A vulnerability report of the ancestors: a large number of 12306 users in the Internet, including user accounts, plain text passwords, ID card mailbox, etc. (unknown of leakage), but interpretation of a vulnerability report that has not yet public details It is very unreliable. This thing 12306 has been informed, and the black cloud also provides evidence of the white hat discovery, so what is the situation of the official final reply together, and do not guess or even misleading. Since this vulnerability has not been publicly disclosed and officially handled, I dont talk about it today, talk about more 13W account sensitive data for two days. Once this data, this data immediately led to various institutions and media follow-up, quickly launched “reliable” analysis, or known than reliable “reliable” news … When each family is eager to make a sound, dark clouds The white hat is still silently looking for clues, maximizing the scope of the impact, looks at the harvest together: First, the most original file name of this 13W data should be sauce: Why still after-sales group? It is difficult to provide update and not Satisfied with the return service? But no matter what, this group number is a very critical clue, so our white hat is disguised into buyers. I really contacted a seller in the group (the quantity is too huge, I cant verify the authenticity, so blur Handling) This person directly throws 7 data, and the format is consistent with the 13W spread on the Internet, but only one of the other people who have no overbar of the 13W data cannot be found. It seems that the integrity of the 13W data is full of doubts. Well, the mouth is very strict (the most valuable hacker acquisition method to fail, so you cant conclusively, the white hat thinks, it is better to take some data with yourself with your own users, and look at the combination and authenticity. Results These data were not found in 13W data (and can be logged in to 12306 after testing 12306) How much is the data we dont know? Wushujuns knowledge is a afternoon. . . Unfortunately, this point of time is just over the report of the outside media. The seller seems to be smelling the danger suddenly disappearing, no longer seeing, I dont see it (today I found that QQ data is also emptied, thank you for the media! Thank xxtv !!) Finally, Wu Yunjun will provide these 13W data provided outside the white hat. Sensitive data is again supplied to 12306 (because of this critical difference data, it will help the official positioning log in the key clues in the log. Whoever gets the first time, which people may bought it!At the same time, Wu Yunjun also hopes that users do not have users in the 13W data, and try to change the password aspect. How many of our passwords have been leaked and traded, this no one can say it clear. I am afraid that the Wu Yunjun will play a play, so I left these users to log in to the account of HASH to prevent meaningless dramatic, and I am interested in the Yellow surname Friends can log in to the account on MD5. In case of these proof data. 52756d1668dd14c1e33a63621477c5840f8d1248c84d20aad702128ae971b276a3e6e52a651199a9c6b711bd3a14492851db1240829c66ee23ad55b9a5fec1d1becd24f6163450e4cc701287f0b2a70c4076fb754d18fadba7110ab4f2263a97e9608120662cfaf91fd25c046439cf3d => this is the only repeat comparing 13W login name 6425d54303515197442050bf0437d47e0f7e29afa557dc52521d1aa5c218a16577238d3221eaeae50fb1d8ec29ad253cf24095592060f77f833a045308106bd668f7b000cbf818b0043a72e22eee4215d1755335f4197cd587102d6323b184b765c946fe68b6c2e7aa43c0ece1343a2f04e55fb5a707d157c59c84f699daf007cefa8782f7d544c8f3b0c112d1898454cb218a652e29ee22ad64dd ** 85071709b4b2fe87df032d1e7d3861a96e0aa7839dd044cd6e38d31670 ** f321fa3b4ad5211 ** 27264346a7c2c3edd68a19829d59ceab1e1BDA8334BD33EAF60965D831DC908B6680C56FEC6749AA08070D2DE8A About this 13W data, many institutional organizations are talking about hitting libraries, where information is not clear. However, the black hat has a white hat to give some analysis, for reference only (these have been leaked and flowing for many years of data power is not ah) 13W data folk analysis, believes that the official can check the official The original origin of the event and give the user a satisfactory answer. This event we saw the official positive response, and saw the users vigilance and saw the level of the black production on the 12306 account data. If you can pay more about your account safely (alter password, give up existing password, because the leaks may be mastered), the company monitors re-powers some (if it is a hit, so many data cannot be If you hit the quiet, you will always have this thing. Safe can not always rely on fire, but also to accumulate. Finally, Wu Yunjun is giving you all the information points whiskers for everyone, respectively,: 1) 12306 official security awareness for 12306 official security awareness, everyone from Wu Yun Historical report self-experience manufacturers information _ China Railways Science The list of vulnerabilities in the research institute actually this 12306 response and means is timely, according to Weibo users, many leaks are quickly locked. But no matter who is responsible, this wave data is obviously targeted at the 12306 ticket purchase platform. I hope that the official survey is that even if it is inconvenient to openly affected the user, at least give the user a reminder or mandatory password change, they are the largest victim needs protection. Finally, if the official does have an account interface vulnerability that can hit the library, it is also desirable to tell if it is discovered and processed, and you can continue to hit the library theft user data. Here is a slot to spit: After you know the leak, the first idea of ??Wu Yunjun is also a password, then delete the identity card information saved in the account, which will be filled in the future. The results found that 12306 is not! Yun! Xu! Delete! It seems that the document takes a period of time after the account is allowed to delete, and if my data does not let me delete … But can I do clearly show (Internet company It is very good, sensitive information has an asterisk protection) 2) Third-party grabbing leaks in this leakage incidentBefore, Wu Yunjun is also thinking, will these third-party ticketing agencies will record our information under the premise of not inform us? Really not too dare. As a result, in the first two days, a vulnerability report seems to confirm that this suspected UC browser functional plug-in “grabbing help” is not properly designed to lead to privacy information leaks such as tickets / ID cards (vulnerabilities are currently repaired). The vulnerability does not record the users plain text password, so it has nothing to do with this leak, but it is indeed the alarm of the third party to grab the ticket. It is not the official platform to limit too much, no one will abandon regular channels to choose a third-party ticketing platform, so since we have chosen, we must have a trust of users! 3) The principle of hit the library does not mention, many media Understand, it is a bit like old monk. The hit the library attacks in the wind turbulent fire of the domestic and foreign cavity, and a flourishing phase. Whenever some companies have been dragged, the influence is not just its own, but also indirectly threaten these users to serve in other companies! So the influence and responsibility of the hit library have not been clear, no one admits. Nowadays, the information, password, mobile phone, ID card, address, friend relationship, etc. can be leaked … Look at Weibo some users have been used to identity information, but such information is the core of certain security mechanisms Part, this is not a good thing to be vigilant. I hope that Internet companies will work together with Multi-party agencies to investigate the resident responsible party, and they pay attention to user information security, dont work hard on your mouth. And the leaks such as accounts need to make victims, and do a good prevention in advance. But this is possible? Is this impossible ?? This, maybe … this article
re being loudll choose a more desirable behavior.s shy the first time you meet them there are a couple of things you can do to help bring them out of it: Ask a Simple Question That Requires an Opinion If you’If they’t avoid assumptions and approach the situation with a level head, you’You make that happen by forcing them to deal with authorities every time they break the rulest know they’You need to change that reality and make it the less convenient option.Most people will open up if you’ll make the time go by a lot fasterThis way you’For example, if you just want a recipe without the commentary around it, you can click the Print Friendly button in your toolbar to get an editable version of the page where you can strip out any photos you don’re awkward.