Monday, January 6, 2014

New Chinese information security terminology

The subject of information security is always interesting to me because it involves emergent behavior in complex systems and requires experimental research. In fact, I recently downloaded and have been playing with some vulnerability analysis tools. (I'm only working on my own network, no intention to engage in malicious behavior, etc).

I'm also interested in Chinese software and technological innovations. This afternoon I decided to put these two things together and see what I could find about information security in Chinese. This brought me to a Chinese website describing how hackers operate, including screenshots of some exploitation tools that appear to be Chinese innovations.

One of these is called The Struts2 Ultimate Loophole Exploitation Utility. It takes advantage of weaknesses in the Apache Struts2 framework to execute code on the server. The title of the window in the screenshot includes not only the utility name, but also the names of two of the developers and a phone number.

The names of the developers were unique enough that I was able to find their Weibo accounts, as well as their accounts on a Chinese social site for those interested in IT security. The site lists an ungodly number of software vulnerabilities--19 added today alone. It seems this "white hat" site rewards users for reporting vulnerabilities, which are then passed on to manufacturers. Clever!

Reading through these, I've started to update my "Chinese Programming Terminology" page with new vocabulary related to information security. I've also found a Chinese translation of the manual for the Metasploit pen-testing utility--another goldmine for this type of stuff.

No comments:

Post a Comment