Besides , In this year's CanSecWest Global information security 20 One of the cutting-edge technology issues , among 4 One issue comes from 360 Security team , It's one-fifth of the agenda .
《 Virtual device simulation test technology 》
《Docker Virtual machine escape of platform 》《 Take care of it with a loophole Nexus equipment 》《 High and low frequency radio attack and defense 》
《 Sandbox escape with the generous help of security software 》《 Don't believe your eyes ： Apple graphics has been invaded ！》
In his speech, ,360 Marvel Team person in charge Tang Qinghao This paper introduces the relevant experience of mining the security vulnerability of cloud system , And how to use semi-automatic tools to quickly mine security vulnerabilities . The other two topics on Cloud Security virtualization are ,Docker Platform and KVM-QEMU Virtual machine escape in environment . according to the understanding of , Domestic speed cloud 、 Lingqueyun is in use docker Provide cloud services , and KVM-QEMU It's a public cloud provider all over the world , For Amazon cloud 、 Alibaba cloud and other cloud computing service providers provide virtualization solutions .
After the meeting , Tang Qinghao In an interview with Safe cattle Of Remote interview In the said ：
“ The same security team 3 Big cloud computing security issues were selected simultaneously Cansecwest, This is the first time in the history of the Congress , In fact, this is closely related to the current hot cloud computing security issues .”
“ If we talk about the power gap between China and the United States , In fact, in some areas, the level of Chinese security experts has surpassed that of Europe and the United States , But there is still something we need to learn from abroad in the research of security technology , For example, when it comes to national security 、 Related areas of enterprise security , Their research direction is very pragmatic , And there are also some valuable results . For example, this time CSW 2016 On , In my submission Execute My Packet (Exodus of Shells from a Firewall) This issue is very valuable , The speaker has a very detailed explanation from the exploitation of loopholes to the exploitation of loopholes , As an audience , This topic is very enlightening to me .”
In addition to the above three cloud computing security issues , 360 Unicorn Team The issue of radio security 《 High and low frequency radio attack and defense Kit 》, This paper explains how to prevent hackers from copying bank cards to steal information . The value of this offensive and defensive technology is “ miniaturization ” and “ The signal goes back wirelessly ”, The disadvantage of the previous version of the card reader is that it takes two seconds to read data , Also improved in the new version ; And added Zigbee After the module , Information can be transmitted more than ten meters away , Concealment is also greatly increased .
in addition to ,360 Unicorn Team It also showed on the spot that it has its own research and development “ Jamming prevention ”, And the basic technical principle of this defense medium is analyzed on the platform .
Why? Pwn2Own There are no European and American hackers ？
led 360 Vulcan Team Take Google Chrome Browser's Zheng Wenbin (MJ) Express ：
“ Through this conference , We can see that China's network security attack and defense level in some areas has surpassed that of European and American countries , for instance , The most famous international security conference in recent years , such as Black Hat、Defcon、CansecWest etc. , Almost all of them have become the home of the Chinese people . In addition, at the top international security challenge , It is also dominated by Chinese players .”
“ It has been reported that the Wassenaar agreement may have caused European and American players not to compete , But it's not . With Pwn2own For example , The competition is held in Canada , Canada itself is a treaty country , Besides, both the treaty countries （ South Korea ）, Or non treaty countries （ China ） There's people coming in , This shows that the Wassenaar system is not the reason for restricting European and American players to participate in such competitions at all .
Another example , The Wassenaar system passed the loophole limit last year , And last year Pwn2own In the competition , There are still European players participating in some low difficulty Events ,Firefox、Pdf etc. .
The real reason It's because these games are very difficult at the moment , Only Asian players with the world's top strength in this field can successfully challenge . from 2013 Year begins , No more European and American players can break through Chrome Browser .”