Cansecwest security conference closed and almost became the home of China
mob604757044d68 2021-07-20 04:44:32
One of the most influential information security conferences in North America CanSecWest 2016 It ended two hours ago in Vancouver, Canada , The Chinese hacker Corps is in addition to Pwn2Own In the cracking contest , The award for the 28.5 In addition to the $10000 bonus , And they have broken through Chrome browser 、Adobe Flash Player And Microsoft Edge browser , among 360Vulcan The team broke the most difficult project in the competition among all the participating teams Chrome, Two years in a row to conquer the most difficult project of the competition , And the security team sent by Tencent Sniper It's even more Crack master Laurel .
Besides , In this year's CanSecWest Global information security 20 One of the cutting-edge technology issues , among 4 One issue comes from 360 Security team , It's one-fifth of the agenda .

360
《 Virtual device simulation test technology 》
《Docker Virtual machine escape of platform 》《 Take care of it with a loophole Nexus equipment 》《 High and low frequency radio attack and defense 》
tencent
《 Sandbox escape with the generous help of security software 》《 Don't believe your eyes : Apple graphics has been invaded !》
In his speech, ,360 Marvel Team person in charge Tang Qinghao   This paper introduces the relevant experience of mining the security vulnerability of cloud system , And how to use semi-automatic tools to quickly mine security vulnerabilities . The other two topics on Cloud Security virtualization are ,Docker Platform and KVM-QEMU Virtual machine escape in environment . according to the understanding of , Domestic speed cloud 、 Lingqueyun is in use docker Provide cloud services , and KVM-QEMU It's a public cloud provider all over the world , For Amazon cloud 、 Alibaba cloud and other cloud computing service providers provide virtualization solutions .
 picture
Tang Qinghao

After the meeting , Tang Qinghao   In an interview with Safe cattle Of Remote interview In the said :
“ The same security team 3 Big cloud computing security issues were selected simultaneously Cansecwest, This is the first time in the history of the Congress , In fact, this is closely related to the current hot cloud computing security issues .”
“ If we talk about the power gap between China and the United States , In fact, in some areas, the level of Chinese security experts has surpassed that of Europe and the United States , But there is still something we need to learn from abroad in the research of security technology , For example, when it comes to national security 、 Related areas of enterprise security , Their research direction is very pragmatic , And there are also some valuable results . For example, this time CSW 2016 On , In my submission Execute My Packet (Exodus of Shells from a Firewall) This issue is very valuable , The speaker has a very detailed explanation from the exploitation of loopholes to the exploitation of loopholes , As an audience , This topic is very enlightening to me .”
In addition to the above three cloud computing security issues , 360 Unicorn Team  The issue of radio security 《 High and low frequency radio attack and defense Kit 》, This paper explains how to prevent hackers from copying bank cards to steal information . The value of this offensive and defensive technology is “ miniaturization ” and “ The signal goes back wirelessly ”, The disadvantage of the previous version of the card reader is that it takes two seconds to read data , Also improved in the new version ; And added Zigbee After the module , Information can be transmitted more than ten meters away , Concealment is also greatly increased .
in addition to ,360 Unicorn Team It also showed on the spot that it has its own research and development “ Jamming prevention ”, And the basic technical principle of this defense medium is analyzed on the platform .
Why? Pwn2Own There are no European and American hackers
led  360 Vulcan Team  Take Google Chrome Browser's   Zheng Wenbin (MJ)  Express :
“ Through this conference , We can see that China's network security attack and defense level in some areas has surpassed that of European and American countries , for instance , The most famous international security conference in recent years , such as Black Hat、Defcon、CansecWest etc. , Almost all of them have become the home of the Chinese people . In addition, at the top international security challenge , It is also dominated by Chinese players .”


“ It has been reported that the Wassenaar agreement may have caused European and American players not to compete , But it's not . With Pwn2own For example , The competition is held in Canada , Canada itself is a treaty country , Besides, both the treaty countries ( South Korea ), Or non treaty countries ( China ) There's people coming in , This shows that the Wassenaar system is not the reason for restricting European and American players to participate in such competitions at all .
Another example , The Wassenaar system passed the loophole limit last year , And last year Pwn2own In the competition , There are still European players participating in some low difficulty Events ,Firefox、Pdf etc. .
The real reason It's because these games are very difficult at the moment , Only Asian players with the world's top strength in this field can successfully challenge . from 2013 Year begins , No more European and American players can break through Chrome Browser .”


Please bring the original link to reprint ,thank
Similar articles

2021-07-20

2021-07-20

2021-07-20