrog qhov zoo tshaj plaws zoo / tsis zoo tus qhab nia sib piv yeej.
Tus phooj ywg Robert "RSnake" Hansen tus phooj ywg thov kom nws pab nws Chihuahua Tiny yeej kev sib tw. Koj paub Robert, nws yog los ntawm Austin. Nws, zoo li tus super hacker, kho lub npe Burp thiab ua raws li txoj hauv kev ntawm qhov tsis kam. Nws siv cov txheej txheem dag #1, khiav nws los ntawm Burp voj ntawm ntau pua lossis txhiab tus thov, thiab qhov no coj tus dev 2000 upvotes thiab coj nws mus rau qhov chaw thib 1.
Tom qab ntawd, nws siv cov txheej txheem tsis ncaj ncees No. 2 tawm tsam Tiny tus neeg sib tw, npe hu ua Chuchu. Hauv feeb kawg ntawm kev sib tw, nws pov 450 pov npav tawm tsam Chuchu, uas ntxiv dag zog rau Tiny txoj haujlwm hauv qhov chaw thib 1 nrog kev pov npav ntau dua 2: 1, tab sis hais txog qhov feem pua ntawm cov kev tshuaj xyuas zoo thiab tsis zoo, Tiny tseem poob. Ntawm qhov swb no koj pom lub ntsej muag tshiab ntawm cybercriminal, poob siab los ntawm qhov tshwm sim no.
Yog lawm, nws yog qhov kev nthuav dav, tab sis kuv xav tias kuv tus phooj ywg tsis nyiam qhov kev ua yeeb yam no. Koj tsuas yog xav kom yeej qhov kev sib tw Chihuahua hauv Austin, tab sis muaj ib tus neeg sim nyiag koj thiab ua tib yam. Zoo, tam sim no kuv tig hu rau Trey.
Tsim cov kev thov dag thiab ua nyiaj rau nws
Trey Ford: Lub tswv yim ntawm "duab DoS" yog hais txog ntau qhov sib txawv nthuav dav thaum peb yuav daim pib hauv online. Piv txwv li, thaum tuav lub rooj tshwj xeeb ntawm lub davhlau. Qhov no tuaj yeem siv rau txhua yam ntawm daim pib, xws li kev sib tw kis las lossis kev hais kwv txhiaj.
Txhawm rau tiv thaiv kev rov ua dua ntawm cov khoom tsis tshua muaj xws li cov rooj zaum dav hlau, cov khoom siv lub cev, cov npe siv, thiab lwm yam, daim ntawv thov kaw cov khoom rau qee lub sijhawm los tiv thaiv kev tsis sib haum xeeb. Thiab ntawm no los txog qhov tsis zoo cuam tshuam nrog lub peev xwm los khaws qee yam ua ntej.
Peb txhua tus paub txog lub sijhawm ua haujlwm, peb txhua tus paub txog kev xaus qhov kev sib tham. Tab sis qhov kev tsis txaus ntseeg tshwj xeeb no tso cai rau peb xaiv lub rooj zaum ntawm lub davhlau thiab rov qab los xaiv dua yam tsis tau them dab tsi. Muaj tseeb ntau ntawm koj feem ntau mus ncig ua lag luam, tab sis rau kuv qhov no yog qhov tseem ceeb ntawm txoj haujlwm. Peb tau sim no algorithm nyob rau ntau qhov chaw: koj xaiv lub davhlau, xaiv lub rooj zaum, thiab tsuas yog thaum koj npaj txhij koj nkag mus rau koj cov ntaub ntawv them nyiaj. Ntawd yog, tom qab koj tau xaiv qhov chaw, nws tau tshwj tseg rau koj rau qee lub sijhawm - txij li ob peb feeb mus rau ob peb teev, thiab lub sijhawm no tsis muaj leej twg tuaj yeem sau qhov chaw no. Vim tias lub sijhawm tos no, koj muaj sijhawm tiag los khaws tag nrho cov rooj zaum ntawm lub dav hlau los ntawm kev rov qab mus rau lub vev xaib thiab booking cov rooj zaum koj xav tau.
Yog li, qhov kev xaiv DoS nres tshwm: cia li rov ua lub voj voog no rau txhua lub rooj zaum ntawm lub dav hlau.
