2015年3月20日 星期五

-*Update* article by ourlove520.com---Entry: Anonymous,, Editor: admin ,, Update Time: 2015-3-11] "heading: one layer to peel your heart: Decoding" deep disguise "the online banking Trojan ZeuS !!"---by white hat Anonymous with a network graphic Detailed analysis of the virus file attached a good article, but also a very good sharing! please enjoy anonymous white hat trick ~ -*更新*由ourlove520.com---文章录入:佚名,,责任编辑:admin,,更新时间:2015-3-11]"標題:一层一层剥开你的心:解码“深度伪装”的ZeuS网银木马!!"一篇由匿名白帽子為網絡用家圖文詳解附著病毒文件的分析好文章,也是一個非常好的分享!請各位欣賞匿名白帽子的技倆~ **All The World Country/ City Lauguage**----Update--Share''forum from the clouds net tucao white hat - [wooyun.org/content/18432] - [?! "Hacker," said mobile phone sales site vulnerabilities can spend one yuan in iPhone] - The mainland peoples not work , delusional dream of getting rich of many people, especially, they only move their head --->>delusional lies to the same mainland people in the mainland provinces, the actions of rogue hackers no moral value at all, the mainland more a liar, are they not have education & also lost conscience, how to teach people to believe the mainland people is unscrupulous behavior & not honest ah ??! - --更新--分享''來自烏雲網白帽子的吐槽論壇- [wooyun.org/content/18432]-[“黑客”稱手機銷售網站有漏洞花1元能中iPhone?!]-大陸不工作,不務正業,妄想發財發夢的人特別多,只動腦袋來陷害---同在大陸的各省市人們,流氓黑客的所作所為沒有道德價値可言,大陸內地騙子多的是,沒教育也失去良知,怎麼能教人們相信大陸人毫無誠信的無良行為啊??!- ---By ourlove520.com---Mengyun with a network Technology (Wuhan) Co., Ltd. is a liar-[Article Entry: Anonymous,, Editor: admin,, Updated: 2015-3-14]-&-Data-Hack SQL injection detection [article entry: Anonymous,, editor: admin ,, updated: 2015-3-12]( & this one can see in-Chinaman taobo-http://drops.wooyun.org/tips/5118]-& - BMW vulnerabilities Comments: ancient horses horse knowledge, this hacker escapement BMW [article entry : Anonymous,, editor: admin ,, update Time: 2015-2-11] - And Apple Daily and Liberty Times reported updated ~ Front of the media is really very important, So how valuable newspaper without Readings? ~ ^^ ---由ourlove520.com---夢雲與網絡技術(武漢)有限公司是一家liar-[文章錄入:匿名,,編輯:管理員,,更新時間:2015年3月14日-&-數據黑客SQL注入檢測[文章录入:佚名,,责任编辑:admin,,更新时间:2015-3-12]-&-寶馬汽車安全漏洞詳解:古有伯樂識良駒,今有黑客擒寶馬[文章錄入:佚名,,責任編輯:admin,,更新時間: 2015-2-11]- 和蘋果日報及自由時報報導的更新~ 正面的傳媒真的非常重要, 這麼難能可貴的報社怎可不選讀?~^^-**All The World City/Country Lauguage**-


`Y5I`_JD [T [T% 6K} 3XI3N} Y.jpg自由時報
 
-*Update* article by ourlove520.com---Entry: Anonymous,, Editor: admin ,, Update Time: 2015-3-11] "heading: one layer to peel your heart: Decoding" deep disguise "the online banking Trojan ZeuS !!"---by white hat Anonymous with a network graphic Detailed analysis of the virus file attached a good article, but also a very good sharing! please enjoy anonymous white hat trick ~
-*更新*由ourlove520.com---文章录入:佚
名,,责任编辑:admin,,更新时间:2015-3-11]"標題:一层一层剥开你的心:解码“深度伪装”的ZeuS网银木马!!"一篇由匿名白帽子為網絡用家圖文詳解附著病毒文件的分析好文章,也是一個非常好的分享!請各位欣賞匿名白帽子的技倆~
**All The World Country/ City Lauguage**-

--Update--Share''forum from the clouds net tucao white hat - [wooyun.org/content/18432] - [?! "Hacker," said mobile phone sales site vulnerabilities can spend one yuan in iPhone] - The mainland peoples not work , delusional dream of getting rich

of many people, especially, they only move their head --->>delusional lies to the same mainland people in the mainland provinces, the actions of rogue hackers no moral value at all, the mainland more a liar, are they not have education & also lost conscience, how to teach people to believe the mainland people is unscrupulous behavior & not honest ah ??! -
--更新--分享''來自烏雲網白帽子的吐槽論壇- [wooyun.org/content/18432]-[“黑客”稱手機銷售網站有漏洞花1元能中iPhone?!]-大陸不工作,不務正業,妄想發財發夢的人特別多,只動腦袋來陷害---同在大陸的各省市人們,流氓黑客的所作所為沒有道德價値可言,大陸內地騙子多的是,沒教育也失去良知,怎麼能教人們相信大陸人毫無誠信的無良行為啊??!-
--update--Share''forum 구름 그물 tucao 흰색 모자에서 --[wooyun.org/content/18432] - [?! 동일하게 >> 특히, 그들은 단지 그들의 머리 ]---이동 본토 사람들이, 많은 사람들이 부자의, 망상의 꿈을 작동하지 망상 거짓말을 - "해커,"휴대 전화 판매 사이트 취약점] 아이폰 일위안을 보낼 수 있다고 말했다 본토 지방에서 본토 사람, 도덕적 인 가치로 모든 악성 해커의 행동, 더 본토 거짓말 쟁이, 그들은 교육 및도 손실 양심이없는, 본토 사람을 믿는 사람들을 가르 칠하는 방법을 파렴치한 행동 및 정직하지 아입니다 ??! -


--update--Share''forum du nuages ​​Tucao nette chapeau blanc - [wooyun.org/content/18432] - [?! "Hacker", a déclaré vulnérabilités site de vente de téléphonie mobile peuvent passer un yuan dans l'iPhone] -Les peuples du continent ne fonctionnent pas, le rêve délirant de devenir riche de nombreuses personnes, en particulier, ils ne se déplacent que leur tête--->> mensonges délirants à la même les gens continent dans les provinces de la partie continentale, les actions des pirates voyous aucune valeur morale à tous, la partie continentale plus un menteur, sont-ils pas l'éducation et aussi perdu conscience, comment enseigner aux gens à croire que les gens du continent est un comportement peu scrupuleux & ah pas honnêtes ??! -
--update - 雲ネットtucao白い帽子からShare''forum - [wooyun.org/content/18432] - [?!同じに妄想嘘>> ---、本土の人々が動作しない多くの人々の金持ちの妄想夢、特に、彼らが唯一の彼らのヘッドを移動 - 「ハッカー、「携帯電話の販売サイトの脆弱性は] iPhoneで1元を過ごすことができた本土の人々を信じるために人々を教えるためにどのように本土本土の地方の人々、不正なハッカーの行動全く道徳的な価値、本土より嘘つき、彼らは教育&も失わ良心を持っていないが、正直ああ不謹慎な行為であるとしない??! -
--Update - Share''forum el la nuboj net tucao blanka ĉapelo - [wooyun.org/content/18432] - [?! "Hacker" diris poŝtelefono vendoj ejo vulnerabilidades povas elspezi unu juanoj en iPhone] - La ĉeftero popoloj ne funkcias, iluzia revo de iĝi riĉa de multaj homoj, aparte, ili nur movas siajn kapon --- >> iluzia mensogoj al la sama ĉeftero homoj en la ĉeftero provincoj, la agoj de fripono hackers ne morala valoro ĉe ĉiuj, la ĉeftero pli mensoganto, estas ili ne havas edukon & ankaŭ perdis konsciencon, kiel instrui homoj kredi la ĉeftero homoj estas senskrupulaj konduto & ne honesta ah ??! -
-**All The World City/Country Lauguage**-

*---By ourlove520.com---Mengyun with a network Technology (Wuhan) Co., Ltd. is a liar-[Article Entry:

Anonymous,, Editor: admin,, Updated: 2015-3-14]-&-Data-Hack SQL injection detection [article entry: Anonymous,, editor: admin ,, updated: 2015-3-12]( & this one can see in-Chinaman taobo-http://drops.wooyun.org/tips/5118]-& - BMW vulnerabilities Comments: ancient horses horse knowledge, this hacker escapement BMW [article entry : Anonymous,, editor: admin ,, update Time: 2015-2-11] -
And Apple Daily and Liberty Times reported updated ~
Front of the media is really very important,
So how valuable newspaper without Readings? ~ ^^
---由ourlove520.com---夢雲與網絡技術(武漢)有限公
司是一家liar-[文章錄入:匿名,,編輯:管理員,,更新時間:2015年3月14日-&-數據黑客SQL注入檢測[文章录入:佚名,,责任编辑:admin,,更新时间:2015-3-12]-&-寶馬汽車安全漏洞詳解:古有伯樂識良駒,今有黑客擒寶馬[文章錄入:佚名,,責任編輯:admin,,更新時間: 2015-2-11]-
和蘋果日報及自由時報報導的更新~
正面的傳媒真的非常重要,
這麼難能可貴的報社怎可不選讀?~^^

-**All The World City/Country Lauguage**-

*Please use Google users Great God outstanding translator to translate your country / city language ah ^^-
*請各位用家善用谷歌大神的超卓翻譯器來翻譯你們的國家/都市的語言啊^^-
*국가 / 도시 언어 아 ^^ 번역 Google 사용자 위대한 하나님 뛰어난 번역기를 사용하십시오-
*Se il vous plaît utiliser Google utilisateurs Grand Dieu Traducteur exceptionnelle de traduire votre pays / ville langue ah ^^-
*お住まいの国/都市言語ああ^^を翻訳するGoogleのユーザーグレー​​ト神優れた翻訳者を使用してください -
*Bonvolu uzi Google uzantoj Granda Dio elstara tradukisto traduki via lando / urbo lingvo ah ^^-
**Tuta mondo Urbo / Lando Lauguage**-



 -*Update* article by ourlove520.com---Entry: Anonymous,, Editor: admin ,, Update Time: 2015-3-11] "heading: one layer to peel your heart: Decoding" deep disguise "the online banking Trojan ZeuS !!"---by white hat Anonymous with a network graphic Detailed analysis of the virus file attached a good article, but also a very good sharing! please enjoy anonymous white hat trick ~ -*更新*由ourlove520.com---文章录入:佚名,,责任编辑:admin,,更新时间:2015-3-11]"標題:一层一层剥开你的心:解码“深度伪装”的ZeuS网银木马!!"一篇由匿名白帽子為網絡用家圖文詳解附著病毒文件的分析好文章,也是一個非常好的分享!請各位欣賞匿名白帽子的技倆~ **All The World Country/ City Lauguage**-
 http://www.ourlove520.com/Article/others/jiami/201503/354491.html
Peel layer by layer to your heart: Decoding "deep disguise," the online banking Trojan ZeuS


Article Entry: Anonymous Editor: admin Updated: 2015-3-11
 

Recently I received a phishing e-mail, e-mail with attachments included in a .doc. We use commonplace tools Notepad ++, step by step off ZeuS Trojan camouflage coat, and had a very thorough static analysis. The Trojan disguises a number of key technologies used, such as information hiding, encryption and decryption.
0 × 01 found tricky
Recently I met a very special malicious phishing e-mail, e-mail has a .doc attachment.
At first, when I run the sample in a virtual machine, the attacker sends the attachment does not look right. However, after I extract and decode this shellcode, I found a very familiar for some time has been the spread of malicious software.
Figure 1 Phishing
In Figure 2, the head of e-mail, we can see the original IP address is 212.154.192.150. Answer field is also very interesting, because it is a long address 419 fraud gang. In Figure 3, the red circle in the e-mail address to tell us attachments most likely malware.
Figure 2 mail header
Figure 3419 fraud gang-mail address
0 × 02 preliminary test
In the beginning, I tried to run in a virtual machine in the attachment, but it was an error message in the following figure:
Figure 4 Office error message
However, the test environment, the system has more than 45G of available hard disk space, and there are 2G of memory space, so the lack of space prompted the error should not be the root cause of the problem. To test , I will expand into memory 8G, but the same problem still exists. So, I decided to look at the perspective of the static analysis of the attachment.
As usual, I use Notepad ++ to open the file in the end this is roughly what the analysis. After opening, I saw it was actually a disguised as .doc files .rtf file, and the content of the file handle .rtf format very easy to confuse.
Figure 5 Notepad ++ open RTF file
In .rtf file, expressed in hexadecimal code large amounts of data may provide clues for us, let us know in the end of the file is trying to do. .rtf file format to the attacker provides a lot of freedom, let hidden in this section and the encoded data, as shown in Figure 6.
Figure 6 suspicious data
However, at the end of this section, we see the "FF D9", but at the end of a two-byte gif file is "FF D9".
Ending byte Figure 7 gif file
0 × 03 unraveling
I prefer to use Notepad ++ to decode such data. First, the content area to copy and paste into a new txt document and then CTRL + F to open the Find window and select "Replace" tab, then select the "Extended" button, shown in Figure 8.
Figure 8 Notepad ++ Find / Replace
By doing this, you will get a line in ASCII hexadecimal form. Then, select all content, and in turn the operation : "Plugins" -> "Converter" -> "Hex -> Ascii", shown in Figure 9.
Figure 9 decoded data
After the conversion is complete, you will see some like the image data string (JFIF and Photoshop strings, Figure 10). By combining these contents saved as a .gif file, you will be able to open this picture in Paint software, or other similar software, the results shown in Figure 11.
Figure 10 image data after decoding
Figure 11 .rtf file image
Then, along this line, we continue to manually decode each section, we will get more than a new picture, and two pictures show the same content, are the same house. However, the file size of 3M (Figure 12), and the picture size is only 79KB (Figure 11).
Figure 12 larger picture
Search this image through Google images, we find that this is actually a 3D house exterior design, it is now above the original message content is not relevant.
To make it look even more suspicious is that there actually is also embedded a .docx file (Figure 13). When I try to open the file, the pop-up error, and XML documents also did something interesting content.
13 embedded .docx file
In this document the approximate line of 50,000 where we can see the magic byte 97-2004office document (FIG. 14). This once again lead us to think, why the .rtf file contains both the new version and the old version of Word format it?
Figure 14 .doc magic byte ASCII code
After thousands of lines, we saw some of the more interesting things. Camel case is generally a way to bypass anti-virus software or other signature approach detection mechanism.
15 case replaced
After about 2000 lines, we found another function (Figure 16).
Figure 16 another function
By removing the double newline (\ r \ r and \ n \ n), we can compress the code to understand what happened, and in this way to see normally in the .rtf file will not be found code .
Figure 17 .rtf file that should not exist in the code
In Figure 18 the red part of the coil, there is some hex in .rtf file that should not exist in the code . In a little more below (blue coil section), we can also see the "AAAA", which is generally expressed in assembly language instruction "inc ecx".
Figure 18 .rtf file suspicious part
However, Figure 19, we found a small fragment indicate the size of the shellcode. By decoding the clip, we can find a reference to the final surface of the executable file, and this is something we have been looking for (Figure 20).
Figure 19 shellcode's seemingly content
Figure 20 shellcode, malicious URL: http: //aspks.nl/components/kom/ks.exe
0 × 04 IDA analysis
After opening the binary file with the IDA, we can see this is actually a fragment of code. Assembly instructions in the following figure is very consistent with our conjecture, these shellcode and other code with an older but very stable vulnerability CVE-2012-0158 closely related.
Figure 21 shellcode near the entry point
Now that we have the link address, so we can test the malicious link below to see the validity of the results showed that the address is still valid (Figure 22).
Figure 22 malicious file download
Once the file is executed, will be in the registry run key is created as in a storage file.
Figure 23 malware storage installation
Malicious software is installed to the following path: C: \ Users \ <username> \ AppData \ Roaming \ Ritese \ quapq.exe. From the perspective of evidence in this directory or Roaming directory search exe files will be meaningless, because the general malicious software will not be installed in these directories.
0 × 05 traffic analysis
For malware server side, it launched a lot of the malware on "file.php" and "Gate. PHP "document request (Figure 24). As can be seen from the figure, IP address 116.193.77.118 also listed in the ZeuS Trojan on the track form (Figure 25).
Figure 24 HTTP requests issued
Figure 25 ZeuS track IP addresses
In addition, by Dump memory, we can see the other Ladycoll configuration.
Figure 26 malware memory dump
0 × 06 summary
Finally, although CVE-2012-0158 has been 3 years, but now the attacker still use this vulnerability . Even if they confuse these documents, but it is still possible to find them through the analysis of the true intentions.
Note: The malicious file hash: hash a hash 2
[Reference Source phishme , reproduced please specify from FreeBuf hackers and geeks (FreeBuf.COM)]




 ===========================================
  http://www.ourlove520.com/Article/others/jiami/201503/354491.html


一層一層剝開你的心:解碼“深度偽裝”的ZeuS網銀木馬


文章錄入:佚名責任編輯:admin 更新時間: 2015-3-11
 

 最近我收到一封釣魚郵件,郵件中附帶著一個.doc的附件。 我們利用再平常不過的工具Notepad++,一步一步脫去ZeuS木馬的偽裝外衣,並進行了非常深入的靜態分析。 木馬的偽裝用到了多項關鍵技術,例如信息隱藏、加密解密等。
0×01發現貓膩
最近我遇到了一個很特別的惡意釣魚郵件,郵件中有一個.doc附件。
起初,當我在虛擬機中運行該樣本時,攻擊者發送的附件看起來並不正確。 但是,在我提取並解碼此shellcode之後,我發現了一個很熟悉的已經傳播一段時間的惡意軟件。
圖1 釣魚郵件
在圖2中的郵件頭部,我們可以看到原始IP地址為212.154.192.150。 應答字段也很有趣,因為這是一個長期的419詐騙團伙的地址。 在圖3中,紅圈中的郵件地址告訴我們附件極有可能是惡意軟件。
圖2 郵件頭部
圖3 419詐騙團伙的郵件地址
0×02初步測試
最開始,我嘗試在虛擬機中運行該附件,但是卻出現了下圖中的錯誤信息:
圖4 Office錯誤信息
但是, 測試環境系統有超過45G的可利用硬盤空間,並且有2G的內存空間,所以錯誤中提示的空間不足應該不是問題的根源。 為了測試 ,我將內存空間擴展成8G,但是相同的問題依然存在。 於是,我決定從靜態分析的角度看一下該附​​件。
像往常一樣,我用Notepad++打開該文件來大致分析下這到底是什麼。 打開之後,我看到它實際上是一個偽裝成.doc文件的.rtf文件,而在.rtf格式的文件中進行內容的混淆處理非常容易。
圖5 Notepad++打開的RTF文件
在.rtf文件中,表示十六進制代碼的大量數據將可能為我們提供線索,讓我們明白該文件到底在試圖做什麼。 .rtf文件格式給攻擊者提供了很大的自由,讓其在這部分中隱藏並編碼數據,如圖6所示。
圖6 可疑數據
然而,在這部分的末尾,我們看到了“FF D9”,而gif文件的末尾兩個字節就是“FF D9”。
圖7 gif文件的結尾字節
0×03抽絲剝繭
我比較喜歡使用Notepad++來解碼這種數據。 首先,將該區域的內容複製並粘貼到一個新的txt文檔中,然後CTRL+F打開查找窗口,並選擇“替換”選項卡,然後選中“擴展”按鈕,如圖8中所示。
圖8 Notepad++查找/替換
通過這樣,你將得到一行ASCII碼形式的十六進制數。 然後,選中所有內容,並依次操作 :“插件”->“Converter”-> “Hex -> Ascii”,如圖9所示。
圖9 解碼數據
轉換完成之後,你將會看到一些好像圖像數據的字符串(JFIF和Photoshop字符串,如圖10)。 通過將這些內容另存為.gif文件,你將能夠在Paint軟件或其他類似軟件中打開此圖片,結果如圖11所示。
圖10 解碼後的圖像數據
圖11 .rtf文件中的圖像
然後,沿著這條線索,我們繼續手動解碼每個部分,我們將得到比上一個更大的新圖片,而兩張圖片顯示的內容相同,都是同一座房子。 然而,這次的文件大小為3M(圖12),而上一張圖片大小只有79KB(圖11)。
圖12 較大的圖片
通過谷歌圖片搜索這個圖片,我們發現,這實際上是一個設計的3D房子的外觀,它跟上面原始郵件中的內容並不相關。
使它看起來更可疑的是,裡面竟然還嵌入了一個.docx文件(圖13)。 當我試著打開該文件時,彈出了錯誤,而且XML文件中也並沒什麼有趣的內容。
圖13 嵌入的.docx文件
在該文件中的大概第50000行的地方,我們可以看到97-2004office文檔的魔幻字節(圖14)。 這再一次引發我們思考,為什麼該.rtf文件中同時包含了新版本和舊版本格式的Word呢?
圖14 .doc魔幻字節的ASCII碼表示
在幾千行之後,我們看到了一些更加有趣的東西。 駝峰式大小寫的方式一般是一種用於繞過殺毒軟件或其他簽名檢測機制的做法。
圖15 大小寫替換
大概2000行之後,我們發現了另一個函數(圖16)。
圖16 另一個函數
通過去除雙換行符(\ r \ r和\ n \ n),我們可以壓縮這些代碼以了解發生了什麼,並以此方法來查看通常情況下在.rtf文件中不會被發現的代碼
圖17 .rtf文件中本不該存在的代碼
在圖18紅線圈中部分,有一些在.rtf文件中本不該存在的十六進制代碼 在更下面有點(藍線圈中部分),我們也可以看到“AAAA”,這在彙編語言中一般表示指令“inc ecx”。
圖18 .rtf文件中的可疑部分
然而,在圖19中,我們發現一個小片段指示shellcode的大小。 通過解碼這一片段,我們可以在最後面找到一個對可執行文件的引用,而這也是我們一直在尋找的東西(圖20)。
圖19 看似shellcode的內容
圖20 shellcode,惡意URL:http://aspks.nl/components/kom/ks.exe
0×04 IDA分析
用IDA打開這個二進製文件之後,我們可以看到實際上這只是代碼的一個片段。 下圖中的彙編指令跟我們猜想的很吻合,這些shellcode和其他代碼與一個比較老但是很穩定的漏洞 CVE-2012-0158關係密切相關。
圖21 shellcode入口點附近
既然現在我們已經有了鏈接地址,那麼我們可以測試下看看該惡意鏈接是否有效,結果顯示該地址仍舊有效(圖22)。
圖22惡意文件下載
一旦執行該文件,將會在註冊表中創建一個作為運行鍵的存儲文件。
圖23惡意軟件存儲安裝
惡意軟件安裝到了以下路徑:C:\Users\<username>\AppData\Roaming\Ritese\quapq.exe。 從取證的角度來看,在該目錄或Roaming目錄中搜索exe文件將是無意義的,因為一般惡意軟件不會安裝在這些目錄下。
0×05通信分析
對於惡意軟件的服務器端來說,該惡意軟件發起了很多對“file.php”和“gate. php ”文件的請求(圖24)。 從圖中可以看出,IP地址116.193.77.118也列在了ZeuS 木馬的追踪表單上(圖25)。
圖24 發出的HTTP請求
圖25 ZeuS追踪IP地址
此外,通過Dump內存,我們還能看到其他的Ladycoll配置。
圖26 惡意軟件的內存dump
0×06總結
最後,儘管CVE-2012-0158已經有3年了,但攻擊者現在仍舊使用此漏洞 即使他們混淆了這些文檔,但還是有可能通過分析找到他們的真實意圖。
注:惡意文件哈希哈希1 哈希2
[參考來源phishme ,轉載請註明來自FreeBuf 黑客與極客(FreeBuf.COM)]




