Learn absolutely 1: APT atttacks impossible to defend effectively making a person
APT, full name is Advanced Persistent Threat, it is the meaning of advanced durative menace. APT is the network attack that the hacker is a purpose with filch core data, this kind of behavior often passes what long-term management and plan have height to concealment quality, some APT charge are possible even conceal is as long as several, bring about company network manager not to have arrange absently when be faced with APT to atttack. With dark rat attack is exemple, it is typical APT charge, charge time is as long as several years, permeate and atttacked the whole world to amount to the network of 70 companies and organization, include company of manufacturer of American government, U.N. , Red Cross, weapon, energy, banking firm to wait.
Dark rat atttacks a process to be as follows: The hacker is collected through the method of social engineering first by the information of punching bag, the hacker is sent to a certain specific victim of target company then a few have alluring sex extremely, the post that contains accessory, invite him to refer to the conference of industry of a certain his place for example, when the victim opens mail to examine accessory, baleful code activation is thereby in computer embedded trojan (if be done not have by the computer of attack,code of flaw ill will cannot be carried out) , next the trojan joins remotely server, the long-range instruction of executive hacker steals the sensitive data of computer, this theft process can last all the time.
Learn absolutely 2: Launch the attack that hang a horse from operation means
What is the attack that hang a horse new issue, 2006 ~2009 year this kind of attack is common very, nevertheless downfallen later, because blow strength is greater,be, 2 it is to hang equestrian technology to was not updated. The common technology that hang a horse has inbreak hang horse, advertisement hang Ma He DNS to hijack hang a horse, inbreak the power that hang a horse is great, destroy muscularity, but need is searched have the flaw, website that can inbreak, big website difficulty is the more taller, and once the website is aware of can have repair, because this hangs a horse,attack is spent continuously insufficient; Advertisement it is better to hang a horse to be spent continuously, but cost needs very high to throw much money to buy ad, delimit do not come; DNS hijacks the consequence that hang a horse the biggest but the risk is too high, appear to be able to cause serious and safe incident every time, the hacker is general not dare so dry, dare so dry also basically was caught.
Nowadays, the hacker finds way of the 4th kind of attack that hang a horse, namely from operation means. Alleged from operation means it is oneself build a website, this website atttacks a service to hang a horse namely, visit a website to let more person, need undertakes popularizing to the website, have a plenty of have the aid of the chance that certain website investigates lax case to advertisement, the webpage code that carries oneself poison undertakes revealing to the user, spark the flaw of user side browser undertakes big range travels, more it is to build website of a pornography, do not depend on other website flaw, lai An notting comply announces channel, visit naturally with respect to somebody thereby toxic.
The gain method of the attack that hang a horse has 3: 1. Download makes the software that make friend phonily revulsive user charges a cost, the belle in making friendly software actually is robot program; 2. Date of purloin game Zhang, sack of the equipment in Zhang date, money one sky peddles Zhang date to gain profit; 3. Popularize tripartite software.
Learn absolutely 3: 7 kinds bypass train of thought of APP gesticulation password
No matter be IOS or Android,have gesticulation code, a of its user important and safe protective screen, because this makes the focal point that the hacker studies, the train of thought defeating solution of IOS platform is at present very few, and the train of thought defeating solution of Android platform is very much, basically be 7 kinds of following train of thought:
Train of thought 1: Use start again more bypass
When APP is started again more if filter lax, test and verify is undeserved, can bypass gesticulation password enters APP directly, alleged and multiple start even if the gesticulation password that the user keeps in APP inputs a page, by Home right now key returns a desktop, reentrance
Applied market searchs homonymic APP, right now applied market shows the user already downloaded this APP, click on the side " open " can start this APP again.
Train of thought 2: Use exit means to bypass
The wrong number of the gesticulation password enable input of the mainstream is 5 times, once can play casing more than 5 times to remind, do not click an interface to go up right now anyplace, return a desktop directly, clear next tiring-room runs this APP, open APP again, if test and verify designs a consideration not, APP can be entered directly advocate the interface perhaps flips a new gesticulation password page, if be latter,was equivalent to having the opportunity of the attempt countless times.
Train of thought 3: Use clear undeserved bypass
A few APP are store gesticulation password in information of this locality text, store the entry state information of account in this locality database, should clear after this locality data, those who clear is information of this locality text is not information of this locality database, because this passes this means to be able to clear,dropped gesticulation password, and entry condition is retentive still.
