What's new

Flight info screens at Vietnam’s 2 major airports hacked

@Sinopakfriend Thanks man. Though u are now living in EU, your hometown's achievement is always brilliant, a huge success of Jiangsu Province! Keep safe in EU!

@cnleio I'll be traveling to Shenzhen soon. Could you give me your email or wechat or other way of contacting? My QQ failed, kind of hijacked. i have something to ask about Shenzhen! Thanks man bro.
 
@Sinopakfriend Thanks man. Though u are now living in EU, your hometown's achievement is always brilliant, a huge success of Jiangsu Province! Keep safe in EU!

@cnleio I'll be traveling to Shenzhen soon. Could you give me your email or wechat or other way of contacting? My QQ failed, kind of hijacked. i have something to ask about Shenzhen! Thanks man bro.

Bless you, my dear brother!

Make tons of photos...of the old houses if you have time. Also, if you have time..then the countryside as well. I just love the countryside. Love those ancient villages.

Sadly, EU is changing not for good. A couple of years ago it was very different. You could just sit outside in the old jewish quarter in Paris, drink your wine and see life go by...carefree. Not anymore. Same in Germany and Benelux.

There is this unspoken fear now... we as family avoid big gatherings. Now the family discussion is about emigrating out of EU. Not that easy with family...but who knows. I still dream of the old courtyard house with rock garden!

Perhaps that is why I began posting here...

There is only one place in Asia where we as a family would love to live. You know where!!

Do not forget to make the most beautiful picture!

Enjoy yourself! You lucky man.
 
Bless you, my dear brother!

Make tons of photos...of the old houses if you have time. Also, if you have time..then the countryside as well. I just love the countryside. Love those ancient villages.

Sadly, EU is changing not for good. A couple of years ago it was very different. You could just sit outside in the old jewish quarter in Paris, drink your wine and see life go by...carefree. Not anymore. Same in Germany and Benelux.

There is this unspoken fear now... we as family avoid big gatherings. Now the family discussion is about emigrating out of EU. Not that easy with family...but who knows. I still dream of the old courtyard house with rock garden!

Perhaps that is why I began posting here...

There is only one place in Asia where we as a family would love to live. You know where!!

Do not forget to make the most beautiful picture!

Enjoy yourself! You lucky man.
Do you still have any families in Nanjing?
 
Thank you, my brother. You are kind.

Internet forums are well internet forums.

I don't know this person which @Jlaw and one or two posters think of me being.

I already asked @waz to check my IP to confirm my ID to these posters. He did.

@waz , old man, yes, we are here again...if you could please, once again state the fact to these good people.

After your confirmation I will leave these brilliant minds to their devices... I bid this lot goodluck!

But then kindly, old man, some candy must be alloted to false witness...don't you think?

Love of China is one thing...Self Respect is another.

China is NOT a developed country yet. So let us all be Humble.

@AndrewJin @TaiShang @Kiss_of_the_Dragon @Shotgunner51 @Chinese-Dragon you all are good lads! I dont live in Asia. I live in Europe, all my life.

Confirmed mate, you have our backing.
 
Internet users warned about threat of malicious codes

The Vietnam Computer Emergency Response Team (VNCERT), under the information and communications ministry, on August 4, issued a warning about three domains containing malicious codes.
madoc50441123PM.jpg



The alert came following analysis of some malicious code samples received by members of the response team during recent cyber-attacks.

The three dangerous domains are playball.ddns.info, nvedia.ddns.ino and air.dcsvn.org.
Such malicious codes are capable of stealing data and destroying the systems, Nguyen Khac Lich, deputy director of the VNCERT, said.

The VNCERT has requested units specialising in information technology in ministries and agencies, the department of information and technology in localities, and financial and banking organisations to monitor and delete files containing malicious codes to prevent similar attacks.
Instructions on how malicious codes should be handled can be viewed on the VNCERT website www.vncert.gov.vn.

Chinese hackers on July 29 carried out several cyber-attacks on Noi Bai and Tan Son Nhat airports’ websites and the official website of Vietnam Airlines.

The Civil Aviation Authority of Vietnam (CAAV) said the attacks interrupted the airports’ check-in systems, resulting in check-in procedures being handled manually.

The attacks affected more than 100 flights, with dozens of them being delayed. However, flight operations and security systems at the airports remained unharmed, it said.

At a press conference on August 2, Minister of Information and Communications Truong Minh Tuan said Internet users should not click on strange codes to prevent the computer and network from getting infected with malicious viruses.

He also warned the users against provoking hackers to avoid unexpected responses.

VNS
 
I don't know the motivation of the attack, but I know for sure, Huawei and ZTE would suffer some sharp reduction in sale to Vietnam.
 
