Things that only cybersecurity professionals know!

Hi everyone, this is Jay Chou.

There is a question on Zhihu:

Here is an answer, I think it’s pretty good, and I will share it with everyone.

1 . There is an attack method that looks like a fantasy, called a bypass attack, which can invade the device without touching the specified device, including but not limited to: obtaining the electromagnetic waves radiated by the electronic device during operation, and watching the flicker of the electronic device led, recording equipment operation time and so on.

2 , the more difficult it sounds, the more difficult it is to implement, so these methods have not been mainstream.

3 . You always feel that most of the leaks of your personal information are the indescribable large and small websites and apps that you have registered. But in fact, the traditional channels that leak your most information are banks, work, and express. The latter is better than The former information is stable and ruthless, and the cost is still low.

4 . Before 2011, China even had several monthly hacker magazines: "The Hacker's Defense", "Insecure Hacker Handbook", and "Hacker X Files". They helped the growth of a generation of network security enthusiasts. It is a miracle that they can survive for many years, because some magazines even have special sections to teach you how to steal QQ accounts, make phishing software, and make illegal businesses such as drilling and drilling.

5 . What’s more interesting is that these magazines finally died not because of policy reasons, but because of the development of the Internet, paper magazines could not be sold, and quietly died. A certain magazine is still in arrears with my manuscript fees.

6 Of course, there are also security companies that have fallen due to policy reasons. There is a website called Wuyun, which has developed a brand-new network security business model: hackers provide vulnerabilities to Wuyun, and Wuyun forwards them to the manufacturer for follow-up and repair, and hackers get corresponding rewards. A few years later, the founder of Wuyun was arrested and went to prison.

7 161a1f39edb983. Hacking technology not only operates computers, there is also a type of hacking technology called social engineering. This type of technology includes but is not limited to: managing relationships with target company employees, creating , Look through the trash can of the target to find a note with a password and so on.

8 , the higher the level of hacking, the greater the role of social engineering, and in many cases it is even decisive.

9 . The act of hacking into the official website of a country’s embassy or the Ministry of National Defense and modifying the homepage is a relatively low-end hack. Due to the target’s data security strategy, the website server and even the entire network segment generally only have websites and related data. These In addition to bragging about attacks, they often don't get any valuable information.

10 . The hacker circle is the most closed technology circle. All technologies are marked with a price tag. If you want, just use your inventory to exchange it. This is annoying.

11 . We all know that some passwords are one-way, and the ciphertext obtained after encryption cannot be restored theoretically, such as MD5, SHA-1, etc. But this is not difficult for hackers. Since it cannot be reversed, it is better to simply encrypt all the strings and store them, and get the ciphertext directly to find it. This file has a nice name, called rainbow table.

12 Since the total number of strings increases exponentially with the length of the string, the rainbow table generally cannot store extremely long passwords, so it makes sense that the longer the password, the more secure it is.

13 . When there is offense, there is defense. People who do defense are not vegetarian. There is a defensive method called "honeypot", honeypot. It is a fake system tailored for the attacker, and then let the attacker get the bait and invite you to enter the urn. When the attacker tries his best to attack and feel complacent, he does not know that what he has attacked is a fake system, let alone his own. The unique skills have been recorded by the honeypot system.

14 . Back then, the PC's security system was not so perfect, and when everyone still needed a 360 (or other similar software), the confrontation of the desktop system was a wonderful one. In addition to hanging API hooks and various unpopular win32APIs, some people use more "wild ways" to "dodge" security software, such as:

(1) After detecting the 360 window, move the mouse to the "x" in the upper right corner to turn off 360

(2) After the 360 window is detected, a white mask is automatically drawn to cover the 360 window, so that you don’t know what’s going on, and you don’t know how to click "Clear Virus"

15 . Later, PC security got better and better, partly because of system and mechanism upgrades, and partly because these brave old irons were "zhaoan" by security companies.