Chapter 232: The Bit Messenger
Volume 2 Hacker Mecca] Chapter 232 Bit Messenger
Chapter 232: The Bit Messenger
Xiaoqiang solicits ways to effectively transfer the list of friends ~ All masters please support ~
Since the release of Bit Messenger, Lin Hong has been paying close attention to the progress of the whole thing. Pen "Fun" Pavilion www.biquge.info
Of course, he is not arrogant enough to hack the BBS that have already been hacked and posted again, but to watch the feedback on the Blue Eagle internal BBS.
In fact, news is actually shared across the bs, because some people are likely to have multiple identities, or their friends will be members of another organization, and the news spreads like this.
And when the bit messenger was released, the speed of spreading news immediately increased by several levels, in order to make their account data more stable, everyone recommended this software to their friends, and then added each other as friends.
The news about BitMessage has also been the hottest topic recently, and various tests and research reports have begun to appear on various BSs.
In addition, there are also various news of successful cracking of Bit Messenger, such as "Bit Messenger is not so godly, the first account hacking case has appeared" and other posts are endless.
However, after these posts appeared, then someone came forward to question this crack, and finally after everyone argued, it was proved that the other party's crack was only valid under special conditions, and it did not have universal xing at all.
In addition, there have been cases of theft of bit messenger accounts, which is because someone's personal computer was hacked by someone else, and the local SI key file was stolen and then brute-forced.
However, this situation cannot be avoided in any way.
There is no such thing as software that is completely secure.
If your password or key is not protected and stolen, it will definitely be stolen.
After registering a bit messenger, a unique public key and a unique key are generated based on computer hardware information and a specific algorithm.
The public key is the ID of the bit messenger, which can be published to the public and let others add them as friends. As for the key, you need to save it separately.
The most important of these is this SI key, which is the only credential to prove that you are the owner of the account. In the installation directory of the bit messenger software,There is a file named bitkey,This file stores its own SI key,Once the file is lost or stolen,You can only get the SI key back by appealing to a friend。
On the basis of the SI key, there is also a layer of encryption, which is the process of login, verifying the username and password, and if the WĚN is combined, this key can be used to decrypt the messages sent by others, so as to achieve communication. Starting
However, if the local key file is stolen and the username and password are obtained using brute force or social engineering methods, the account is completely compromised.
It's not that as long as you use Bit Messenger, you can completely eliminate the possibility of stolen numbers.
The BitMessenger account is completely flat, and there is no problem that some accounts are expensive and some accounts are cheap. Therefore, unless some institutions with ulterior motives are concerned, it is usually not in line with economic laws to make great efforts to steal and hack an account.
The charm of BitMessenger is that it communicates anonymously, making it impossible for third parties to intercept packets to listen to the network.
There was also more and more news about the bit messenger on the Blue Eagle internal forum, and eventually, a post caught Lin Hong's attention.
"Reprint: A proven method of stealing SI keys, I hope the author of Bit Messenger will pay attention"
At the beginning, when Lin Hong saw the title, he thought that it was like the previous posts, but the cracker himself set an extreme environment.
But when he clicked in to see the specific content, his face gradually became serious.
According to Lin Hong's original design, if the local SI key is lost or stolen, and you are not willing to reapply for a new number, you can apply to your friend for the SI key you want.
In this application process, you need to contact your friends through another way, so that they can send an electronic signature to their application after receiving the information, which proves that the applicant's application is valid.
When more than six friends have sent electronic signatures, the application is considered valid, and the SI key is downloaded to the applicant's client to replace the original bitkey file.
However, this post pointed out that due to the lack of security awareness, the trust between friends can be easily abused, and the other party pretends to be the person concerned to contact his friend and ask them to send a signature to their application, so that the person's SI key will be successfully tricked.
Since everyone does not know that the actual user has been replaced, it is very likely that they will continue to be deceived, so that the stolen number will obtain some confidential information.
In this post, the author says that he has personally practiced and successfully stolen the SI keys of two users.
In fact, Lin Hong did consider this situation when designing the account appeal, but he didn't have a better solution, so he put this problem aside for the time being, after all, the probability of this situation is relatively low.
However, the author of this post provides a solution that Lin Hong is very interested in.
Lin Hong looked back at the author of the post.
"Mén Dax?"
He was slightly stunned, remembering that he had once read such an author's post, but he didn't know if it was the same person.