You don't have any proof that China did but false accusation, maybe it was Vietnam itself made an hacking plot and blame on China.:disagree:

If you read my post carefully, you'll see, I didn't state that did by China.
 
If you read my post carefully, you'll see, I didn't state that did by China.

Read your statement at post #69 over again, you didn't explicitly said China but you insinuated that it was China was behind this hacking so Huawei and ZTE would suffer some sharp reduction in sale to Vietnam. Don't try to play the wording game with me.
 
Read your statement at post #69 over again, you didn't explicitly said China but you insinuated that it was China was behind this hacking so Huawei and ZTE would suffer some sharp reduction in sale to Vietnam. Don't try to play the wording game with me.

ok. there's a misunderstanding.
The reduction of sale as mentioned would be on the preventive act.
just like this
Huawei banned in the United States
 
ok. there's a misunderstanding.
The reduction of sale as mentioned would be on the preventive act.
just like this
Huawei banned in the United States

how about our cell phone and other electronic chips that we sold to Vietnam? don't you guys not afraid that we implant a backdoor virus as well? And Vietnam is not US, try to ban our product and you will welcome our retaliation as well...if we don't sell components that your manufacturing plant need, you will be in big trouble.
 
how about our cell phone and other electronic chips that we sold to Vietnam? don't you guys not afraid that we implant a backdoor virus as well? And Vietnam is not US, try to ban our product and you will welcome our retaliation as well...if we don't sell components that your manufacturing plant need, you will be in big trouble.

Similar but not a ban, my friend. As my word "sharp reduction in sale"
 
What are the risks of buying Chinese IT?

There are four commonly mentioned threats associated with buying goods from Chinese companies such as Huawei, ranging from the imagined and unlikely to clear and serious business risks.

1) The Magic Kill Packet: Straight out of a Hollywood summer blockbuster, the Magic Kill Packet threat is that someone, somewhere, can cause network equipment to shut down by sending some special combination of ones and zeros. This magic kill packet would be sent during a real-world cyberwar involving China and, one supposes, everyone who bought Huawei equipment. (Huawei’s domestic sales represent about one-third of its total revenues.) While the idea of a Magic Kill Packet (and similar ticking time bomb threats) doesn’t hold up to any serious analysis, it makes for good chatter in the blogosphere. Security and network managers who have to calm anxious senior managers can point out that the control plane for enterprise routers is always separate and firewalled from the data plane, so to inflict the Magic Kill Packet, an attacker would already have to have cracked into the network. And such a packet at the data plane would also be nearly impossible to inject, given the heavy use of access control lists, firewalls and NAT in enterprises. Even then, there’s no way a Magic Kill Packet could shut down an entire network, because each individual device would have to be carefully targeted with a specifically engineered strategy to deliver the payload.

2) Intentionally bad software: This threat suggests that Chinese-manufactured devices have hidden back doors that would allow an attacker to gain special access. One example is a master password that allows an attacker to log into the device as an administrator at any time. For example, in 2003, Dave Tarbatt discovered that most manageable UPS backup devices made by American Power Conversion Corp. (APC) could be accessed with a secret factory default password, intentionally placed there by the APC. (Of course, the “A” in “APC” stands for “American,” so this isn’t just a Chinese issue.)

If we all stopped buying from every vendor that has had security flaws in its products, we’d have a hard time moving beyond pencil and paper.
A more complicated version of the Intentionally Bad Software threat applicable to a Chinese vendor might include a hidden intentional bug that would allow an attacker access through some other path. For example, the SSH server in the device might be susceptible to a particular buffer-overflow attack. An intrusion exploiting this would seem like a typical zero-day attack. Of course, intentional bugs and master passwords would, like the Magic Kill Packet, only work for a short period of time and for a few devices once the intrusion was detected.

Intentionally bad software in telecommunications hardware could also expose encrypted data in virtual private networks (VPNs). If the random number generator used in an IPSec or SSL VPN device is not truly random, then an outsider who knows about the lack of randomness may be able to decipher data secured with even the most advanced encryption protocols, and no evidence of any tampering left behind. If an attacker can passively tap encrypted traffic, information disclosure could go on for years without anyone finding out.

Intentionally bad software—factory default passwords, known bugs that would allow access and defective random number generators—seem like plausible outcomes if one assumes Chinese manufacturers are operating under direct instructions of the Chinese government or military.

Like the Magic Kill Packet, these threats don’t make a lot of sense. Since Chinese manufacturers also dominate the Chinese marketplace, any dangling backdoor intentionally left in network equipment would also be accessible to someone wanting to monitor Chinese communications. Chinese manufacturers, or their shadowy military puppet masters, couldn’t risk installing a secret backdoor unless they were sure only they could take advantage of it. And as groups like Anonymous and Wikileaks have shown us, even the best-kept secrets can quickly be revealed.

