Chinese hackers Blog

The so-called loophole different from the traditional design software vulnerabilities, through patch updates. Design loopholes usually appear on the site design stage, such as how to provide security functions.

Here classified the five loopholes in the design, for example, some Web sites that users to have a different domain name a new page to remind users not, it allows users to not know whether this new page trusted; Some sites will require Users log in from a non-secure Web site to the safety, so that hackers can take advantage of organic, because hackers can modify non-secure web page, go to the login page of insecurity on the page.

Some sites will be safety recommendations or contact information posted on the website of the non-security, hackers can often unsafe counterfeit these pages and provide various recommendations and contact information; some Web sites used by the user’s personal information on the policies not enough Sound, for example, allows users to set a short password or by e-mail account as the use of account; The study also considered the financial institutions to make use of email passwords is dangerous, because not many users have e-mail security.

Some sites in insecure login page to provide functional, some contacts and other corporate information is published in the pages of insecurity, and some sites allow users to set up e-mail account for the use of account, only a handful of Site no loopholes in the design.