 =================

 'Anonymous white hat is no national boundaries
Anonymous white hat is everywhere
The evolution of science and technology in 2015, an anonymous white hat friendly for people to solve the number of rogue hackers!
Here, thanks to an anonymous white hat under different sky selfless sharing''~
Yours sincerely Melody.Blog small as dust~

匿名白帽子是無分國界的
匿名白帽子是無處不在的
科技演變的2015年,友好匿名白帽子為人們解決了多少的流氓黑客所為!
在此,感謝不同天空下的匿名白帽子無私的分享~
渺小如麈 Melody.Blog誠摯敬上~

  http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html

====================

'익명 흰 모자에는 국경없는
익명 흰색 모자는 어디 에나있다
2015 년 과학 기술의 발전은 사람들을위한 친절한 익명 흰색 모자는 악의적 인 해커의 수를 해결하기 위해!
여기에 ','다른 하늘 사심 공유에서 익명의 흰 모자 덕분에 ~
너의 진심으로 ~ 먼지로 작은 Melody.Blog

''Chapeau blanc Anonyme est pas de frontières nationales
Anonyme chapeau blanc est partout
L'évolution de la science et de la technologie en 2015, un chapeau blanc anonyme convivial pour les gens à résoudre le nombre de pirates voyous!
Ici, grâce à un chapeau blanc anonyme sous un ciel différent partage désintéressé ''~
Cordialement Melody.Blog réduit en poudre~

  http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html


====================

''匿名白い帽子は国境はありません
匿名白い帽子はどこにでもある
2015年の科学技術の進化、不正なハッカーの数を解決するために人々のためのやさしい匿名の白い帽子!
ここでは、別の空の下で匿名の白い帽子のおかげで無私の共有 ''〜
敬具〜塵のような小さなMelody.Blog

''Anonymous біла капелюх немає національних кордонів
Anonymous біла капелюх всюди
Еволюція науки і техніки в 2015 році, анонімний біла капелюх зручним для людей, щоб вирішити ряд ізгоїв хакерів!
Тут, завдяки анонімному білому капелюсі під іншим небом самовіддану обміну''~
З повагою Melody.Blog невеликий, як пил~


''Anonima blanka ĉapelo estas la landlimoj
Anonima blanka ĉapelo estas ĉie
La evoluo de scienco kaj teknologio en 2015, anonima blanka ĉapelo amika por homoj solvi la nombro de fripono hackers!
Tie, danke al anonima blanka ĉapelo sub malsamaj ĉielo neprofitema sharing''~
Sincere via Melody.Blog malgranda kiel polvo~

  http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html

=====================


 -*Update* article by ourlove520.com---Entry: Anonymous,, Editor: admin ,, Update Time: 2015-3-11] "heading: one layer to peel your heart: Decoding" deep disguise "the online banking Trojan ZeuS !!"---by white hat Anonymous with a network graphic Detailed analysis of the virus file attached a good article, but also a very good sharing! please enjoy anonymous white hat trick ~
-*更新*由ourlove520.com---文章录入:佚名,,责任编辑:admin,,更新时间:2015-3-11]"標題:一层一层剥开你的心:解码“深度伪装”的ZeuS网银木马!!"一篇由匿名白帽子為網絡用家圖文詳解附著病毒文件的分析好文章,也是一個非常好的分享!請各位欣賞匿名白帽子的技倆~
**All The World Country/ City Lauguage**-

  http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html


 =====================#################
 http://zone.wooyun.org/content/18432

Open space to see people talk about hair, said China's largest hacker, black round big black wide, selling mobile phones sold himself go seeking the truth

 iiiiiiiii | 2015-02-03 00:43
 helen claimed to have purchased the cloud bug, smoke generation mobile phones, the most popular apple six to two thousand yuan fraud, involving 200 000 tall, small partners through the evidence provided, Hubei network monitoring detachment has opened investigations into the matter. Helen no zuo no die

Open QQ space to see a lot of people are forwarded to talk about seeking the truth

 =================

 
  1. Sky (z7y chief cashier) | 2015-02-03 09:21
    http://xw.qq.com/hb/20150203014543
  2. 7 # Sky (z7y chief cashier) | 2015-02-03 09:21
    this is true
 =================
 Su snow | 2015-02-03 11:00

 =================
 Dark Ranger | 2015-02-03 11:34
Hubei, one of China's first hacker claiming surnamed Wang qq305536777, in more than 20 million iPhone ios implanted Trojans, illegal fund-raising bank cash card fraud yuan, involving up to 800 billion yuan, Apple has reported, the FBI is investigating China's General Administration of Hubei Province Network Supervisor will cooperate with the investigation, the China National Bureau of Justice filing, Chinese state security department has to go to Hubei personally evidence.

 ==================
iiiiiiiii | 2015-02-03 14:23
 `Y5I`_JD [T [T% 6K} 3XI3N} Y.jpg
 ==========
iiiiiiiii | 2015-02-03 14:37
@ heavenly chased Not really small I was still a soldier, I was his comrade oil is when I am better than he had a year to come back this year, retired, he retired at the end of this year to come back.

==================>>>>>>
 http://hb.qq.com/a/20150203/014543.htm

"Hackers," said mobile phone sales site vulnerabilities can spend one yuan in iPhone

Grand Chu Gallery (new) Han Net - Wuhan Evening News Liu Haifeng 2015-02-03
 "Hackers," said mobile phone sales site vulnerabilities can spend one yuan in iPhone
 Yesterday morning, Shandong Weifang Ms. Wu said a telephone call to the newspaper, one of Wang Moulun Chibi Hubei hackers bragged discovered a vulnerability in mobile phone sales website, you can only spend one hundred percent winning money, get an Apple iPhone. After 王某伦 this information available online, the country close to a hundred friends to prices ranging from 500 yuan to 4,500 yuan, asked him to help get the phone, the results of most users only receive a U disk, while Ms. Wu et al. you receive an empty box.
Found deceived, there are more than friends select the alarm, a netizen in the local police learned that Wang Moulun had "illegal invasion computer system" was detained a total of 24 criminal record.
"Hacker" can be said to spend a dollar in the iPhone
According to Ms. Wu introduced three years ago, she saw 王某伦 QQ numbers in online forums, thought to facilitate some network problems advice, they take the initiative plus other friends. However, the past few years, the parties have not had communication. Not long ago, Wang Moulun began his QQ space have released some information, claiming mastered the "one yuan cloud shopping" mall loophole only spend a dollar, you can get the iPhone in one hundred percent. In addition, there are many people in the space message, claimed to have received a phone has been tested and is absolutely authentic.
See these illustrations of information, plus other hacker's identity, what Ms. Wu also move the heart, the initiative linked 王某伦. "Different different models of the iPhone price, I gave him 3000 dollars Alipay fight, let him help me get a iPhone6." Ms. Wu on January 30 in the evening, to 王某伦 offered money to play Alipay account.
To win these Buying mobile phone users, Wang Moulun also built a "cloud purchase plan group", these models hit man dragged into it. Ms. Wu found that there are still a lot of care group, said people have been received phone. However, on January 31, that someone in the group began to curse, saying that the phone did not receive, receive only a U disk.
"Not until the other person to speak, he put a gag everybody." Seeing things brought to light, Wang Moulun just put these people are kicked out, and Ms. Wu later learned, there are several users receive is empty box, there are people received a condom.
In order to safeguard their rights, who cheated friends built a QQ group advice, Wuhan Evening News reporter found a total of 91 users inside their Paypal records are screenshots. "There are some people not into groups, involving at least 100,000." Ms. Wu said.
Alarm users around the ferret "recidivist"
Yesterday afternoon, the reporter get fooled with the addition of a contact Miss Ma, she invited reporters to join the "Wang Moulun evidence of a crime group" part of the victim's friends created, there is a total of 16 friends, they are responsible for collating the large amount of evidence. Ma provide a picture show, 王某伦 public security information online have a criminal record, the basic information bar displays, junior high school education, he is a computer technology expertise, professional practitioners inconvenience for other classifications, had in 2010 February was detained.
Yesterday morning, Zhumadian friends deceived Mr. Zhang, the local police, the police inquiry found Wang Moulun personal information, he should have 24 illegal records. "I have carefully read, all 'illegal intrusion into computer systems', the police also lamented such people fear bad management." Zhang said, this time, if he does not refund, that is a fraud. Currently, there are already some friends ready to Chibi, Hubei police. It is worth mentioning that yesterday afternoon, the reporter being victimized by these QQ friends in "Wang Moulun evidence of a crime group" exchanges, suddenly unable normal landing, actually was hacking! At press time ago has not yet returned to normal.
"Although he was just an entertainer hacker circles, but this technology is still there hacking." When he learned that reporters encounter, Ms. Wu said in a phone.


 =====================================

打開空間看到有人發說說稱中國第一大黑客,黑輪大黑闊,賣手機把自己賣進去了求真相

iiiiiiiii | 2015-02-03 00:43
helen聲稱雲購有bug,代抽手機,最為當紅的蘋果6以兩千人民幣詐騙,涉案金額高大20萬,經過小伙伴們提供的證據,湖北網監支隊已對此事進行立案調查。 Helen no zuo no die

打開QQ空間看到好多人都在轉發的說說求真相

 =====================

 
  1. sky (z7y首席收銀員) | 2015-02-03 09:21
    http://xw.qq.com/hb/20150203014543
  2. 7# sky (z7y首席收銀員) | 2015-02-03 09:21
    this is 真的

 ======================

 溯雪 | 2015-02-03 11:00

 ======================

 黑暗遊俠 | 2015-02-03 11:34
湖 北一自稱中國第一黑客王姓男子qq305536777,在2000多萬人蘋果手機裡植入ios木馬,非法集資銀行卡套現詐騙人民幣,涉案金額高達8000 億人民幣,蘋果公司已報案,美國FBI正著手調查,中國湖北省網監總局將配合調查,中國國家司法局已立案,中國國家安全部門已赴湖北親自取證。

 =======================

 
  1. iiiiiiiii | 2015-02-03 14:23
    `Y5I`_JD[T[T%6K}3XI3N}Y.jpg
    =======================
  2. 25# iiiiiiiii | 2015-02-03 14:37
    @ 天朝城管沒有啦小I還在當兵,我是他機油也是戰友我比他早當一年,今年退伍回來的,他今年年底才能退伍回來。

http://zone.wooyun.org/content/18432 
========================================
http://hb.qq.com/a/20150203/014543.htm 

“黑客”稱手機銷售網站有漏洞花1元能中iPhone

大楚圖庫(new) 漢網-武漢晚報 劉海鋒 2015-02-03
 
 昨天上午,山東濰坊的吳女士向本報打來電話稱,湖北赤壁的一名網絡黑客王某倫吹噓發現了某手機銷售網站的漏洞,只花1塊錢就可以百分百中獎,拿到一部蘋果iPhone手機。 王某倫在網上發布了這些信息後,全國各地近百位網友以500元到4500元不等的價格,找他幫忙弄手機,結果大部分網友只收到一個U盤,而吳女士等人則收到一個空盒子。
發現被騙後,有多名網友選擇報警,一名網友在當地警方了解到,王某倫曾因“非法入侵計算機系統”被拘留,共有24條犯罪記錄。
“黑客”稱花1元錢能中iPhone手機
據吳女士介紹,3年前,她在網絡論壇上看到王某倫的QQ號碼,想著有些網絡問題方便諮詢,便主動加了對方好友。 不過,幾年來,雙方並未有過交流。 前不久,王某倫開始在自己的QQ空間陸續發布了一些信息,自稱掌握了“1元雲購”商城的漏洞,只用花1元錢,就能百分百中得iPhone手機一部。 此外,還有不少人在空間留言,聲稱已經收到了手機,經檢測絕對是正品。
看到這些圖文並茂的信息,加上對方黑客的身份,吳女士一下也動了心,主動與王某倫聯繫起來。 “不同型號的iPhone價格不同,我給他支付寶打了3000塊錢,讓他幫我弄一部iPhone6​​。”吳女士於1月30號晚上,向王某倫提供的支付寶賬號打了錢。
為了籠絡這些求購手機的網友,王某倫還建了一個“雲購計劃群”,把這些打了款的人都拉了進去。 吳女士發現,群裡還有不少托,一直有人說收到了手機。 然而,1月31日,有網友開始在群裡破口大罵,稱手機沒收到,只收到一個U盤。
“還沒等到其他人說話,他就把大家都禁言了。”眼見事情敗露,王某倫乾脆把這些人都踢了出去,而吳女士事後得知,有幾名網友收到的是空盒子,還有人收到了一隻安全套。
為了維權,那些被騙的網友建了一個QQ群出謀劃策,武漢晚報記者發現,裡面共有91名網友,他們的支付寶記錄均有截圖。 “還有一部分人沒有進群,涉案金額至少有10萬。”吳女士說。
各地網友報警揪出“慣犯”
昨天下午,記者與另外一名受騙者馬女士取得聯繫,她邀請記者加入了部分受害網友創建的“王某倫犯罪證據群”,這裡面共有16名網友,他們負責整理收集到了大量證據。 馬女士提供的一張圖片顯示,王某倫在公安信息網上留有案底,其基本信息欄顯示,初中文化水平的他,專長為計算機技術,職業為不便分類的其他從業人員,曾於2010年2月被關押。
昨天上午,河南駐馬店的受騙網友張先生,到當地警方報案,民警在查詢王某倫的個人信息時發現,他竟然有24條違法記錄。 “我仔細看了下,全部都是'非法侵入計算機系統',民警還感嘆這樣的人怕不好管。”張先生說,這一次,他如果不退錢,那就是詐騙罪了。 目前,已經有部分網友準備向湖北赤壁市警方報案。 值得一提的是,昨天下午,記者正通過QQ與這些受害網友在“王某倫犯罪證據群”交流時,突然無法正常登陸,居然被盜號了! 截至發稿前仍未恢復正常。
“他雖然只是黑客圈的一名娛樂人士,但盜號這點技術還是有的。”當得知記者的遭遇後,吳女士在電話裡說道。


 http://hb.qq.com/a/20150203/014543.htm

 ===============

 ''White hat tucao forum, people appeal to the mainland peoples provinces and cities to be deceived that,
Rogue hackers greed lead to mainland China with the anger of people ..
Please take this as a warning, do not be a little money to fall into the trap of temptation ~''ah.
''白帽子的吐槽論壇,給大陸內地各省市人們申訴被欺騙,
被流氓黑客的貪婪引至同是大陸內地人的憤怒..
請各位以此為鑑,不要被小小的金錢所誘惑而掉入陷阱中啊~''

http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
''사람들이 있음을기만하는 본토 사람들의 지방과 도시에 호소 tucao 포럼 흰색 모자를'
악성 해커의 탐욕은 사람들의 분노와 중국 본토로 이어질 ..
아 ''~ 유혹의 함정에 빠지지하기 위해 약간의 돈을하지 말고, 경고로이를 확인하시기 바랍니다.
''Chapeau blanc Tucao forum, les gens font appel aux peuples du continent provinces et les villes à être trompé que,
Pirates voyous avidité mènent à la Chine continentale avec la colère de la population ..
Se il vous plaît prendre cela comme un avertissement, ne pas être un peu d'argent pour tomber dans le piège de la tentation~''ah.

tucaoフォーラム ''白い帽子、人々は、ことを欺かれるべき本土の人々の省や都市にアピール
ローグハッカーの欲は、人々の怒りに中国本土につながる..
ああ ''〜誘惑の罠に陥るために少しのお金もありません、警告としてこれを取るしてください。
''Blanka ĉapelo tucao forumo, homoj apelacii al la ĉeftero popoloj provincoj kaj urboj esti trompita ke,
Rogue hackers avido kondukas al kontinenta Ĉinio kun la kolero de homo ..
Bonvolu preni tion kiel averto, ne esti iom mono fali en la kaptilon de tento ~ '' ah.

http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
small as dust  Melody.Blog Sincerely~

================================

 *--Update--Share''forum from the clouds net tucao white hat - [wooyun.org/content/18432] - [?! "Hacker," said mobile phone sales site vulnerabilities can spend one yuan in iPhone] - The mainland peoples not work , delusional dream of getting rich of many people, especially, they only move their head --->>delusional lies to the same mainland people in the mainland provinces, the actions of rogue hackers no moral value at all, the mainland more a liar, are they not have education & also lost conscience, how to teach people to believe the mainland people is unscrupulous behavior & not honest ah ??! -
--更新--分享''來自烏雲網白帽子的吐槽論壇- [wooyun.org/content/18432]-[“黑客”稱手機銷售網站有漏洞花1元能中iPhone?!]-大陸不工作,不務正業,妄想發財發夢的人特別多,只動腦袋來陷害---同在大陸的各省市人們,流氓黑客的所作所為沒有道德價値可言,大陸內地騙子多的是,沒教育也失去良知,怎麼能教人們相信大陸人毫無誠信的無良行為啊??!-
--update--Share''forum 구름 그물 tucao 흰색 모자에서 --[wooyun.org/content/18432] - [?! 동일하게 >> 특히, 그들은 단지 그들의 머리 ]---이동 본토 사람들이, 많은 사람들이 부자의, 망상의 꿈을 작동하지 망상 거짓말을 - "해커,"휴대 전화 판매 사이트 취약점] 아이폰 일위안을 보낼 수 있다고 말했다 본토 지방에서 본토 사람, 도덕적 인 가치로 모든 악성 해커의 행동, 더 본토 거짓말 쟁이, 그들은 교육 및도 손실 양심이없는, 본토 사람을 믿는 사람들을 가르 칠하는 방법을 파렴치한 행동 및 정직하지 아입니다 ??! -
--update--Share''forum du nuages ​​Tucao nette chapeau blanc - [wooyun.org/content/18432] - [?! "Hacker", a déclaré vulnérabilités site de vente de téléphonie mobile peuvent passer un yuan dans l'iPhone] -Les peuples du continent ne fonctionnent pas, le rêve délirant de devenir riche de nombreuses personnes, en particulier, ils ne se déplacent que leur tête--->> mensonges délirants à la même les gens continent dans les provinces de la partie continentale, les actions des pirates voyous aucune valeur morale à tous, la partie continentale plus un menteur, sont-ils pas l'éducation et aussi perdu conscience, comment enseigner aux gens à croire que les gens du continent est un comportement peu scrupuleux & ah pas honnêtes ??! -
--update - 雲ネットtucao白い帽子からShare''forum - [wooyun.org/content/18432] - [?!同じに妄想嘘>> ---、本土の人々が動作しない多くの人々の金持ちの妄想夢、特に、彼らが唯一の彼らのヘッドを移動 - 「ハッカー、「携帯電話の販売サイトの脆弱性は] iPhoneで1元を過ごすことができた本土の人々を信じるために人々を教えるためにどのように本土本土の地方の人々、不正なハッカーの行動全く道徳的な価値、本土より嘘つき、彼らは教育&も失わ良心を持っていないが、正直ああ不謹慎な行為であるとしない??! -
--Update - Share''forum el la nuboj net tucao blanka ĉapelo - [wooyun.org/content/18432] - [?! "Hacker" diris poŝtelefono vendoj ejo vulnerabilidades povas elspezi unu juanoj en iPhone] - La ĉeftero popoloj ne funkcias, iluzia revo de iĝi riĉa de multaj homoj, aparte, ili nur movas siajn kapon --- >> iluzia mensogoj al la sama ĉeftero homoj en la ĉeftero provincoj, la agoj de fripono hackers ne morala valoro ĉe ĉiuj, la ĉeftero pli mensoganto, estas ili ne havas edukon & ankaŭ perdis konsciencon, kiel instrui homoj kredi la ĉeftero homoj estas senskrupulaj konduto & ne honesta ah ??! -
-**All The World City/Country Lauguage**-

  http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html

 ===================#############################

 By ourlove520.com


Data-Hack SQL injection detection


Article Entry: Anonymous Editor: admin Updated: 2015-3-12

0x00 Foreword

This series of tutorials that I was going to translate , and later had a little article found that the teaching process is not very friendly, so in general is based on his ideas, but which do a lot of changes, there is a thing that I assume the reader has a basic understanding of python and SQL injection knowledge. There is also a need to note that I wrote in ipython notebook, so the text of the code may need some changes in order to use.
I think the theme of this brief article is to "How to identify SQL injection "provides an idea, the idea itself is in the form of scientific data to solve the problem, in fact, the so-called machine learning.
To achieve our goals we need a process:
  • Data collection
  • Thinking of data
  • Features works
  • Machine Learning
0x01 ready

1. tools

This series mainly python-based, so the following is required python library, I will not teach you how to install these things.
sqlparse (a syntax tree for parsing sql library) Scikit-Learn (python Machine Learning Library) Pandas (data for fast processing certain amount) numpy (used for scientific computing) matplotlib (for data visualization)
2. What is Machine Learning?