Peb tau sim qhov no tsawg kawg yog ob lub dav hlau loj. Koj tuaj yeem pom qhov tsis zoo tib yam nrog rau lwm qhov booking. Nov yog lub sijhawm zoo los nce tus nqi ntawm koj daim pib rau cov neeg uas xav muag lawv. Ua li no, speculators tsuas yog yuav tsum tau sau daim pib ntxiv yam tsis muaj kev pheej hmoo ntawm kev poob nyiaj. Ua li no, koj tuaj yeem "tshuaj" e-lag luam uas muag cov khoom lag luam xav tau - video games, game consoles, iPhones, thiab lwm yam. Ntawd yog, qhov tsis zoo uas twb muaj lawm hauv online booking lossis preservation system tso cai rau tus neeg tawm tsam kom tau nyiaj los ntawm nws lossis ua rau muaj kev puas tsuaj rau cov neeg sib tw.
Captcha decryption
Jeremy Grossman: XNUMX Lab tus kiv cua tos koj rau Webtalk! Tam sim no cia peb tham txog captcha. Txhua tus paub cov duab uas cuam tshuam hauv Internet thiab siv los tawm tsam spam. Muaj peev xwm, koj tuaj yeem tau txais txiaj ntsig los ntawm captcha. Captcha yog qhov kev sim ua tiav Turing uas tso cai rau koj kom paub qhov txawv ntawm tus neeg tiag tiag los ntawm bot. Kuv nrhiav tau ntau yam nthuav thaum tshawb fawb txog kev siv captcha.
Captcha yog thawj zaug siv nyob ib ncig ntawm 2000-2001. spammers xav tshem tawm cov captcha txhawm rau sau npe rau kev pabcuam email dawb Gmail, Yahoo Mail, Windows Live Mail, MySpace, FaceBook, thiab lwm yam. thiab xa spam. Txij li thaum captcha tau siv dav heev, tag nrho kev lag luam ntawm cov kev pabcuam tau tshwm sim uas muaj kev hla dhau lub captcha ubiquitous. Thaum kawg, qhov no coj cov txiaj ntsig - piv txwv yuav xa spam. Muaj 3 txoj hauv kev los hla lub captcha, cia peb saib lawv.
Thawj qhov yog qhov tsis zoo ntawm kev siv lub tswv yim, lossis qhov tsis txaus ntawm kev siv captcha.
Yog li, cov lus teb rau cov lus nug muaj tsawg heev entropy, xws li "sau dab tsi 4 + 1 yog sib npaug." Cov lus nug tib yam yuav rov hais dua ntau zaus, thiab ntau cov lus teb tau tsawg heev.
Kev ua tau zoo ntawm captcha raug kuaj xyuas hauv txoj kev no:
- qhov kev xeem yuav tsum tau ua nyob rau hauv tej yam kev mob uas tus neeg thiab tus neeg rau zaub mov nyob deb ntawm ib leeg,
qhov kev xeem yuav tsum tsis txhob nyuaj rau tus kheej; - cov lus nug yuav tsum yog li ntawd tus neeg tuaj yeem teb nws li ob peb feeb,
Tsuas yog tus uas nug cov lus nug yuav tsum teb; - teb cov lus nug yuav tsum nyuaj rau lub computer;
- kev paub txog cov lus nug yav dhau los, cov lus teb lossis lawv cov kev sib xyaw ua ke yuav tsum tsis txhob cuam tshuam qhov kev kwv yees ntawm qhov kev xeem tom ntej;
- qhov kev xeem yuav tsum tsis txhob muaj kev ntxub ntxaug rau cov neeg uas muaj qhov muag tsis pom lossis hnov lus;
- qhov kev xeem yuav tsum tsis txhob yog thaj chaw, kab lis kev cai lossis kev coj noj coj ua.
Raws li nws hloov tawm, tsim kom muaj qhov "tsim" captcha yog qhov nyuaj heev.
Qhov thib ob qhov tsis zoo ntawm captcha yog qhov ua tau ntawm kev siv OCR kho qhov muag cim cim. Ib daim code muaj peev xwm nyeem tau cov duab captcha txawm tias nws muaj suab nrov npaum li cas, pom cov ntawv lossis cov lej ua rau nws, thiab ua kom cov txheej txheem lees paub. Kev tshawb fawb tau pom tias feem ntau captchas tuaj yeem tawg tau yooj yim.
