Month: November 2023

Text of Various Colors

by

White Paper, Green Paper, blue paper, red paper, Grey Literature and so on, texts come in various colors. The history of these terms probably originates with Churchill in the UK. In 1922, Churchill drafted a memorandum to declare policy. It is possible that the title of this memorandum was too long, so officials and the media began to use the 《Churchill White Paper》 to refer to it.

Later, similar policy presentations released by the UK were also called white papers, which were somewhat similar in nature to drafts for soliciting opinions. In the 1990s, companies, in order to promote their profitability, technology, products, ideas, etc., appropriated the white paper originally used in government affairs as a marketing tool.

Green papers were also originally defined by the UK government, and their nature is drafts such as proposals and drafts for soliciting opinions. It is also used by other institutions to indicate an imprecise or non-final version of a white paper. Other colors can usually only be determined based on the usage scenario, because there is currently a lack of consensus.

Grey literature is usually text outside of commercial and academic publications, such as meeting minutes, newsletters, technical standards, technical documentation, briefings, etc., and can usually also include white papers and similar content. (Private notes and letters are called Ephemera)

Unlike publications with ISBNs, which have more detailed birth information and are publicly disseminated. Therefore, grey literature is often invisible literature, and even searching for and obtaining it is very difficult. Unofficial publications, such as pre-print papers published on arXiv, are also considered grey literature. (In addition, the ChinaXiv Archiving Project is in progress)

(The meanings of yellow novels and red literature are probably very clear, so I won’t go into details.)

Analysis of an Image

by
up

I saw an image in the After the Rain channel with some explanations at the bottom, but it didn’t feel quite right, so I tried to delve deeper into the information behind the image.

Seeing the phone number being stolen by the website reminded me of the 2022 3·15 Gala. This program vaguely mentioned that some websites can obtain visitors’ phone numbers, but it didn’t delve into the relevant technology, only the MAC address was mentioned by the undercover manager.

Obviously, it is not common sense that a website can obtain a MAC address and thus obtain a phone number. So, starting from keywords such as “website”, “leakage”, and “phone number”, I continued to look for relevant content and indeed found it.

As early as 2015, someone submitted a interface vulnerability of mobile company on Wooyun.com. This interface can directly return the mobile phone number of mobile users. As long as relevant scripts are added to the website, the mobile phone numbers of mobile visitors can be collected. At that time, some websites had already used this vulnerability to obtain visitors’ privacy.

In 2018, someone discovered a China Unicom interface vulnerability. Perhaps all three operators have similar and long-term vulnerabilities, so this is probably how websites obtain phone numbers.

The right half is roughly solved, and the next is the left half.

The table shows “%3F” and “%2C”, which are percent-encoding, which are escape characters designed for URLs, so it is reasonable to judge that these contents come from search engines.

However, the manager who was interviewed also mentioned details such as “where the user browsed and searched for this keyword (and came from)”.

If a user clicks on website B from search engine A, can website B know the URL of search engine A? This used to be the case, because of the HTTP referer request header technology.

For example, if a user uses a search engine on their mobile phone to search for “pine desk”, and then opens a webpage that contains a malicious phone number collection script and the server can save the content of the referer request header, then the attacker can create the same table as the title image, and this can be done with just one website, but it uses various vulnerabilities and mechanisms.

Fortunately, the risk of referer has been basically fixed. Now browsers usually do not send parameters, but only send the domain name.

P.S. 1: Referer is the principle of anti-leeching, so the oil monkey script to repair anti-leeching only needs to modify the referer, such as Anti-Image Anti-Leeching on Greasy Fork.

P.S. 2: If you think that referer sending the domain name still leaks important information, there are also some browser plugins that can completely remove referer, such as the Chameleon (Firefox) plugin. However, removing referer may make browser fingerprints more obvious, so you need to weigh the pros and cons.