Because this is used in supervised learning, then we will inject the required knowledge of supervised learning, machine learning by definition is the ability to let the machine learning, suppose we have a learning algorithm, then how do we teach it knowledge , assuming a child, we need to let it know how to identify the fruit, we will put the two piles of different fruits, telling his left Apple, the right is bananas. Then wait until he learned this pile of dog feces stuff, we can see a bunch of new fruit with his back to let him have identified themselves. In other words this is to prepare us a bunch of data that tells the algorithm, the left is a normal sql request, the right is SQL injection request, after let him learn, and finally we give him a bunch of unknown data were tested .
3. SQL syntax tree

Do you think sql language from the input database to replace the contents have been the kind of treatment, sql language is a DSL (Domain Specific Language), such as ruby, c, java, they can do anything, but there are some languages ​​can do a field thing, sql is such a language, it can only describe the data of the operation . But when it is in a large classification is classified into the programming language, you then need to go through lexical analysis syntax analysis, the students do not understand the process for this can be seen. http://zone.wooyun.org/content/17006
0x02 prepare data

Because this data is ready, so we need to write a little script he read out what I needed to be packaged.
Download Address: Download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Twenty one
Twenty two
Twenty three
Twenty four
# - * - Coding: utf-8 - * -
import os
import pandas as pd
basedir = '/ Users / slay / project / python / datahack / data_hacking / sql_injection / data'
filelist = os.listdir (basedir)
df_list = []
# Loop reads basedir following, a file called 'legit' are legitimate content, malicious sql statement is malicious
for file in filelist:
df = pd.read_csv (os.path.join (basedir, file), sep = '|||', names = ['raw_sql'], header = None)
df ['type'] = 'legit' if file.split ('.') [0] == 'legit' else 'malicious'
df_list.append (df)
# The contents of the object into the dataframe
dataframe = pd.concat (df_list, ignore_index = True)
dataframe.dropna (inplace = True)
# Statistical content
print dataframe ['type']. value_counts ()
# See the first five
dataframe.head ()

We can now clearly know that we are faced with is a bunch of what the data.
0x03 features works

1. Concept

So, then what? We can not put the data in and then get thrown into the algorithm on a tall sql firewall up? So now we come to think of a problem, we have two sql statements from admin to view the contents of a table *.
1
2
select user from admin;
select hello from admin;
What algorithm finally get input that is [1,1,0,1,1] and [1,0,1,1,1] did not understand it does not matter, that was such a thing.
{Select: 1, user: 1, hello: 0, from: 1, admin: 1} {select: 1, user: 0, hello: 1, from: 1, admin: 1}
Is not where wrong, that the user and the machine seems to run hello in essence belongs to a different type of stuff, but for understanding the sql language itself, you know they are the same thing, so we need to play the same kind of thing a label so that the machine can know.
So what if there is a feature of some vague understanding of the project? To feature works well, we need to question you face profound understanding that "domain knowledge" into this problem like you to understand the sql language, on the basis of this understanding up processing features, so the algorithm more able to its classification. Fruits into classification problem is, you have to tell a child, bananas are long, yellow, apple is red, round, of course, if you just put the above stuff thrown inside the algorithm, the classifier is also possible to work accuracy over 70% would be able to, maybe you look okay, when it is all I can tell you this is a disaster. It reminds me of a particular data mining competition, the first and the first thousand points difference is 0.01, these metamorphosis.
2. Conversion Data

So now we need is the raw data into a feature, which is why I just said syntax tree, we need to deal with sql statements, for the same type of thing given the same label, and now we are using to build a module sqlparse functions to handle sql statement.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import sqlparse
import string
def parse_sql (raw_sql):
parsed_sql = []
sql = sqlparse.parse (unicode (raw_sql, 'utf-8'))
for parse in sql:
for token in parse.tokens:
! if token._get_repr_name () = 'Whitespace':
parsed_sql.append (token._get_repr_name ())
return parsed_sql
sql_one = parse_sql ("select 2 from admin")
sql_two = parse_sql ("INSERT INTO Persons VALUES ('Gates', 'Bill', 'Xuanwumen 10', 'Beijing')")
print "sql one:% s"% (sql_one)
print "sql two:% s"% (sql_two)
Output sql one: ['DML', 'Integer', 'Keyword', 'Keyword'] sql two: ['DML', 'Keyword', 'Identifier', 'Keyword', 'Parenthesis']
We can see select and insert are identified as dml, so now we have to do is to observational data, is to see whether the feature has the ability to classify data, and now we have to convert to sql statement.
1
2
dataframe ['parsed_sql'] = dataframe ['raw_sql'] map. (lambda x: parse_sql (x))
dataframe.head ()

3. Other

Theoretically we can now put these things thrown directly algorithms, but for the convenience, I say something else, depends largely on the performance of the classifier feature, assume that these can not be good for data classification, we you need to consider some other processing features, such as you find SQL injection , then seemingly longer than the sql statement, it can be converted into a feature.
1
2
dataframe ['len'] = dataframe ['parsed_sql'] map. (lambda x: len (x))
dataframe.head ()

Now we need under observation data to see if the data length capability classification.
1
2
3
4
% Matplotlib inline
import matplotlib.pyplot as plt
dataframe.bo XP Lot ('len', 'type')
plt.ylabel ('SQL Statement Length')

0x04 Machine Learning

1. Train & Test

Here I would call the python library directly, because a lot of trouble to explain, but as far as I for Random Forest (Random Forest) this layer to be used to understand the degree, I think that might as well speak, for its mathematical principles are interested can Refer to the following paper, I've seen random forest clearest explanation.
Gilles Louppe "Random Forests: From Theory to Practice" http://arxiv.org/pdf/1407.7502v1.pdf
Next we do a processing of characteristics, is converted into vector format 0 and 1, x is a feature of our data, y represents the results.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
import numpy as np
from sklearn.preprocessing import LabelEncoder
from sklearn.feature_extraction.text import CountVectorizer
import string
vectorizer = CountVectorizer (min_df = 1)
le = LabelEncoder ()
X = vectorizer.fit_transform (dataframe ['parsed_sql'] map (lambda x:. String.join (x, '')))
x_len = dataframe.as_matrix (['len']). reshape (X.shape [0], 1)
x = X.toarray ()
y = le.fit_transform (dataframe ['type']. tolist ())
print x [: 100]
print y [: 100]
Export
[[000, ..., 200] [000 ..., 100] [000 ..., 000], ..., [0 0 0 ..., 0 00] [000 ..., 000] [000 ..., 000]] [1 1 1,111,110,000,000,000,000 0 0 0 0 0 0 0 0 0 0 0 0 0,000,000,000,000,000,000 0,000,000,000,000,000,000 0 0 0 0 0 0 0 0 0 0,000,000,000,000,000,000 0]
Enter
1
2
3
4
5
clf = sklearn.ensemble.RandomForestClassifier (n_estimators = 30)
scores = sklearn.cross_validation.cross_val_score (clf, x, y, cv = 10, n_jobs = 4)
print scores
Export
[0.97699497 0.99928109 0.99928058 0.97192225 0.99928006 0.99856012 1. 1. 1. 1.]
Cross_validation above is one way we tested the classifier, the principle is to the trained classifier divided on some datasets test results derived from multiple scores can better evaluate the performance, we have come A seemingly good results, let's train classifiers
1
2
3
4
5
6
7
from sklearn.cross_validation import train_test_split
# The data is divided into training and test data, training data used to train the model, the test data is used to test the performance of the classifier.
X_train, X_test, y_train, y_test, index_train, index_test = train_test_split (x, y, dataframe.index, test_size = 0.2)
# Start training
clf.fit (X_train, y_train)
# Forecast
X_pred = clf.predict (X_test)
If just those values ​​can not directly see what kind of stuff you trained them, then you need a confusion matrix.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
% Matplotlib inline
import matplotlib.pyplot as plt
from sklearn.metrics import confusion_matrix
cm = confusion_matrix (X_pred, y_test)
print cm
# Show confusion matrix in a separate window
plt.matshow (cm)
plt.title ('Confusion matrix')
plt.colorbar ()
plt.ylabel ('True label')
plt.xlabel ('Predicted label')
plt.show ()

The confusion matrix can be more intuitive let us observe data, our data types 0,1 atmosphere, such as [0,0] = 196 is legit correctly classified samples, [0,1] = 3 is misclassified samples , then the second row is the case of malicious sample classification.
Now we seem classification since it seems to work well, reaching 99 percent accuracy rate, but you can imagine this, every 199 samples had three correct misclassified, generally a medium-sized site to deal with sql statement it may be up to 1000 times above, that you may have 3000 innocuous statement is blocked. So here we need is to reduce the probability of being misclassified legit.
2. Adjust

sklearn Most models have a feature called predict_proba, the probability of that is forecast, predict internal call is actually under predict_proba, then 50%. We become what can be installed directly call predict_proba, let ourselves be adjusted probability classification.
1
2
3
4
5
6
7
loss = np.zeros (2)
y_probs = clf.predict_proba (X_test) [:, 1]
thres = 0.7 # 0.7 with probability to classify
y_pro = np.zeros (y_probs.shape)
y_pro [y_probs> thres] = 1.
cm = confusion_matrix (y_test, y_pro)
print cm
Export
[[1970] [52577]]
legit is to reduce the probability of misclassification, but the 0.7 is just an argument that we are free to come out, can not simply find a way to optimize a little bit? Let's define a simple function f (x), the probability would be as we enter the output parameters of misclassification.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Twenty one
Twenty two
Twenty three
Twenty four
25
26
def f (s_x):
loss = np.zeros (2)
y_probs = clf.predict_proba (X_test) [:, 1]
thres = s_x # This can be set to whatever you'd like
y_pro = np.zeros (y_probs.shape)
y_pro [y_probs> thres] = 1.
cm = confusion_matrix (y_test, y_pro)
counts = sum (cm)
count = sum (counts)
if counts [0]> 0:
loss [0] = float (cm [0,1]) / count
else:
loss [0] = 0.01
if counts [1]> 0:
loss [1] = float (cm [1,0]) / count
else:
loss [1] = 0.01
return loss
# 100 value from 0.1 to 0.9 before
x = np.linspace (0.1,0.9,100)
Results # x input f (x) obtained after
y = np.array ([f (i) for i in x])
# Visualization
plt.plot (x, y)
plt.show ()

Amount, continue to use 0.7 bar.
0x05 Conclusion

This is a series, may I say that no one would believe it, the way a bit chaotic start.
The old adage of it, do not know who said it, anyway, we linked to mouth every day.
Other parts of the performance of data mining project, 80% depending on the characteristics of the project, the remaining 20% ​​depending on the models only; limit the extent of said data mining project performance is determined by the characteristics of the project, but it is close to the upper limit, the decision by the model .
source: http: //nbviewer.ipython.org/github/ClickSecurity/data_hacking/blob/master/sql_injection/sql_injection.ipynb




 ==========================

 
Data-Hack SQL注入檢測


文章錄入:佚名責任編輯:admin 更新時間: 2015-3-12

0x00 前言

這個系列教程我本來打算的是翻譯 ,後來過了一下文章發現教學過程不是很友好,所以大體是按他的思路,不過其中做了很多改動,還有個事情就是我假定讀者已經了解基礎的python和SQL注入的知識。 還有一個需要注意的是我是寫在ipython notebook中,所以文中的代碼可能需要一點改動才能用。
我覺得這篇文章的簡要的主題就是,給"如何識別SQL注入 "提供一種思路,這個思路的本身就是用數據科學的形式來解決問題,其實就是所謂的機器學習。
為了達到我們的目標就需要一個過程:
  • 收集數據
  • 思考數據
  • 特徵工程
  • 機器學習
0x01 準備

1. tools

這個系列主要以python為主,所以下面的是所需的python庫,我不會教你怎麼安裝這些東西。
sqlparse (一個用於解析sql語法樹的庫) Scikit-Learn (python機器學習庫) Pandas (用於快速處理一定量的數據) numpy (用於科學計算) matplotlib (用於數據可視化)
2. 什麼是機器學習?

因 為本文中用的是監督學習,那麼我們會注入監督學習所需要的知識,機器學習顧名思義就是讓機器具備學習的能力,假設我們已經有了一個算法能夠進行學習,那麼 我們該如何教給它知識,假設一個小孩,我們需要讓它知道如何辨認水果,我們就會放兩堆不同的水果,告訴他左邊的是蘋果,右邊的是香蕉。 然後等到他學習了這堆狗屎玩意,我們就可以帶著他去看一堆新的水果讓後讓他自己進行辨認了。 換句話說我們這次就是要準備一堆的數據,告訴算法,左邊的是正常的sql請求,右邊的是SQL注入的請求,讓後讓他進行學習,最後我們再給他一堆未知的數據進行測試
3. SQL語法樹

你覺得sql語言從輸入數據庫到放回內容都經過了怎樣的處理,sql語言是一種DSL(領域特定語言),比如ruby,c,java,這些可以做任何事,但有一些語言只能做某個領域的事,sql就是這樣一種語言,它只能描述對於數據的操作 但是它在大歸類的時候是被歸類到編程語言裡的,就需要經過詞法分析再到語法分析,對於這個過程不了解的同學可以看。 http://zone.wooyun.org/content/17006
0x02 準備數據

因為這次的數據已經準備好了,所以我們所需要就是寫個小腳本把他讀取出來,所需要的東西我會進行打包。
下載地址: 下載
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# -*- coding: utf-8 -*-
import os
import pandas as pd
basedir = '/Users/slay/project/python/datahack/data_hacking/sql_injection/data'
filelist = os.listdir(basedir)
df_list = []
# 循環讀取basedir下面的內容,文件名為'legit'的是合法內容,malicious的是惡意sql語句
for file in filelist:
df = pd.read_csv(os.path.join(basedir,file), sep='|||', names=['raw_sql'], header=None)
df['type'] = 'legit' if file.split('.')[0] == 'legit' else 'malicious'
df_list.append(df)
# 將內容放入dataframe對象
dataframe = pd.concat(df_list, ignore_index=True)
dataframe.dropna(inplace=True)
# 統計內容
print dataframe['type'].value_counts()
# 查看前五個
dataframe.head()

我們現在可以清楚的知道我們面臨的是一堆什麼樣的數據了。
0x03 特徵工程

1. 概念

So,然後呢? 我們是不是就可以把數據丟進算法裡然後得到一個高大上的sql 防火牆了? 那麼我們現在來想一個問題,我們有兩個sql語句,從admin表中查看*的內容。
1
2
select user from admin;
select hello from admin;
算法最後得到的輸入是什麼,是[1,1,0,1,1] 和[1,0,1,1,1] 沒看懂沒關係,就是說得到了這樣的東西。
{select:1, user:1, hello:0, from:1, admin:1} {select:1, user:0, hello:1, from:1, admin:1}
是不是哪裡不對,就是說在機器看來user 和hello 在本質來看是屬於不同的類型的玩意,但是對於了解sql語言本身的你知道他們是一樣的東西,所以我們就需要給同一種東西打一個標籤讓機器能夠知道。
那麼是否對什麼是特徵工程有了一些模糊的了解? 要做好特徵工程,就需要對於你所面臨的問題有著深刻的了解,就是“領域知識”,帶入這個問題就像你對於sql語言的了解,在這個了解的基礎上去處理特徵,讓算法更能將其分類。 帶入水果分類問題就是,你得告訴小孩,香蕉是長長的,黃色的,蘋果是紅色的,圓圓的,當然,如果你直接把上面的玩意丟進算法裡頭,分類器也是可以工作的,準確度大概能過70%,也許你看起來還行,當是我只能告訴你這是個災難。 這讓我想起某次數據挖掘的競賽,第一名和第一千名的分差是0.01,這群變態。
2. 轉化數據

所以現在我們需要的就是將原始數據轉化成特徵,這就是為什麼我剛才說到語法樹的,我們需要對sql語句進行處理,對同一種類型的東西給予同一種標示,現在我們使用sqlparse 模塊建立一個函數來處理sql語句。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import sqlparse
import string
def parse_sql(raw_sql):
parsed_sql = []
sql = sqlparse.parse(unicode(raw_sql,'utf-8'))
for parse in sql:
for token in parse.tokens:
if token._get_repr_name() != 'Whitespace':
parsed_sql.append(token._get_repr_name())
return parsed_sql
sql_one = parse_sql("select 2 from admin")
sql_two = parse_sql("INSERT INTO Persons VALUES ('Gates', 'Bill', 'Xuanwumen 10', 'Beijing')")
print "sql one :%s"%(sql_one)
print "sql two :%s"%(sql_two)
輸出sql one :['DML', 'Integer', 'Keyword', 'Keyword'] sql two :['DML', 'Keyword', 'Identifier', 'Keyword', 'Parenthesis']
我們可以看到select 和insert都被認定為dml,那麼現在我們要做的就是觀測數據,就是查看特徵是否擁有將數據分類的能力,現在我們先對sql語句進行轉換。
1
2
dataframe['parsed_sql'] = dataframe['raw_sql'].map(lambda x:parse_sql(x))
dataframe.head()

3. Other

理論上我們現在就可以直接把這些東西扔進算法中,不過為了方便我在說點別的,分類器的性能很大程度上取決於特徵,假設這些無法很好的對數據進行分類,那我們就需要考慮對特徵進行一些別的處理,比如你覺得SQL注入的話sql語句貌似都比較長,那麼可以將其轉化成特徵。
1
2
dataframe['len'] = dataframe['parsed_sql'].map(lambda x:len(x))
dataframe.head()

現在我們需要觀測下數據,看看長度是否有將數據進行分類的能力。
1
2
3
4
%matplotlib inline
import matplotlib.pyplot as plt
dataframe.bo xp lot('len','type')
plt.ylabel('SQL Statement Length')

0x04 機器學習

1. Train & Test

這裡我就直接調用python庫了,因為解釋起來很麻煩,而且就我對於這次要使用的隨機森林(Random Forest)的了解層度,我覺得還不如不講,對於其數學原理有興趣的可以參考下面的paper,是我見過對隨機森林解釋的最清楚的。
Gilles Louppe《隨機森林:從理論到實踐》 http://arxiv.org/pdf/1407.7502v1.pdf
接下來我們再對特徵做一次處理,轉換成0和1的向量形式,x是我們的特徵數據,y表示結果。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
import numpy as np
from sklearn.preprocessing import LabelEncoder
from sklearn.feature_extraction.text import CountVectorizer
import string
vectorizer = CountVectorizer(min_df=1)
le = LabelEncoder()
X = vectorizer.fit_transform(dataframe['parsed_sql'].map(lambda x:string.join(x,' ')))
x_len = dataframe.as_matrix(['len']).reshape(X.shape[0],1)
x = X.toarray()
y = le.fit_transform(dataframe['type'].tolist())
print x[:100]
print y[:100]
輸出
[[0 0 0 ..., 2 0 0] [0 0 0 ..., 1 0 0] [0 0 0 ..., 0 0 0] ..., [0 0 0 ..., 0 0 0] [0 0 0 ..., 0 0 0] [0 0 0 ..., 0 0 0]] [1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
輸入
1
2
3
4
5
clf = sklearn.ensemble.RandomForestClassifier(n_estimators=30)
scores = sklearn.cross_validation.cross_val_score(clf, x, y, cv=10, n_jobs=4)
print scores
輸出
[ 0.97699497 0.99928109 0.99928058 1. 1. 0.97192225 0.99928006 0.99856012 1. 1. ]
上面的cross_validation是我們測試分類器的一種方法,原理就是把訓練後的分類器在一些分割後的數據集上測試結果,從得出的多個評分中可以更好的評估性能,我們得出了一個貌似不錯的結果,接下來讓我們訓練分類器
1
2
3
4
5
6
7
from sklearn.cross_validation import train_test_split
#將數據分割為訓練數據和測試數據,訓練數據用於訓練模型,測試數據用於測試分類器性能。
X_train, X_test, y_train, y_test, index_train, index_test = train_test_split(x, y, dataframe.index, test_size=0.2)
# 開始訓練
clf.fit(X_train, y_train)
# 預測
X_pred = clf.predict(X_test)
如果剛才那些數值無法直觀的看出你訓練了個什麼玩意出來,那麼你就需要一個混淆矩陣。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
%matplotlib inline
import matplotlib.pyplot as plt
from sklearn.metrics import confusion_matrix
cm = confusion_matrix(X_pred,y_test)
print cm
# Show confusion matrix in a separate window
plt.matshow(cm)
plt.title('Confusion matrix')
plt.colorbar()
plt.ylabel('True label')
plt.xlabel('Predicted label')
plt.show()

混淆矩陣可以更加直觀的讓我們觀察數據,我們的數據氛圍0,1兩類,比如[0,0]=196 就是legit被正確分類的樣本,[0,1]=3是被錯誤分類的樣本,那麼第二行就是惡意樣本分類的情況。
現在我們看起來分類起似乎工作的不錯,達到了99%的正確率,可是你想像這個問題,每199個正確樣本就有3個被錯誤分類,一般來說一個中型的網站需要處理的sql語句就可能會達到上面的1000倍,就是說你可能會有3000個無害的語句被攔截。 所以下面我們需要的是降低legit被錯誤分類的概率。
2. 調整

sklearn大部分的模型有個功能叫predict_proba,就是說預測的概率,predict其實就是內部調用下predict_proba,然後按50%。 我們可以裝變一下直接調用predict_proba,讓我們自己調整分類的概率。
1
2
3
4
5
6
7
loss = np.zeros(2)
y_probs = clf.predict_proba(X_test)[:,1]
thres = 0.7 # 用0.7的機率來分類
y_pro = np.zeros(y_probs.shape)
y_pro[y_probs>thres]=1.
cm = confusion_matrix(y_test, y_pro)
print cm
輸出
[[ 197 0] [ 5 2577]]
legit被錯誤分類的概率降低了,但是0.7只是我們隨意想出來的一個參數,能不能簡單的想個辦法優化一下呢? 讓我們簡單定義一個函數f(x),會隨著我們輸入的參數輸出誤分類的概率。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
def f(s_x):
loss = np.zeros(2)
y_probs = clf.predict_proba(X_test)[:,1]
thres = s_x # This can be set to whatever you'd like
y_pro = np.zeros(y_probs.shape)
y_pro[y_probs>thres]=1.
cm = confusion_matrix(y_test, y_pro)
counts = sum(cm)
count = sum(counts)
if counts[0]>0:
loss[0]=float(cm[0,1])/count
else:
loss[0]=0.01
if counts[1]>0:
loss[1]=float(cm[1,0])/count
else:
loss[1]=0.01
return loss
# 0.1 到0.9 之前的100個數值
x = np.linspace(0.1,0.9,100)
# x輸入f(x)之後得到的結果
y = np.array([f(i) for i in x])
# 可視化
plt.plot(x,y)
plt.show()

額,繼續用0.7吧。
0x05 結語

這是個系列,可能我這麼說也沒人信吧,中途開始就有點亂了。
上一句老話吧,也不知道誰說的,反正大家天天掛嘴邊。
數據挖掘項目的表現,80%取決於特徵工程,剩下的20%才取決於模型等其他部分;又說數據挖掘項目表現的上限由特徵工程決定,而其接近上限的程度,則由模型決定。
source:http://nbviewer.ipython.org/github/ClickSecurity/data_hacking/blob/master/sql_injection/sql_injection.ipynb




 ======================================
 Data-Hack SQL injection detection [article entry: Anonymous,, editor: admin ,,
updated: 2015-3-12]( & this one can see in-Chinaman taobo-http://drops.wooyun.org/tips/5118]-

Data-Hack SQL injection detection
8 Collection Collection

0x00 Foreword


This series of tutorials that I was going to translate, and later had a little article found that the teaching process is not very friendly, so in general is based on his ideas, but which do a lot of changes, there is a thing that I assume the reader has a basic understanding of python and knowledge of SQL injection. There is also a need to note that I wrote in ipython notebook, so the text of the code may need to use a little modification.
I think the theme of this brief article is to "how to identify sql injection" provide an idea, the idea itself is in the form of scientific data to solve the problem, in fact, the so-called machine learning.
To achieve our goals we need a process:
  • Data collection
  • Thinking of data
  • Features works
  • Machine Learning

0x01 ready


1. tools


This series mainly python-based, so the following is required python library, I will not teach you how to install these things.
sqlparse (a syntax tree for parsing sql library) Scikit-Learn (python Machine Learning Library) Pandas (data for fast processing certain amount) numpy (used for scientific computing) matplotlib (for data visualization)

2. What is Machine Learning?


Because this is used in supervised learning, then we will inject the required knowledge of supervised learning, machine learning by definition is the ability to let the machine learning, suppose we have a learning algorithm, then how do we teach it knowledge , assuming a child, we need to let it know how to identify the fruit, we will put the two piles of different fruits, telling his left Apple, the right is bananas. Then wait until he learned this pile of dog feces stuff, we can see a bunch of new fruit with his back to let him have identified themselves. In other words this is to prepare us a bunch of data that tells the algorithm, the left is a normal sql request, the right is sql injection request, after let him learn, and finally we give him a bunch of unknown data test.

