One week news review Sina micro-blog micro-blog Alipay PK renamed four line cooling

1 Ctrip vulnerability clouds, exposing the Internet sector as a whole security awareness

store user payment information, plaintext save user password…… These non-standard operations on the site, the surface is to provide a more concise process, in essence, is to sacrifice the user network security at the cost of. Ctrip is the industry giant, but also a listed company, but also committed such a low-level mistake on the security issues, this event makes Ctrip incur huge user confidence crisis. Can only say that there is no user interests in the first place, but also reflects the current status of China’s Internet industry as a whole security awareness.

yesterday evening, according to the description of the cloud platform vulnerabilities, Ctrip will be used to process the payment service user interface to open the debugging function, so that all the bank to verify the cardholder interface to transfer data packets are stored directly in the local server. At the same time because the payment server logs saved the school without making stringent baseline security configuration, directory traversal vulnerability exists, causing all payment process debugging information can be read by any hacker.

related reading:

Ctrip loopholes in the cloud, exposing the Internet sector as a whole security awareness  


Ctrip vulnerability exposure: underground industry chain dialogue parties white hat hackers

was traced to Ctrip payment log vulnerabilities caused by user’s credit card information leak  

Ctrip in violation of provisions of

CVC codes may prohibit UnionPay records face heavy fines  

from Ctrip leak door to see the security of network information search carefully mobile phone can not be ignored  

2 hacker business profits: no faith, only out of


the morning of December 21, 2011, a hacker discloses China largest developer community of CSDN users in the online database, more than 600 registered email account and the corresponding plaintext passwords leaked online; in December 22nd, then exposed, Tianya, happy net, play, Jiayuan, treasure net, U.S. air network, Lily network 178, 7K7K, and other well-known Web site user account password was leaked publicly.

is the largest in the history of the Internet China according to insiders said that the incident broke the previous hacker community bottom line: only show than technology or earn a little money, not from spreading. User information leakage incident, once again let everyone behind the hackers and the secret of the industry chain has a strong interest. The following is a hacker’s dictation.

related reading:

hacker business profits: no faith, only out of


Internet hacker legend, the king of the new venture will soon be listed  

hacker legend: he almost blocked Zhou Hongyi’s family  


Leave a Reply

Your email address will not be published. Required fields are marked *