onHacks

OWASP Testing Guide V3 Chinese Version is finally published! You can download in the OWASP China-Mainland chapter page. If you are interested in web application security, it is highly encouraged to check it out. There will be things learnt.

OWASP China Research Group

To better facilitate the activities of OWASP in China for consistent and perpetual continuity, OWASP China has formed regional groups mainly tasked to support the regional sharing and discussion. We welcome you to recommend an individual to take the lead. OWASP China Research Group currently aims to build upon and go into the depths of the foundation laid out by the OWASP Foundation, plus translation of the OWASP resources ectera. There will be activities such as training in different regions. OWASP China QQ Discussion Group 78238096

(My translation above)

I hope to improve China’s internet security. I succeeded Frank and Rip on the last iteration of this project, and that is why my December has been busy all along, and took much of my time.

Thanks a lot to the people below, and especially the many Microsoft people who worked so hard even during Christmas to produce this testing guide. Sorted from last name (Mandarin) :

• Aaron (DBAPPSECURITY)
• Joanne Cheng (Microsoft)
• Frank Fan (DBAPPSECURITY)
• Karin He (Microsoft)
• Adams Li (Microsoft)
• RIP (OWASP China Chair)
• Will Shen (Microsoft)
• Chao Wang (Microsoft)
• Wei Wei (Microsoft)
• Pak Ming Cheung (Microsoft)
• Eric Chio (Microsoft)

Hope that readers of the guide will benefit much from it!

China, Testing OWASP, Paper

Avert Labs got a new research paper out : “Inside the Password-Stealing Business: the Who and How of Identity Theft.” . For those interested in the underground economics, you should take a look! Multi-lingual report link doesn’t seem to work : http://www.avertlabs.com/research/blog/index.php/2009/09/24/inside-the-password-stealing-business/ .

Games have always been a big business, just that it’s the same for the underground, too. A lot of money, even if you’re the good guys. On the other hand, you haven’t heard people pirating “Microsoft High Performance Computing Cluster” CDs, right? =) Oh, and hey, they sell OK, and in China. There’s really money there. Yada yada…

Another thing though, as if getting infected is not enough, malware (Zbot here) could put you into legally trouble. It is no news that victims are being used as stepping stone for futher crime, and you really need proof that you are not. Zbot goes further by rendering your computertotally unusable by wiping out the registry HKEY root keys. This is enough to force a user to immediately formatting, thus killing all chances for forensics. Behind bars anyone?

Malware Paper