2 on 1 7-day Alipay the balance of treasure once again broke a major security vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201442557
Type myhack58
Reporter 佚名
Modified 2014-02-27T00:00:00


Internet Security Alert on the platform a titled Taobao certification defects can login any Taobao account and Alipay me of the balance of treasure sprinkle of Vulnerability in one shot, one time each BBS, Weibo, wechat, QQ group to expand the fiery discussion, many people expressed concern about their own PayPal is safe? Some white/black hat is even more concerned about the vulnerability details and an exploit.

First to answer everyone's concernsthe network payment is also secure?it?

Of course, today can see just a vulnerability in advance of exposure in everyone eyes, as to whether the payment security, I think this need a service provider company and the user jointly to the casting, unilateral security is always no. Password for all is a weak password, 1 2 3 4 5 6, the iloveyou123, the qq123123 account, how are you the Guardian of his safety? The system hit a good patch, don't on a small site download mess application, first ensure that their computer as well as security awareness is not so low, the rest of the security to the service provider to do it! Fortunately, in recent years, domestic manufacturers of security awareness has improved.

This problem just network security vulnerabilities in the world of the tip of the iceberg, why is everyone so concerned about this issue, a lot of friends and even private letter, SMS me to ask this question?

In fact, it is also very simple, because the problem is a threat to his personal property. Domestic Internet users Safety awareness generally low today, you do not come up with points can be a threat to their money interests of the things they are not afraid of, such as his forums password breach? Notice he said:“you a forum password leak, modify about it”he will be very indifferent to tell you:“leak it leak it, anyway didn't what things, it is not to re-register a”

The vulnerability details? Threat exactly?

2014-02-1 7 PM 1 4:2 0 Tick platform on broke this vulnerability, as of 1 6:0 0 has been fixed, of course we don't know of this vulnerability may exist and be utilized for a long time, said earlier, just surfaced of a corner.

1 4:2 5 minutes when I received a letter from here let's call“L”The message supplied to the I vulnerability details, saying the vulnerability was fixed so I brought it look at, after reading what Jiao footer a shock.

The message content only one sentence:site: http://login. taobao. com inurl:login_by_safe, about wy. L

But is such a word, presumably is what white/black hat is the stuff of dreams, and now the vulnerability has been Fix, of course this article is full I made, not too concerned.

The end of the day, the user how to ensure your payment security?

1, Open the SMS verification code to pay

2, a mobile payment while the open gesture paid

3, binding of digital certificates

4, does not link strange Wifi

5, The use of complex passwords, important websites use a separate password

6, There is no necessary phone do not jailbreak or Root

Security is a whole, a single line of security doomed to insecurity, which requires service providers with our common sense of security.