Here eager to influence the age of genius hacker-hacker, GeekPwn, hacker contest-IT information

Author: bumrungrad

Every hacker is taking on the great stage stars

On May 12, 2016 GeekPwn hacker contest's first stop in Macau, security experts from China's most powerful judges take the tournament's first "brain hole" award from United States University of California doctoral candidate in Cao Yue. His team recreated the "world's top hackers" kaiwen·mitenike "any session hijacking the Internet technology": This means that almost all Android and Linux systems on the Internet, may at any time, anywhere is attacked, hijacked the address.

"The year of the 'TCP any remote hijack ' project which I feel brain hole is wide open, because everyone thought the TCP protocol for so many years have passed, there should be no problem, and no one has proved it has a problem, question it. But Cao Yue team to question it, and in the context of their experiment a success. This requires bold and vivid imagination. "Wang, founder of GeekPwn and gave a high evaluation. The project has received a total of $ 150,000 in cash prizes.

Three years ago, the technology company based in Shanghai, KEEN (Acer earthquake) founded the world-level security event GeekPwn (translated as "the great"). Geek means "geek", Pwn is "compromised device or system." GeekPwn literally means "geek break new devices and systems".

Both athletes ' strength, still game, this fabulous Macau has more highlights:

Hackers cracked two Xinjiang drones Wang Bingkun and Liu Jiewei was only 16 years old, is the youngest in the history of great players, they program hijacked the drone via mobile phone and have it landed. Although the final judges determine do not belong to the category security vulnerabilities, but two meat got competition, won the "geek spirit Award".

Butler Tencent computer network attack and defense team to crack Microsoft Surface Pro 4, control surface camera realizes remote monitoring and technical difficulty of a world class project "most PA Technology Award".

Non-employees in the security industry Girl Geek Jia Yun, in the game cracked the two different types of Intelligent remote control, demonstrates how to disguise the host to remote control the appliance.

Focusing on smart Safes security technical personnel "Uncle hacker p0tt1" (real name Yao Wei), in less than a minute of time to crack out one through Wi-Fi phone connected with the SAFEOK hack-proof smart safes, and transform it into a "don't get up may money not protect" alarm clock. Won the "award for the coolest show."

In three years, great race founder, CEO of KEEN company Wang Qi like a devout preacher, in all possible public dissemination of his and team held a very good intention: to inspire new thinking that could change our world, let us now and in the future of smart life more secure.

In the great arena, everybody is a star, which looked safe and reliable smart device in the hands of very vulnerable to strong technical strength. Multipole are not prominent and wealthy men, but these skilled genius presents a picture of a new technology for the world scene.

It is said that all programmers dream is when a hacker, and hacker's dream is to find the biggest security problem in the world, the most wide range of security issues.

To reproduce scenes of real harm of hacker attacks, is the first great race forms. In the great arena, once including Tesla, drones, POS machines, O2O payments, smart home, safe, hundreds of projects are white hat hackers break. Behind the bar to show the mainstream intelligent hardware and software use privacy security, information security, property and even serious issues of personal security.

Although the events of the young in the past two years has held up quite well and attracting attention from the security industry and the mainstream media, but after the first two games, Wang continues to believe that the creativity and imagination of the participants has not been properly inspired.

In his view, China has a lot of bright young people, many security technologies was not invented in the history, but vividly geeks will use the technology in China. In the process of looking for vulnerabilities, Chinese geek regularity is very good at finding things, then sublimate, finding more loopholes than foreign counterparts.

"This may be related to China's educational, Chinese-style education was good at summing up laws but do not know how to break the law, breakthrough thinking not much hackers do is outside of the designer, completed an impossible thing. "Wang Qi said.

2016 a terrific run-up to the Macau Grand Prix, the referee Yu 旸 wrote some words on the official website: "attack drone with a computer, you could use unmanned aerial vehicles to attack a computer? With an electromagnetic attack, you can use sound waves to attack? Some say Chinese hard but lacked creativity, I think it is just a imagination did not let go. ”

You can make intelligent toilet into a music fountain, please? You can make a noise monitoring intelligent Air Purifier into a bug you? You can also call to do 1000 taxis? Great when at the first, the Organizing Committee had throw prompts.

Applicants of great activities in the students, teachers and ordinary IT engineers, there are many people in non-IT industries. No such show as a platform for their chance in the past, and a very good rule is no rules. "As long as you dare to think, to find any intelligent product safety issues, we welcome you. Great to encourage the world's least rules, the most abstract and most creative new thinking on security geeks. Your whim will be respected and your results will certainly be recognized by material and moral. "Wang Qi said, great wanted to give more opportunities to young people to show their breakthrough thinking, leading the hacker spirit of exploring the unknown.

Great rough road: manufacturers from resistance, understanding that strategic cooperation

First great looking for cooperation in intelligence products manufacturers, get no support from domestic manufacturers, and even encountered some resistance. In their view, organized hackers to find businesses product vulnerabilities, it looks like "pick a protection fee." After some trouble, Wang only Microsoft, Google, Tencent and other support from several major manufacturers. "Foreign businesses have long been recognized, accepted, and even to pay for posture of vulnerability analysis. "Wang Qi said, but domestic enterprise security concept was not international standards, domestic atmosphere are" found that vulnerability is not safe. "

Black hat hackers and white hat, white hat engaging in information security research to help companies fix, while the Black Hat focuses on security attacks and take the profit. In Wang's view, any system vulnerabilities can exist, and white-hat has done is to identify vulnerabilities and to study whether these vulnerabilities could be exploited and the formation of attack. White hat attack vulnerabilities in order to manufacturer error correction, instead of illegal profits. "We don't do bad things, but to report the problem to the manufacturer will enable manufacturers to eliminate it, and make the Internet safer. ”

Changes from the beginning of the second session of the great. This year, manufacturers increasingly high emphasis on security, State of mind is more open. Smart vendors began to gradually accept "problems were found and destroyed more products more secure" good security concept. Great start to stimulate traditional security companies and manufacturers to make changes, and product manufacturers to be successfully breached (including millet, Lucia Lacarra, box cover, etc) are mostly from the perspective of protecting user security, sincerely to thank the terrific and is willing to fix product security issues as soon as possible. Sports manufacturers Huawei, millet and other company representatives were invited to appear at the challenge site. The security industry from "technology-driven" to "cooperation-driven" transformation makes safety awareness and the idea of intelligent software and hardware manufacturers with international standards.

Great white hat hacker constraint and commitment to comply with international rules, adhere to the "Scientific neutrality does not compromise" principle, the activities after the vulnerability report submitted to the Organizing Committee of smart software and hardware vendors, helping fix security problems. Prior to the vendor to fix vulnerabilities, all details are not open to the public, avoid being taken advantage of.

"Holding this activity most people misunderstand us, it could be a nunchaku, people thought you were going to hit, we let people exercise, or self-defense. "Wang Qi said.

Objective of holding great not for virtuoso, but through the top most popular smart device activity breached security geeks, security geek talent push manufacturers to fixing bugs, improving product safety. "Outside, the pursuit of perfection" is a terrific advocate the hacker spirit, discover and cultivate talents is a terrific beginner's mind.

Geeks with equal communication to the company, not only to show their talent, find and fix problems and all parties can work together. The logic behind this is, in the face of an increasingly difficult security situation, manufacturers and independent technology research and development and confrontation can not meet the varied forms of modern network attack and defense resistance, alliances have become China's cyber security trends for the future.

In 2016, a terrific Macau, Jingdong Tencent safe, smart, millet, Huawei and other manufacturers as a great strategic partner, are sending guests to the scene to help out. Millet chenyang, Chief Security Officer, said: "white hat hackers are very welcome to help us find the defect of the product, we make the product safer. "Zhou bin Huawei a security expert, said:" from an external security force to be reckoned with in the community ... ... These ideas can find some new ideas, it is necessary to improve security. ”

CCTV in the year 315 evening, KEEN team live shows because it does not use HTTPS to encrypt some plaintext traffic may be obtained by an attacker, this interaction is to use router vulnerability to complete the great contest. 315, facilitated by the great, the country's Internet Division joined the battle for encryption, providing effective security for the user. This year April aliyun begun HTTPS encryption solutions company cloud acceleration, also announced that promote HTTPS, SSL certificate for free, among other measures.

Great have come in the third year, while providing platform for hackers in the world, and smart manufacturers and security companies in personnel training, product safety, ecological construction, gradually building up into an intelligent network security community. Great has reached a strategic cooperation with many manufacturers, will jointly launched the smart hardware safety standard in the future, to promote intelligent network security.

Future hacker

In Wang's view, hacker may not be this in the future based on CPU architecture and hardware technology and may even not from Internet services, and great hope to find these hackers in the future.

Hackers: Heroes of the computer revolution, a book, author Steven Levy about the computer revolution in the smartest and the most personality-rich hacker story. They have the courage to take risks, challenge rules, not only to see and experience the magic of technology, but also efforts to release the magic, let it benefit humanity, media and a new generation of heroes from their eyes.