3. SQL syntax tree


Do you think sql language from the input to replace the contents of the database have been a kind of treatment, sql language is a DSL (Domain Specific Language), such as ruby, c, java, they can do anything, but there are some languages ​​can do a field thing, sql is such a language, it can only describe the operation of the data. But when it is in a large classification is classified into the programming language, you then need to go through lexical analysis syntax analysis, the students do not understand the process for this can be seen. http://zone.wooyun.org/content/17006

0x02 prepare data


Because this data is ready, so we need to write a little script he read out what I needed to be packaged.
Download: Download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# -*- coding: utf-8 -*-
import os
import pandas as pd
basedir = '/Users/slay/project/python/datahack/data_hacking/sql_injection/data'
filelist = os.listdir(basedir)
df_list = []
# 循环读取 basedir下面的内容,文件名为 'legit'的是合法内容,malicious的是 恶意sql语句
for file in filelist:
    df = pd.read_csv(os.path.join(basedir,file), sep='|||', names=['raw_sql'], header=None)
    df['type'] = 'legit' if file.split('.')[0] == 'legit' else 'malicious'
    df_list.append(df)
# 将内容放入 dataframe对象
dataframe = pd.concat(df_list, ignore_index=True)
dataframe.dropna(inplace=True)
# 统计内容
print dataframe['type'].value_counts()
# 查看前五个
dataframe.head()
enter image description here
我们现在可以清楚的知道我们面临的是一堆什么样的数据了。

0x03 特征工程


1. 概念


So,然后呢?我们是不是就可以把数据丢进算法里然后得到一个高大上的sql防火墙了?那么我们现在来想一个问题,我们有两个sql语句,从admin表中查看*的内容。
1
2
select user from admin;
select hello from admin;
算法最后得到的输入是什么,是[1,1,0,1,1] 和 [1,0,1,1,1] 没看懂没关系,就是说得到了这样的东西。
{select:1, user:1, hello:0, from:1, admin:1} {select:1, user:0, hello:1, from:1, admin:1}
是不是哪里不对,就是说在机器看来 user 和 hello 在本质来看是属于不同的类型的玩意,但是对于了解sql语言本身的你知道他们是一样的东西,所以我们就需要给同一种东西打一个标签让机器能够知道。
那么是否对什么是特征工程有了一些模糊的了解?要做好特征工程,就需要对于你所面临的问题有着深刻的了解,就是“领域知识”,带入这个问题就像你对 于sql语言的了解,在这个了解的基础上去处理特征,让算法更能将其分类。带入水果分类问题就是,你得告诉小孩,香蕉是长长的,黄色的,苹果是红色的,圆 圆的,当然,如果你直接把上面的玩意丢进算法里头,分类器也是可以工作的,准确度大概能过 70%,也许你看起来还行,当是我只能告诉你这是个灾难。这让我想起某次数据挖掘的竞赛,第一名和第一千名的分差是0.01,这群变态。

2. 转化数据


所以现在我们需要的就是将原始数据转化成特征,这就是为什么我刚才说到语法树的,我们需要对sql语句进行处理,对同一种类型的东西给予同一种标示,现在我们使用sqlparse 模块建立一个函数来处理sql语句。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import sqlparse
import string
def parse_sql(raw_sql):
    parsed_sql = []
    sql = sqlparse.parse(unicode(raw_sql,'utf-8'))
    for parse in sql:
        for token in parse.tokens:
            if token._get_repr_name() != 'Whitespace':
                    parsed_sql.append(token._get_repr_name())
    return parsed_sql
sql_one = parse_sql("select 2 from admin")
sql_two = parse_sql("INSERT INTO Persons VALUES ('Gates', 'Bill', 'Xuanwumen 10', 'Beijing')")
print "sql one :%s"%(sql_one)
print "sql two :%s"%(sql_two)
输出 sql one :['DML', 'Integer', 'Keyword', 'Keyword'] sql two :['DML', 'Keyword', 'Identifier', 'Keyword', 'Parenthesis']
我们可以看到 select 和 insert都被认定为 dml,那么现在我们要做的就是观测数据,就是查看特征是否拥有将数据分类的能力,现在我们先对sql语句进行转换。
1
2
dataframe['parsed_sql'] = dataframe['raw_sql'].map(lambda x:parse_sql(x))
dataframe.head()
enter image description here

3. Other


理论上我们现在就可以直接把这些东西扔进算法中,不过为了方便我在说点别的,分类器的性能很大程度上取决于特征,假设这些无法很好的对数据进行分类,那我们就需要考虑对特征进行一些别的处理,比如你觉得sql注入的话sql语句貌似都比较长,那么可以将其转化成特征。
1
2
dataframe['len'] = dataframe['parsed_sql'].map(lambda x:len(x))
dataframe.head()
enter image description here
现在我们需要观测下数据,看看长度是否有将数据进行分类的能力。
1
2
3
4
%matplotlib inline
import matplotlib.pyplot as plt
dataframe.boxplot('len','type')
plt.ylabel('SQL Statement Length')
enter image description here

0x04 机器学习


1. Train & Test


这里我就直接调用python库了,因为解释起来很麻烦,而且就我对于这次要使用的随机森林(Random Forest)的了解层度,我觉得还不如不讲,对于其数学原理有兴趣的可以参考下面的paper,是我见过对随机森林解释的最清楚的。
Gilles Louppe《随机森林:从理论到实践》 http://arxiv.org/pdf/1407.7502v1.pdf
接下来我们再对特征做一次处理,转换成0和1的向量形式,x是我们的特征数据,y表示结果。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
import numpy as np
from sklearn.preprocessing import LabelEncoder
from sklearn.feature_extraction.text import CountVectorizer
import string
vectorizer = CountVectorizer(min_df=1)
le = LabelEncoder()
X = vectorizer.fit_transform(dataframe['parsed_sql'].map(lambda x:string.join(x,' ')))
x_len = dataframe.as_matrix(['len']).reshape(X.shape[0],1)
x = X.toarray()
y = le.fit_transform(dataframe['type'].tolist())
print x[:100]
print y[:100]
输出
 [[0 0 0 ..., 2 0 0]
 [0 0 0 ..., 1 0 0]
 [0 0 0 ..., 0 0 0]
 ..., 
 [0 0 0 ..., 0 0 0]
 [0 0 0 ..., 0 0 0]
 [0 0 0 ..., 0 0 0]]
[1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
 
输入
1
2
3
4
5
clf = sklearn.ensemble.RandomForestClassifier(n_estimators=30)
scores = sklearn.cross_validation.cross_val_score(clf, x, y, cv=10, n_jobs=4)
print scores
输出
 [ 0.97699497  0.99928109  0.99928058  1.          1.          0.97192225
  0.99928006  0.99856012  1.          1.        ]
 
上面的cross_validation是我们测试分类器的一种方法,原理就是把训练后的分类器在一些分割后的数据集上测试结果,从得出的多个评分中可以更好的评估性能,我们得出了一个貌似不错的结果,接下来让我们训练分类器
1
2
3
4
5
6
7
from sklearn.cross_validation import train_test_split
# 将数据分割为 训练数据 和 测试数据,训练数据用于训练模型,测试数据用于测试分类器性能。
X_train, X_test, y_train, y_test, index_train, index_test = train_test_split(x, y, dataframe.index, test_size=0.2)
# 开始训练
clf.fit(X_train, y_train)
# 预测
X_pred = clf.predict(X_test)
如果刚才那些数值无法直观的看出你训练了个什么玩意出来,那么你就需要一个混淆矩阵。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
%matplotlib inline
import matplotlib.pyplot as plt
from sklearn.metrics import confusion_matrix
cm = confusion_matrix(X_pred,y_test)
print cm
# Show confusion matrix in a separate window
plt.matshow(cm)
plt.title('Confusion matrix')
plt.colorbar()
plt.ylabel('True label')
plt.xlabel('Predicted label')
plt.show()
enter image description here
混淆矩阵可以更加直观的让我们观察数据,我们的数据氛围 0,1两类,比如 [0,0]=196 就是legit被正确分类的样本,[0,1]=3是被错误分类的样本,那么第二行就是恶意样本分类的情况。
现在我们看起来分类起似乎工作的不错,达到了99%的正确率,可是你想象这个问题,每199个正确样本就有3个被错误分类,一般来说一个中型的网站 需要处理的sql语句就可能会达到 上面的1000倍,就是说你可能会有3000个无害的语句被拦截。所以下面我们需要的是降低legit被错误分类的概率。

2. 调整


sklearn大部分的模型有个功能叫predict_proba,就是说预测的概率,predict其实就是内部调用下predict_proba,然后按50%。我们可以装变一下直接调用predict_proba,让我们自己调整分类的概率。
1
2
3
4
5
6
7
loss = np.zeros(2)
y_probs = clf.predict_proba(X_test)[:,1]
thres = 0.7 # 用0.7的几率来分类
y_pro = np.zeros(y_probs.shape)
y_pro[y_probs>thres]=1.
cm = confusion_matrix(y_test, y_pro)
print cm
输出
 [[ 197    0]
 [   5 2577]]
 
legit被错误分类的概率降低了,但是0.7只是我们随意想出来的一个参数,能不能简单的想个办法优化一下呢?让我们简单定义一个函数f(x),会随着我们输入的参数输出误分类的概率。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
def f(s_x):
    loss = np.zeros(2)
    y_probs = clf.predict_proba(X_test)[:,1]
    thres = s_x # This can be set to whatever you'd like
    y_pro = np.zeros(y_probs.shape)
    y_pro[y_probs>thres]=1.
    cm = confusion_matrix(y_test, y_pro)
    counts = sum(cm)
    count = sum(counts)
    if counts[0]>0:
        loss[0]=float(cm[0,1])/count
    else:
        loss[0]=0.01
    if counts[1]>0:
        loss[1]=float(cm[1,0])/count
    else:
        loss[1]=0.01
    return loss
# 0.1 到 0.9 之前的 100个数值
x = np.linspace(0.1,0.9,100)
# x输入f(x)之后得到的结果
y = np.array([f(i) for i in x])
# 可视化
plt.plot(x,y)
plt.show()
enter image description here
额,继续用0.7吧。

0x05 结语


这是个系列,可能我这么说也没人信吧,中途开始就有点乱了。
上一句老话吧,也不知道谁说的,反正大家天天挂嘴边。
数据挖掘项目的表现,80%取决于特征工程,剩下的20%才取决于模型等其他部分;又说数据挖掘项目表现的上限由特征工程决定,而其接近上限的程度,则由模型决定。
source:http://nbviewer.ipython.org/github/ClickSecurity/data_hacking/blob/master/sql_injection/sql_injection.ipynb


 ===============================

Data-Hack SQL注入检测

2015/03/12 10:02

0x00 前言


这个系列教程我本来打算的是翻译,后来过了一下文章发现教学过程不是很友好,所以大体是按他的思路,不过其中做了很多改动,还有个事情就是我假定读 者已经了解基础的python和SQL注入的知识。还有一个需要注意的是我是写在ipython notebook中,所以文中的代码可能需要一点改动才能用。
我觉得这篇文章的简要的主题就是,给"如何识别sql注入" 提供一种思路,这个思路的本身就是用数据科学的形式来解决问题,其实就是所谓的机器学习。
为了达到我们的目标就需要一个过程:
  • 收集数据
  • 思考数据
  • 特征工程
  • 机器学习

0x01 准备


1. tools


这个系列主要以python为主,所以下面的是所需的python库,我不会教你怎么安装这些东西。
sqlparse (一个用于解析sql语法树的库) Scikit-Learn (python机器学习库) Pandas (用于快速处理一定量的数据) numpy (用于科学计算) matplotlib (用于数据可视化)

2. 什么是机器学习?


因为本文中用的是监督学习,那么我们会注入监督学习所需要的知识,机器学习顾名思义就是让机器具备学习的能力,假设我们已经有了一个算法能够进行学 习,那么我们该如何教给它知识,假设一个小孩,我们需要让它知道如何辨认水果,我们就会放两堆不同的水果,告诉他左边的是苹果,右边的是香蕉。然后等到他 学习了这堆狗屎玩意,我们就可以带着他去看一堆新的水果让后让他自己进行辨认了。 换句话说我们这次就是要准备一堆的数据,告诉算法,左边的是正常的sql请求,右边的是sql注入的请求,让后让他进行学习,最后我们再给他一堆未知的数 据进行测试。

3. SQL语法树


你觉得sql语言从输入数据库到放回内容都经过了怎样的处理,sql语言是一种DSL(领域特定语言),比如ruby,c,java,这些可以做任 何事,但有一些语言只能做某个领域的事,sql就是这样一种语言,它只能描述对于数据的操作。但是它在大归类的时候是被归类到编程语言里的,就需要经过词 法分析再到语法分析,对于这个过程不了解的同学可以看。 http://zone.wooyun.org/content/17006

0x02 准备数据


因为这次的数据已经准备好了,所以我们所需要就是写个小脚本把他读取出来,所需要的东西我会进行打包。
下载地址:下载
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# -*- coding: utf-8 -*-
import os
import pandas as pd
basedir = '/Users/slay/project/python/datahack/data_hacking/sql_injection/data'
filelist = os.listdir(basedir)
df_list = []
# 循环读取 basedir下面的内容,文件名为 'legit'的是合法内容,malicious的是 恶意sql语句
for file in filelist:
    df = pd.read_csv(os.path.join(basedir,file), sep='|||', names=['raw_sql'], header=None)
    df['type'] = 'legit' if file.split('.')[0] == 'legit' else 'malicious'
    df_list.append(df)
# 将内容放入 dataframe对象
dataframe = pd.concat(df_list, ignore_index=True)
dataframe.dropna(inplace=True)
# 统计内容
print dataframe['type'].value_counts()
# 查看前五个
dataframe.head()
enter image description here
我们现在可以清楚的知道我们面临的是一堆什么样的数据了。

0x03 特征工程


1. 概念


So,然后呢?我们是不是就可以把数据丢进算法里然后得到一个高大上的sql防火墙了?那么我们现在来想一个问题,我们有两个sql语句,从admin表中查看*的内容。
1
2
select user from admin;
select hello from admin;
算法最后得到的输入是什么,是[1,1,0,1,1] 和 [1,0,1,1,1] 没看懂没关系,就是说得到了这样的东西。
{select:1, user:1, hello:0, from:1, admin:1} {select:1, user:0, hello:1, from:1, admin:1}
是不是哪里不对,就是说在机器看来 user 和 hello 在本质来看是属于不同的类型的玩意,但是对于了解sql语言本身的你知道他们是一样的东西,所以我们就需要给同一种东西打一个标签让机器能够知道。
那么是否对什么是特征工程有了一些模糊的了解?要做好特征工程,就需要对于你所面临的问题有着深刻的了解,就是“领域知识”,带入这个问题就像你对 于sql语言的了解,在这个了解的基础上去处理特征,让算法更能将其分类。带入水果分类问题就是,你得告诉小孩,香蕉是长长的,黄色的,苹果是红色的,圆 圆的,当然,如果你直接把上面的玩意丢进算法里头,分类器也是可以工作的,准确度大概能过 70%,也许你看起来还行,当是我只能告诉你这是个灾难。这让我想起某次数据挖掘的竞赛,第一名和第一千名的分差是0.01,这群变态。

2. 转化数据


所以现在我们需要的就是将原始数据转化成特征,这就是为什么我刚才说到语法树的,我们需要对sql语句进行处理,对同一种类型的东西给予同一种标示,现在我们使用sqlparse 模块建立一个函数来处理sql语句。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import sqlparse
import string
def parse_sql(raw_sql):
    parsed_sql = []
    sql = sqlparse.parse(unicode(raw_sql,'utf-8'))
    for parse in sql:
        for token in parse.tokens:
            if token._get_repr_name() != 'Whitespace':
                    parsed_sql.append(token._get_repr_name())
    return parsed_sql
sql_one = parse_sql("select 2 from admin")
sql_two = parse_sql("INSERT INTO Persons VALUES ('Gates', 'Bill', 'Xuanwumen 10', 'Beijing')")
print "sql one :%s"%(sql_one)
print "sql two :%s"%(sql_two)
输出 sql one :['DML', 'Integer', 'Keyword', 'Keyword'] sql two :['DML', 'Keyword', 'Identifier', 'Keyword', 'Parenthesis']
我们可以看到 select 和 insert都被认定为 dml,那么现在我们要做的就是观测数据,就是查看特征是否拥有将数据分类的能力,现在我们先对sql语句进行转换。
1
2
dataframe['parsed_sql'] = dataframe['raw_sql'].map(lambda x:parse_sql(x))
dataframe.head()
enter image description here

3. Other


理论上我们现在就可以直接把这些东西扔进算法中,不过为了方便我在说点别的,分类器的性能很大程度上取决于特征,假设这些无法很好的对数据进行分类,那我们就需要考虑对特征进行一些别的处理,比如你觉得sql注入的话sql语句貌似都比较长,那么可以将其转化成特征。
1
2
dataframe['len'] = dataframe['parsed_sql'].map(lambda x:len(x))
dataframe.head()
enter image description here
现在我们需要观测下数据,看看长度是否有将数据进行分类的能力。
1
2
3
4
%matplotlib inline
import matplotlib.pyplot as plt
dataframe.boxplot('len','type')
plt.ylabel('SQL Statement Length')
enter image description here

0x04 机器学习


1. Train & Test


这里我就直接调用python库了,因为解释起来很麻烦,而且就我对于这次要使用的随机森林(Random Forest)的了解层度,我觉得还不如不讲,对于其数学原理有兴趣的可以参考下面的paper,是我见过对随机森林解释的最清楚的。
Gilles Louppe《随机森林:从理论到实践》 http://arxiv.org/pdf/1407.7502v1.pdf
接下来我们再对特征做一次处理,转换成0和1的向量形式,x是我们的特征数据,y表示结果。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
import numpy as np
from sklearn.preprocessing import LabelEncoder
from sklearn.feature_extraction.text import CountVectorizer
import string
vectorizer = CountVectorizer(min_df=1)
le = LabelEncoder()
X = vectorizer.fit_transform(dataframe['parsed_sql'].map(lambda x:string.join(x,' ')))
x_len = dataframe.as_matrix(['len']).reshape(X.shape[0],1)
x = X.toarray()
y = le.fit_transform(dataframe['type'].tolist())
print x[:100]
print y[:100]
输出
[[0 0 0 ..., 2 0 0]
 [0 0 0 ..., 1 0 0]
 [0 0 0 ..., 0 0 0]
 ..., 
 [0 0 0 ..., 0 0 0]
 [0 0 0 ..., 0 0 0]
 [0 0 0 ..., 0 0 0]]
[1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0]
输入
1
2
3
4
5
clf = sklearn.ensemble.RandomForestClassifier(n_estimators=30)
scores = sklearn.cross_validation.cross_val_score(clf, x, y, cv=10, n_jobs=4)
print scores
输出
[ 0.97699497  0.99928109  0.99928058  1.          1.          0.97192225
  0.99928006  0.99856012  1.          1.        ]
上面的cross_validation是我们测试分类器的一种方法,原理就是把训练后的分类器在一些分割后的数据集上测试结果,从得出的多个评分中可以更好的评估性能,我们得出了一个貌似不错的结果,接下来让我们训练分类器
1
2
3
4
5
6
7
from sklearn.cross_validation import train_test_split
# 将数据分割为 训练数据 和 测试数据,训练数据用于训练模型,测试数据用于测试分类器性能。
X_train, X_test, y_train, y_test, index_train, index_test = train_test_split(x, y, dataframe.index, test_size=0.2)
# 开始训练
clf.fit(X_train, y_train)
# 预测
X_pred = clf.predict(X_test)
如果刚才那些数值无法直观的看出你训练了个什么玩意出来,那么你就需要一个混淆矩阵。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
%matplotlib inline
import matplotlib.pyplot as plt
from sklearn.metrics import confusion_matrix
cm = confusion_matrix(X_pred,y_test)
print cm
# Show confusion matrix in a separate window
plt.matshow(cm)
plt.title('Confusion matrix')
plt.colorbar()
plt.ylabel('True label')
plt.xlabel('Predicted label')
plt.show()
enter image description here
混淆矩阵可以更加直观的让我们观察数据,我们的数据氛围 0,1两类,比如 [0,0]=196 就是legit被正确分类的样本,[0,1]=3是被错误分类的样本,那么第二行就是恶意样本分类的情况。
现在我们看起来分类起似乎工作的不错,达到了99%的正确率,可是你想象这个问题,每199个正确样本就有3个被错误分类,一般来说一个中型的网站 需要处理的sql语句就可能会达到 上面的1000倍,就是说你可能会有3000个无害的语句被拦截。所以下面我们需要的是降低legit被错误分类的概率。

2. 调整


sklearn大部分的模型有个功能叫predict_proba,就是说预测的概率,predict其实就是内部调用下predict_proba,然后按50%。我们可以装变一下直接调用predict_proba,让我们自己调整分类的概率。
1
2
3
4
5
6
7
loss = np.zeros(2)
y_probs = clf.predict_proba(X_test)[:,1]
thres = 0.7 # 用0.7的几率来分类
y_pro = np.zeros(y_probs.shape)
y_pro[y_probs>thres]=1.
cm = confusion_matrix(y_test, y_pro)
print cm
输出
[[ 197    0]
 [   5 2577]]
legit被错误分类的概率降低了,但是0.7只是我们随意想出来的一个参数,能不能简单的想个办法优化一下呢?让我们简单定义一个函数f(x),会随着我们输入的参数输出误分类的概率。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
def f(s_x):
    loss = np.zeros(2)
    y_probs = clf.predict_proba(X_test)[:,1]
    thres = s_x # This can be set to whatever you'd like
    y_pro = np.zeros(y_probs.shape)
    y_pro[y_probs>thres]=1.
    cm = confusion_matrix(y_test, y_pro)
    counts = sum(cm)
    count = sum(counts)
    if counts[0]>0:
        loss[0]=float(cm[0,1])/count
    else:
        loss[0]=0.01
    if counts[1]>0:
        loss[1]=float(cm[1,0])/count
    else:
        loss[1]=0.01
    return loss
# 0.1 到 0.9 之前的 100个数值
x = np.linspace(0.1,0.9,100)
# x输入f(x)之后得到的结果
y = np.array([f(i) for i in x])
# 可视化
plt.plot(x,y)
plt.show()
enter image description here
额,继续用0.7吧。

0x05 结语


这是个系列,可能我这么说也没人信吧,中途开始就有点乱了。
上一句老话吧,也不知道谁说的,反正大家天天挂嘴边。
数据挖掘项目的表现,80%取决于特征工程,剩下的20%才取决于模型等其他部分;又说数据挖掘项目表现的上限由特征工程决定,而其接近上限的程度,则由模型决定。
source:http://nbviewer.ipython.org/github/ClickSecurity/data_hacking/blob/master/sql_injection/sql_injection.ipynb

 ============================================
 
Mengyun with a network Technology (Wuhan) Co., Ltd. is a liar


Article Entry: Anonymous Editor: admin Updated: 2015-3-14
 IT Learning Network - a love of learning anti-cheat reminder:
With Mengyun create network Technology (Wuhan) Co., the company is a liar , cheat, I earned money !! I see on a network to join the project, and finally gave the money, had promised not to do, the profit is not a point. How to find a record with Mengyun Network Technology (Wuhan) Co., the company 's hard-earned money to get back to me
Complaints with Mengyun Chong Network Technology (Wuhan) Co., publishing false information and video, and ordered the connivance of their business advisors deliver false information to prospective franchisees, exaggerate their company's strength and lure prospective franchisee deceived. They have promised thousands of manufacturers nationwide supplier of hundreds of thousands of products factory direct shipping, guaranteed to give the franchisee the lowest ex-factory price, the fact that they can give the franchisee is simply not the manufacturer nor the lowest factory direct shipping, stock prices and shipping not terrible, not to mention the profits they boast an average 30% -80%; said Jingdong, Taobao, where customers, Suning, Gome and other large well-known than 300 mall resource bundle formation sharing, data sharing, the franchisee can extract 5% -30% of sales rebates, can in fact we simply do not see the franchisee cent rebate, when asked why they did not see the rebate when they justify saying that not all goods are distributor rebates ,, said what we buy something too cheap, it can not produce the rebate; they claim to our application domain and the record store, the mall, but I simply do not see effective Where is the record number; say what tens of thousands of merchandise to choose from, to solve our supply problems, the right to the fact that we almost have no choice, they are given a free hand goods store add up nor called thousands species, and some of the items is a photo display, there is no physical delivery; they also boast to our mall advertising run on large media and do the promotion, all this still could not see, and their answer was is: It takes time; what to say 24 hours customer service line, they do not have to do; they also told me promise Extreme Edition exclusive city mall has the exclusive rights, does not allow a second franchisee, but they are in secretly continued to recruit franchisees, said what the current gap in the market, all this serious violation of their commitment and reputation as a businessman. Just one week after I joined, that had promised to give me to do long-term business consultancy service has no reason deleted my QQ number. Just after I realized that cheated, asking them to return the initial fee in full when they are on the spot but was refused. Nowhere in my complaint, I had made ​​a few posts on the Internet, they said I was to discredit their company , but also threatening that if I post, they'll pursue my legal responsibility. I said to sue them, they said, to sue if their designated court must be in the contract. Currently I also linked to a number of franchisees across the country, they are almost the same happened to me, repent. I cheated on behalf of franchisees across the country to write this complaint form, hoping to get the relevant government departments and the general media platforms help and concern, but also hopes for an early recovery of the initial fee us vulnerable. We also hope that they are no longer someone has been deceived. QQ 1023548918
From IT Learning Network ( www.ourlove520.com )