Mén Dax's solution was to abandon the account appeal altogether.
Anyway, it is very simple to get an account, since the account has been stolen, then just like a bank card, just throw it away, that is, cancel it.
In this way, even if someone else steals their SI key and cracks the account password, then they will be canceled and another account will be registered.
Once you find that your account is lost or stolen, you can contact your friends, send your account and password to the other party, and let them use the client to help send a loss report signature, once the number of people reporting loss exceeds a certain percentage, the account will automatically enter the locked state, and after a period of time, it will be automatically canceled.
This post was apparently reposted to the Blue Eagle forum from somewhere else.
But the suggestion of this post has been agreed by many people, and everyone agrees that this suggestion is very good, very built-up, and can solve the problem of account theft very well.
In everyone's reply, there are also a lot of suggestions for improvement, which are not made up out of thin air, but various problems encountered in the process of use.
Lin Hong recorded some suggestions that he thought were good.
Two days later, a BBS called "HomeofBitMessenger" was created in the United States MIT, this BBS was founded by a student of the MIT School of Computer Science with the screen name "Messenger Operator", he did not publish his details, only said that he was a loyal supporter of Bit Messenger, and it was said that his BBS was sponsored by the Free Software Fund.
After the establishment of this BBS, those who were interested in Bit Messenger and made suggestions flocked to here, where everyone discussed the technical details of Bit Messenger and put forward their own suggestions for improvement, hoping that the mysterious author would see it and upgrade the first version of Bit Messenger.
The establishment of the "Bit Messenger" has indeed facilitated Lin Hong's collection of feedback information.
Before, in order to avoid the identity of the violent lu, he generally only logged in to some public bbs to view some posts that circulated, but most of these public posts were not of high quality, and many of them were some suggestions that rookies took for granted, and they didn't even understand the basic principles, so they casually posted what they thought were "genius ideas", and wrote thousands or tens of thousands of words with enthusiasm.
After the establishment of "Bit Messenger", feedback on the construction and creation of Xing gradually converged to this BBS, as suggested by Mén Dax before.
Another thing that Lin Hong felt needed to improve was the problem of the friend list.
When my account is lost or cancelled, how can I get the previous friends list? It seems too much of a hassle to go and add them one by one.
Because after the popularity of bit messenger, a person may have dozens or hundreds of friends. At this time, if there is no more convenient way to transfer friends, many people will be reluctant to give up their original account easily, because the cost of changing the number is too great.
The emergence of "Bit Messenger" has given Lin Hong a more centralized channel for obtaining feedback information, and his Bit Messenger is already being written, and the new version will have more improvements.
In the room, Lin Hong was writing the latest code.
"Tick-"
There is a slight noise in the speaker, indicating that a new message has been received in the Bit Messenger software.
After Bit Messenger became popular for a while, Lin Hong began to recommend this software to the people around him, and Phyllis also under his strong suggestion, gave up the CQCQ, which had been used more easily, and used Bit Messenger instead.
And Arthur and Matthew, they have already gotten the news of the bit messenger from BBS, Arthur used it for the first time, and after finding it good, he immediately strongly recommended this software to Lin Hong and other members of the SAM team.
They never imagined that this software, which is becoming popular in the hacker world, is Lin Hong's masterpiece.
However, Phyllis raised some questions about this software, because the interface of this software has some similarities with CQCQ, and some details are proposed by Phyllis herself to modify.
Lin Hong was suddenly shocked into a cold sweat under her questioning, and when designing the bit messenger, he ignored the problem of design style code writing habits. Fortunately, Phyllis didn't understand technical things, so Lin Hong casually found a reason to fool him.
And Lin Hong was glad that CQCQ was not widely released, Lin Hong deleted all the CQCQ software on FTP, and even the server running on the server was hacked by him, and secretly changed to another version, and began to become very unstable.
Seeing this situation, a few limited users who had been using it all the time, coupled with the emergence of Bit Messenger, completely abandoned CQCQ and switched to the camp of Bit Messenger.
In this way, the short life cycle of CQCQ came to an end, and under Lin Hong's deliberate cào, it completely disappeared from the Internet.
Lin Hong switched to the bit messenger software and found that the message was sent to him by Phyllis.
Phyllis: The patent for the infrared wireless transmission protocol has been basically finalized.
……