Train of thought 4: Revise specific file to bypass
Gesticulation password is to maintain commonly fall in Shared_prefs catalog, there is one pile file inside, enter gesticulation password interface when the APP that start, await one small meeting, the newer finally document below this catalog saves the file of gesticulation password namely. Now, cancel this file read take limits of authority, because was not read,take limits of authority, APP can think the user did not install gesticulation password by accident, bypassed thereby gesticulation password test and verify; When having, the attributive of modification file is invalid, that has to modify the content of the file; If revise the content of the file to also disable, can try to revise Shared_prefs catalog attributive, will read take limits of authority full take out can.
Train of thought 5: Use APP advertisement to bypass
General APP is starting ad of the to load when the page, if APP sets timing consideration not, return directly after you click advertisement can circle handle situation password.
Train of thought 6: Use the announcement that play a window to bypass
A few APP have the announcement that play a window, push from time to time in condition column namely send a few messages, if APP sets timing consideration not, click directly push sent message to be able to circle handle situation password directly, enter advocate interface.
Train of thought 7: Use an interface to design blemish to bypass
Once had appeared in IOS platform a classic case, when entering gesticulation password interface namely, slide through the left and right sides can enter bypass gesticulation password is entered advocate interface, this kind of flaw was found very hard nowadays.
Learn absolutely 4: Use poison of malinger of Bootkit technology fierce
Check those who kill a technology to appear as the cloud, the day of virus is more and more uneasy, it is too difficult to want to be not discovered, then the hacker changed a train of thought: Be discovered by discovery, kill do not drop Nai my why! Then, present advanced virus is to take stubborn course almost, bootkit technology becomes virus love most, used Bootkit technology virus of virus of dark cloud Ⅲ , different ghost Ⅱ , spy film virus for example -- can be informed through follow-up investigation, this kind of stubborn virus basically is it is the computer that enters an user through binding the means of installation in, what virus likes to hide most is high speed download implement, outside hang, auxiliary, illicit takes sport logger.
Bootkit is more advanced Rootkit, through infecting MBR(disk advocate cite a record) , VBR (roll guide a record) with the means of BIOS implementation bypasses kernel examination and concealed body are started. To Bootkit, once it gains executive opportunity, can compare an operating system earlier by to load, be opposite thereby those who kill poisonous software follow-up is effective check kill create very big challenge, sometimes this kind of challenge is strong weak great disparity even, because of thinking thoroughly cleared virus is very difficult after this is toxic, even if reshipment system also is no good, best means is to use kill a tool only, kill poisonous software also is not abstain from eating meal of course, also did a large number of research in the light of Bootkit technology nowadays, the virus of many use Bootkit technologies still does not have fit to was checked to kill.
Learn absolutely 5: Overcome the 51% attack of area piece catenary only
The area that fictitious money uses piece catenary technology is so-called be cannot defeat solution, absolute safety, but still was found by the hacker the method that defeat solution, that can steal the fictitious money of other through 51% attack. Alleged 51% attack master the area of 51% namely piece catenary network calculates force, can be in network of area piece catenary use double pay seek profit, the method is as follows: The fictitious money account that gives oneself first turns a few money, those who use is illicit secret division piece chain A has charge to an account to trading, next the hacker uses exchange to these fictitious currency move, those who use is communal B of area piece chain has charge to an account to trading, after waiting for bourse to approbate, will fictitious money sells piece, force a network to approbate A of area piece chain to abandon B of area piece chain finally, the fictitious money in coming from personal Zhang date so still is in and the amount did not change, those who be in an unfavorable situation is bourse. Of course, the hacker still can dig mine through preventing other computer can the way that oneself dig mine seeks profit.
Those who need an attention is this kind of attack is not all-purpose, it cannot without foundation generation is fictitious money, cannot send the bit money that does not belong to oneself to oneself, unalterable the bit money measure that every area piece produces, trading that cannot revise someone else is recorded. That is to say the area with 51% small to jumping over charge piece catenary network menace is bigger, to large area piece catenary network is minatory and inferior, the menace that is a theoretic ability purely to bit money network for example -- hacker estimation passes, if want to launch 51% attack to bit money, conservative estimated cost is 550 million yuan!
Small 100 divisions: Add close money exchange to incur charge many cases this year, coincheck of Japanese number bourse was atttacked on January 27 by the hacker, the NEM fictitious money that total value is as high as 530 million dollar by filch; How did evening money encounter hacker attack trades on March 7 systematic occurrence breakdown, the hacker is used embezzle the Zhang mark high price of the user buys VIA fictitious currency, bring about price of apogee of VIA fictitious money to be exploded to pull to 0.025 dollars, with the nadir inside 24 hours photograph comparing goes up more than 11000% ; Korea added Coinrail of close money exchange to encounter the hacker inbreaks on June 10, the loss exceeds 40 million dollar, this matter brings about bit money drops 3 days continuously.
