Vulnerability refers to the weakness or defect of the system, the sensitivity of the system to specific threat attacks or dangerous events, or the possibility of threat attacks. Vulnerabilities may come from design or coding defects of application software or operating system, or from design defects or unreasonable logic flow in business interaction processing. These defects, errors or irrationality may be exploited intentionally or unintentionally, thus adversely affecting the assets or operations of the organization, such as information systems being attacked or controlled, important data being stolen, user data being tampered with, and the system being used as a springboard to invade other host systems. Judging from the vulnerabilities found at present, there are far more vulnerabilities in application software than in operating system, especially in WEB application system, which accounts for the vast majority of information system vulnerabilities. First, the relationship between vulnerability and specific system environment and its time-related characteristics. Vulnerabilities will affect a wide range of hardware and software devices, including the operating system itself and its supporting software, network client and server software, network routers and security firewalls. In other words, there may be different security vulnerabilities in these different hardware and software devices. Different kinds of hardware and software devices, different versions of the same device, different systems composed of different devices, and the same system under different settings will have different security vulnerabilities. Vulnerability is closely related to time. From the day a system is released, with the in-depth use of users, the vulnerabilities of the system will be constantly exposed, and these previously discovered vulnerabilities will be continuously fixed by patches issued by system suppliers, or corrected in new versions of the system released later. The new system will introduce some new vulnerabilities and errors while correcting the vulnerabilities of the old version. Therefore, with the passage of time, old loopholes will continue to disappear and new loopholes will continue to appear. The problem of loopholes will also exist for a long time. Therefore, it is meaningless to discuss vulnerabilities without specific time and specific system environment. We can only talk about the possible loopholes and feasible solutions in the actual environment, such as the operating system version, the software version running on it, and the service operation settings of the target system. At the same time, it should be noted that the study of vulnerabilities must follow the latest development of computer systems and their security issues. This is similar to the research on the development of computer viruses. If you can't master new technology at any time in your work, you won't have the right to talk about system security vulnerabilities, and even your previous work will gradually lose value. Second, the harm of loopholes and the prevention of loopholes can easily lead to the invasion of hackers and the existence of viruses, which will lead to data loss and tampering, privacy disclosure and even economic losses. For example, the website is invaded due to loopholes, the user data of the website is leaked, the website function may be destroyed, and the server itself is stopped or even controlled by intruders. At present, with the development of digital products, vulnerabilities extend from computers to digital platforms, such as mobile phone QR code vulnerabilities, Android application vulnerabilities and so on. ...
What does it mean to remind the system that there is a loophole that allows information disclosure?
In this case, it is recommended to open vulnerability repair in 360 security guards and use it to fix vulnerabilities.
Help, help, just found a terrible personal information vulnerability on WeChat.
You can report the bugs found to the WeChat team and believe that the next version will be fixed.
What is a computer vulnerability and why is there a vulnerability?
A vulnerability is a defect in the concrete implementation of hardware, software, protocol or system security policy, which enables an attacker to access or destroy the system without authorization. For example, the logic error of Intel Pentium chip, the programming error of early version of Sendmail, the weakness of authentication method in NFS protocol, and the improper configuration of Unix system administrator when setting anonymous Ftp service may be exploited by attackers and threaten the security of the system. Therefore, these can be considered as security vulnerabilities in the system.
Relationship between vulnerability and specific system environment and its time-related characteristics
Vulnerabilities will affect a wide range of hardware and software devices, including the operating system itself and its supporting software, network client and server software, network routers and security firewalls. In other words, there may be different security vulnerabilities in these different hardware and software devices. Different kinds of hardware and software devices, different versions of the same device, different systems composed of different devices, and the same system under different settings will have different security vulnerabilities.
Vulnerability is closely related to time. From the day a system is released, with the in-depth use of users, the vulnerabilities of the system will be constantly exposed, and these previously discovered vulnerabilities will be continuously fixed by patches issued by system suppliers, or corrected in new versions of the system released later. The new system will introduce some new vulnerabilities and errors while correcting the vulnerabilities of the old version. Therefore, with the passage of time, old loopholes will continue to disappear and new loopholes will continue to appear. The problem of loopholes will also exist for a long time.