P.S. 3: Some websites will first jump to a dedicated “jump page” after clicking on an external link. This security strategy has various advantages and disadvantages, one of which is to deal with referer leakage. (OWASP Cheat Sheet Series)

This article is also recorded in the 《Cyber Space Survival Guide (Draft)》.

Optical Modem Built-in Censorship Tool

by

Deep Packet Inspection (DPI) can read the SNI of HTTPS connections, thereby knowing what websites the user is using, and then cut off the connection. Therefore, DPI is often regarded as a censorship technology.

On October 28, 2019, someone published a configuration file of a Huawei router on Pastebin, which included the plugin com.chinamobile.smartgateway.cmccdpi.

Later, on April 23, 2023, Gu Zimao published a blog post stating that this plugin is a plugin on China Mobile’s optical modems. This type of plugin seems to be called a “soft probe”, which can generate a “home network usage overview” for users to view, which contains the traffic share of application types such as social networking, games, and videos, and also has “network security protection status”, which can detect security risks for users, such as “detecting bad content websites”. When using bridge mode and accessing the Internet through a router, the above functions will become invalid.

So the dpi at the end of the …cmccdpi plugin should refer to Deep Packet Inspection (DPI), and perhaps also DNS request recording and other functions. With such functions, it can provide information and protect users. However, it is not yet known whether this data is shared with third parties in addition to being presented to users.

ggame

Infectious Disease Testing Program

by

ProMED , short for Program for Monitoring Emerging Diseases, is an information platform created in 1994 by the International Society for Infectious Diseases. The ProMED team constantly searches for information related to global health security, and then filters, organizes, and edits it before sending it to email subscribers. ProMED played a significant role in the identification of SARS and MERS.

Google Flu Trends is a project created by Google that uses the frequency of searches for flu-related terms to build a model for predicting influenza.

HealthMap is a more automated project. After being hit by SARS, some doctors developed a large-scale monitoring project similar to “Prism”, which can search for content related to the epidemic from social platforms. Although the goal of HealthMap is to prevent SARS from happening again, it is a pity that if the social platform is not open in the first place, it will be difficult to collect useful information.

Mirrored Text in Everyday Life

by
mr_1
Source: www.aliexpress.com,Reverse Mirror Barber Shop Wall Clock

mr_2

In episode 616 of 《Detective Conan》, there is a wall clock with left-right mirroring, the direction of rotation of the hands is counterclockwise, and the numbers on it are of course also reversed left and right. This kind of mirrored wall clock is placed in a barbershop to facilitate viewing by customers.

Although this kind of wall clock is relatively rare, there is another place in reality where mirrored text is more commonly used, and that is the text on the front of police cars and ambulances. In some areas, police cars and ambulances are popular for using left-right mirrored text, so that other vehicles can easily see it from the rearview mirror.

However, most of the mirrored text in most scenarios is reversed left and right, rather than upside down, which is quite interesting.

Related microblogs: Mirror Writing, Mirror Test.

Circuit Switching vs. Packet Switching

by

Circuit switching is a network communication technology used in early telephone calls. The profession of switchboard operators in the past, and the (automatic) telephone exchanges that replaced this profession, intuitively demonstrate the characteristics of circuit switching, that is, information transmission occupies the same line. If a relay node fails, this connection will be directly interrupted and difficult to reconnect.

Circuit switching is essentially directly connecting devices. The advantage is stable latency because it is not packet transmission, so there will be no packet loss. However, the disadvantage is also obvious. Circuit switching cannot create a modern interconnected network, and there will also be obvious busy line problems.

ARPANET was the first modern network, mainly realizing a distributed structure. This is related to dynamic routing technology, which can also avoid the single point of failure of circuit switching. To cooperate with dynamic routing technology, packet switching was used, also known as (data) packet switching.

The reason for developing ARPANET was also to prepare for nuclear war, requiring as much decentralization as possible, which shaped the current internet. Without this pressure, there might have been an internet based on circuit switching.

This article is also recorded in 《Cyber Space Survival Guide (Draft)》.