Chapter 232 The House of Bits messengers
Since the release of the bit messenger, Lin Hong has been paying close attention to the progress of the whole matter.
Of course, he will not be arrogant enough to invade those BBS that have been invaded and posted again, but watch the relevant feedback on the Blue Eagle's internal BBS.
In fact, news such as news is actually shared on major BBS, because some people are likely to have multiple identities, or their friends will be members of another organization, and the news spreads like this.
When the bit messenger was released, the speed of communication immediately increased by several levels. In order to make their account data more stable, they recommended this software to their friends and then added it to each other.
And the news about Bitcom is also the hottest topic recently, and various tests and research reports have begun to appear on major BBS.
In addition, there are also various messages about the successful cracking of the bit messenger, such as "the bit messenger is not so god, and the first account cracking case has appeared" and so on.
However, after these posts appeared, some people questioned the crack. In the end, after the argument, it proved that the other party's crack was only established under special conditions, and there was no universality at all.
In addition, cases of bit messenger accounts have also been stolen, because someone's personal computer was hacked by others, and the local private key file was stolen and then violently cracked.
However, this situation is unavoidable in any case.
There has never been absolutely safe software.
The software is always made for people. If your password or key is not well protected and stolen, it will definitely be stolen.
After registering the bit messenger, a unique public key and a unique key will be generated based on the computer hardware information and specific algorithms.
The public key is the ID of the bit messenger, which can be announced to the public and let others add themselves as friends. The key needs to be saved separately.
The most important thing is this private key, which is the only certificate to prove that you are the owner of the account. In the installation directory of the bit messenger software, there is a file called BitKey, which holds its own private key. Once the file is lost or stolen, the private key can only be recovered by complaining to a friend.
On the basis of the private key, there will also be a layer of encryption, which is the process of logging in to verify the user name and password. If it matches, you can use this key to decrypt the messages sent by others to achieve communication.
However, if the key file saved locally is stolen and the user name and password are obtained using brute force or social engineering methods, the account will be completely stolen.
does not mean that as long as you use a bit messenger, you can completely eliminate the possibility of stolen accounts.
The bit messenger account is completely flat, and there is no problem that some accounts are expensive and some accounts are cheap. Therefore, unless there are some institutions with ulterior motives, it is usually not in line with economic laws to steal and crack an account.
The charm of the bit messenger lies in anonymous communication, which makes it impossible for third parties to listen to the network by intercepting data packets.
There is more and more news about bit messengers on the Blue Eagle internal forum. In the end, a post attracted Lin Hong's attention.
"Reprint: A proven method of stealing private keys, I hope the author of the bit messenger will pay attention to it"
At the beginning, Lin Hong saw the title and thought that it was the same as the previous posts. It was only when the cracker himself set an extreme environment.
But when he clicked to view the [body] content, his face gradually became serious.
According to Lin Hong's original design, assuming that the local private key is lost or stolen, and you are unwilling to re-apply for a new number, you can apply for the private key from your friend.
The application process requires contacting their friends in other ways, so that after receiving the information, they can send an electronic signature to their application to prove that the applicant's application is valid.
When more than six friends have sent electronic signatures, the application is considered valid, so the private key will be downloaded to the applicant's client to replace the original BitKey file.
However, it is pointed out in this post that due to everyone's lack of a certain sense of security, the trust between friends is easy to be abused. The other party disguised as the party to contact his friends and asked them to send a signature to their application, which will successfully defraud the party's private key.
Since it is not clear that the actual user has been replaced, it is likely to continue to be deceived, so that the stolen account person will retrieve some confidential information.
In this post, the author said that he had practiced it himself and successfully stole the private keys of two users.
In fact, Lin Hong did consider this situation when designing the account appeal, but he did not have a better solution, so he put this problem aside for the time being. After all, the probability of this situation is relatively not very high.
However, the author of this post provided a plan, and Fang Lin Hong was very interested.
Lin Hong looked back at the author of the post.
"Mendax?"
He was slightly stunned, remembering that he had read the post of such an author, but he didn't know if it was the same person.