Therefore, it is meaningless to discuss vulnerabilities without specific time and specific system environment. We can only talk about the possible loopholes and feasible solutions in the actual environment, such as the operating system version, the software version running on it, and the service operation settings of the target system.
At the same time, it should be noted that the study of vulnerabilities must follow the latest development of computer systems and their security issues. This is similar to the research on the development of computer viruses. If you can't master new technology at any time in your work, you have no right to talk about system security vulnerabilities, and even your previous work will gradually lose value.
Second, the relationship between vulnerabilities and computer systems with different security levels.
At present, the classification standard of computer system security is generally based on the definition in "Yellow Book". The official name of the orange book is "Evaluation Criteria for Trusted Computer Systems". The definition of trusted system in the Orange Book is: a system composed of complete hardware and software, which can serve an unlimited number of users at the same time and handle information from general secrets to top secrets without infringing access rights.
The Orange Book classifies the acceptable trust of a computer system, and any system that meets certain security conditions and benchmark rules can be classified into certain security levels. The "Orange Book" divides the security performance of computer systems into four grades: A, B, C and D from high to low, among which:
D-minimum protection refers to systems that fail to pass other security level tests, such as Dos and Windows personal computer systems.
Level C-autonomous protection. The security feature of this level is that system objects (such as files and directories) can be independently defined by system subjects (such as system administrators, users and applications). For example, an administrator can determine the permissions of any file in the system. At present, Unix, Linux, Windows NT and other operating systems all have this security level.
Class b-compulsory protection. The security feature of this class is that the object is protected by the system. In this kind of security system, each system object (such as files, directories and other resources) and subject (such as system administrator, users and applications) have their own security labels, and the system gives users access rights to each object according to their security level.
Level A-Verifiable access control (authentication protection ......
The mobile phone receives a vulnerability message prompt.
Not really, because I used several kinds of mobile phones to kill viruses, but I didn't find out.
Ignore directly, or close the service information, or directly pull the black number. . .
I have also received this kind of service information, which I consulted last class. . . Ignore it, it has no effect on the mobile phone.
Excerpts from the original text:
Service information: Nokia: There are loopholes or malicious plug-ins in your mobile phone system. Please upgrade for free as soon as possible. Click the link to view it.
3.NOKIAh/? ID = 1 1
Damn, I know it can't be true, but I've never downloaded a virus. I fucking tried it today, and the result surprised me! ! ! The software was downloaded by car! ! ! Produced by netqin! ! ! I don't need to say the rest, if you don't believe me, try …
The security housekeeper directly deletes … without leaving a trace …
What is a binding vulnerability?
When surfing the Internet, we often see the word "port" and often use port numbers, such as "2 1" added after FTP addresses, which means port numbers. So what exactly does a port mean? How to check the port number? Will the port become the entrance of malicious network attacks? , how to face the shape of the * * * port? The following will introduce this aspect for your reference.
2 1 port: 2 1 port is mainly used for FTP (file transfer protocol) service.
Port Description: Port 2 1 is mainly used for FTP (File Transfer Protocol) service, and is mainly used for uploading and downloading files between two computers. One computer serves as an FTP client and the other computer serves as an FTP server. You can log in to the FTP server by using anonymous login and authorized user name password login.
In Windows, you can provide FTP connection and management through Internet Information Services (IIS), or you can install FTP server software separately to realize FTP functions, such as the common FTP serv-U.
Operation suggestion: Because some FTP servers can log in anonymously, they are often used by hackers. In addition, port 2 1 will be used by some trojans, such as blade runner, FTP Trojan, Dolly Trojan, WebEx and so on. If no FTP server is set, it is recommended to close port 2 1. Port 23: Port 23 is mainly used for Telnet (Remote Login) service, which is a login and simulation program widely used on the Internet.
