Wednesday, September 29, 2010

Interview with Lei Jun: 3-year commitment to rewrite the WPS their courage unmatched


Sina Technology News, "we in the chat before you installed the software first try, it will be easier talking to some." Before the dialogue, Kingsoft CEO Lei Jun person to act as the promoters smiling, helping with the installation of Sina Technology WPS Office 2005.

At 14 o'clock on the September 12th, Kingsoft WPS Office released its latest 2005 version. Lei Jun words, this product may bring you unexpected revolution. This product Jinshan spent 3 years to re-write code, the previous 10 years of successful development and once they give up.

Lei Jun believe that more and more junk code that will increase product updates Is. The development of the Internet will bring a new definition to the software, in this context, Jinshan the courage to rewrite the code to make a decision.

Determination in the moment, not everyone understands. In the beginning, Lei Jun is also earnestly to comfort those who have developed WPS 10-year-old old program developers have the sad feeling.

He said that if Jinshan innovation, it must respect the fact that the user habits, imitation, and all the features of existing Office. And then carry out their own innovations, and then to achieve a breakthrough in the Internet environment.

Finally, in Zhuhai, after spending more than 100 people took 3 years of hard development and support of tens of millions of yuan after the completion of this with the "revolutionary" WPS Office 2005.

Lei Jun said that the decision on the SAN before and after the process:

At the recent Beijing "Fortune Forum", I told Jerry Yang demonstrates WPS Office 2005 this version. He asked me a question, "Why StarOffice are beat Microsoft, you have to fight over?" I told him that nobody dared to go inside because the rewriting software code.

WPS Office if you do not rewrite the code, still according to the original idea to do so, to achieve the same functionality and Microsoft is not possible, can only be approximate. Therefore, 3 years ago, I think, have to rewrite code. Microsoft Office has become the de facto market standard, we should fully respect the user habits can make a satisfactory alternative to the user.

But this effort is unprecedented, and we need courage is also unprecedented. Few software companies have the courage to do so, including Microsoft.

Determined to rewrite the entire code of a software is very difficult, you have to ensure that more than 100 individual finish three years to rewrite the five million lines of code. Can not finish on time? Can not do a good job? Another fellow is changing, that time came out so we can adapt to do? These are difficult, risky.

We also made some arrangements, the WPS cut R & D team of two teams in Beijing and Zhuhai. Among them, Beijing is based on the original code improvement, functional improvement, according to the way go on, WPS Office 2003, and hurricanes Edition is the group to do. Zhuhai team is responsible for rewriting.

Development process, Jinshan also comply with many rules, intellectual property issues very carefully, not only to rewrite all the code, to ensure no one team from Microsoft, a Microsoft lawyer also retrieve all the patents registered in China. Finally this process took three years and a month.

Now individual users can go online for free download WPS Office 2005 Personal Edition, download the package only 15.4M, which includes text, spreadsheet, presentation, and all other functions. First released last year, the government version of WPS Office 2005, with a year to actually use, but also conducted large-scale enterprise applications and user testing of the perfect.

Its advantage is obvious. Jinshan on the government procurement market can not worry about how much this release is to inform you that the true competitiveness of this product. We may not realize this will lead to revolution.

It also has a lot of innovation inside the first innovation is the design for the network operating system. The future of the Internet may not process a, and now the Internet news, as proceedings are hyperlinks, and only one interface only.

One trend is the future of the Internet, the Internet to do the hard disk, hard disk so the cache. I'm sure the next 3,5 years is Fast access bandwidth. The concept of the future will be no software that is running the background. Direct calls to come out when Internet bandwidth is infinite, then users do not install any programs, opened the machine, a few seconds to download to complete. WPS is designed for this.

In the future, WPS Office if any problems or have any updates, the updates in the background. Users simply do not feel in front. He also felt he was not the software, future software will have been as common as table and chairs had.

The second step is to support Linux, but also consider the high efficiency. If you support Linux, then write with JAVA became, but felt a little slow the use of JAVA, so using the C language. This was also under a very large commitment.

Jinshan hope that in 3 months can be downloaded 500 million copies. Market, mainly for government and enterprise market sales.

But our main effort will be spent on overseas market development. Jinshan in the Japanese market earlier this year set up a subsidiary in early tomorrow, I will go to Japan, the Japanese release Duba. Online games in Vietnam, Singapore, Malaysia and other markets have also made good. In overseas markets, WPS will take great effort to do the same.