渴望影响这个时代的天才黑客都在这里了 - 黑客,GeekPwn,黑客大赛 - IT资讯

本文作者：康民

每一个登上极棒舞台的黑客都是明星

5月12日，GeekPwn黑客大赛2016年的首站澳门，来自中国最权威的安全专家评委们把该赛事的首个“最大脑洞奖”颁给了来自美国加州大学的在读博士生曹跃。他所在的团队重现了“世界头号黑客”凯文·米特尼克的“任意互联网会话劫持技术”：这意味着互联网上几乎所有的安卓和Linux系统，都可能在任意时间、任意位置被攻击，被劫持通讯。

“今年的‘TCP任意远程劫持’项目我觉得是脑洞比较大开的，因为大家都认为TCP协议已经过去这么多年了，应该不会存在问题，也没有人证明过它有问题，质疑过它。但曹跃所在团队居然去质疑它，并且在他们的实验环境下取得成功。这需要大胆和丰富的想象力。”GeekPwn发起和创办人王琦给予很高的评价。而该项目也因此获得了总计15万元的奖金。

三年前，总部位于上海的科技公司KEEN（碁震）创办了世界级安全赛事GeekPwn（中译为“极棒”）。Geek意为“极客”，Pwn是“攻破设备或者系统”。GeekPwn的字面意思是“极客攻破新设备和系统”。

无论是选手实力，还是比赛过程，这届极棒澳门站都有更多的亮点：

破解大疆无人机的两名黑客王丙坤和刘杰炜年仅16岁，是极棒史上年龄最小的参赛选手，他们通过手机程序劫持无人机并让其降落。虽然最终评委判定不属于安全漏洞范畴，但两位小鲜肉还是得到了大赛的肯定，获得“极客精神鼓励奖”。

腾讯电脑管家网络攻防小组破解微软Surface Pro 4，控制surface摄像头，实现了远程监控，这个世界级技术难度的项目获得“最霸技术奖”。

非安全行业从业人员的女极客贾云，在比赛现场破解了两款不同的智能遥控器，演示了如何伪装成主人对家电进行遥控。

专注研究智能保险箱的安全技术人士“黑客叔叔p0tt1”（本名姚威），在不到一分钟的时间内就破解掉一台通过Wi-Fi与手机相连的SAFEOK防黑客智能保险箱，并将其改造成“不起床就可能钱财不保”的闹钟。获得了“最酷展示奖”。

三年来，极棒大赛创办人、KEEN公司CEO王琦像一位虔诚的布道师一样，在一切可能的公开场合传播着他和团队举办极棒的初衷：激发可能改变我们世界的新思维，让我们现在和未来的智能生活更安全。

在极棒的舞台上，每一个人都是明星，那些看起来安全可靠的智能设备在手握强大技术实力的极客面前不堪一击。虽然很多极客都不是有名望和富有的人，但这些技术精湛的天才们为世人呈现了一幅全新的科技景象。

有人说，所有程序员的梦想都是当黑客，而黑客的梦想就是找到世界上最大的安全问题，影响最广泛的安全问题。

场景化地重现黑客攻击的真实危害，是极棒首创的竞赛形式。在极棒的舞台上，曾经有包括特斯拉、无人机、POS机、O2O支付、智能家居、保险箱等在内的近百个项目被白帽黑客攻破。极棒向人们展示了主流智能软硬件使用背后关于隐私安全、信息安全、财产安全，甚至人身安全的严重问题。

尽管这个年轻的赛事活动在过往两届都有不俗表现，并且吸引了安全行业人士和主流媒体的关注，但经过前两届的比赛，王琦仍然认为，参赛选手的创造力和想象力还没有被完全激发。

在他看来，中国有很多聪明的年轻人，历史上很多安全技术不是中国人发明的，但中国极客会把这些技术用得淋漓尽致。在找漏洞过程当中，中国极客非常善于发现规律性的东西，然后在此基础上进行升华，往往比国外同行发现更多漏洞。

“这也可能跟中国的教育有关，中国式教育的特点是善于总结规律但不善于打破规律，突破性思维不多，而黑客做的事情就是超出设计者的预期，完成一件原本不可能完成的事情。”王琦说。

2016年极棒澳门站比赛前夕，总裁判于旸在官网上写下一段话：“有人用电脑攻击无人机，你能不能用无人机攻击电脑？有人用电磁波攻击，你能不能用声波攻击？有人说中国人勤奋但缺乏创造力，我觉得只是想象力没有放开。”

你能让智能马桶变成音乐喷泉吗？你可以把一台带噪音监测的智能空气净化器变成一个窃听器吗？你可以同时叫来1000辆出租车吗？在第一届极棒举办时，大赛组委会曾抛出这样的提示。

极棒活动的报名者有在校学生、老师、普通IT工程师，还有很多非IT行业的人。过去没有一个平台给他们这样的展示机会，而极棒的规则就是没有规则。“只要你敢想、能发现任何智能产品的安全问题，我们都欢迎你。极棒鼓励这个世界上最不被规则束缚、最天马行空、最具创造力的安全极客新思维。你的奇思妙想一定会得到尊重,你的研究成果一定会得到物质和精神的认可。”王琦说，极棒希望给更多优秀的年轻人展现其突破性思维的机会，引领黑客探寻未知的精神。