Mendax's solution is to completely abandon the account appeal.
Anyway, it is very simple to get an account. Since the account has been stolen, just like a bank card, just discard it directly, that is, cancel it.
In this way, even if someone steals their private key and cracks the account password, then cancel it and register another account.
Mendux changed the "complaint key" to "complaint cancellation". Once he finds that his account has been lost or stolen, the user can contact his friend, send his account number and password to the other party, and ask him to use the client to help send the loss signature. Once the number of people reporting losses exceeds a certain proportion, the account will It will automatically enter the locked state, and after a period of time, it will be automatically logged out.
This post was obviously reprinted to the Blue Eagle Forum from other places.
However, the suggestion of this post has been approved by many people. Everyone agrees that this suggestion is very good and constructive, and can well solve the problem of account theft.
In everyone's reply, there are also many suggestions for improvement, which are not imaginary, but various problems encountered in the process of use.
Lin Hong recorded some suggestions that he thought were good.
Two days later, a BBS called "Home of BitMessager" was founded at MIT in the United States. This BBS was established by a student named "Messor Operator" from the MIT School of Computer Science. He did not publish his details. The detailed information is just that he is a loyal supporter of the bit messenger. It is said that his BBS has been sponsored by the Software Fund.
After the establishment of this BBS, those who were interested in the special messenger and made suggestions flocked here. Here, everyone discussed the technical details of the bit messenger and put forward their own suggestions for improvement. I hope the mysterious author can see it and upgrade the first version of the bit messenger.
The establishment of "bit messenger home" has indeed facilitated Lin Hong's collection of feedback information.
Previously, in order to avoid revealing his identity, he usually only logged in to some public BBS to view some posts circulating, but most of these public posts are of low quality, and many of them are some suggestions that rookies take for granted. He doesn't even understand the basic principles, so he casually takes himself He thought it was a "genius idea" released, and he also wrote thousands of words or tens of thousands of words.
After the establishment of "House of Bit messengers", constructive and creative feedback content, like the previous Mendax suggestion, was gradually gathered to this BBS.
Another thing that Lin Hong thinks is necessary to improve is the problem of the friend list.
When the account is lost or logged out, how can I get the previous friend list? It seems too troublesome to add them one by one.
Because after the bit messenger becomes popular, a person may have dozens or hundreds of friends. At this time, if there is no more convenient way to transfer friends, many people will not be willing to give up their original account easily, because the cost of changing the number is too high.
The emergence of "bit messenger home" has given Lin Hong a relatively centralized feedback access channel, and his bit messenger V0.2 version is already in writing, and the new version will have many improvements.
In the room, Lin Hong is writing the latest V0.2 version of the code.
"Tip--"
A slight noise in the speaker indicates that a new message has been received in the bit messenger software.
After Bit messenger became popular for a period of time, Lin Hong began to recommend this software to people around him. With his strong advice, Phylize also gave up the previously used CQCQ and switched to Bit messenger.
And Arthur and Matthew have long been informed by BitCer from BBS. Arthur used it for the first time. After finding it was good, he immediately strongly recommended this software to Lin Hong and other members of the SAM team.
They didn't expect that this software, which is popular in the hacking industry, is Lin Hong's masterpiece.
On the contrary, Phylize raised some questions about the software, because the interface of the software has some similarities with CQCQ, and some details are proposed by Phylize herself.
Lin Hong suddenly broke out in a cold sweat under her questioning. When designing the bit messenger, he ignored the problem of design style code writing habits. Fortunately, Phylise didn't understand technical matters, so Lin Hong casually found a reason to fool her.
And Lin Hong was glad that CQCQ was not widely released. Lin Hong deleted all the CQCQ software on FTP. After the server running on the server was invaded by him, he secretly replaced another version and began to become very unstable.
Several limited users who had been using this situation, coupled with the emergence of bit messenger, completely gave up CQCQ and turned to the bit messenger camp.
In this way, the short life cycle of CQCQ was completely completed, and under Lin Hong's deliberate operation, it completely disappeared from the network.
Lin Hong switched to the bit messenger software and found that the message was sent to him by Phylce.