 ==========================================
 
同夢雲創網絡科技(武漢)有限公司是騙子公司


文章錄入:佚名責任編輯:admin 更新時間: 2015-3-14

 IT學習網-愛學習防騙提醒:
同夢雲創網絡科技(武漢)有限公司騙子 ,騙我血汗錢!!我在網絡上看到一個加盟項目,最後錢給了,當初承諾的都沒有做到,利潤是一分都沒有。 如何找同夢雲創網絡科技(武漢)有限公司要回我的血汗錢
投訴同夢雲創網絡科技(武漢)有限公司發布虛假信息和視頻,並指使縱容其公司業務顧問向準加盟商傳遞虛假信息,誇大其公司的實力,誘使準加盟商上當受騙。 他 們承諾擁有全國上千家的廠家供應商,數十萬類產品廠家直接發貨,保證給加盟商最低出廠價,可事實上他們給加盟商的根本就不是廠家最低價更不是廠家直接發 貨,而且進貨價高的可怕還不包郵,更談不上他們吹噓的平均利潤30%—80%;還說與京東,淘寶,凡客,蘇寧,國美等300多家大型知名商城資源捆綁,形 成共享,數據共享,加盟商可以從中提取5%—30%的銷售返利,可事實上我們加盟商根本就沒有看到一分錢的返利,當問到他們為什麼沒有看到返利的時候,他 們卻自圓其說的說什麼不是所有的商品都有分銷返利,,還說什麼我們買的東西太便宜,所以不能產生返利;他們聲稱給我們商城申請域名和備案,可是我的商城根 本就沒有看到有效的備案號在哪裡;說什麼數万種的商品可供選擇,解決我們的貨源問題,可事實上我們幾乎就沒有選擇的權利,商城的商品都是他們自作主張添加 上去的也沒有所謂的上萬種,而且有些商品就是個照片擺設,根本就沒有實物發貨;他們還吹噓給我們的商城在大型媒體上做廣告投放並做推廣宣傳,可這一切卻遲 遲沒有看到,他們的回答卻是:這需要時間;說什麼24小時客服在線,他們根本就沒有做到;他們還向我承諾至尊版商城擁有市級獨享獨家代理權,不允許出現第 二家加盟商,可是他們卻在背地裡繼續招加盟商,還說什麼目前市場空白,這一切嚴重的違背了他們的承諾和作為一個商人的信譽。 就在我加盟後的一個星期,那個曾承諾會給我做長期售後服務的業務顧問卻無緣無故的刪除了我的QQ號。 就在我意識到受騙後,要求他們全額退回加盟費的時候,卻遭到他們當場拒絕。 就在我投訴無門的時候,我只好在網上發了些帖子,他們卻說我在詆毀他們公司 ,還威脅性的說,如果我再發帖子,他們就會追究我的法律責任。 我就說要起訴他們,他們卻說,要起訴的話必須在合同上他們指定的法院起訴。 目前我也聯繫到了全國各地的一些加盟商,他們的遭遇和我幾乎一樣,悔不當初。 我代表全國各地的上當受騙的加盟商寫下這篇投訴狀,希望能得到政府有關部門和廣大媒體平台的幫助和關注,也希望能早日追回我們這些弱勢群體的加盟費。 同時也希望不再有人被他們欺騙了。 QQ 1023548918


 ===============================================
 http://www.ourlove520.com/Article/others/jiami/201502/348727.html
 
BMW vulnerabilities Detailed: ancient knowledge Bole horse, now hackers escapement BMW


Article Entry: Anonymous Editor: admin Updated: 2015-2-11


ADAC (ADAC) want to understand the embedded mobile network modems to transmit data to the car manufacturer. C'T (German computer technology class magazine) for ADAC describes a security expert. The expert in-depth analysis of BMW ConnectedDrive system data transmission process. Eventually, he found a series of security vulnerability that allows attackers unauthorized open the door.

Things did not stop at the garage door control: More and more car default cellular modem and SIM card equipped. Depending on the manufacturer, these modems can complete different things: they may provide Internet access to passengers; they may also send telemetry data or traffic information to the manufacturer, or they may start the emergency services in the event of a collision. Some brands of car, a cell phone via mobile APP APP allows owners to control some of the features of the vehicle. Function which may contain auxiliary heating systems or electric vehicles main battery.
BMW is one of the leaders in the field, its ConnectedDrive has been used for many years on the market. And C'T (German computer technology class magazine) like, ADAC for ConnectedDrive system affects the transmission of data privacy and consumer protection are very interested. They asked me to thoroughly investigate this matter, and the results are alarming: even if the focus initially was not safe sex, I still found some serious vulnerabilities .
FreeBuf science: What is ConnectedDrive services?
ConnectedDrive, BMW teamed Google Germany in 2006 the company developed the "network drive" service. There are five service ConnectedDrive, BMW Assistant, BMW Online, BMW Navigation, BMW car phone service and Internet access, all of which provide you with a unique mobile experience - to maximize safety , comfort and driving pleasure.
In order to carry out research, ADAC provides a few more with BMW ConnectedDrive, including a BMW 320D Touring (do not know the car, I do not know what the Chinese name is money). I did not get any special information from the manufacturer, to rely on that information publicly available online.
To get a first impression, I see a bit ConnectedDrive control unit, the so-called Combox found several models. Among other features, Combox equipment is also responsible for the car multimedia features such as music files or pairing with the car to play U disk built-in Bluetooth hands-free device. Since 2010, the equipment has been deployed in a variety of BMW models.

Combox internal structure: Among other things, the control unit of BMW ConnectedDrive services will connect to an online server . Its modem can see the upper right corner of the circuit board.
CPU Combox used is strong SH-4A, produced a Renesas function 32-bit RISC processor. Produced from Cinterion (formerly Siemens) modems complete mobile communication device. Meanwhile, the device also uses a Renesas microcontroller V850ES production. Select V850ES presumably fancy its low power consumption, even in the car had stopped and the engine is not running the case, but also allows the modem to receive messages. But the SH-4A larger power demand will soon run out of battery storage of electricity.
Disassembly
At first, I removed from the car COMBOX module and connect it to the AC adapter, and then activate the emergency function module, this function is usually triggered by a button in the cockpit. By looking at the module on the motherboard, I recognize the panic button pin power cable and connector (connector) on. Data collection on the Internet provides another possible path: by downloading service center for BMW diagnostic software, which describes the pin configuration information. In order to generate traffic COMBOX record in the mobile network, I used a base station set up test environments. The base station may support OpenBSC, thus simulating a cellular network . (BMW and base stations can not afford, swollen what to do?)

Using similar SysmoBTS or nanoBTS analog cellular base stations to the network , the recording control unit of the data flow
When you press the panic button, Combox send a text message, and then initiate a voice call. Encrypted text message processing, can not disclose any identifiable characteristics. In the emergency mode is triggered each test , the data to be transmitted are not the same look, suggesting the data may be encrypted been processed.
In order to identify where data encryption, I recorded a cellular modem to transfer data between the V850ES microcontrollers, which flows through the serial line transmission. In order to understand the configuration of the connector on the modem, I consulted all models can be found online. Because I'm on a serial line data recorded in the emergency text message can not be found, I decided to create an emergency and encrypt messages located modem. This assumption is reasonable; cellular modem can be extended to provide such functionality.
Sealing
Encryption tricky encounter this situation, I had to go get the modem's firmware. Modem unit does not include standardized tests available firmware interface (Joint Test Working Group, JTAG). That meant I had to dismantle the flash module joints from the modem, then use the adapter plate to read the firmware. This is not a simple task, because the chip through the BGA package - After sealing off, you need to solder ball reformer (reball), however, the supplier provides you with care.

The modem unit Combox encrypted text message
In order to analyze the firmware, I use a sufficient number of I / O pins and matching 1.8-volt I / O voltage of the adapter board flash memory chips are connected to the STM32 evaluation board. Just a few lines of C code, I would pass an evaluation board serial port connector to extract the contents of the flash memory on a PC. To analyze the firmware code, I use the artifact IDA Pro. It can detect the assembler code , and supports this modem ARM processor.

After sealing off the modem flash memory connected to the adapter plate (left side). Way to read the firmware may seem absurd, but it works
By IDA Pro Tools, I quickly identify the firmware on a variety of encryption and hashing algorithms. This is because the popular encryption algorithm with constant specific table, they can be find automated. Based on these findings, I can find other uses the same encryption algorithm and hash code .
Looking key
Secret encryption key from? As an optimist, I initially speculated that manufacturers will generate a unique key for each vehicle, and stored in the V850ES microcontrollers, and then sent to a cellular modem. Due to locate the key assumptions in this scenario takes a lot of work, so I decided to continue to analyze the protocol of emergency calls. Firmware specific string shown that it appears to be using NGTP protocol (Next Generation Telematics Protocol ). Not surprising, since the BMW company is one of the main supporters of NGTP.
In order to define the communication protocol, NGTP using standard notation ASN.1 (Abstract Syntax Notation 1). After analysis showed that the use of open source compiler asn1c firmware to create syntax. Combined asn1c works to check the firmware structure, I try to reconstruct close ASN.1 syntax used in the agreement. This step is necessary because NGTP just agreement give advice on how to build, but it does not provide the actual implementation details.
According to this idea, I once again set foot on the road to find the encryption key. NGTP agreement contains key update function, so I am sure that the key must exist somewhere. For a long time, looking always to no avail. In the last attempt, I analyzed the firmware in a random data block. I attempt an emergency text message to the data portion of the data block as a key to decrypt recorded. After some failed attempts, finally succeeded.
This finding increasingly makes me feel weird. They are not really all cars use the same key material, right? Also, I can only see the emergency text message. That kind of usage scenarios, all cars have the same key and will not cause any harm.
I found encryption using DES (56-bit key) algorithm and AES128 (128-bit key) algorithm. To sign the message, the firmware using three signature algorithms DES CBC-MAC, HMAC-SHA1 and HMAC-SHA256. Header of the message specifies the algorithm used by the type and key pair.
It is unclear BMW company why using the DES algorithm, because the DES algorithm to crack for some time. And with respect to the other encryption algorithm, the length of the data block is shorter DES, thereby generating a shorter encrypted message. 3DES is also the case, but at least most people 3DES is considered safe for.
Restructuring
After successful attempts to decrypt and decode emergency messages, I turned his attention to the car itself. I want to identify when it comes to safety -related functions when communication whether BMW would be better protected. For this purpose, I began to investigate the remote door unlock function.
To use this feature, you first need to BMW owners website registered account and open a remote service. The driver can use the iOS and Android mobile version of the My BMW Remote application to open the door next to the driver. To learn more about how it works, I had to re-record the data sent and received the car. This will need to send a message, it is impossible to shut down the engine of the car and have a data connection.
The easiest way to get this message is a cellular modem and serial connection between the V850ES microcontrollers Combox listening devices. APP after just open the door, I did find a text message in the recorded data. This message appears to contain debugging character, because it actually has a cellular modem treated.
Through the My BMW Remote mobile applications encryption algorithm and key table to understand, I can easily decode and analyze this message. In order to see the reaction of the car, I use the analog cellular network to send a copy of the message to the car (replay).

Attack BMW ConnectedDrive system
After receiving the message, the car is about to connect to the main processing unit takes a minute to start the system . COMBOX BMW launched by the cellular network to the backend server connection, and try to access server data on. If Combox does not receive any data, the connection is terminated, nothing will happen. This means that the message is not enough to open the door, the system will require further data from the background.
For what just happened, surprisingly cars with BMW server connection between the cellular analog network in unreserved recorded. Car just send a simple HTTP Get request, it did not use SSL or TLS encryption during transmission.
Automotive expects to identify the data obtained from BMW backstage before the start of replay attacks using SMS, I need to unlock sequence triggered by App. In this way, the server will store the necessary information about my car's. Then, the door will be opened.
New data can be used to decrypt the methods described above and analyzed. This time, the use of the protocol is NGTP, but with a different signature algorithms and encryption algorithms: AES128 instead of DES, HMAC-SHA256 instead of DES-CBC-MAC, but using the same encryption table.
Break-ins
Now, I already have enough knowledge to simulate all of the components to unlock features. I opened the door of the data can be forged, and the equipment required is a base station and a laptop, this laptop will send bogus messages, then disguised as BMW background server .
The question is whether the key has been extracted applicable to other automobiles. Test several other BMW let me reassurance. In this testing process, I learned a few extra cases. If the vehicle is not equipped with ConnectedDrive activate remote service, remote open the door would not work. However, we can use the analog cellular network to activate remote service.
This work is similar to the preceding attack. Car Send a message indicating it from BMW server on downloading the new configuration data. Configuration data is loaded via HTTP Get request, the configuration data is formatted into unencrypted XML file and easy to understand. Configuration file and can not tamper-proof, this problem could have been using data signatures easily resolved. This means that I can use the analog network easily activate a remote service, and then open the door.
At least, the car checks the destination address of the message, that message should be sent where cars. This check is by looking at the messages in the VIN (vehicle identification number) to complete. If VIN does not match with the question of the car, it will not execute the command sent. This is not an obstacle to the attacker, because the attacker COMBOX give great help in this regard: If Combox not received a valid VIN number, it actually sends an error message, and this error message will include VIN to identify the sender of the error message.

Some BMW models, COMBOX has been replaced with another type of control unit. TCB (Telematic Communication Box) supports the Universal Mobile Telecommunications System (UMTS), but would not divulge VIN, but still using known encryption key.
The next study, I also studied several new BMW models. Where in some models, COMBOX has been replaced with another control unit. Multimedia and hands-free function has been integrated into the so-called Headunit. The cellular communication has been migrated to the TCB (Telematic Communication Box), it is now in addition to supporting GPRS / EDGE connectivity, also support the Universal Mobile Telecommunications System (UTM). TCB will ignore the message does not contain the correct VIN. Because it either does not respond, the correct VIN code is not the same as in COMBOX so easy to identify. However, communication is still using the known key applicable to all vehicles.
Practice
In reality, by simulating the network remotely unlock the doors will be like? This requires that the necessary equipment can be placed in a briefcase or a backpack. Analog network coverage, even in the city center can be more than 100 meters. The so-called international mobile subscriber identity catcher (IMSI catcher) has a stronger signal than the actual mobile network, it will cause the phone preferably selected forged mobile cellular network. IMSI catcher does not need to know in advance the telephone number of the subject vehicle. IMSI catcher using TMSI instead. When a mobile device access IMSI forged network time, IMSI give this device is assigned a TMSI. If the target vehicles TCB modules attackers blocked the regional presence of UMTS signal, forcing the control unit back to GSM mode.
Because not only equipped with ConnectedDrive vehicle can access the fake mobile cellular networks , by looking at the IMEI code to filter access to the device is a good method, IMEI code is assigned to all mobile devices and cellular modem unique serial number. Type (phone model IMEI code of the first 8 digits pointing device code , TAC). An attacker could use this method to distinguish between Combox and TCB.
Informed of a car equipped with a Combox, an attacker can find VIN, then activate the remote service and open the door next to the driver. If the car is equipped with TCB, VIN can be obtained in another way. According to motor vehicles sold in the country, VIN can be seen or appear on the nameplate on the windshield frame, so when someone leaves the car, the attacker can use the camera to shoot down. Unlock the door and did not leave any trace, not even in the crowded streets conspicuous.
In conclusion
In the preliminary investigation, I found six songs ConnectedDrive on security vulnerabilities :
①BMW use the same on all vehicles symmetric key ② some services are not in the car with the BMW company encrypted message ③ConnectedDrive configuration data transfer process in the background can not be tamperproof ④COMBOX leak VIN code ⑤ in NGTP error messages sent via SMS NGTP Data use is not safe in the DES encryption algorithm ⑥COMBOX not implemented protective measures to defend against replay attacks
These problems could be easily avoided. For example, during transmission components perform encryption are in place, but only used by some ConnectedDrive services. In addition, manufacturers can be written by VIN for causing said control system has a different identity, may be written in a unique key for each vehicle.
A year ago C'T magazine interview, BMW's R & D department, said Dr. Klaus Buttner, when it comes to the company's online services, security and unauthorized access car has the highest priority. Reference Buttner, then the BMW company put all the services are routed to their security background. In addition, the car handles only authorized commands, and the command list of commands can only be pre-set in.
In principle, this is correct, but easier said than done. According to BMW the company announced that security vulnerabilities have been fixed. Although the BMW company vowed guarantee no problem, but for the owners of what should go? Unfortunately, ConnectedDrive can not be easily shut down - it does not provide functions such as wireless phones flight mode.
To permanently closed ConnectedDrive, fill out a written request of a vehicle, but also a trip to the car repair center. Which is a self-help measures Combox disconnect the antenna or TCB. Depending on the model may be, this method is easy to implement, because the control unit is located beneath the floor of the luggage compartment. However, this will turn off the automatic emergency call (Security and Safety can not have both ah).
Well thought-term owners hopes manufacturer details when dealing with online services have been cautious enough. ADAC automobile equipment requires computer tampering and use of protective measures to prevent unauthorized access to the advanced. Mentioned requirements, this protection should comply with the same safety standards in other industries. In addition, these security measures have to go through a neutral third party verification agency - Bonn, Germany, for example, as the Federal Information Security Agency's Common Criteria Certification ((Common Criteria Certification) part.
PS: This is the last article before the Spring Festival, and wish you all a Happy New Year in advance and good luck!
[Reference Source heise, content has been deleted, keeping the original intention. Translation since Rabbit_Run, like the article please praise encouraged. FreeBuf.COM exclusive article without permission is prohibited reproduced]



 ===============================
  http://www.ourlove520.com/Article/others/jiami/201502/348727.html
 寶馬汽車安全漏洞詳解:古有伯樂識良駒,今有黑客擒寶馬文章錄入:佚名,,
責任編輯:admin 更新時間: 2015-2-11.



ADAC(全德汽車俱樂部)想深入了解內嵌移動網絡調製解調器的汽車如何向製造商發送數據。 C'T(德國計算機技術類的雜誌)為ADAC介紹了一位安全專家。 這位專家深入分析寶馬汽車ConnectedDrive 系統的數據傳輸過程。 最終,他發現一系列安全 漏洞 ,允許未授權的攻擊者打開車門。

物聯網並不止步於控制車庫的大門:越來越多的車默認配備蜂窩調製解調器與SIM卡。 根據製造商的不同,這些調製解調器可以完成不同的事情:它們可能為乘客提供互聯網訪問;它們也可以發送遙測數據或交通信息到製造商,或它們可以在發生碰撞啟動應急服務。 有些品牌的汽車,一個手機APP允許車主通過移動APP控制車輛的一些功能。 其中的功能可能包含輔助加熱系統或對電動車的主電池充電。
BMW是該領域的領導者之一,其ConnectedDrive已經在市場上使用多年。 和C'T(德國計算機技術類的雜誌)一樣,ADAC對ConnectedDrive 系統傳輸數據對隱私和消費者保護的影響非常感興趣。 他們委託我深入調查這個事情,而結果是令人震驚的:即使關注點起初並不是安全性,我還是發現了一些嚴重的漏洞
FreeBuf科普:什麼是ConnectedDrive服務?
ConnectedDrive,德國BMW公司於2006年聯手Google 公司開發的“聯網駕駛”服務。 ConnectedDrive有5項服務,BMW助理,BMW在線,BMW導航,BMW電話服務和車內互聯網接入,所有這些提供給你獨一無二的移動體驗——最大化的安全 、舒適和駕駛樂趣。
為了開展研究,ADAC提供了幾輛配有ConnectedDrive的寶馬車,其中有一輛寶馬320D Touring(不懂車,不知道中文名是什麼款)。 我並沒有從製造商獲得任何特殊的資料,只能依賴那些網上公開的信息。
為獲得第一印象,我查看了一下ConnectedDrive的控制單元,發現所謂的Combox有幾種型號。 除了其他功能,Combox設備還負責車上多媒體功能,如播放U盤上的音樂文件或配對手機與車上內置的藍牙免提裝置。 自2010年以來,這個設備已經部署在各種寶馬車型。

Combox內部構造:除了其他東西,控制單元會將寶馬汽車的ConnectedDrive服務連接到在線服務器 它的調製解調器可以看到位於電路板的右上角。
Combox所使用的CPU是SH-4A,一款Renesas生產的功能強大的32位RISC處理器。 產自Cinterion(原屬西門子)的調製解調器完成設備的移動通信功能。 同時,該設備也使用一款Renesas 生產的V850ES型微控制器。 選擇V850ES想必是看中了它的低功耗,即使在車已經停下且引擎不運行的情況下,也能夠讓調製解調器接收消息。 但SH-4A較大的功率需求將會很快耗盡電池存儲的電量。
拆卸
剛開始,我從車上拆下COMBOX模塊,並把它連接到AC適配器,再激活模塊的應急功能,此功能通常通過駕駛艙內的按鈕觸發。 通過查看主板上的模塊,我識別出電源線的管腳及連接器(connector)上的應急按鈕。 互聯網上的資料蒐集提供了另一種可行的路徑:通過下載面向寶馬汽車維修中心的診斷軟件,它描述了管腳配置信息。 為了記錄COMBOX在移動網絡中產生的流量,我使用基站搭建了測試環境。 這個基站可以支持OpenBSC,從而模擬了一個蜂窩網絡 (寶馬和基站都買不起,腫麼辦?)