Kuv yuav muab nqe lus los ntawm cov kws tshaj lij los ntawm Lub Tsev Kawm Ntawv ntawm Computer Science ntawm University of Newcastle, UK. Lawv tham txog qhov yooj yim ntawm kev tawg ntawm Microsoft captcha: "Peb qhov kev tawm tsam tuaj yeem ua tiav qhov kev ua tiav ntawm 92%, uas txhais tau hais tias MSN captcha lub tswv yim tuaj yeem tawg hauv 60% ntawm cov xwm txheej los ntawm kev faib cov duab thiab tom qab ntawd lees paub nws. ” Cracking Yahoo's captcha yog ib qho yooj yim: "Peb qhov kev tawm tsam thib ob tau ua tiav qhov kev ua tiav ntawm 33,4%. Yog li, txog 25,9% ntawm captchas tuaj yeem tawg. Peb cov kev tshawb fawb qhia tias spammers yuav tsum tsis txhob siv cov neeg ua haujlwm pheej yig los hla Yahoo's captcha, tab sis cia siab rau tus nqi qis automated nres. "
Qhov thib peb txoj kev ntawm bypassing captcha yog hu ua "Mechanical Turk", los yog "Turk". Peb tau sim nws tawm tsam Yahoo lub captcha tam sim ntawd tom qab tshaj tawm, thiab rau hnub no peb tsis paub, thiab tsis muaj leej twg paub, yuav tiv thaiv li cas los ntawm kev tawm tsam.
Qhov no yog rooj plaub uas koj muaj ib tug neeg phem uas yuav khiav qhov chaw "neeg laus" lossis kev ua si hauv online los ntawm qhov chaw uas cov neeg siv thov qee cov ntsiab lus. Ua ntej lawv tuaj yeem pom cov duab tom ntej, lub vev xaib tus neeg nyiag nkas tus tswv yuav ua qhov kev thov rov qab mus rau qhov system online uas koj paub, hais Yahoo lossis Google, rub lub captcha los ntawm qhov ntawd thiab hla mus rau tus neeg siv. Thiab sai li sai tau thaum tus neeg siv teb cov lus nug, tus neeg nyiag nkas yuav xa tus kwv yees captcha mus rau lub hom phiaj thiab qhia tus neeg siv cov duab thov los ntawm nws qhov chaw. Yog tias koj muaj lub vev xaib nrov heev nrog ntau cov ntsiab lus nthuav dav, koj tuaj yeem npaj tag nrho cov tub rog ntawm cov neeg uas yuav cia li sau lwm tus neeg lub captchas rau koj. Qhov no yog ib qho uas muaj zog heev.
Txawm li cas los xij, tsis yog tib neeg sim hla kev captchas; cov lag luam kuj siv cov txheej txheem no. Robert "RSnake" Hansen ib zaug tham hauv nws qhov blog nrog Romanian "captcha solver" uas tau hais tias nws tuaj yeem daws tau los ntawm 300 txog 500 captchas ib teev ntawm tus nqi ntawm 9 txog 15 las ib txhiab daws captchas.
Nws hais ncaj qha tias nws pab neeg ua haujlwm 12 teev hauv ib hnub, daws txog 4800 captchas lub sijhawm no, thiab nyob ntawm seb cov captchas nyuaj npaum li cas, lawv tuaj yeem tau txais txog $ 50 ib hnub rau lawv txoj haujlwm. Qhov no yog ib qho nthuav tshaj tawm, tab sis txawm ntau nthuav yog cov lus uas cov neeg siv blog sab laug hauv qab no ncej. Cov lus tam sim ntawd tshwm sim los ntawm Nyab Laj, qhov twg qee qhov Quang Hung tau tshaj tawm txog nws pab pawg ntawm 20 tus neeg, uas tau pom zoo ua haujlwm rau $ 4 ib 1000 captchas twv.
Cov lus tom ntej yog los ntawm Bangladesh: “Nyob zoo! Vam tias koj yuav ua li cas! Peb yog ib lub tuam txhab ua lag luam los ntawm Bangladesh. Tam sim no, peb 30 tus neeg ua haujlwm muaj peev xwm daws tau ntau dua 100000 captchas ib hnub. Peb muab cov kev mob zoo heev thiab tus nqi qis - $ 2 rau 1000 kwv yees captchas los ntawm Yahoo, Hotmail, Mayspace, Gmail, Facebook, thiab lwm yam. Peb tos ntsoov rau kev koom tes ntxiv. "
Lwm cov lus nthuav tau xa los ntawm qee tus Babu: "Kuv txaus siab rau txoj haujlwm no, thov hu rau kuv hauv xov tooj."
Yog li nws yog qhov nthuav heev. Peb tuaj yeem sib cav tias qhov kev ua txhaum cai no raug cai lossis txhaum cai li cas, tab sis qhov tseeb yog tias tib neeg tau txais nyiaj los ntawm nws.
Nkag mus rau lwm tus neeg tus account
Trey Ford: Cov xwm txheej tom ntej peb yuav tham txog yog ua nyiaj los ntawm kev hla lwm tus tus account.
