- Jul 1, 2014
- 298
The following reports have been published on Qihoo and data security.
What is your opinion?
("fighting with Hofuna Ko publicly accused Internet security software company Qihoo 360 security products to steal the user privacy. This caused Internet users and experts generally pay close attention to.
After the Analysys International organized network security forum, security expert Li Tiejun gives the so-called " 360 compasses collect and resulted in at least 1410000 user privacy compromised " evidence, these leaked information contains a large number of Taobao customer orders and contact way, individual account and password, the enterprise network records and financial data, and government classified information.
source:http://www.4000076788.com/en/news.asp?newsid=182 ")
( "Finish the initial installation of 360 Secure Browser v5.0.8.7 and operate it, and
we can see the expansion use of 360 default installation (Figure 2) in “360 Expansion
Center” and “My Expansion”. According to the description of public letter of @独立
调查员, the expansion applications installed in %AppData%\360se\Apps of Windows
XP System, backup AppsLocal.ver file under this path, in accordance with the file
name and contents, we can infer that the type of the expansion, version and the
download address of the corresponding server for this file is the browser of the local
users,
Delete all the extended application in “My Expansion”, reopen the AppsLocal.ver
file, there is only configuration information about ExtSmartWiz.dll (Figure 3),
compare with the backup of AppsLocal.ver, we find that ExtSmartWiz.dll is not the
expansion application of 360 Secure Browser.. "
source:http://www.valleytalk.org/wp-content/up ... r-v1.4.pdf ")
“Daily Economic News” reporter in the the Shenzhen mangrove independent investigators conducted a live demonstration. He specially 360 security browser installed on their own computers, and open network communications monitoring tools, you can see 360 security browser in their computer after the stage like a worker bee, always kept busy.(
Then, independent investigators to open IE, Tencent, cheetah, chrome browser, a browser is very quiet, no action.
Through the back door, 360 browser can monitor user computer operating process to 360 cloud security center making the request, the 360 cloud backdoor service system, upon request, given the appropriate DLL that windows executable program library. This DLL by the the 360 browser back door directly into the user’s windows system.
At this point, the DLL exceedingly amazing, it even has control of the browser from user windows system can do things, including but not limited to:
Get the user’s files and upload to the cloud;
Read and write, add and delete user files;
Monitor user communications;
Change windows system registry, or important to set parameters;
Quietly uninstall the competitors’ products, and so on.
The same time, the DLL can also be through the back door, directly on the Internet issued a directive, including, but not limited to: Mitbbs.com
In his opinion, the 360 that the back door every five minutes to find 360 server to download a DLL and loaded for execution, but it is a back door, hidden first, so the DLL in any case does not show up, there is no pop-up dialogue window or message box therefore need to give it to simulate a test environment.
“Erected in the local DNS service, hijacked 360.cn the DNS to my machine disguised as a 360 server, then that injection browser DLL I freely control it?” Independent investigators by knitting DLL one as long as it is loaded for execution as soon as a pop-up message box, to take write your own DLL injection to 360 browser, 360 browser backdoor mechanism which allows running fully visible.
In this way, the browser really as expected, independent investigators wrote in a DLL inside the message box to pop.
“Captured alive!” From October 29 last year, the open letter to the November 5 reverse engineering analysis, before and after only six days (only in his spare time).
A minor detail, independent investigators in order to allow more users to know 360 hidden backdoor facts, but also the results of its investigation by 65 minutes of uninterrupted video full webcast. To ensure that the video content is truly 65 minutes of uninterrupted, splicing, In fact, he spent more than four hours again and again realistic demo until disposable completed, has truly accomplish this forensic work."
source:http://tvcric.com/2013/02/26/360-black- ... at-secret/")
What is your opinion?
("fighting with Hofuna Ko publicly accused Internet security software company Qihoo 360 security products to steal the user privacy. This caused Internet users and experts generally pay close attention to.
After the Analysys International organized network security forum, security expert Li Tiejun gives the so-called " 360 compasses collect and resulted in at least 1410000 user privacy compromised " evidence, these leaked information contains a large number of Taobao customer orders and contact way, individual account and password, the enterprise network records and financial data, and government classified information.
source:http://www.4000076788.com/en/news.asp?newsid=182 ")
( "Finish the initial installation of 360 Secure Browser v5.0.8.7 and operate it, and
we can see the expansion use of 360 default installation (Figure 2) in “360 Expansion
Center” and “My Expansion”. According to the description of public letter of @独立
调查员, the expansion applications installed in %AppData%\360se\Apps of Windows
XP System, backup AppsLocal.ver file under this path, in accordance with the file
name and contents, we can infer that the type of the expansion, version and the
download address of the corresponding server for this file is the browser of the local
users,
Delete all the extended application in “My Expansion”, reopen the AppsLocal.ver
file, there is only configuration information about ExtSmartWiz.dll (Figure 3),
compare with the backup of AppsLocal.ver, we find that ExtSmartWiz.dll is not the
expansion application of 360 Secure Browser.. "
source:http://www.valleytalk.org/wp-content/up ... r-v1.4.pdf ")
“Daily Economic News” reporter in the the Shenzhen mangrove independent investigators conducted a live demonstration. He specially 360 security browser installed on their own computers, and open network communications monitoring tools, you can see 360 security browser in their computer after the stage like a worker bee, always kept busy.(
Then, independent investigators to open IE, Tencent, cheetah, chrome browser, a browser is very quiet, no action.
Through the back door, 360 browser can monitor user computer operating process to 360 cloud security center making the request, the 360 cloud backdoor service system, upon request, given the appropriate DLL that windows executable program library. This DLL by the the 360 browser back door directly into the user’s windows system.
At this point, the DLL exceedingly amazing, it even has control of the browser from user windows system can do things, including but not limited to:
Get the user’s files and upload to the cloud;
Read and write, add and delete user files;
Monitor user communications;
Change windows system registry, or important to set parameters;
Quietly uninstall the competitors’ products, and so on.
The same time, the DLL can also be through the back door, directly on the Internet issued a directive, including, but not limited to: Mitbbs.com
In his opinion, the 360 that the back door every five minutes to find 360 server to download a DLL and loaded for execution, but it is a back door, hidden first, so the DLL in any case does not show up, there is no pop-up dialogue window or message box therefore need to give it to simulate a test environment.
“Erected in the local DNS service, hijacked 360.cn the DNS to my machine disguised as a 360 server, then that injection browser DLL I freely control it?” Independent investigators by knitting DLL one as long as it is loaded for execution as soon as a pop-up message box, to take write your own DLL injection to 360 browser, 360 browser backdoor mechanism which allows running fully visible.
In this way, the browser really as expected, independent investigators wrote in a DLL inside the message box to pop.
“Captured alive!” From October 29 last year, the open letter to the November 5 reverse engineering analysis, before and after only six days (only in his spare time).
A minor detail, independent investigators in order to allow more users to know 360 hidden backdoor facts, but also the results of its investigation by 65 minutes of uninterrupted video full webcast. To ensure that the video content is truly 65 minutes of uninterrupted, splicing, In fact, he spent more than four hours again and again realistic demo until disposable completed, has truly accomplish this forensic work."
source:http://tvcric.com/2013/02/26/360-black- ... at-secret/")
Last edited:
