-12306 incident- in the eyes of the dark clouds

A vulnerability report of the ancestors: a large number of 12306 users in the Internet, including user accounts, plain text passwords, ID card mailbox, etc. (unknown of leakage), but interpretation of a vulnerability report that has not yet public details It is very unreliable. This thing 12306 has been informed, and the black cloud also provides evidence of the white hat discovery, so what is the situation of the official final reply together, and do not guess or even misleading. Since this vulnerability has not been publicly disclosed and officially handled, I dont talk about it today, talk about more 13W account sensitive data for two days. Once this data, this data immediately led to various institutions and media follow-up, quickly launched “reliable” analysis, or known than reliable “reliable” news … When each family is eager to make a sound, dark clouds The white hat is still silently looking for clues, maximizing the scope of the impact, looks at the harvest together: First, the most original file name of this 13W data should be sauce: Why still after-sales group? It is difficult to provide update and not Satisfied with the return service? But no matter what, this group number is a very critical clue, so our white hat is disguised into buyers. I really contacted a seller in the group (the quantity is too huge, I cant verify the authenticity, so blur Handling) This person directly throws 7 data, and the format is consistent with the 13W spread on the Internet, but only one of the other people who have no overbar of the 13W data cannot be found. It seems that the integrity of the 13W data is full of doubts. Well, the mouth is very strict (the most valuable hacker acquisition method to fail, so you cant conclusively, the white hat thinks, it is better to take some data with yourself with your own users, and look at the combination and authenticity. Results These data were not found in 13W data (and can be logged in to 12306 after testing 12306) How much is the data we dont know? Wushujuns knowledge is a afternoon. . . Unfortunately, this point of time is just over the report of the outside media. The seller seems to be smelling the danger suddenly disappearing, no longer seeing, I dont see it (today I found that QQ data is also emptied, thank you for the media! Thank xxtv !!) Finally, Wu Yunjun will provide these 13W data provided outside the white hat. Sensitive data is again supplied to 12306 (because of this critical difference data, it will help the official positioning log in the key clues in the log. Whoever gets the first time, which people may bought it!At the same time, Wu Yunjun also hopes that users do not have users in the 13W data, and try to change the password aspect. How many of our passwords have been leaked and traded, this no one can say it clear. I am afraid that the Wu Yunjun will play a play, so I left these users to log in to the account of HASH to prevent meaningless dramatic, and I am interested in the Yellow surname Friends can log in to the account on MD5. In case of these proof data. 52756d1668dd14c1e33a63621477c5840f8d1248c84d20aad702128ae971b276a3e6e52a651199a9c6b711bd3a14492851db1240829c66ee23ad55b9a5fec1d1becd24f6163450e4cc701287f0b2a70c4076fb754d18fadba7110ab4f2263a97e9608120662cfaf91fd25c046439cf3d => this is the only repeat comparing 13W login name 6425d54303515197442050bf0437d47e0f7e29afa557dc52521d1aa5c218a16577238d3221eaeae50fb1d8ec29ad253cf24095592060f77f833a045308106bd668f7b000cbf818b0043a72e22eee4215d1755335f4197cd587102d6323b184b765c946fe68b6c2e7aa43c0ece1343a2f04e55fb5a707d157c59c84f699daf007cefa8782f7d544c8f3b0c112d1898454cb218a652e29ee22ad64dd ** 85071709b4b2fe87df032d1e7d3861a96e0aa7839dd044cd6e38d31670 ** f321fa3b4ad5211 ** 27264346a7c2c3edd68a19829d59ceab1e1BDA8334BD33EAF60965D831DC908B6680C56FEC6749AA08070D2DE8A About this 13W data, many institutional organizations are talking about hitting libraries, where information is not clear. However, the black hat has a white hat to give some analysis, for reference only (these have been leaked and flowing for many years of data power is not ah) 13W data folk analysis, believes that the official can check the official The original origin of the event and give the user a satisfactory answer. This event we saw the official positive response, and saw the users vigilance and saw the level of the black production on the 12306 account data. If you can pay more about your account safely (alter password, give up existing password, because the leaks may be mastered), the company monitors re-powers some (if it is a hit, so many data cannot be If you hit the quiet, you will always have this thing. Safe can not always rely on fire, but also to accumulate. Finally, Wu Yunjun is giving you all the information points whiskers for everyone, respectively,: 1) 12306 official security awareness for 12306 official security awareness, everyone from Wu Yun Historical report self-experience manufacturers information _ China Railways Science The list of vulnerabilities in the research institute actually this 12306 response and means is timely, according to Weibo users, many leaks are quickly locked. But no matter who is responsible, this wave data is obviously targeted at the 12306 ticket purchase platform. I hope that the official survey is that even if it is inconvenient to openly affected the user, at least give the user a reminder or mandatory password change, they are the largest victim needs protection. Finally, if the official does have an account interface vulnerability that can hit the library, it is also desirable to tell if it is discovered and processed, and you can continue to hit the library theft user data. Here is a slot to spit: After you know the leak, the first idea of ??Wu Yunjun is also a password, then delete the identity card information saved in the account, which will be filled in the future. The results found that 12306 is not! Yun! Xu! Delete! It seems that the document takes a period of time after the account is allowed to delete, and if my data does not let me delete … But can I do clearly show (Internet company It is very good, sensitive information has an asterisk protection) 2) Third-party grabbing leaks in this leakage incidentBefore, Wu Yunjun is also thinking, will these third-party ticketing agencies will record our information under the premise of not inform us? Really not too dare. As a result, in the first two days, a vulnerability report seems to confirm that this suspected UC browser functional plug-in “grabbing help” is not properly designed to lead to privacy information leaks such as tickets / ID cards (vulnerabilities are currently repaired). The vulnerability does not record the users plain text password, so it has nothing to do with this leak, but it is indeed the alarm of the third party to grab the ticket. It is not the official platform to limit too much, no one will abandon regular channels to choose a third-party ticketing platform, so since we have chosen, we must have a trust of users! 3) The principle of hit the library does not mention, many media Understand, it is a bit like old monk. The hit the library attacks in the wind turbulent fire of the domestic and foreign cavity, and a flourishing phase. Whenever some companies have been dragged, the influence is not just its own, but also indirectly threaten these users to serve in other companies! So the influence and responsibility of the hit library have not been clear, no one admits. Nowadays, the information, password, mobile phone, ID card, address, friend relationship, etc. can be leaked … Look at Weibo some users have been used to identity information, but such information is the core of certain security mechanisms Part, this is not a good thing to be vigilant. I hope that Internet companies will work together with Multi-party agencies to investigate the resident responsible party, and they pay attention to user information security, dont work hard on your mouth. And the leaks such as accounts need to make victims, and do a good prevention in advance. But this is possible? Is this impossible ?? This, maybe … this article read more