Port Description: Port 23 is mainly used for Telnet (Remote Login) service, which is a login and simulation program widely used on the Internet. You also need to set up clients and servers so that clients with Telnet services can log on to the remote Telnet server and log on with an authorized user name and password. After logging in, users are allowed to use the command prompt window for corresponding operations. In Windows, you can use Telnet to log in remotely by typing the "Telnet" command in the command prompt window.
Operation suggestion: With the help of Telnet service, hackers can search the service of remote login to Unix and scan the type of operating system. Moreover, in Windows 2000, there are many serious loopholes in the Telnet service, such as privilege elevation and denial of service, which can crash the remote server. Port 23 of Telnet service is also the default port of TTS (Mini Telnet Server) Trojan. Therefore, it is recommended to close port 23.
Port 25: Port 25 is opened by SMTP (Simple Mail Transfer Protocol) server and is mainly used for sending mail. Now, most mail servers use this protocol.
Port Description: Port 25 is opened by SMTP (Simple Mail Transfer Protocol) server and is mainly used for sending mail. Now, most mail servers use this protocol. For example, when we use an e-mail client program, we will ask the SMTP server address when we create an account. By default, the server address uses port 25.
Port vulnerability:
1. Through port 25, hackers can find an SMTP server to forward spam.
Port 2.25 was opened by many trojans, such as Ajan, Antigen, Email Password Sender, ProMail, Trojan, Tapiras, Terminator, WinPC, WinSpy and so on. Take WinSpy as an example. By opening port 25, you can monitor all windows and modules that your computer is running.
Action suggestion: If the SMTP mail server is not set, you can close the port.
Port 53: Port 53 is opened by DNS (Domain Name Server) server and is mainly used for domain name resolution. NT system uses DNS service. ......
How do hackers find network security vulnerabilities
Computer hackers always want to know as much information as possible, such as whether they are connected to the internet, the structure of the internal network and the status of security measures. Once those experienced hackers are eyeing your network system, they will analyze your system first. That's why we say that using the hacker's "rules of the game" is the best way to deal with hackers. Looking at network security from the hacker's point of view, we can often find many potential security loopholes. Doing so can not only provide a different perspective to examine your network system, but also allow you to guide you to take the most effective network security measures from the perspective of your enemy, namely hackers. Next, let's take a look at the process of network system analysis. This process requires open source tools and related technologies. Using open source tools to collect information First, log on to the Whois website to find the domain name of your enterprise, and the search results will show the DNS server used by your network system. Then, use some software tools, such as nslookup, to further explore the details of DNS servers. Next, you need to turn to the public website of the enterprise and the anonymous FTP server you can find. Note that the information you need to pay attention to now is mainly: domain names, IP addresses of these domain names, all information of intrusion detection systems, user names, telephone numbers, e-mail addresses, physical locations, published security policies, information of business partners, and information of newly acquired enterprises. In addition, in your above search operation, you must pay special attention to the information displayed and not displayed on these websites. It is best to save these pages in your computer, and then open them with Notepad program to view the source code of the pages. Generally speaking, viewing the source code of a web page can provide a lot of information, which is why some websites deliberately block the source code from visitors. In the source code file, you may know the way website developers build websites: the type and version of software they use, the architecture of websites and pages, and sometimes you can even find some personal information of webmasters. Websites of business partners or some new M&A enterprises are often the focus of hacker attacks. These websites are the best breakthrough to indirectly invade the target websites, which are easily ignored by webmasters and create a lot of opportunities for hackers. If you don't have enough vigilance and negligence in this respect, rashly connecting the website of new business partners to your own website will often cause serious consequences and bring great security threats to your own website. In this case, security issues are more important than business issues, so we must ensure safe operation. Looking at the network from the outside With the above information collection, you can start to look at your network. You can use the path tracing command to view the network topology and access control settings. You will get a lot of information about the characteristics of the switch, which can be used to bypass the access control equipment. Please note that the feedback results of the command will be different depending on the operating system used. UNIX operating system uses UDP, or it can choose to use ICMP;; By default, the Windows operating system uses ICMP to respond to requests (Ping). You can also use open source tools to manage a large number of pingsweeps, perform TCP/UDP protocol scanning, and detect the operating system. The purpose of doing this is to understand the running state and some basic characteristics of your network system in the eyes of those external visitors. Therefore, you need to check your network system, which ports and services are open or available to external visitors, and whether external visitors can know the operating system, some programs and their version information you use. In short, know which ports or services your network system has opened to those external visitors, and which sites have leaked basic information. Before starting the above work, you must get enough authorization to enter the whole network system for investigation and analysis. Never tell the information you know to those who are up to no good. Remember: security protection is a practical process, not just a technology.