使用類似SysmoBTS或nanoBTS的基站來模擬蜂窩網絡 ,記錄控制單元的數據流
當按下應急按鈕時,Combox發送文本消息,然後發起語音呼叫。 文本消息經加密處理,無法透漏任何可識別的特徵。 在應急模式被觸發的每次測試中,發送的數據看起來都不一樣,暗示著數據可能經過加密過處理。
為了查明數據在什麼地方加密,我記錄蜂窩調製解調器與V850ES微控制器之間的傳輸數據,該流量通過串行線路傳輸。 為了解調製解調器上連接器的配置,我諮詢了網上可以查到的所有型號。 因為我在串行線路上記錄的數據中無法找到應急文本消息,我斷定應急消息的創建和加密位於調製解調器。 這個假設是合理的;可以擴展蜂窩調製解調器來提供這樣的功能。
脫焊
遇到加密這種棘手情況,我不得不去獲得調製解調器的固件。 調製解調器單元並不包含可獲取固件的標準化測試接口(聯合測試工作組,JTAG)。 這就意味著我不得不從調製解調器上拆除閃存模塊焊點,然後使用適配器板來讀取固件。 這可不是是一項簡單的工作,因為芯片經過BGA封裝-在脫焊後,還需要锡球重整(reball),然而供應商為你提供了關照。

Combox的調製解調單元加密文本消息
為了分析固件,我使用足夠多的I/O管腳和匹配的1.8伏I/O電壓把適配器板的閃存芯片連接到STM32評估電路板。 只需幾行C代碼,我就通過評估電路板的串口連接器把閃存的內容提取到PC機上。 為了分析固件代碼,我動用了神器IDA Pro。 它可以探測彙編代碼 ,而且支持這款調製解調器的ARM處理器。

調製解調器的閃存經過脫焊後連接到適配器板(左側)。 讀取固件的方法來可能看起來有些荒唐,但確實有效
通過IDA Pro工具,我迅速識別出固件上多種加密和哈希算法。 這是因為流行加密算法使用特定的表與常數,它們可以被自動化地查找。 基於這些發現,我可以查找到使用相同加密和哈希算法的其他代碼
尋找密鑰
加密秘鑰來自何處? 作為樂天派,我起初推測廠商會為每輛車生成唯一的密鑰,並存儲在V850ES微型控制器上,然後再發送到蜂窩調製解調器。 由於在這種假設場景下查找密鑰需要花費大量的工作,所以我決定繼續分析應急呼叫的協議。 固件中的特定字符串表明,它似乎正在使用NGTP協議(下一代Telematics 協議 )。 並不令人感到意外,因為寶馬公司是NGTP主要支持者之一。
為了定義通信協議,NGTP使用標準符號表示法ASN.1(抽象語法標記1)。 經過分析得知,該固件使用開源編譯器asn1c來創建語法。 結合asn1c工作原理來查看固件的結構,我嘗試重構接近該協議所用的ASN.1語法。 這個步驟是必須的,因為NGTP只是對協議如何構建給出建議,但並未規定實際的實現細節。
按照這個思路,我再次踏上尋找加密密鑰的道路。 NGTP 協議包含更新密鑰的函數,讓我確信密鑰一定存在某個地方。 長期以來,尋找總是徒勞無功。 在最後一次嘗試中,我分析了固件中一個隨機數據塊。 我嘗試把該數據塊的部分數據作為密鑰來解密記錄的緊急文本消息。 經過一些失敗的嘗試後,最後獲得了成功。
這個發現愈發讓我感到怪異。 他們不會真的對所有的汽車都使用同樣的密鑰材料吧? 另外,我目前只能查看緊急文本消息。 對那種使用場景,所有車擁有相同密鑰並不會造成什麼危害。
我發現了加密使用DES(56位密鑰)算法和AES128(128位密鑰)算法。 為簽名消息,固件使用了三種簽名算法DES CBC-MAC,HMAC-SHA1和HMAC-SHA256。 消息的頭部指定了算法的類型和所用的密鑰對。
目前,尚不清楚寶馬公司為什麼會使用DES算法,因為DES算法的破解已有一段時間了。 而且相對於其他加密算法,DES數據塊的長度更短,從而生成更短的加密消息。 3DES情況也一樣,但起碼3DES被多數人認為是安全的。
重組
在成功地嘗試解密與解碼應急短信後,我把注意力轉向了汽車本身。 我想要查明當涉及安全相關的功能時,寶馬汽車的通信是否會受到更好的保護。 為了這個目的,我開始調查車門遠程解鎖的功能。
為使用這個功能,車主首先需要在BMW 網站上註冊賬戶並開啟遠程服務。 駕駛員可以使用iOS和Android版的My BMW Remote移動應用來打開駕駛員旁邊的車門。 為了詳細了解其工作原理,我不得不再次記錄汽車收發的數據。 這需要先發送一條短信,否則不可能與已關閉引擎的汽車建立數據連接。
獲得這條短信的最簡單方法是監聽Combox設備上蜂窩調製解調器與V850ES微控制器之間的串口連接。 在只是APP打開車門後,我的確在記錄的數據中找到一條文本消息。 這條消息似乎包含調試字符,因為它實際上已經蜂窩調製解調器處理過。
通過對My BMW Remote移動應用的加密算法與密鑰表的了解,我可以輕易地解碼與分析這條消息。 為了查看汽車的反應,我使用模擬的蜂窩網絡向汽車發送消息的副本(重放攻擊)。

攻擊寶馬ConnectedDrive 系統
接收到短信之後,汽車大約花費一分鍾啟動連接到主處理單元的系統 COMBOX通過蜂窩網向寶馬後台服務器發起連接,並嘗試訪問服務器上的數據。 如果Combox沒有接收到任何數據,連接被終止,什麼事情也不會發生。 這就意味著短信不足以打開車門, 系統還需要來自後台進一步的數據。
對於剛剛發生的事情,令人吃驚的是汽車與寶馬服務器之間的蜂窩連接可以在模擬網絡中毫無保留的記錄下來。 汽車只是發送一個簡單HTTP Get請求,在傳輸過程並沒使用SSL或TLS加密。
為查明汽車期望從寶馬後台獲得的數據,在利用短信開始重放攻擊之前,我至需通過App觸發解鎖序列。 通過這種方式, 服務器便會存儲有關我這輛汽車的所需信息。 緊接著,車門便打開了。
新數據可以使用上面所述的方法來解密與分析。 這一次所用的協議又是NGTP,但使用不同的簽名算法與加密算法:AES128而不是DES,HMAC-SHA256而不是DES-CBC-MAC,但是使用相同的加密表。
破門而入
現在,我已經具備充足的知識來模擬解鎖功能的所有組件。 我可以偽造打開車門的數據,而所需的設備只是一個基站和一台筆記本,這台筆記本將發送偽造的短信,然後再偽裝成寶馬的後台服務器
問題是已經提取出來的密鑰是否適用於其他的汽車。 對其他幾台寶馬汽車的測試讓我吃下定心丸。 在這個測試過程,我獲知了一些額外情況。 如果配備ConnectedDrive的車輛沒有激活遠程服務,遠程打開車門就不能奏效。 不過,我們可以利用模擬的蜂窩網絡來激活遠程服務。
這個工作類似於前面的攻擊。 汽車發送一條短信,指示它從BMW 服務器下載新的配置數據。 配置數據通過HTTP Get請求加載,配置數據被格式化成未加密且易於理解的XML文件。 配置文件並不能防篡改,這種問題原本可以利用數據簽名輕易解決。 這就意味著我可以使用模擬網絡輕易地激活遠程服務,然後再打開車門。
至少,汽車會檢查消息的目的地址,即消息應該被發送到哪輛汽車。 這個檢查是通過查看消息中的VIN(車輛標識碼)來完成的。 如果VIN不能與提出質疑的汽車相匹配,它就不會執行​​發送的命令。 這對攻擊者來說並不是什麼障礙,因為COMBOX在這方面給予攻擊者極大的幫助:如果Combox不能接收到有效的VIN碼,它實際上會發送一條錯誤消息,而這條錯誤消息會包含VIN來標識錯誤消息的發送者。

一些BMW車型中,COMBOX已經被替換成其他類型的控制單元。 TCB(Telematic Communication Box)支持通用移動通信系統 (UMTS),而且不會不洩露VIN,但仍使用已知的加密密鑰。
在接下來的研究,我也研究了幾款最新的BMW車型。 其中在一些車型中,COMBOX已經被替換為其他的控制裝置。 多媒體與免提功能已經整合到所謂的Headunit。 而蜂窩通信已經遷移到到TCB (Telematic Communication Box),它現在除了支持GPRS/EDGE連接,還支持通用移動通信系統 (UTM)。 TCB會忽略未包含正確VIN的消息。 因為它要么不回复,正確VIN碼並不像在COMBOX中一樣那麼容易查明。 不過,通信仍然使用了適用所有車輛的已知密鑰。
實踐
在現實中,通過模擬網絡遠程解鎖車門將會是什麼樣子? 這要求所需設備能夠放在一個公文包或一個背包中。 模擬網絡的覆蓋範圍即使在市中心也可以超過100米。 所謂國際移動用戶識別碼捕捉器(IMSI catcher)比實際的移動網絡擁有更強的信號,所以會導致手機優選選擇偽造的移動蜂窩網絡。 IMSI catcher不需要事先知道目標汽車的電話號碼。 IMSI catcher使用TMSI替代。 當一個移動設備接入IMSI偽造的網絡時,IMSI會給這個設備分配一個TMSI。 如果目標車輛使用TCB模塊,攻擊者阻塞這個區域存在的UMTS信號,迫使控制單元退回到GSM模式。
因為不僅配有ConnectedDrive的汽車會接入到偽造的移動蜂窩網絡 ,通過查看IMEI碼來過濾接入的設備是個不錯的方法,IMEI碼是分配給所有移動設備與蜂窩調製解調器的唯一序列碼。 IMEI碼的前8位數字指示設備的類型(手機型號代碼 ,TAC)。 攻擊者可以利用這個方法區分Combox與TCB。
獲知某個汽車配備了Combox,攻擊者可以查找到VIN,然後激活遠程服務並打開駕駛員旁的車門。 如果汽車裝備了TCB,VIN可以通過另一種方式獲取。 根據汽車所銷往的國家,VIN可以在擋風玻璃上看到或出現在門框的銘牌上,因此當有人離開汽車時,攻擊者可以使用相機拍下來。 解鎖車門並沒有留下任何痕跡,即使在擁擠的街道也不顯眼。
結論
在初步調查時,我發現了ConnectedDrive上的6歌安全 漏洞
①BMW在所有的車輛上使用相同的對稱密鑰②一些服務並沒有在汽車與寶馬公司後台的傳輸過程中加密消息③ConnectedDrive配置數據不能防篡改④COMBOX在NGTP錯誤消息中洩露VIN碼⑤通過短信發送的NGTP數據使用不安全的DES加密算法加密⑥COMBOX沒有實施保護措施來防禦重放攻擊
這些問題本來可以被輕易地避免。 例如,在傳輸過程中執行加密的組件都已具備,但僅僅被一些ConnectedDrive服務所使用。 此外,製造商可以通過寫入VIN使上述控制系統擁有不同的標識,因此也可以為每個車輛寫入唯一的密鑰。
一年前接受C'T雜誌的採訪時,寶馬公司研發部​​門的克勞斯布特內爾博士說,當涉及到公司的在線服務時,汽車的安全和授權訪問具有最高優先級。 參考布特內爾的話,寶馬公司把所有服務路由到自己的安全後台。 此外,汽車只處理授權的命令,且命令只能是預先設定的命令列表中的。
原則上,這是正確的,但知易行難。 據寶馬公司宣稱, 安全 漏洞已全部修復。 儘管寶馬公司信誓旦旦擔保沒問題,但對於車主來說又該何去何從? 不幸的是,ConnectedDrive不能被輕易關閉-它沒有提供類似手機飛行模式的功能。
為了永久關閉ConnectedDrive,車主要填寫一個書面請求,還要跑一趟汽車維修中心。 其中自助措施是斷開Combox或TCB與天線。 取決於車型而定,這個方法易於實施,因為控制單元位於行李廂的地板下面。 不過,這樣也就關閉了自動應急呼叫(Security與Safety不能兼得啊)。
沒想那麼長遠的車主寄希望製造商在處理在線服務的細節時已經足夠謹慎。 ADAC要求汽車裝備的計算機採用先進的防止篡改與非法訪問的保護措施。 要求中提到,這種保護應該遵守與其他行業相同的安全標準。 此外,這些安全措施也要通過第三方中立機構驗證-例如作為德國波恩聯邦信息安全局的公共標準認證((Common Criteria Certification)的一部分。
PS:這是春節前的最後一篇文章了,提前祝大家春節快樂,萬事如意!
[參考信息來源heise ,內容有所刪減,盡量保留了原文本意。 翻譯自Rabbit_Run,喜歡文章請點贊鼓勵。 FreeBuf.COM獨家文章,未經許​​可禁止轉載]




 ================================================
 http://hk.apple.nextmedia.com/international/art/20150314/19075531

Enhanced national vote weaker US-Japan



 [Agency] demolition
Beijing want to reinvent the wheel to set up Asian investment bank to establish their own dominant game, in addition to the United States suspected of China with a new agency as a tool of diplomacy, but also with China with the rise of their own economic status, national strength, but the voice in the international financial sector without a corresponding increase in is still the United States, Japan and other Western countries led related.
For example, the Asian Development Bank, the Chinese contribution 6.628 percent, ranking third in sixty seven countries, but only 5.47% voting rights, less than half of the United States and Japan; United States and Japan, respectively, 16.5% of the total funding. Similarly, the World Bank, China is the third largest shareholder after the United States and Japan, but the World Bank is only 4.42% of the voting rights.
The reason for the sudden application for British Asian investment bank of the founding members, in addition to the rights and facilities as a founding member may have, in part because Chinese regulations, the second ○ 一 五年 三月 三十 1st is the Asian country last qualified investment bank founded deadline From the day before the deadline, only half a month of time, and also to obtain the consent of other member states, time is pressing. The Chinese new kitchen there is a reason that the US-led "Trans-Pacific Partnership Agreement" (TPP, ie FTA) intends to shut out China, which is obviously not a good thing for the Chinese economy, Beijing set up in addition to advocating Asian investment bank, also the introduction of regional economic development strategy referred to as "all the way along," and all of this.
Tenxxx / Financial Network

 That is like apples Supplement No. innovative "fruit seed" FB!
 =============================
  http://hk.apple.nextmedia.com/international/art/20150314/19075531


國力增強 投票權遠遜美日





【拆局】
北京要另起爐灶成立亞投行建立自己主導的遊戲,除美方懷疑中國要用新機構作為外交工具外,也與中國隨着自己經濟地位上升、國力增強,但在國際金融領域的發言權卻沒有相應增加,依然是美國、日本等西方國家主導有關。
例如在亞洲開發銀行,中國出資額6.628%,在六十七個成員國居第三,但投票權僅佔5.47%,不及美國和日本一半;美日出資分別為總額16.5%。同樣,中國是世界銀行第三大股東國,僅次於美國和日本,但在世界銀行的投票權只有4.42%。
英 國之所以突然申請為亞投行創始國,除作為創始成員可能享有的權利和便利,原因之一是中國規定,二○一五年三月三十一日是亞投行創始國資格最後截止期限,從 前天到截止日,只剩下半個多月時間,且還要取得其他成員國同意,時間緊迫。而中國另起爐灶還有一個原因,就是美國主導的「跨太平洋夥伴關係協定」 (TPP,即自由貿易區)有意將中國拒之門外,這對中國經濟顯然不是好事,北京除了倡設亞投行,還出台簡稱為「一路一帶」的區域經濟發展戰略,都與此有 關。
騰xx網/財經網


即 like 蘋果副刊革新號《果籽》FB!
 =========================================
 http://hk.apple.nextmedia.com/realtime/china/20150314/53530242

China Airlines plane made an emergency landing in Lanzhou pick intimidation

 
 Lanzhou a reporter Ma Jun, 13:48 refers microblogging rebellion, China Airlines from Chongqing through Lanzhou, Jiayuguan to Dunhuang, 12:55 off the G52689 flight crew, received threatening, aircraft emergency Lanzhou Airport landing. After verification of airport passengers, baggage, etc., the content is determined to intimidate false information, the current flight was off again.

CvvTV

 ==================================
  http://hk.apple.nextmedia.com/realtime/china/20150314/53530242

華夏航空飛機接恐嚇 緊急降落蘭州

 
甘肅蘭州一名記者馬駿,中午1時48分在微博報料指,華夏航空由重慶經甘肅蘭州、嘉峪關飛往敦煌,12點55分起飛的的G52689航班機組,接獲恐嚇, 飛機緊急降落蘭州中川機場。機場方面經過核查旅客、行李等情況後,確定恐嚇內容為虛假資料,目前航班已重新起飛。
nnn視

 ==============================
 http://hk.apple.nextmedia.com/realtime/news/20150314/53529941


Christians pray always outside police hope the police to exercise restraint when law enforcement



 [Update: New Movie]
Including members of the People's Power Tan unsuccessful (soon will be), including more than 10 Christians, Wan Chai police headquarters this afternoon to prayer, singing hymns in the form of a petition, referring to a series of anti-parallel off several demonstrations on Sunday, police enforcement use of unnecessary and excessive force, so demonstrators were injured.

Petitioners appealed to the police to maintain law enforcement when restraint, strictly abide by the police regulations, but the demonstrators want Zheyi peaceful demonstrations, do not use physical and verbal violence, and finally submit the petition to the police.


==========================================
 http://hk.apple.nextmedia.com/realtime/news/20150314/53529941


基督徒警總外祈禱盼警執法時保持克制


【更新:新增短片】
包括人民力量成員譚得志(快必)在內的10多名基督徒,今午到灣仔警察總部以祈禱會、唱聖詩的形式請願,指接連數個周日反水貨客示威中,警方執法使用不必要及過份武力,令示威者受傷。

請願人士呼籲警方執法時保持克制,嚴格遵守警察條例,而示威者亦要和平示威,不要使用肢體和語言暴力,最後向警方遞交請願信。


 =============================================
 http://hk.apple.nextmedia.com/realtime/news/20150315/53532176


[House] long-haired female holding a yellow umbrella slogan will soon be carried away



 House is open daily from 10:00 this morning, so that the public admission, there is the "long-haired woman," said Lei Yulian social activists holding a yellow umbrella and slogans admission, she shouted through after security, "I really want universal suffrage", but then demonstrations by the police that she hand-held items, can not enter the House, more than policewoman took her to lift off the entrance channel. "Apple" reporter on the scene saw someone dragging luggage trunk into the House rejected.

Executive Committee of the People Power "will soon" Tan frustrated with yellow umbrella and the band, "I really want elections," said the scene ready to play spring flowers, denied admission if he was referring to, will be putting the yellow balloons at the Government House to House inside. He was armed with the results of written, "I really want universal suffrage" red Fai Chun refused entry House, soon to be carried away more than police officers.

"Apple" live at Government House Open Day:
http://bit.ly/1yQy8Qe



 http://hk.apple.nextmedia.com/realtime/news/20150315/53532176


【禮賓府】手執黃傘標語 女長毛快必被抬走

 
禮賓府開放日今早10點起讓公眾入場,有「女長毛」之稱的社運人士雷玉蓮手執黃傘及標語入場,她通過安檢後高呼「我要真普選」,但隨即被警方指她手持示威 物品,不能進入禮賓府,多名女警湧上將她抬離入口通道。《蘋果》記者現場所見,有人拖著行李篋進入禮賓府遭到拒絕。

人民力量執委「快必」譚得志則帶同黃色雨傘及「我要真普選」揮春到場稱準備賞花,他指若被拒入場,將會在禮賓府外放黃色氣球到禮賓府內。結果他因手持寫有「我要真普選」的紅色揮春被拒進入禮賓府,旋即被多名警員抬走。

《蘋果》直播禮賓府開放日:
http://bit.ly/1yQy8Qe


 ==========================================
 http://hk.apple.nextmedia.com/realtime/news/20150315/53531608


One union worries million bonus in effect encouraging false news

 
 "Apple Daily" reported yesterday announced the celebration of the 20th anniversary of record, will encourage readers to provide the highest reward Exclusive photos and video clips, and overweight and 100 million. On behalf of the "Apple" Next Media editorial staff union challenged the remuneration will be an incentive to falsify huge news, and news with adverse social money, and have a negative impact on the credibility of newspapers, promoting stop the giant tours.

One union statement pointed out, some worry that the editorial staff remuneration rebellion when pushed to far beyond the average person's monthly income or salary, in effect encouraging people will do anything to make the news. The statement also refers to the "Apple" reportedly took place early invasive "Chen Jiankang event" to buy materials and pay for police scandal, editorial staff struggled to rebuild the image of the newspaper. Extreme anxiety union newspapers make a huge reward increase in risk of false false news, ask "Apple" treasure senior newspaper credibility, suspend huge bonus plan.

"Apple" Ye Yijian president said sheet explosive burst phase 1 million yuan prize is to celebrate the 20th anniversary of newspaper marketing activities to enhance interaction with readers of newspapers, no need to extend to the social atmosphere exaggerated and newspaper credibility issues. As for the ability to disguise huge bonuses will encourage false news, he is under the editorial staff of the message to Tell confidence, "Just keep a good tailgate, it 唔怕 false news."

"Apple" editor 陈沛敏 said unions understand the worries of large sums of money in incentives, the quality will be mixed rebellion. The "Apple" is facing political and economic environment is more severe than in the past, not to repeat the error made the news. She will remind the editorial staff to be cautious, and more rigorous checks. And in the future if found to reward activities rebellion abuse can also review and adjustment.


 =======================
 http://hk.apple.nextmedia.com/realtime/news/20150315/53531608


壹工會憂百萬獎金變相鼓勵假新聞

 
《蘋果日報》昨宣佈慶祝創報20周年,將鼓勵讀者提供獨家照及短片的最高獎賞,加碼至100萬元。代表《蘋果》編採人員的壹傳媒工會質疑巨額酬金會變相鼓 勵偽造新聞,及用錢買新聞的不良社會風氣,對報章公信力有負面影響,促停止巨賞活動。

壹工會聲明指,部份編採人員擔心將報料酬金推高至遠 超一般人的月入甚至年薪時,將會變相鼓勵人不擇手段製造新聞。聲明又指,《蘋果》創報初期曾發生「陳健康事件」及付錢警察買料醜聞,編採人員幾經努力才能 重建報章形象。工會極度憂慮巨額獎賞令報章誤報假新聞的風險大增,懇請《蘋果》高層珍惜報章公信力,中止巨額獎金計劃。

《蘋果》社長葉一堅表示,爆片爆相100萬元獎金是報慶20周年的市場推廣活動,增強報章與讀者的互動,無必要無限上綱引伸至社會風氣及報章公信力等問題。至於巨額獎金會否變相鼓勵假新聞,他則對屬下編採人員辨別真假消息的能力有信心,「只要守好尾門,就唔怕有假新聞」。

《蘋 果》總編輯陳沛敏稱,明白工會憂慮在巨額金錢的誘因下,報料質素會參差。而《蘋果》目前面對的政治及經濟環境比以往更嚴峻,不容再犯造新聞的錯誤。她會提 醒編採人員必須加倍小心,更嚴謹把關。而日後若發現報料獎賞活動有流弊,亦可檢討及調整。


 =========================================
 http://hk.apple.nextmedia.com/realtime/news/20150315/53523968

Domestic intelligence vulnerabilities hackers can invade TV kept peeping



 Apps can be installed Internet growing popularity of smart TV. "Apple" information security company commissioned three hot market, Japan, Korea and smart TVs were tested and found to parity as an attraction of the music, as the domestic brands (Letv), its operating system memory leaks, secretly install malicious hacker could take programs, steal credit card information with family, and even control the camera lens on the TV with a home video voyeur living life.

As a test of Letv TV through Taobao ordered from the mainland, Nexusguard consultant 崔小聪 mean, Letv operating system uses Android, by the factory "Root machine" modifications; the detection process, he discovered that the system left the factory ONLY "Developer Tools" program for internal use, "it GOD tools hackers can easily install malware system of internal systems." Cui immediately for "Apple" model, after the computer is connected to the TV, you can walk away from the use of the developer tools in TV within secretly install malicious programs, nothing unusual during the TV screen, without showing any notifications.

The other two Sony and LG Smart TV, the use of a dedicated operating system, all Apps must first obtain authorization is required for installation of the factory, unless users to unlock the system (Root machine), destroy the security settings, otherwise invade the relative difficulty of such TV larger.

Please note that "Apple Daily" reported.


 ================================
  http://hk.apple.nextmedia.com/realtime/news/20150315/53523968


國產智能電視存漏洞 黑客可入侵偷窺


可上網裝Apps的智能電視日趨普及。《蘋果》委託資訊保安公司為市面上三款熱賣的中、日、韓智能電視進行測試,發現以平價作招徠的國產品牌樂視 (Letv),其作業系統內存漏洞,黑客可藉此偷偷安裝惡意程式,偷取用家的信用卡資料,甚至控制電視上的相機鏡頭,偷窺錄影用家的起居生活。

用 作測試的Letv電視是透過淘寶從內地訂購,Nexusguard顧問崔小聰指,Letv的作業系統採用Android,並由廠方「Root機」修改;檢 測過程中,他發現系統內遺留了只供廠方內部使用的「開發者工具」程式,「呢啲工具可以方便黑客係系統內部安裝惡意程式。」崔隨即為《蘋果》示範,以電腦連 接電視後,即可遙距使用該開發者工具在電視內偷偷安裝惡意程式,過程中電視機畫面全無異樣,沒有顯示任何通知。

另外兩款Sony及LG智能電視,由於使用專用作業系統,所有Apps要先得到廠方授權才可安裝,除非用家將系統解鎖(Root機),破壞保安設定,否則入侵這類電視的難度相對較大。

詳情請留意《蘋果日報》報道。


 ======================================
 http://hk.apple.nextmedia.com/international/art/20150315/19077181


PP Island posted feet ban a bell that has power off fined



 Earlier online crazy pass a "here we go again! No quality of Chinese tourists in Koh Phi Phi (ie Thailand PP Island) bathroom sink and feet," the article, the index name Chinese female tourists in wash basin feet sandals . Afterwards, head in the bathroom sink at the posted feet ban, but to ignore the ban on Chinese tourists in washbasins feet are fine.

