Dec 22 2009
My 中文 isn’t nearly as good as Heike’s (as demonstrated here) but I do believe that this pic posted to sunwear‘s baidu blog says that the PRC Internet is the most free. You might remember sunwear – he is the one that arp-jacked metasploit.com.
UPDATE: Found this image (via @torproject) at http://www.rayfile.com/zh-cn/files/77930287-efc7-11de-bf31-0014221b798a/1236f674/:
Dec 22 2009
The well-known ph4nt0m security group has made their latest edition available here: zh-cn | google xlate.
ToC:
Introduction ———- by root
Flashsky interviews ———- by flashsky
Struts2 framework of the security flaws ———- by kxlzx
To focus on IP spoofing ———- by papaya
Fuzz client-side storage objects, looking for client ddos ———- by woyigui
Point defects in the use of application software experience (Webkit articles) ———- by wushi
Bypassing Linux kernel module version check ———- by wzt
ACS – Active Content Signatures ———- by Eduardo Vela Nava
Kabbah heuristics to bypass the virtual machine approach ———- by dangdang
Comments Off
Dec 20 2009
So it turns out that the changes CNNIC has made to restrict registration of .cn TLD domains to business license holder has had at least a temporary impact on spam tactics. Doesn’t seem to have made any difference in the volume but spammers are now moving away from purchasing new inexpensive .cn domains for spamming. Here is the link to the Sophos Labs blog that contains this revealing graph:
Comments Off
Dec 13 2009
The .cn Top Level Domain has been frequently associated with malware, pornography and spamvertising. In an apparent effort to clean up the TLD, China NIC has started requiring a business license in order to register a .cn domain.
The China Internet Network Information Center (CNNIC) published a notice Sunday saying that applicants must submit written applications to the registration agents. The written materials must include an application form with an official seal, an enterprise business license and the registrant’s ID card.
In addition, the NIC will actually attempt to notify and verify individually owned .cn sites. If a site owner doesn’t respond in after five days, the domain will be revoked.
CNNIC plans to verify the information of the owners of personal site in the nation. Those found unqualified to have a site will be required to update the information in five working days, otherwise they will be shut down.
This is an interesting development. Clearly, something needed to be done about the .cn TLD garbage sites clogging up the tubes. I’m not sure what this means for individual site operators though. I’m sure it is still possible for individuals within the PRC to get a non-cn TLD and host their websites outside of the mainland.
Source: “All .cn websites require business license” – http://business.globaltimes.cn/china-economy/2009-12/491515.html – Linked from Danwei.