What is a directory traversal vulnerability and what is a php message leak? It's better to be detailed and easy to understand.
Some things haven't passed. There are detailed information about your environment in php, and someone will try to hack you when they see it.
How to exploit loopholes
Vulnerability scanning is the security-related detection of computer systems or other network devices to find out the security risks and vulnerabilities that may be exploited by hackers. Obviously, vulnerability scanning software is a double-edged sword, hackers use it to invade the system, and system administrators can effectively prevent hackers from invading after mastering it. Therefore, vulnerability scanning is an indispensable means to ensure system and network security, which must be carefully studied and utilized. Vulnerability scanning usually adopts two strategies, the first is passive strategy, and the second is active strategy. The so-called passive strategy is to check the objects that violate the security rules such as inappropriate settings and fragile passwords in the system based on the host; The active strategy is based on the network, which simulates the behavior of attacking the system by executing some script files, and records the reaction of the system, thus discovering vulnerabilities. Passive policy scanning is called system security scanning, and active policy scanning is called network security scanning. Quick installation NessusNessus is a powerful and easy-to-use remote security scanner. The function of the security scanner is to check the security of the specified network and find out whether there is a security loophole in the network that leads to the opponent's attack. The system is designed in client/server mode, the server is responsible for security check, and the client is used to configure and manage the server. A plug-in system is also adopted in the server, which allows users to join plug-ins that perform specific functions, and this plug-in can carry out faster and more complicated security checks. In Nessus, an information interface shared by * * * is also adopted, which is called knowledge base, and the results of previous inspections are saved in this interface. The inspection results can be saved in various formats, such as HTML, plain text and LaTeX (a text file format). The advantages of Nessus are: 1. It uses scanning based on various security vulnerabilities to avoid incomplete scanning. 2. It is free and has a price advantage compared with commercial security scanning tools such as ISS. (1) Install and start the Nessus server. Take Nessus-4.2.0-es5.i386.rpm as an example, and use the following commands for installation: [[email protected] tmp] # rpm-IVH Nessus-4.2.0-es5.i386.rpm is successfully installed. You also need to add users to operate. The steps are as follows: [[email protected] tmp] #/opt/Nessus * * in/Nessus-adduser Add user login: root set password login password: login password (again): Starting Nessus is very simple. Use the following command: # #/* * in/service Nessus start (2 (2) Nessus client has two versions, JAVA version and C version. The JAVA version can run on multiple platforms, and the C version supports Windows. With these two client versions, you can perform security checks on any machine in the LAN. For the sake of simplicity, we choose a client version of Nessus 4 under Windows system to install and use, that is, using Windows client to control Nessus server running under Linux to scan the vulnerabilities of machines in LAN, which is also a very popular way of Nessus at present. The specific installation is as simple as the installation of any application software under Windows, so I won't go into details here. 3. Five Steps to Complete nessus Scanning Let's take a look at the steps and effects of scanning with Nessus. Generally speaking, scanning with Nessus requires the following five steps: (1) Setting up a server connection: as shown in figure 1, first you need to set up a Nessus client to connect to the Nessus server. In figure 1, you need to configure the corresponding host name and port, as well as the user name and login user name. (2) Set IP range: as shown in Figure 2, set it as IP range. Of course, this ......