3) Unintentionally Bad Software: If intentional backdoors are unlikely, then what about plain old bugs? What about the possibility that critical infrastructure devices and servers have software or hardware errors in them that could possibly compromise the security of a network? Would that be a reason to knock a vendor off one’s preferred suppliers list?

Of course, this question can only be asked in jest, because every single software, hardware and chip vendor has released products with bugs. Everyone knows it, and these bugs have created an entire industry. Most of the IT security world, including anti-malware, vulnerability analysis, patch management and intrusion prevention software, sprung up to compensate for the effects of lousy software, buggy hardware and poor configurations. If we all stopped buying from every vendor that has had security flaws in its products, we’d have a hard time moving beyond pencil and paper.

In the “intentionally bad software” category, we put “poor random number generators for VPNs.” But poor random number generators happen accidentally all the time, sometimes with spectacular results. For example, early versions of the Netscape browser used only a 16-bit random number generator for SSL communications, making a brute-force attack on encrypted data simple even using the slowest computers. MIT’s Kerberos key management system, now at the core of the Windows security architecture, had a random number generator with a key space limited to about 20 bits (about 1 million keys, easy to brute force), for nearly 10 years.

But it isn’t fair to put, for example, Huawei in the same category as Cisco and Juniper when it comes to security awareness. Huawei claims to be a willing participant in the world of information security. On its website, Huawei said that it “… is willing to work with all governments, customers and partners through various channels to jointly cope with cyber-security threats and challenges from cyber-security.”

However, while Huawei is talking the talk, it isn’t exactly walking the walk. A combination of factors, including significant cultural and language issues, has kept Huawei from following the path of other vendors. We have come to expect responsible disclosure of security problems, prompt product updates for known issues, active participation in industry security forums, and easy access to security-patched software images from our network and security product vendors. Huawei security isn’t up to snuff in any of these areas.

But this is an issue with a single vendor and completely transcends national boundaries. Yes, Huawei may be a poor bet for buggy software, but that’s not because it’s Chinese; it’s because Huawei behaves more like a bargain-basement, release-and-forget , releasehardware vendor in the routing and switching space than a high-end security-focused networking company like Cisco, Juniper or HP.

In other words, the standard for choosing a network product vendor isn’t necessarily the pattern on the flag above the company headquarters, but the way that the vendor participates in the worldwide information security community. Vendors who pay more than lip service to maintain the security of their products are better equipped to serve the needs of enterprise users. Network and security managers considering the purchase of critical infrastructure must pay attention to these issues, no matter what the origin of the equipment.

4) Business Issues: Not every threat to network security has its origins in bad or malicious software and hardware. An important, non-technical issue when considering suppliers from China is the differing cultural frameworks for both competition and intellectual property. The Chinese government and political infrastructure requires that any successful company be intertwined with the Communist Party, which itself is integrated into the government and military infrastructure of the country. This is normal in China. As long as buyers are aware of this as a standard part of doing business with Chinese manufacturers, and act accordingly, there is no particular reason to worry about one Chinese supplier over another. Huawei’s ties to the government and military are not a quiet conspiracy—this is just how big business happens in China.

However, the commingling of interests between Chinese companies and the Chinese government means that Chinese companies owe their first loyalty to China, and not necessarily to their customers. The implication of this loyalty structure is that network equipment buyers must be sure to engage in secure practices when working with all of their vendors. Many IT employees have come to regard equipment suppliers as trusted partners, offering broad access to help in troubleshooting and sharing sensitive information about network configurations and growth plans. Network and security managers dealing with Chinese companies should consider the different attitudes and loyalties of these companies, and maintain a healthy distance when it comes to sensitive information and access controls.

There are a number of concerns worth mentioning that aren’t specific to information security. One is company stability. Is there any way to really know if Huawei and ZTE will be around next year, supporting the products they’re selling now? A related concern is a relative lack of transparency compared to most U.S. and European companies. When reports on company financials or even company ownership are unaudited or, in some cases, completely unavailable, cautious buyers may have little to validate their choices. Even when information is available, it may not be easy to compare Chinese companies with their competitors. Huawei and ZTE, as two of the largest telecommunications vendors in the world with tens billions of dollars in sales, seem to be strong companies, but it is impossible for a typical network manager—or U.S. congressional committee—to say for sure.

http://searchsecurity.techtarget.co...-Factors-to-consider-before-buying-Chinese-IT
 

Latest posts

Back
Top Bottom