Thailand's daily news website reported that Chinese tourists in washbasin feet, wash shoes occurs after the PP Island scenic, scenic responsible guess tower bring other staff in the bathroom sink at the posted "no wash here foot washing shoes, violators fined 1,000 baht "in English and Chinese.

But the day before yesterday, the staff has just posted a notice in English less than an hour, another one of Chinese tourists to enter the bathroom, lifted his foot in the basin feet, did not pay attention to the signs on the wall. The behavior of the staff of tourists taking pictures, then notify the tourist guide, let the other party notice to pay a fine of 1,000 visitors to the accident baht.

Pennne / Thai Siam Star Media


 =====================================
 http://hk.apple.nextmedia.com/international/art/20150315/19077181


PP島貼洗腳禁令
一個鐘即有強國客被罰


早前網上瘋傳一篇「又來了!無素質的中國遊客在皮皮島(即泰國PP島)衞生間洗手台洗腳」的文章,指數名中國女遊客在洗手盆洗腳洗涼鞋。事後負責人在衞生 間洗手台處貼出洗腳禁令,但有中國遊客無視禁令在洗手盆洗腳被罰款。

泰國每日新聞網站報道,在PP島景區出現中國遊客在洗手台洗腳、洗鞋的情況後,景區負責人猜塔攜同其他工作人員在洗手間洗手台處貼出了「禁止在此處洗腳、洗鞋,違反者罰款1000銖」的英文告示。

但前日,工作人員剛貼出英文告示不到一個小時,又有一名中國遊客進入洗手間,抬起腳在洗手盆洗腳,完全沒有注意牆上的告示牌。職員將該遊客的行為拍照,然後通知該遊客的導游,讓對方通知肇事遊客前往繳付罰款1,000銖。

人nn網/泰國星暹傳媒


 ===================================
 http://hk.apple.nextmedia.com/news/art/20150315/19076931


US currency manipulation check or five lines each fined 7.8 billion

 
 UBS is the first bank to notify the US authorities involved in the foreign exchange market or misconduct, will be exempt from being sued antitrust allegations. Profile picture.
 WASHINGTON Bloomberg quoted sources said the US Justice Department is seeking to international financial institutions who were affected by alleged currency manipulation investigation, and each fined one billion US dollars (approximately HK $ 7.8 billion), including UBS, Buck Levin, the Royal Bank of Scotland, JP Morgan and Citigroup. Reported that the amount of one billion US dollars initially proposed only the negotiating table, the final part of the bank or have been asked for more contributions, some or fewer.
It is understood that the event sources, there is a bank due to open at the beginning they show a cooperative attitude, and therefore less expected fine; also negotiating table was asked fined four billion US dollars, and ultimately a fine or be reduced. Mediate negotiations commenced in the last few weeks, and the opportunity to achieve reconciliation. Reported that the judicial investigation has skipped the move also reflects the bank violated antitrust laws argue whether or fraud, has entered negotiations to resolve and a fine stage.

UBS is eligible for Free prosecution monopoly

The report quoted sources, the US authorities are seeking a uniform mediation program to deal with all the involved banks, to avoid being singled out for a bank; UBS is the first bank to notify the US authorities in the foreign exchange market or involving misconduct, will be exempt from prosecution monopoly charges. Bloomberg had to mediate negotiations with the US authorities query, but the authorities refused to comment. The US Justice Department and the New York City banking authorities also launched a new survey to understand whether the bank in the spot market abuse some long-term practice.
■ reporter Yanfen Zhou


 ===================================
  http://hk.apple.nextmedia.com/news/art/20150315/19076931

美查操控滙市
五大行或各罰78億

 
 瑞銀是第一家銀行通知美國當局於外滙市場或涉不當行為,將獲免除被起訴反壟斷指控。 資料圖片.
【本報訊】彭博引述消息人士稱,美國司法部正尋求向受涉嫌操控滙市而遭調查的國際金融機構,每間罰款十億美元(約七十八億港元),包括瑞銀、巴克萊、蘇格 蘭皇家銀行、摩通及花旗。報道指,十億美元只是談判桌上初步提出的金額,最終或會有部份銀行被要求更多繳款,部份或會較少。
據了解事件人士稱,有 一間銀行由於開初便表現合作態度,預期罰款因而較少;亦有談判桌上被要求罰款四十億美元,最終罰款或會減少。調停談判已於近數周展開,並有機會達致和解。 報道指,司法部門此舉亦反映調查已跳過與銀行爭論是否觸犯反壟斷法或欺詐行為,已進入解決談判及罰款階段。

瑞銀獲免起訴壟斷

報道引述消息指,美國當局正尋求劃一調停方案,以應對所有涉案銀行,避免某一銀行被挑出來;瑞銀是第一家銀行,通知美國當局於外滙市場或涉及不當行為,將 獲免除起訴壟斷指控。彭博曾就調停談判向美國當局查詢,惟當局拒評論。美國司法部和紐約市銀行監管當局,還展開了新調查,以了解銀行於現貨市場是否濫用一 些長期慣例。
■記者周燕芬


 ======================================
 http://hk.apple.nextmedia.com/financeestate/art/20150315/19076341


Chuan Shanghai net loan providers bust boss "runaway"

 
  P2P Shanghai company named Christine Assets doubt has bust. Profile picture.
 WASHINGTON rating agency has warned the mainland, the mainland one thousand two hundred and fifty network lending platform (P2P), or in case of operational difficulties, and may even appear closures, mainland newspaper "Financial Times" reported immediately, Shanghai A company called Shanghai Christine letter Asset Management Company (Christine Assets) of P2P, suspected to have been the first to bust, and its bosses have been accused of "runaway" and took approximately eight million yuan (about 9.9 million HK) company funds, the number of victims involved about 160 people.
Reports that are received by readers rebellion, after investigation found that the company has entered the closure of state suspected. Assets reported that the owner of the name Christine Liu Liping, the official website shows the company is approved by the State Administration for Industry Financial Markets Service, the registered capital of 100 million, said the commitment to innovation and development of new diversified businesses, to garment production, network engineering agriculture, tourism development as a starting point to trade in goods, financial services, health, health, catering hotels, culture, media and other services led the development of secondary and tertiary industries simultaneously.
"First Financial Daily" reporters repeatedly call Christine Assets official website listed telephone consultation, no one answered. Reporters then according to the official website of the information display, visit one of its five business department, located in Tongren Road, Jing'an District, Shanghai No. 299 East Building, 13th floor office, found the door had been closed and empty.


====================================
  http://hk.apple.nextmedia.com/financeestate/art/20150315/19076341


傳上海網貸商爆煲 老闆「走佬」

 
 上海一家名為恭信資產的P2P懷疑已爆煲。 資料圖片.
【本報訊】內地評級機構日前警告,內地一千二百五十個網絡借貸平台(P2P),或遇上經營困難,甚至可能出現倒閉潮,內地報章《第一財經日報》隨即報道, 上海一家名為上海恭信資產管理公司(恭信資產)的P2P,懷疑已率先爆煲,其老闆更被指經已「走佬」,並帶走約八百萬人民幣(約九百九十萬港元)公司款 項,受害人數涉及約一百六十人。
報道指是收到讀者報料,經調查後發現該公司疑似已進入停業狀態。報道指恭信資產老闆名稱為柳麗萍,官網顯示公司是 經國家工商總局核准的金融市場服務企業,註冊資本一億元,稱致力於創新發展的新型多元化企業,以服裝生產、網路工程、農業、旅遊業開發為起點,以物資貿 易、金融服務、健康養生、餐飲酒店、文化傳媒等服務業主導,一二三產業並舉發展。
《第一財經日報》記者多次撥打恭信資產官方網站列出的諮詢電話, 均無人接聽。記者再根據官網資訊顯示,到訪其五個營業部其中一個、位於上海靜安區銅仁路299號東海大廈13樓辦公室,發現大門已被封閉,並人去樓空。


 =======================================
 http://hk.apple.nextmedia.com/international/art/20150315/19076659


IS was besieged coalition lost a quarter of the land

 
 IS (Figure) face the Iraqi army and Kurdish fighters retreat attack, the US military refers to the IS in northern and western Iraq have a base of the fall quarter, more Iraqi militias threatened to capture Tikrit in three days.
IS peak once controlled Iraq fifty-five thousand square kilometers of land, but with the Iraqi army and coalition forces continue advancing library clan fighters, the US has lost the day before yesterday revealed that a quarter of IS, ie control over thirteen thousand five hundred square kilometers of land. Reportedly, IS only last stronghold in Tikrit, hundreds of thousands of holy warriors are resistance forces siege. Iraqi troops recaptured the city indicates that half of the land.
In addition, the US military last week, a soldier standing guard overnight base in Iraq, was wounded by enemy fire, the US military began last year after a local training the Iraqi army, for the first time directly assaulted and injured soldiers.
Agence France-Presse


===========================================
 http://hk.apple.nextmedia.com/international/art/20150315/19076659

遭聯軍圍攻 IS失四分一土地

 
IS(圖)面對伊軍及庫爾德族戰士的進攻節節敗退,美軍指IS在伊拉克北部及西部有四分一根據地失守,有伊拉克民兵組織更揚言在三日內攻下提克里特。
IS高峯時一度在伊拉克控制五萬五千平方公里土地,但隨着伊軍及庫族戰士聯軍不斷進逼,美軍前日透露IS已失去四分一、即一萬三千五百平方公里土地的控制權。據報,IS在提克里特只剩最後一個據點,數百名聖戰士正抵抗數千聯軍圍攻。伊軍表示已奪回該市一半土地。
另外,美軍上周有一名士兵在伊拉克基地通宵站崗時,遭敵人開火擊傷,是美軍去年開始在當地訓練伊軍後,首次有士兵直接遇襲受傷。
法新社


 ============================================
 http://news.ltn.com.tw/news/life/breakingnews/1257201


自由時報

Anti-nuclear party songs, mobile light shining under the sea end

 
 Party people phone up, lit the lights swaying with the music. (Reporter Wu Liang Miriam photo).
 2015-03-14 22:43
[Reporter Wu Liang instrument / Taipei], "314 national nuclear waste Parade" Evening 21:30 finish, including singer Xiao Heshuo, publisher Hao Kuang-tsai, etc. have to perform on stage, a short talk, and finally musician Chen Ming-chang, playing guitar and singing, the station Under the masses also raised the lights, swaying with the song, ending in an atmosphere of joy.
  • 314反核遊行從凱道出發最後在凱道集結並舉行晚會,反核四五六運動成員及志工上台演唱。(記者陳志曲攝) 314 anti-nuclear march from Kay Kay Road Road starting final assembly and held in the evening, the anti-nuclear movement four hundred fifty-six members and volunteers came to the concert. (Reporter Chen Qu photo)
  • 314反核遊行從凱道出發最後在凱道集結並舉行晚會,那我懂你意思帶來演出。(記者陳志曲攝) 314 anti-nuclear march from Kay Kay Road Road starting final assembly and held in the evening, then I know what you mean to bring the show. (Reporter Chen Qu photo)
  • 反核晚會,民眾一起跳反核健康操。(記者王敏為攝) Anti-nuclear party, people danced antinuclear healthy exercise. (Reporter Wang Min as photo)
  • 反核晚會,一位小朋友跟著大家一起跳反核健康操。(記者王敏為攝) Anti-nuclear party, a children along with everyone jumping antinuclear healthy exercise. (Reporter Wang Min as photo)
Party, the Green League Deputy Secretary-General Hong Shenhan pointed out that many people do not criticize nuclear power, but offered no way, but in fact just rely on electricity, nuclear power will be able to lose; "This is not a moral appeal, but a system of energy-saving . "
洪 申翰 say, Sydney, Seoul, all rely on the system of energy-saving and gradually reduce the demand for electricity, and Seoul also reached the fourth nuclear power plant generating capacity to lose about a turbine; mom supervise nuclear alliance also said: "Energy conservation is the power."
Director Ko are also participating in a party, he says with a laugh, last year the same occasion, he said to "Taipei Mayor", so we are very excited about the results did not hear back an "I'm kidding."; "This Taipower everyone with nuclear power is safe Like, is a fake! "
Ke a positive, said last year that he and Taipei mayor Wen-Je Ko met, he had to persuade Wen-Je Ko election, because he believed Wen-Je Ko transparent government can do, although it has been the wrong thing, but he believes he would have been doing, and now Wen-Je Ko phenomenon also allow other Heads counties taut skin, nose to the grindstone.
Party, Xiao Heshuo singer on stage to sing the song "Blue Orchid Island", there is a deep sense of Aboriginal style, sound a little melancholy song, the audience quietly listening audience.
Writer Ono also said that the anti-nuclear protest from outside the system in the past, has advanced to fight and oversight within the system, increasing the power of civilian oversight, like a big change in the last election is an example; Ono said, I hope this is the last time anti-nuclear parade, hope the Government can after nuclear energy policy and nuclear waste disposal have satisfactory answers.
Publisher, writer Hao Guang was also a short talk on stage, but also ironic, "the fourth nuclear plant is not wine," is now sealed, but still spend large sums of funds per year maintenance, maintenance, "that one day may also be enabled, but it is not the wine that gets better but cost a lot, there is a lot of money pit troublesome consequences.
Finally, in the evening of lively music Chen Ming-chang guitar song ended, the audience of the masses with the lights to create a light sea, and dancing along with the music, a relaxed atmosphere.

 ================================
 http://news.ltn.com.tw/news/life/breakingnews/1257201


自由時報

反核晚會 歌聲、手機光海閃耀下結束

 
 晚會群眾舉起手機,亮起燈光隨著音樂搖曳。(記者吳亮儀攝).
 2015-03-14  22:43
〔記者吳亮儀/台北報導〕「314全國廢核大遊行」晚會晚間9點半結束,包括歌手蕭賀碩、出版人郝廣才等陸續上台表演、短講,最後在音樂人陳明章邊彈吉他邊唱歌下,台下群眾也舉起手機燈光,隨著歌聲搖曳,氣氛歡樂下結束。
  • 314反核遊行從凱道出發最後在凱道集結並舉行晚會,反核四五六運動成員及志工上台演唱。(記者陳志曲攝) 314反核遊行從凱道出發最後在凱道集結並舉行晚會,反核四五六運動成員及志工上台演唱。(記者陳志曲攝)
  • 314反核遊行從凱道出發最後在凱道集結並舉行晚會,那我懂你意思帶來演出。(記者陳志曲攝) 314反核遊行從凱道出發最後在凱道集結並舉行晚會,那我懂你意思帶來演出。(記者陳志曲攝)
  • 反核晚會,民眾一起跳反核健康操。(記者王敏為攝) 反核晚會,民眾一起跳反核健康操。(記者王敏為攝)
  • 反核晚會,一位小朋友跟著大家一起跳反核健康操。(記者王敏為攝) 反核晚會,一位小朋友跟著大家一起跳反核健康操。(記者王敏為攝)
晚會中,綠盟副秘書長洪申翰指出,很多人批評不要核電、但又提不出方法,但其實只要靠節電,就能減掉核電;「這不是道德性的呼籲,而是制度性的節電。」
洪申翰說,雪梨、首爾都靠制度性節電逐步減少用電需求,且首爾還達到減掉約核四廠一個發電機組的發電量;媽媽監督核電聯盟也說:「節能就是發電。」
導演柯一正也參加晚會,他笑說,去年同一個場合他說要「選台北市長」,讓大家很興奮,結果沒聽到後面一句「我是開玩笑的」;「這就跟台電大家核電是安全的一樣,是假的!」
柯一正說,去年他和台北市長柯文哲見面,他有勸柯文哲參選,因為他相信柯文哲能做到透明政府,現在雖然一直說錯話,但他相信他會一直做事,而目前柯文哲現象也讓其它縣市首長皮繃緊,不敢懈怠。
晚會中,創作歌手蕭賀碩在舞台上自彈自唱歌曲《蘭嶼的藍》,有濃濃的原住民風格,曲聲中帶點憂鬱,台下聽眾靜靜聆聽。
作家小野也表示,反核從以往的體制外抗爭,已進步到體制內的抗爭和監督,民間監督的力量越來越大,像去年選舉的大改變就是例子;小野說,希望這是最後一次反核遊行,希望政府能在之後對核能政策、核廢料處理等有圓滿答案。
出版人、作家郝廣才也上台短講,還諷刺「核四廠不是紅酒」,現在封存了、但每年仍要花費大筆經費保養、維持,「有一天可能還會啟用,但它不是紅酒越陳越香,而是花大錢、卻有麻煩後果的大錢坑。
晚會最後在音樂人陳明章的輕快吉他歌曲中結束,台下群眾用手機燈光打造光海,
 =================================
 http://news.ltn.com.tw/news/world/breakingnews/1254772

"Non coward! Do not yield a third country," the Japanese called on Prime Minister Sheikh aid station 311

 2015-03-12 14:30
[WASHINGTON] yesterday for the fourth anniversary of the earthquake in Japan, Taiwan and Japan many friends on Facebook mourning this day, four years ago, many "Japanese thank Taiwan" in the picture, the film has circulated on the Internet, one of the movie Japan's Liberal Democratic Party Congressman Furukawa Zhen long to be prime minister formally thank Taiwanese netizens were moved once again.
  • 古川禎久說,日本應該向中華民國台灣表示真誠的感謝,但政府卻屈服於第三國的臉色,把真心對待的好友當作不知情!(圖擷取自YouTube) Furukawa long Chen said Japan to the Republic of China should express our sincere gratitude, but the government has succumbed to face a third country, to really treat friends as uninformed! (Figure retrieved from YouTube)
Taiwan, Japan, Japan earthquake donation of 68 billion Taiwan dollars (this is the amount reported by the Foreign Ministry), and also on the Internet to cheer Japan, the Japanese were moved yesterday, Rep Furukawa Zhen long to be prime minister again officially thank the people of Taiwan are crazy pass, Furukawa Zhen long called on Japanese Prime Minister not to be "diplomatic influence of a third country" for the love of the Republic of China in Taiwan, should sincere thanks.
Furukawa long Chen said Japan to the Republic of China should express our sincere gratitude, aside diplomatic circles, this is the basic principle of life, not to mention Japan and Taiwan have no diplomatic relations, but they give a sincere concern for the most painful time in Japan, but Government has succumbed to face a third country, to really treat friends as uninformed!
Furukawa Zhen long pointed out that "the other side of love must be sincere answer is the true spirit of Japan", when Parliament burst into applause. Furukawa Zhen long last, the Prime Minister said: "If you agree with the pride of our Japanese, please give priority to hold the Japanese reputation" We Japanese are not ungrateful coward '. "
Japanese Prime Minister Yoshihiko Noda on long question Furukawa Chen said he specifically stated in parliament said he was very grateful to Taiwan, the Taiwan authorities have also pointed out that Ma Ying-jeou to thank through pipelines.
Yesterday was the fourth anniversary of the earthquake in Japan 311, Taiwan and Japan together with friends on the Internet to pay tribute, on behalf of the Japanese in Taiwan Mikio Numata, said yesterday that Taiwan's friends warm support given to Japan in the material, spiritual aspects. He promised that the two sides will make every effort to strengthen the Japan-Taiwan relations.




  http://news.ltn.com.tw/news/world/breakingnews/1254772


「非懦夫!不屈服第三國」 日人籲總理謝台311援助

 2015-03-12  14:30
〔本報訊〕昨為日本大地震4週年,不少台日網友在臉書上追悼這個日子,許多4年前的「日本人感謝台灣」的圖片、影片又在網路上流傳,其中一個影片是日本自民黨眾議員古川禎久要總理正式感謝台灣人,網友們又被感動一次。
  • 古川禎久說,日本應該向中華民國台灣表示真誠的感謝,但政府卻屈服於第三國的臉色,把真心對待的好友當作不知情!(圖擷取自YouTube) 古川禎久說,日本應該向中華民國台灣表示真誠的感謝,但政府卻屈服於第三國的臉色,把真心對待的好友當作不知情!(圖擷取自YouTube)
日本大地震台灣捐助日本共68億台幣(此為外交部報告的金額),同時也在網路上給日本加油打氣,讓日本備受感動,昨天眾議員古川禎久要總理正式感謝台灣人又再度被瘋傳,古川禎久呼籲日本首相不要被「外交第三國影響」,對於中華民國台灣的愛心,應該誠心道謝。
古川禎久說,日本應該向中華民國台灣表示真誠的感謝,撇開外交圈來說,這是做人的基本道理,更何況日本與台灣沒有邦交,但他們在日本最痛苦的時候給予真心的關懷,但政府卻屈服於第三國的臉色,把真心對待的好友當作不知情!
古川禎久指出,「對方的愛心必須真誠的答覆才是日本真正的精神」,這時議會響起一片掌聲。古川禎久最後對總理說:「如果您贊同我們日本人的驕傲的話,請優先守住日本人的名譽『我們日本人不是不知感恩的懦夫』」。
日本首相野田佳彥對古川禎久質詢說,他在議會中特別聲明表示非常感謝台灣,也指出已透過管道向馬英九與台灣當局致謝。
昨天為日本311大地震4週年,台日網友一同在網路上致意,日本駐台代表沼田幹夫昨天表示,台灣朋友在物質、心靈方面給予日本溫暖的支援。他承諾,將會竭盡全力強化今後日台雙方的關係。

相關連結請見


 


 =============================================
 http://news.ltn.com.tw/news/politics/breakingnews/1257183

China was a zombie account Guanbao DPP official website even when 4 days

DPP official website was Guanbao zombie accounts. Pictured DPP Chairman Tsai Ing-wen 14 pm, in the Central Committee met with the US delegation. (Reporter Chen Qu photo).
 2015-03-14 22:17.
[WASHINGTON] DPP official website account Guanbao were zombies! DPP secretariat director 蒋玉麟 today (14), said the official website consecutive four days abnormalities, since you can not normally enter Thursday; preliminary understanding, because the account was a zombie and out, causing traffic explode, still unable to recover .
Jiang Yulin said that this account in order to approach the zombie attack site, and previously, "Apple Daily" website when out exactly the same reason; please telecom company after the analysis found that these zombies IP accounts for about half of Taiwan, half of them in China.
Jiang Yulin said that the current situation persists, I do not know when we can return to normal, the DPP has been temporarily turn off the official website.