Recommended links:



The Origin And Nature Of Marketing Warfare



Chen Wende: Narrow City Rushed Machine Must



Catalogs Clipboard Tools



Good Web Development



eBiz.scm INTRODUCTION



50% stake in MSN China, the main message would be easy to pass and then mad



Catalogs Games Card



Religion evaluation



MOV to MP4



SWF to MP4



OGM converter



Element Union and day encounter in the rubber of the Kingdom of Thinking



Asia-Pacific Broadcasting Union General Assembly: the young man is the main consumer groups IPTV



ChinaByte Jian Yang: Dell You In The End Yuan Buyuan



Unicom Officially Started Selling 30 IPhone "contract User" Pay 1 Month Prognosis,



Wang Haibo: Society World Partners, With 10 000 Win



Thursday, September 16, 2010

IDS weaknesses and limitations (2)




1.2.5 Intrusion variant
1.2.5.1 HTTP attack variant
Repeat the directory separator ,'/'' into'//''銆?br />The current directory, '/ cgi-bin/phf''into the' / cgi-bin/./phf''.
Parent directory, '/ cgi-bin/phf''into the' / cgi-bin/xxx/../phf''.
URL encoding, '/ cgi-bin /''becomes'% 2fcgi-bin /''.
Use TAB instead of spaces and other separators.
NULL method, 'GET% 00/cgi-bin/phf''.
GET outside use other methods such as POST.
Change the parameters of the order, add the unwanted parameters.
For IIS, there are the following:
DOS / Win under the directory separator, '/ winnt/system32/cmd.exe''into the' / winntsystem32cmd.exe''.
Case conversion, such as cmd.exe into CMD.EXE.
IIS second decoder, such as cmd.exe into% 2563md.exe,% 25 and then decoded to decode% 63''%'', as''c''.
UNICODE encoding, such as cmd.exe into the% c0% 63md.exe. UNICODE encoding more complex because there are very few NIDS can decode it.

1.2.5.2 Telnet attack variant
Use the backspace key.
Using the Tab key for command padded.
Use Shell to execute attack code.
Using macros.
Add a useless argument.
In fact very difficult to detect those NIDS Telnet to connect to the server through the local after the attack.

1.2.6 TCP / IP protocol limitations
As TCP / IP design did not consider good security, so now IPV4 security is worrying, in addition to the above problems arising due to network structure, there are some limitations below.

1.2.6.1 IP fragmentation
Packet fragmentation, some NIDS can not restructure IP fragmentation, or more than its capacity, you can bypass the NIDS.
A maximum of 8192 IP datagram fragmentation, NIDS performance parameters of a reorganization shall be able to slice the largest number of IP.
NIDS every IP received a new IP datagram fragmentation when the fragment will start a restructuring process, after the reorganization is complete, or timeout (typically 15 seconds of overtime) Close this restructuring process, NIDS performance parameters of a shall simultaneously restructuring the number of IP packets.
An IP datagram maximum 64K, as ready to receive a IP datagram, NIDS will be ready enough memory to accommodate the upcoming follow-up fragments, NIDS performance parameters of a reorganization shall be to the largest IP datagram .
Combining above three parameters, namely, in the time-out time NIDS (for example 15 seconds) while preparing for maximum internal energy (for example, 64K) The number of IP datagram reorganization.
If the NIDS received packets over the limit, NIDS have packet loss, which occurred DoS attacks.

1.2.6.2 IP fragment overlap
IP packet fragmentation in the reorganization of the time, if met, then overlapping fragments, each operating system is not the same approach, for example, some systems will use the first received fragment (Windows and Solaris), some will be adopted after the closing to the slice (BSD and Linux), if the overlapping fragment of data is not the same thing, and NIDS approach is different with the protected host, it will lead to NIDS packet after the reorganization of the protected host and the packet is inconsistent, NIDS to bypass the detection.
For example, TCP or UDP can overlap the destination port, and then penetrate through most firewalls now, and may bypass the NIDS.
You can also overlap TCP flags, so that NIDS can not correctly detect the TCP FIN packet, so that NIDS soon to be able to simultaneously monitor the maximum number of TCP connections; to NIDS can not correctly detect TCP SYN packet, so that NIDS can not detect TCP connection due.

1.2.6.3 TCP segmentation
If the NIDS can not be re-TCP stream, you can bypass the TCP segmentation to NIDS.
Some unusual TCP segmentation will confuse some of NIDS.

1.2.6.4 TCP un-sync
Sent the wrong in the TCP sequence number, send the duplicate serial number, reverse the order to send such, it is possible to bypass the NIDS.

1.2.6.5 OOB
Attacker to send OOB data is protected if the host application can handle OOB, as NIDS can not predict the protected buffer when the host received OOB data in the number of normal, they may bypass the NIDS.
Some systems, when dealing with OOB will be the beginning of a byte of data discarded (such as Linux, the Apache, but IIS is not), then by sending in more than one TCP segment, including options with OOB TCP segment, then NIDS may lead to the data stream after the reorganization of the host and the protected application is inconsistent, and thus bypass the NIDS.

1.2.6.6 T / TCP
If the destination host can handle things TCP (currently very few systems support), an attacker can send transaction TCP, NIDS may not be protected with the host application on the same treatment, which may bypass the NIDS.

1.3 Resource and capacity constraints

The DoS attack against the NIDS 1.3.1.

