Many people have a deep misunderstanding of the program ape,
That they are accurate code machine ,
One day crackling can knock down a few thousand lines of code.
actually not,
Day to write a few dozen lines of code has been effective is the master level,
Because most of the time they have spent on changing the code.
Why should we spend so much time to change?
Because the bug in your code is too much ......
☄ Bug ≠ vulnerability
Bug is a computer system or program development process in the presence of technical defects or logical confusion, serious harm bug also known vulnerabilities. Serious harm refers to other users (such as hackers) can exploit these flaws lead to illegal access or use viruses to attack computer systems, computer systems and data security threat to your computer.
Our most common vulnerability information, the mainstream is probably the vulnerability of early warning system, such as a year to have thousands of vulnerabilities in Microsoft's warning.
☄ Why are there so many loopholes?
We are with Windows system as an example: After years as a mainstream system, Windows itself is already very mature and large body mass, much of it? We use the number of lines of code under the direct experience.
➤Windows XP approximately 40 million lines of code.
➤Windows 7 about 50 million lines of code.
➤Windows 10 system did not disclose the amount of code, but we all know Windows 10 more than Windows 7 system footprint, the number of lines of code Windows 10 only a lot more.
Only one day there will be a few dozen lines of code to write a variety of bug, not to mention the general code that astronomical amount. In this massive code base, there is more than write their own bug, many more have left by their predecessors, "Millennium" old bug. Write your own bug change if the difficulty is 1, then, that the difficulty of fixing a bug in someone else left is 1000 +!
The classic system, Windows 7, for example, in order to develop it, Microsoft has set up a team of nearly a thousand people, after several successful years to come. Such a large amount of work and the amount of code, bug naturally can not be avoided.
Therefore, each system manufacturers have been active in providing the updating and maintenance of the system, often release all kinds of tips and patches, such as the recent Microsoft has recently released several high-risk vulnerabilities warning. Programming learning portal exchange club!
☄ What are the implications of our recent high-risk vulnerabilities?
▎ destruction comparable to the eternal blue of the eternal black Vulnerability
Eternal Blue and black are the eternal SMB remote code execution vulnerability, SMB (Server Message Block) file sharing is a local area network transport protocol, often used to share files and printers and other resources, but also by the SMB Network Neighborhood implemented.
The transport protocol vulnerabilities that the computer processing the compressed message, wherein the data transmission will not be security checks. Simply put, an attacker could exploit the vulnerability against any of the networked computers.
2017 WannaCry extortion virus sweeping the globe is the use of SMB remote execution vulnerability - Eternal Blue, launched more than 150 countries around the world to extort millions of computers in a short time.
The total amount of the host vulnerabilities that may exist eternal black is about 10 million units, affects all versions after 10 1903 Windows. It is recommended that users update Windows 10 individual patches.
For business users, Tencent T-Sec can deploy endpoint security management system (Imperial Point) virus Trojan invasion interception, while using the whole network vulnerability scanning repair, unified scanning, install KB4551762 patch.
▎Type1 Font Parsing Remote Code Execution Vulnerability
Compared to the eternal black holes, Font Parsing Remote Code Execution Vulnerability at the critical time that criminals discovered before developers and security vendors it, and has launched an attack to exploit the vulnerability , and users can not patch up.
The vulnerability is due to Windows system there is a problem when dealing with Adobe Type1 PostScript font format. The attacker is able to exploit this vulnerability will hide a malicious program file sent to your computer. It can be sent directly to you to hide malicious code font file, or you can hide malicious code font files uploaded to the site, but either way will not be intercepted while downloading a malicious font file.
And not only in the vulnerability on a Windows system, mac, Linux systems are affected. Due to patch the vulnerability will be released next month is expected, it is recommended you temporarily to suspend the effects of the following measures (or care to download and install fonts package):
● disable the preview pane and the details pane in Windows Explorer;
● Disable the WebClient service;
● Rename ATMFD.DLL.
In addition to hair near the loopholes in the system, daily life and we undoubtedly the most closely Office, PDF software such vulnerabilities. Because such office software has hundreds of millions of users worldwide, making it an easy target for unscrupulous hackers. With all kinds of e-mail attackers disguised malicious programs hidden in an attachment sent to the victims, enticing a user to open the attachment file, activate a malicious program.
For a computer system vulnerabilities, it is a long-standing problem. Not only can not eliminate one-time, they can not avoid more loopholes, the best way is to use security software regularly updated to detect, fix vulnerabilities patched in time, while cautious click on strange links and e-mail. A little more careful, curbing risks.