Txhua tus neeg tsis nco qab lo lus zais, thiab rau daim ntawv thov kev ntsuam xyuas kev nyab xeeb, rov pib dua tus password thiab kev sau npe online sawv cev rau ob qhov sib txawv, tsom mus rau kev lag luam. Muaj qhov sib txawv loj ntawm qhov yooj yim ntawm kev rov pib dua koj tus password thiab qhov yooj yim ntawm kev kos npe, yog li koj yuav tsum siv zog ua kom tus txheej txheem rov pib dua tus password kom yooj yim li sai tau. Tab sis yog tias peb sim ua kom yooj yim rau nws, ib qho teeb meem tshwm sim vim qhov yooj yim dua nws rov pib dua tus password, qhov tsis muaj kev nyab xeeb dua.
Ib qho ntawm cov teeb meem loj tshaj plaws koom nrog kev sau npe online siv Sprint tus neeg siv cov kev pabcuam pov thawj. Ob pab pawg neeg Hat Dawb siv Sprint rau kev sau npe online. Muaj ob peb yam uas koj yuav tsum tau lees paub los ua pov thawj tias koj yog koj, pib nrog qee yam yooj yim li koj tus xov tooj ntawm tes. Koj xav tau kev tso npe online rau tej yam xws li tswj koj tus account hauv txhab nyiaj, them nyiaj rau cov kev pabcuam, thiab lwm yam. Kev yuav cov xov tooj yog qhov yooj yim heev yog tias koj tuaj yeem ua los ntawm lwm tus tus account thiab tom qab ntawd ua kev yuav khoom thiab ua ntau yam ntxiv. Ib qho kev xaiv kws txuj ci dag yog hloov qhov chaw nyob them nyiaj, xaj kom xa tag nrho cov xov tooj ntawm tes rau koj qhov chaw nyob, thiab tus neeg raug tsim txom yuav raug yuam kom them rau lawv. Stalking maniacs kuj npau suav ntawm lub sijhawm no: ntxiv GPS taug qab kev ua haujlwm rau lawv cov neeg raug tsim txom cov xov tooj thiab taug qab lawv txhua qhov txav los ntawm ib lub computer.
Yog li, Sprint muab qee cov lus nug yooj yim tshaj plaws los txheeb xyuas koj tus kheej. Raws li peb paub, kev ruaj ntseg tuaj yeem ua kom ntseeg tau los ntawm ntau yam ntawm entropy, lossis los ntawm cov teeb meem tshwj xeeb. Kuv mam li nyeem koj ib feem ntawm cov txheej txheem sau npe Sprint vim tias qhov entropy tsawg heev. Piv txwv li, muaj lus nug: "Xaiv lub tsheb hom npe ntawm qhov chaw nyob hauv qab no," thiab cov kev xaiv hom yog Lotus, Honda, Lamborghini, Fiat, thiab "tsis muaj qhov saum toj no." Qhia rau kuv tias, koj cov txiv neej twg muaj ib qho ntawm cov saum toj no? Raws li koj tuaj yeem pom, qhov kev sib tw nyuaj no tsuas yog lub sijhawm zoo rau cov tub ntxhais kawm ntawv qib siab kom tau txais cov xov tooj pheej yig.
Lo lus nug thib ob: “Cov neeg twg hauv qab no nrog koj nyob lossis nyob ntawm qhov chaw nyob hauv qab no”? Nws yooj yim heev los teb cov lus nug no, txawm tias koj tsis paub tus neeg no txhua. Jerry Stifliin - lub xeem no muaj peb "ays" nyob rau hauv nws, peb yuav tau mus rau qhov ntawd nyob rau hauv ib tug thib ob - Ralph Argen, Jerome Ponicki thiab John Pace. Dab tsi yog qhov nthuav txog cov npe no yog tias cov npe tau muab yog qhov tsis sib xws, thiab lawv txhua tus raug rau tib tus qauv. Yog tias koj xam nws, ces koj yuav tsis muaj teeb meem hauv kev txheeb xyuas lub npe tiag tiag, vim tias nws txawv ntawm cov npe uas tau xaiv los ntawm qee yam yam ntxwv, qhov no peb tsab ntawv "i". Yog li, Stayfliin kom meej meej tsis yog lub npe random, thiab nws yooj yim los twv, tus neeg no yog koj lub hom phiaj. Nws yog heev, yooj yim heev.
Lo lus nug thib peb: "nyob rau hauv lub nroog twg uas koj tsis tau nyob lossis tsis tau siv lub nroog no hauv koj qhov chaw nyob?" - Longmont, North Hollywood, Genoa lossis Butte? Peb muaj peb thaj chaw muaj neeg coob nyob ib puag ncig Washington DC, yog li cov lus teb pom tseeb yog North Hollywood.