 ====================================
 http://news.ltn.com.tw/news/politics/breakingnews/1257183

遭中國殭屍帳號灌爆 民進黨官網連當4天

民進黨官網遭殭屍帳號灌爆。圖為民進黨主席蔡英文14日下午,在中央黨部接見美國訪問團。(記者陳志曲攝).,
 2015-03-14  22:17.
〔本報訊〕民進黨官網遭殭屍帳號灌爆!民進黨祕書處主任蔣玉麟今(14)日表示,官網已連續4天異常,週四起就無法正常進入;初步了解,原因是遭殭屍帳號不斷進出,導致流量爆掉,至今仍無法恢復。
蔣玉麟表示,這種以殭屍帳號攻擊網站的手法,與先前《蘋果日報》網站當掉的原因如出一轍;請電信公司分析後發現,這些殭屍帳號的IP約一半在台灣、一半在中國。
蔣玉麟說,目前狀況仍無法排除,不知何時才能恢復正常,民進黨已暫時先關閉官網。


 =================================
 http://news.ltn.com.tw/news/politics/breakingnews/1256672


Little Britain: DPP protect Taiwan's 自由時報sovereignty, democracy and peace

 2015-03-14 11:30
[Correspondent Lixin Fang / Taipei] next year's presidential election, promising outside the ruling Democratic Progressive Party have a chance, DPP Chairman Tsai Ing-wen said today that she assured the DPP central ruling next year if given the opportunity, will be a new political action to achieve people's expectations and do a clean, efficient, capable, willing to take responsibility, so that the people believe the government, while a new political values ​​and goals of the DPP's cross-strait policy to handle.
  • 民進黨主席蔡英文今出席世界台灣人大會與台灣國家聯盟舉辦「海內外台灣國是會議」時表示,她保證,民進黨明年如果有機會中央執政,會以新政治行動實現人民期待,做一個清廉、有效率、有能力、願意負責、讓人民相信的政府,同時要以新的政治價值與目標來處理民進黨的兩岸政策。(記者王藝菘攝)
DPP Chairman Tsai Ing-wen now attend World Taiwanese Congress and the National Alliance of Taiwan organized the "National Affairs Conference in Taiwan and abroad," said the her that the DPP central ruling next year if given the opportunity, will be a new political action to achieve people's expectations, make a clean, efficient, capable, willing to take responsibility, to make the people believe that the government, while a new political values ​​and goals to deal with the DPP's cross-strait policy. (Reporter Wang Yi Siong photo)
Tsai Ing-wen said that she advocated "three advantages, three sticks", the main emphasis, in addition to the maintenance of peace and stability in cross-strait peace and the entire region, we will also continue the development of democracy and freedom in Taiwan, the most important is certainly protect Taiwan's sovereignty and democracy, never let it hurt.
Tsai morning to attend the World Taiwanese Congress and sponsored by the National Alliance of Taiwan "Taiwan country and abroad are meeting," she specifically requested the attendance at home and abroad Taiwanese support the ruling Democratic Progressive Party again next year, received an enthusiastic applause.
Her speech pointed out that the KMT was the ruling party completely, often standing in public opinion in recent years in opposition, with the signing of the negotiated pension reform, the nuclear power plant issue, the two sides of the agreement, did not think the dialogue with Taiwan society, the people did not request seriously, in March last year to embark on the student movement sunflowers, many young street concern the future of Taiwan, interested in social justice, to protest the government's incompetence and irresponsibility of so many young people to participate in public affairs in Taiwan, and in the past is not the same, young people to demonstrate that they are the hope of the future of Taiwan.
Tsai said that the KMT election last election badly Jiuhe Yi, political parties and politicians and public opinion, if violated, the people will be alert to the ballot, people expect the democratic participation, look to the government to propose concrete measures to solve problems faced by society, People look forward to the national leader in the country's future direction clear, to respond to people's expectations, it is necessary to establish a new political culture in Taiwan from now.
She said the new political should be transparent honest, people's participation, "I assure you that the DPP central ruling next year if given the opportunity, will be a new political action to achieve the people's expectations, so clean and efficient, capable, willing to take responsibility, so People believe that the government, while a new political values ​​and goals to deal with the DPP's cross-strait policy. "
Tsai said that although Taiwan's democratization is only 20 years, the people of Taiwan democracy is important not to lose things, democratic values ​​make this link between Taiwan and the world, "Democracy is our best defense mechanism to resolve disputed issues through democratic methods, each discussion to reach a consensus, a common foreign, this is the power of democracy ", in order to make democracy better, more robust, we must carry out constitutional reform.


 ===========================================
  http://news.ltn.com.tw/news/politics/breakingnews/1256672

小英:民進黨執政 保護台灣主權、民主及和自由時報

 2015-03-14  11:30
〔記者李欣芳/台北報導〕明年總統大選,外界看好民進黨有機會執政,民進黨主席蔡英文今天表示,她保證,民進黨明年如果有機會中央執政,會以新政治 行動實現人民期待,做一個清廉、有效率、有能力、願意負責、讓人民相信的政府,同時要以新的政治價值與目標來處理民進黨的兩岸政策。
  • 民進黨主席蔡英文今出席世界台灣人大會與台灣國家聯盟舉辦「海內外台灣國是會議」時表示,她保證,民進黨明年如果有機會中央執政,會以新政治行動實現人民期待,做一個清廉、有效率、有能力、願意負責、讓人民相信的政府,同時要以新的政治價值與目標來處理民進黨的兩岸政策。(記者王藝菘攝)
民進黨主席蔡英文今出席世界台灣人大會與台灣國家聯盟舉辦「海內外台灣國是會議」時表示,她保證,民進黨明年如果有機會中央執政,會以新政治行動實 現人民期待,做一個清廉、有效率、有能力、願意負責、讓人民相信的政府,同時要以新的政治價值與目標來處理民進黨的兩岸政策。(記者王藝菘攝)
蔡英文說,她主張「三個有利、三個堅持」,主要是強調,除了會維持兩岸的和平與整個區域的和平穩定外,也會繼續發展台灣的民主與自由,最重要的是一定會保護台灣的主權與民主,絕不讓它受到傷害。
蔡英文上午出席世界台灣人大會與台灣國家聯盟主辦的「海內外台灣國是會議」,她特別請與會的海內外台灣人,支持民進黨明年重新執政,獲得熱烈掌聲。
她 致詞指出,國民黨是個完全執政的政黨,這幾年往往站在民意的對立面,從年金改革、核四議題、兩岸協議的協商與簽署,都沒想到與台灣社會對話,對人民的要求 也沒重視,去年三月太陽花學運,許多年輕上走上街頭關心台灣前途,關心社會公平正義,抗議政府的無能與不負責任,這麼多年輕人參與台灣公共事務,與過去不 一樣的是,年輕人以行動證明他們是台灣的未來希望。
蔡英文說,去年九合一選舉國民黨選得不好,政黨與政治人物如果違背與民意,人民會以選票警示,人民期待的是民主參與,期待政府提出具體對策來解決社會面對的問題,人民期待國家領導者講清楚未來國家方向,要回應人民的期待,就要從現在開始建立台灣新政治文化。
她表示,新的政治要透明清廉、人民參與,「我向各位保證,民進黨明年如果有機會中央執政,會以新政治行動實現人民期待,做清廉有效率、有能力、願意負責、讓人民相信的政府,同時要以新的政治價值與目標來處理民進黨的兩岸政策」。
蔡英文說,雖然台灣民主化才20幾年,民主是台灣人不能失去的重要東西,民主這個價值讓台灣與世界連結,「民主也是我們最好防衛機制,可透過民主方法解決爭議問題,互相討論產生共識,共同對外,這是民主的力量」,為了讓民主更好,更健全,一定要進行憲政改革。


 ===========================================
 http://news.ltn.com.tw/news/world/breakingnews/1257165

Power officials to work best to prevent 自由時報reporters to see A piece of evidence busy apology

Deputy director of China Gansu Bureau County Council to pay child peeking A longer working time piece is caught by surprise reporters. (Figures extracted from the Chnnnn "Pnnnnle").
 2015-03-14 22:08
[WASHINGTON] China Gansu County Council yesterday, a reporter working time raids on local Department of Transportation, Bureau deputy director longer quite unexpectedly found peek A piece of work time, play games, when a reporter quickly to stop taking pictures of evidence to reporters mitigation, and said they would be corrected in the future he knew was wrong.
Reporters in the day when the raid Gansu County Department of Transportation will be found on the 3rd floor with a total house wears a "deputy director" of the office door ajar, the room is more man sitting in front of computers, preoccupied staring at the computer screen. When the reporter opened the door, the man then use the mouse to turn off the panic Internet page, but attempts to evict reporters outside the room.
Along with unannounced visits to a reporter found another, actually porn title has not been closed on a page, while reporters intend to take pictures of evidence, the man hurried to prevent reporters sorrow and said: "I beg you, spare, I'm sorry I wrong correct me. "In addition, the reporter is found in an external hard drive inside there are three folders containing about more than 200 porn.
And at the bottom of the computer screen, and even men are not closed card game, reporters see the man next to the desk stands a supervisory license, written above the "County Council Deputy Secretary for the Department of Transportation."


 ===================================
  http://news.ltn.com.tw/news/world/breakingnews/1257165

強國官員上班看A片 力阻記者取證忙道歉自由時報

中國甘肅會寧縣交童局的副局長於上班時間偷看A片被突襲記者逮個正著。(圖擷取自中國《人nn網》).
 2015-03-14  22:08
〔本報訊〕昨日中國甘肅會寧縣有記者於當地交通局上班時間進行突襲,竟意外發現該局副局長於上班時間偷看A片、玩遊戲,當記者要拍照取證時連忙阻止並向記者求情,並表示自己知道錯了以後會更正。
當天記者在突襲甘肅會寧縣交通局時,發現3樓有間門牌上掛有「副局長」的辦公室門半掩,房裡更有名男子坐在電腦前,全神貫注的盯著電腦螢幕。當記者推開房門後,該名男子隨即慌張的用滑鼠關掉網路頁面,更試圖將記者趕出房外。
隨同進行暗訪的另1名記者發現,並未被關閉的頁面上竟是色情片名,正當記者打算拍照取證時,該名男子急忙阻止並向記者哀道:「求求你們,高抬貴手,對不起我錯了我改正。」此外,記者更是於外接硬碟中發現有3個資料夾裡頭裝有約200多部的色情片。
而在電腦螢幕的下方,甚至還有男子未關閉的紙牌遊戲,記者見該名男子辦公桌旁邊立有監督牌,上面則寫著「會寧縣交通局副局長」。


 ===========================
 **Please use Google users Great God outstanding translator to translate your country / city language ah ^^-
*請各位用家善用谷歌大神的超卓翻譯器來翻譯你們的國家/都市的語言啊^^-
*국가 / 도시 언어 아 ^^ 번역 Google 사용자 위대한 하나님 뛰어난 번역기를 사용하십시오-
*Se il vous plaît utiliser Google utilisateurs Grand Dieu Traducteur exceptionnelle de traduire votre pays / ville langue ah ^^-
*お住まいの国/都市言語ああ^^を翻訳するGoogleのユーザーグレー​​ト神優れた翻訳者を使用してください -
*Bonvolu uzi Google uzantoj Granda Dio elstara tradukisto traduki via lando / urbo lingvo ah ^^-
**Tuta mondo Urbo / Lando Lauguage**-

 ''Knowledge / Information Without Borders points,
On our knowledge of cognitive moral swastika by non-compliance is the normal way to get very precious,
Also taught the world to understand the network greedy crooks are numerous.
We want to broaden the knowledge to protect their own privacy and how not to be rogue property theft ah!

Apple Daily and Liberty Times, is that we can not see the media tribe.
Conscience and empathy for people who are really small newspapers.
Would like to thank all the hard work and selfless sharers credit virtue,
Tell the world the real news / information is so !!''

Yours sincerely humble as dust Melody.Blog ~

 http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
===========================

''知識/資訊無國界之分,
在卍道德上我們以認知由非可遵正常途徑獲得的知識是很珍貴的,
也教會世人明白網絡貪婪的騙子多不勝數.
我們要增廣知識以保護自已私隱與財產如何不被流氓盜竊啊!

蘋果日報及自由時報已是我們部落不可不看的媒體.
良知與為人者的感同身受報章真的不多.
在此感謝所有無私分享者的辛苦功勞德行,
告訴世人真實的新聞/資訊是如此的!!''

卑微如塵 Melody.Blog誠摯敬上~

 http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
===========================

테두리 포인트없이 지식 / 정보를 '',
부적합에 의한인지 도덕적 만자에 대한 우리의 지식에 매우 귀중한 얻을 수있는 일반적인 방법입니다,
또한 탐욕스러운 사기꾼이 많다 네트워크를 이해하기 위해 세계를 가르쳤다.
우리는 자신의 개인 정보 보호 및 방법하지 악성 재산 도난 아 되실을 보호하기 위해 지식을 확장하고 싶다!

빈과 일보 및 자유 시간, 우리는 미디어 부족을 볼 수 있다는 것입니다.
정말 작은 신문 사람들을위한 양심과 감정 이입.
모든 노력과 헌신적 인 공유자 신용 미덕을 감사드립니다,
실제 뉴스 / 정보 그렇게는 세계에게! '

먼지 Melody.Blog으로 너의 진심으로 겸손 ~

 http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
===========================

''La connaissance / information Sans points frontières,
Sur notre connaissance de croix gammée morale cognitive par le non-respect est la façon normale de faire très précieux,
Également enseigné le monde de comprendre le réseau escrocs avides sont nombreux.
Nous voulons élargir les connaissances nécessaires pour protéger leur propre vie privée et comment ne pas être voyou vol de propriété ah!

Apple Daily et Liberty Times, ce est que nous ne pouvons pas voir la tribu des médias.
De conscience et de l'empathie pour les gens qui sont vraiment petits journaux.
Tient à remercier tout le travail dur et partageurs désintéressés vertu de crédit,
Dites au monde les vraies nouvelles / information est tellement !! ''

Cordialement humble Melody.Blog de poussière ~

 http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
===========================

国境ポイントなし ''知識/情報、
不遵守による認知モラル卍の私たちの知識に非常に貴重な取得するための通常の方法で、
また貪欲詐欺師が多数あるネットワークを理解するために世界を教えてくれました。
当社は、独自のプライバシーとどのようにしない不正な財産の盗難ああすべきを保護するための知識を広げたい!

蘋果日報とリバティタイムズは、我々はメディア部族を見ることができないということです。
本当に小さな新聞である人々のための良心と共感。
すべてのハードワークと無私の共有者の信用徳に感謝したいと思い、
本当のニュース/情報がそうである世界に伝える!! ''

ダストMelody.Blogとして敬具謙虚な〜

 http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html

===========================

''Scio / Informo Sen Limoj punktoj,
Sur nia kono de kognitiva morala swastika de ne-plenumo estas la normala vojo akiri tre altvaloraj,
Ankaŭ instruis la mondo por kompreni la reto avidaj Crooks estas multnombraj.
Ni volas plivastigi la konojn por protekti ilian propran privatecon kaj kiel ne esti fripono proprieto ŝtelo ah!

Apple Daily kaj Liberty Times, estas ke ni ne povas vidi la amaskomunikiloj tribo.
Konscienco kaj empatía al homo kiu estas vere malgrandaj ĵurnaloj.
Ŝatus danki ĉiujn laboremo kaj neprofitema partoprenantoj kredito virto,
Diru al la mondo la veran novaĵon / informojn estas tiel !! ''

Sincere via humila kiel polvo Melody.Blog ~

 http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
===========================



--Update--Share''forum from the clouds net tucao white hat - [wooyun.org/content/18432] - [?! "Hacker," said mobile phone sales site vulnerabilities can spend one yuan in iPhone] - The mainland peoples not work , delusional dream of getting rich of many people, especially, they only move their head --->>delusional lies to the same mainland people in the mainland provinces, the actions of rogue hackers no moral value at all, the mainland more a liar, are they not have education & also lost conscience, how to teach people to believe the mainland people is unscrupulous behavior & not honest ah ??! -
--更新--分享''來自烏雲網白帽子的吐槽論壇- [wooyun.org/content/18432]-[“黑客”稱手機銷售網站有漏洞花1元能中iPhone?!]-大陸不工作,不務正業,妄想發財發夢的人特別多,只動腦袋來陷害---同在大陸的各省市人們,流氓黑客的所作所為沒有道德價値可言,大陸內地騙子多的是,沒教育也失去良知,怎麼能教人們相信大陸人毫無誠信的無良行為啊??!-
--update--Share''forum 구름 그물 tucao 흰색 모자에서 --[wooyun.org/content/18432] - [?! 동일하게 >> 특히, 그들은 단지 그들의 머리 ]---이동 본토 사람들이, 많은 사람들이 부자의, 망상의 꿈을 작동하지 망상 거짓말을 - "해커,"휴대 전화 판매 사이트 취약점] 아이폰 일위안을 보낼 수 있다고 말했다 본토 지방에서 본토 사람, 도덕적 인 가치로 모든 악성 해커의 행동, 더 본토 거짓말 쟁이, 그들은 교육 및도 손실 양심이없는, 본토 사람을 믿는 사람들을 가르 칠하는 방법을 파렴치한 행동 및 정직하지 아입니다 ??! -
--update--Share''forum du nuages ​​Tucao nette chapeau blanc - [wooyun.org/content/18432] - [?! "Hacker", a déclaré vulnérabilités site de vente de téléphonie mobile peuvent passer un yuan dans l'iPhone] -Les peuples du continent ne fonctionnent pas, le rêve délirant de devenir riche de nombreuses personnes, en particulier, ils ne se déplacent que leur tête--->> mensonges délirants à la même les gens continent dans les provinces de la partie continentale, les actions des pirates voyous aucune valeur morale à tous, la partie continentale plus un menteur, sont-ils pas l'éducation et aussi perdu conscience, comment enseigner aux gens à croire que les gens du continent est un comportement peu scrupuleux & ah pas honnêtes ??! -
--update - 雲ネットtucao白い帽子からShare''forum - [wooyun.org/content/18432] - [?!同じに妄想嘘>> ---、本土の人々が動作しない多くの人々の金持ちの妄想夢、特に、彼らが唯一の彼らのヘッドを移動 - 「ハッカー、「携帯電話の販売サイトの脆弱性は] iPhoneで1元を過ごすことができた本土の人々を信じるために人々を教えるためにどのように本土本土の地方の人々、不正なハッカーの行動全く道徳的な価値、本土より嘘つき、彼らは教育&も失わ良心を持っていないが、正直ああ不謹慎な行為であるとしない??! -
--Update - Share''forum el la nuboj net tucao blanka ĉapelo - [wooyun.org/content/18432] - [?! "Hacker" diris poŝtelefono vendoj ejo vulnerabilidades povas elspezi unu juanoj en iPhone] - La ĉeftero popoloj ne funkcias, iluzia revo de iĝi riĉa de multaj homoj, aparte, ili nur movas siajn kapon --- >> iluzia mensogoj al la sama ĉeftero homoj en la ĉeftero provincoj, la agoj de fripono hackers ne morala valoro ĉe ĉiuj, la ĉeftero pli mensoganto, estas ili ne havas edukon & ankaŭ perdis konsciencon, kiel instrui homoj kredi la ĉeftero homoj estas senskrupulaj konduto & ne honesta ah ??! -
-**All The World City/Country Lauguage**-

  http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html
*---By ourlove520.com---Mengyun with a network Technology (Wuhan) Co., Ltd. is a liar-[Article Entry: Anonymous,, Editor: admin,, Updated: 2015-3-14]-&-Data-Hack SQL injection detection [article entry: Anonymous,, editor: admin ,, updated: 2015-3-12]( & this one can see in-Chinaman taobo-http://drops.wooyun.org/tips/5118]-& - BMW vulnerabilities Comments: ancient horses horse knowledge, this hacker escapement BMW [article entry : Anonymous,, editor: admin ,, update Time: 2015-2-11] -
And Apple Daily and Liberty Times reported updated ~
Front of the media is really very important,
So how valuable newspaper without Readings? ~ ^^
---由ourlove520.com---夢雲與網絡技術(武漢)有限公司是一家liar-[文章錄入:匿名,,編輯:管理員,,更新時間:2015年3月14日-&-數據黑客SQL注入檢測[文章录入:佚名,,责任编辑:admin,,更新时间:2015-3-12]-&-寶馬汽車安全漏洞詳解:古有伯樂識良駒,今有黑客擒寶馬[文章錄入:佚名,,責任編輯:admin,,更新時間: 2015-2-11]-
和蘋果日報及自由時報報導的更新~
正面的傳媒真的非常重要,
這麼難能可貴的報社怎可不選讀?~^^
--- By ourlove520.com---Mengyun 네트워크 기술 (무한) (주), (주)는 liar- [: 익명 ,, 편집 : 관리자 ,, 업데이트 : 제 항목은 2015년 3월 14일]이다 - & - 데이터 해킹 SQL 주입 감지 [기사 입력 : 익명 ,, 편집기 : 관리자가 ,, 업데이트 : 2015년 3월 12일] (이 사람이 볼 수있는-중국인 taobo-HTTP : //drops.wooyun.org/tips/5118 ] - & - BMW 댓글 취약점 : 고대 말 말 지식이 해커 이스케이프 BMW [기사 입력 : 익명 ,, 편집기 : 관리자 ,, 업데이트 시간 : 2015년 2월 11일] -
그리고 애플 데일리과 자유 시간은 ~ 업데이트 된보고
미디어의 전면은 정말 중요하다
어떻게 가치있는 신문 읽기없이? ~ ^^
--- En ourlove520.com Mengyun avec un réseau de technologie (Wuhan) Co., Ltd est une liar- [article Entrée: Anonymous ,, éditeur: admin ,, Mise à jour: 14/03/2015] - & - la détection d'injection de données SQL-Hack [article entrée: Anonymous ,, éditeur: admin ,, mise à jour: 12/03/2015] (et celui-ci peut voir en Chinois taobo-http: //drops.wooyun.org/tips/5118 ] - & - BMW vulnérabilités Commentaires: chevaux anciens cheval connaissance, ce pirate échappement BMW [article entrée: Anonymous ,, éditeur: admin ,, Mettre à jour: 11/02/2015] -
Et Apple Daily et Liberty Times déclaré jour ~
Devant les médias est vraiment très important,
Alors, comment précieux journal sans lectures? ~ ^^
---ourlove520.comでは---ネットワーク技術とMengyun(武漢)有限公司はliar-ある[記事エントリ:匿名,,編集者:管理者,,更新日:2015年3月14日] - & - DATA-ハックSQLインジェクション検出[記事エントリ:匿名,,編集者:管理者は,,更新日:2015年3月12日](&この1つは見ることができ、イン中国人taobo-HTTP://drops.wooyun.org/tips/5118 ] - & - BMWはコメント脆弱性:古代の馬の馬の知識を、このハッカーの脱進機BMW [記事エントリ:匿名,,編集者:管理,,更新時間:2015年2月11日] -
そして、蘋果日報とリバティ·タイムズが更新報告〜
メディアの前には、実際には非常に重要です
それでは、どの貴重な新聞読みなし? 〜^^
---Per ourlove520.com --- Mengyun kun reto Teknologio (Wuhan) Co., Ltd. estas liar- [Artikolo Entry: Anonima ,, Redaktoro: Admin ,, Ĝisdatigita: 2015-3-14] - & - Datumoj-Hack SQL injekto detekto [artikolo Entry: Anonima ,, redaktoro: Admin ,, ĝisdatigis: 2015-3-12] (& ĉi oni povas vidi en-ĉino taobo-http: //drops.wooyun.org/tips/5118 ] - & - BMW vulnerabilidades Komentoj: antikvaj ĉevaloj ĉevalo scio, tiu hacker escapement BMW [artikolo Entry: Anonima ,, redaktoro: Admin ,, ĝisdatigo Tempo: 2015-2-11] -
Kaj Apple Daily kaj Liberty Times raportis ĝisdatigita ~
Fronto de la komunikiloj estas vere tre gravaj,
Do kiel valora ĵurnalon sen Legadoj? ~ ^^
**All The World City/Country Lauguage**-
 http://melody-free-shaing.blogspot.com/2015/03/by-ourlove520com-mengyun-with-network.html

 ===Melody.Blog===FOLLOW===>/

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!







沒有留言:

張貼留言

window.___gcfg = {
lang: 'zh-CN',
parsetags: 'onload'
};