极棒崎岖路：厂商从抵制、理解到战略合作

第一届极棒在寻找智能产品厂商的合作时，得不到任何国内厂商的支持，甚至遭遇了部分厂商的抵触。在他们看来，组织黑客们来寻找商家产品漏洞，看起来像是“找茬收保护费”。在一番周折后，王琦只获得了微软、谷歌、腾讯等几家大厂商的支持。“国外商家早就有了承认、接受甚至花钱购买安全漏洞分析的姿态。”王琦说，但国内企业的安全观并未国际接轨，国内的氛围是“发现漏洞就是不安全”。

黑客分黑帽和白帽，白帽从事信息安全研究，帮助企业修复漏洞，而黑帽则专注于安全攻击并借此获利。在王琦看来，任何系统都会存在漏洞，白帽所做的工作是找出漏洞，并研究这些漏洞是否会被利用并形成攻击。白帽攻击漏洞是为了给厂商纠错，而不是非法牟利。“我们不做坏事，而是要把问题报给厂商，让厂商把它消灭，让整个互联网变得更安全。”

转变从第二届极棒开始。这一年，厂商对安全的重视程度越来越高，心态更加开放。智能厂商开始逐步接受“问题被发现和消灭的越多，产品越安全”的极棒安全观。极棒开始激发传统安全公司和厂商做出改变，被成功攻破的厂商产品（包括小米、拉卡拉、盒子支付等）大多从保护用户安全的角度，真诚地向极棒致谢，并愿意尽快修复产品安全问题。参赛项目厂商华为、小米等公司的代表还受邀出现在挑战赛现场。安全行业由“技术驱动”向“合作驱动”的转型，标志着国内智能软硬件厂商的安全意识和观念逐渐与国际接轨。

极棒遵守国际通用的白帽子黑客约束与承诺规则，坚持“科学中立不妥协”原则，活动过后，组委会将智能软硬件的漏洞报告提交给厂商，协助修复安全问题。在厂商修复漏洞之前，所有细节均不对外公开，避免被人利用。

“举办这个活动最怕别人误解我们，它可能是一个双节棍，别人以为你要打人，实际上我们的结果是让人强身健体，或者说防身。”王琦说。

举办极棒的目的不是为了炫技，而是通过顶级安全极客攻破最热门智能设备的活动，发现安全极客人才，推动厂商去修补漏洞，提高产品安全系数。“打破常规、追求极致”是极棒倡导的黑客精神，发现并培养人才是极棒的初心。

极客们与厂商平等沟通，不仅可以展现自己的才华，而且各方可以联合起来共同发现并解决问题。这背后的逻辑是，面对日益严峻的网络安全形势，厂商们的独立技术研发和对抗已不能满足形式多变的现代网络攻防对抗战，合纵连横已成为中国网络安全面向未来的大势。

在2016年极棒澳门站，腾讯安全、京东智能、小米、华为等厂商作为极棒的战略合作伙伴，都派出嘉宾到现场助阵。小米首席安全官陈洋表示：“非常欢迎白帽黑客来帮助我们寻找产品的瑕疵，我们共同把产品做得更安全。”华为安全专家周斌说：“来自外部安全社区的力量不可忽视......这些想法能够发现一些新思路，这对改善程序安全都是很必要的。”

在今年的央视315晚会上，KEEN团队现场展示了因为没有使用HTTPS加密，一些明文通信可能被攻击者获取的场景，这一现场互动就是利用极棒大赛上路由器的漏洞完成的。315之后，在极棒的推动下，国内互联网大司纷纷加入到这场加密保卫战中，为用户提供切实的安全保障。今年4月阿里云开始对外推出HTTPS加密解决方案；百度云加速也宣布全面推动HTTPS化、SSL证书免费等措施。

极棒已经走到第三年，为全球黑客提供展示平台的同时，与智能厂商和安全企业在人才培养、产品安全、生态建设上，逐渐形成了一个智能网络安全共同体。极棒还与众多厂商达成战略合作，未来还会共同推出智能硬件安全标准，共同推进智能行业网络安全发展。

寻找未来的黑客

在王琦看来，未来的黑客可能都不会是现在这种基于CPU架构和硬件技术的人，甚至可能也不是来自于互联网服务领域，而极棒希望可以找到这些未来的黑客们。

在《黑客：计算机革命的英雄》一书中，作者Steven Levy讲述了计算机革命浪潮中那些最聪明和最富有个性的黑客们的故事。他们勇于承担风险，挑战规则，不仅看到并亲自体验了科技的魔力，而且还努力把这种魔力释放出来，让它造福于全人类，成为媒体和用户眼中新一代英雄。