Muaj ob peb yam uas koj yuav tsum tau ceev faj nrog Sprint online sau npe. Raws li kuv tau hais ua ntej, koj tuaj yeem raug mob hnyav yog tias tus neeg tawm tsam tuaj yeem hloov chaw xa khoom rau kev yuav khoom hauv koj cov ntaub ntawv them nyiaj. Dab tsi txaus ntshai yog tias peb muaj Mobile Locator kev pabcuam.
Nrog nws, koj tuaj yeem taug qab cov kev txav ntawm koj cov neeg ua haujlwm, raws li tib neeg siv xov tooj ntawm tes thiab GPS, thiab koj tuaj yeem pom ntawm daim duab qhia chaw lawv nyob. Yog li muaj qee qhov zoo nkauj ntxim nyiam uas tshwm sim hauv cov txheej txheem no.
Raws li koj paub, thaum rov pib dua tus password, tus email chaw nyob yog qhov tseem ceeb tshaj lwm txoj hauv kev txheeb xyuas tus neeg siv thiab cov lus nug kev nyab xeeb. Cov slides tom ntej no qhia tau hais tias muaj ntau yam kev pab cuam uas qhia koj tus email chaw nyob yog tias tus neeg siv muaj teeb meem nkag mus rau hauv nws tus account.
Peb paub tias feem ntau cov neeg siv email thiab muaj email account. Dheev tib neeg xav nrhiav txoj hauv kev kom tau nyiaj los ntawm nws. Koj yuav pom tus neeg raug tsim txom tus email chaw nyob, nkag mus rau hauv daim ntawv, thiab koj yuav muaj sijhawm los rov pib dua tus password rau tus as-qhauj koj xav tswj. Tom qab ntawd koj siv nws ntawm koj lub network, thiab lub thawv ntawv ntawd dhau los ua koj lub vault golden, qhov chaw tseem ceeb uas koj tuaj yeem nyiag tag nrho cov neeg raug tsim txom lwm tus account. Koj yuav tau txais tus neeg raug tsim txom tag nrho cov npe los ntawm kev tuav ib lub mailbox xwb. Tsis txhob luag ntxhi, qhov no loj heev!
Cov slides tom ntej no qhia tias muaj pes tsawg lab tus tib neeg siv cov kev pabcuam email sib raug. Cov tib neeg nquag siv Gmail, Yahoo Mail, Hotmail, AOL Mail, tab sis koj tsis tas yuav yog tus kws tshaj lij hacker los tuav lawv cov nyiaj, koj tuaj yeem ua kom koj txhais tes huv si los ntawm kev tawm haujlwm. Koj tuaj yeem hais tias tsis muaj dab tsi ua nrog nws, koj tsis ua dab tsi li ntawd.
Yog li, qhov kev pabcuam online "Password Recovery" yog nyob rau hauv Suav teb, qhov chaw koj them nyiaj rau lawv kom hack "koj" tus account. Rau 300 yuan, uas yog hais txog $ 43, koj tuaj yeem sim rov pib dua tus lej xa ntawv txawv teb chaws nrog 85% kev ua tiav. Rau 200 yuan, lossis $ 29, koj yuav muaj 90% ua tiav hauv kev rov pib dua koj lub tsev email chaw xa ntawv tus password. Nws raug nqi ib txhiab yuan, lossis $ 143, txhawm rau hack rau hauv ib lub tuam txhab xa ntawv, tab sis kev vam meej tsis tau lees paub. Koj tseem tuaj yeem outsource password cracking cov kev pabcuam rau 163, 126, QQ, Yahoo, Sohu, Sina, TOM, Hotmail, MSN, thiab lwm yam.
Conference BLACK HAT USA. Tau txais kev nplua nuj lossis tuag: khwv nyiaj online siv txoj hauv kev Black Hat. Part 2 (txuas yuav muaj tag kis)
Ib co ads 🙂
Ua tsaug uas koj tau nyob nrog peb. Koj puas nyiam peb cov ntawv? Xav pom cov ntsiab lus nthuav ntxiv? Txhawb nqa peb los ntawm kev tso ib qho kev txiav txim lossis qhia rau cov phooj ywg, , 30% luv nqi rau cov neeg siv Habr ntawm qhov tshwj xeeb analogue ntawm nkag-theem servers, uas tau tsim los ntawm peb rau koj: (muaj nrog RAID1 thiab RAID10, mus txog 24 cores thiab mus txog 40GB DDR4).
Dell R730xd 2 zaug pheej yig dua? Tsuas yog nyob ntawm no hauv Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - los ntawm $ 99! Nyeem txog
Tau qhov twg los: www.hab.com