1.3.1.1 the impact of high flow
Attacker to the protected network to send large amounts of data, more than NIDS processing power is limited, the situation of packet loss will occur, which may lead to acts of omission of the invasion.
NIDS network packet capture capabilities associated with a number of factors. For example, 1500 bytes in each packet case, NIDS will be over 100MB / s of processing power, even to more than 500MB / s of processing power, but if only 50 bytes per packet, 100MB / s of traffic means that 2 million package / s, most of which will exceed the current handling capacity of cards and switches.

1.3.1.2 IP fragmentation attacks
Attacker to the protected network to send a large number of IP fragments (such as TARGA3 attacks), more than NIDS IP fragments can be simultaneously restructuring capacity, leading technology through IP fragmentation attacks omitted.

1.3.1.3 TCP Connect Flooding
Attacker to create or simulate a large number of TCP connections (described by the above method of IP fragment overlap), while more than NIDS to monitor the maximum number of TCP connections, resulting in unnecessary TCP connection can not be monitored.

1.3.1.4 Alert Flooding
Attacker can detect the light of the rules posted on the network, while the attack would deliberately send a large number of alarm caused by NIDS data (such as stick attack), may exceed the speed NIDS to send alarm, resulting in omission, and to network received a large number of alarm, it is difficult to distinguish real attacks.
If you send 100 bytes can generate an alarm, you can generate per second through dial-up 50 police, 10M LAN can produce 10 thousand per second alarm.

1.3.1.5 Log Flooding
The attacker will send large amounts of data caused by NIDS alarms and eventually led to the space NIDS to be depleted Log, Log to delete the previous record.

1.3.2 RAM and hard drive limit
If the NIDS to improving the ability to process the IP fragments and TCP connection monitoring capabilities restructuring, which will require more memory to do the buffer, if the NIDS's memory allocation and management is not good, will the system cost a lot of exceptional circumstances memory, if the start using virtual memory, it will shake the memory may occur.
Hard drive speed is usually far less than the speed of the network, if the alarm system to produce a large number of records to the hard drive, will cost enormous amounts of system capacity, if the system records the original network data, save a large and high-speed network data will require expensive large-capacity RAID.

1.4 NIDS related to the vulnerability of the system
NIDS itself should have very high security, generally used for monitoring the network cards are not IP addresses, and other card will not open any ports. However, associated with the NIDS system may be attacked.

1.4.1 Console host of security vulnerabilities
Some systems have a separate console, if the attacker can control the console to the host computer, you can control the entire NIDS system.

1.4.2 Sensor and the vulnerability of the console communication
If the communication between sensors and the console may be attacked by a successful attack, will affect the normal use of the system. Such as conducting ARP deception or SYN_Flooding.
If the communication between sensors and console explicit communication or simply use encryption, you may be subject to IP spoofing or replay attacks.

1.4.3 and the system alarm and other equipment related to the vulnerability of communications
If an attacker can successfully attack the system alarm and other related equipment, such as mail servers and so on, will affect the alarm message is sent.

2 HIDS weaknesses and limitations

2.1 Resource constraints
As HIDS installed on protected hosts, so the resources can not be too much occupied, thus limiting the detection method used and the processing performance.

2.2 operating system limitations
Unlike NIDS, manufacturers can customize their own operating system, a sufficient security to ensure their own security NIDS, HIDS where the security of the host operating system under its security restrictions, if the host system is compromised, HIDS will soon be cleared. If the HIDS as stand-alone, it is basically not successful attack can only be detected if the HIDS for the sensor / control panel structure, will be faced with the same NIDS attack on the related systems.
Some HIDS will consider increasing the security of the operating system itself (such as LIDS).

2.3 System log limit
HIDS will monitor the system log to discover through the suspicious behavior, but some procedures are not sufficiently detailed system logs, or no logs. Some of the invasion would not in itself be a system log of the proceedings recorded.
If the system does not install third-party logging system, the system's own log system will soon be intruders or modified, and intrusion detection systems typically do not support third-party logging systems.
If there is no real-time inspection system HIDS log, then use automated tools to attack will be entirely possible to complete the inspection interval and clear of all the attack works in the system log traces.

2.4 The core of the system was modified to fool the paper check
If an intruder to modify the system core, you can fool a tool based on file consistency check. It's like the beginning of certain viruses, when they think that by the time of inspection or to track the original documents or data will be available to the inspection tool or tracking tool.

Detection limit of 2.5 Network
Some HIDS can check the network status, but will face many problems facing the NIDS.







相关链接:



Youtube zen



Photoshop top aides - EXTENSIS Photo Graphics (1)



Mp4 To Avi Converter Free



Interview with B & Q (China) Vice President, Human Resources Director Miss Hu Weiyan



News About Games Board



Do for others to do the wedding dress carriers should be out of the "influence" the edge



Neusoft transition stranded behind the overall market REJECTIONS



Convert Xvid To Divx



PICKED Pager Tools



IME TOOL to INPUT more obedient



Jack Ma, Alibaba Will Open A Large Envelope Puzzle



Exchange links need special attention



What rod dealer outlets



Flv Format



Guide Adventure And Roleplay



C # and object-oriented programming language [1]