It can be seen from these two points

The opening of the live broadcast base will further empower the development of e-commerce industry in Beijing, Tianjin and Hebei, which adds the wings for live e-commerce in the north.2 percentage points from 1 to May, and the average growth rate of 19.Although it is just 100 yuan, the Moyai company refuses to pay, saying that the property company is not to file a suitable plaintiff that causes the management of the complaint.Property company has repeatedly reflected by Moyai company, but it is no fruit.Bicycle.Leaders and guests said: They are full of confidence and hope to the live broadcast base.As the founder of the live broadcast base, Chen knows that the main service system of the live broadcast base, including the anchor training, live band operation, and the overall strategic layout of the supply chain system.86 billion yuan, an increase of 27.After the event is successful, many participating guests and founders know that they will work together, and they feel the style of the base.3 percentage points from 1 to May, with an average growth rate of 14.The above Internet companies investive in R & D costs were 34.According to Chen knows, the base is currently in addition to serving hundreds of large, small and medium-sized brand advertisers, including Jingdong.The founder of the live broadcast of the founder, the founder of the gameIn the first half of the year, the Internet and related service industry operating profit and R & D fees maintained two digits growth, and the segmentation field presented different growth trends.A property management company in Chaoyang District requested that Moyais payment of the management costs caused by the cycling of bicycles, and Moyi did not agree with the payment. read more