CRYPTO CHINESE IS HARD
- Chinese doesn’t have an alphabet (rather than memorizing 26 letters you should memorize thousands of characters in order to be able to read and write. A Chinese person is considered illiterate if he doesn’t know at least 5000 characters).
- Pronunciation is hard. Well, it may get better with time and speaking Chinese is surely easier than writing Chinese, anyway there are some sounds that don’t exist in other languages. There is a limited number of phonemes, but there are 4 different tones + a neutral tone.
- Although some characters can be decomposed in a semantic component and a phonetic component that may be the same for multiple characters and the meaning of some characters may be guessed by their morphology, most of times it isn’t possible or at least not easy to infer the meaning and the pronunciation of a character without having studied it before. Often there isn’t a direct correspondence between the morphology and the pronunciation so it is necessary to study separately the shape, the meaning and the pronunciation of a character.
- Chinese sentences have no spaces. Did you know that? So a reader must be able to do a segmentation of the text and understand (in real time) if the word is formed by 1,2,3 or more characters. Making a mistake in this phase would lead to a shift that alters the meaning of the whole sentence.
CHINESE AND INFORMATION SECURITY – 中文和信息安全
Nowadays there are many Chinese hackers and security professionals. We often hear about Chinese malware, APT, Cyber espionage and Exploits. Many people heard about them, but only a few actually witnessed in first person the skills of Chinese hackers. We know they are there, we sometimes see them through the Apache logs or the hardcoded IPs in some malware that we reverse engineer for fun at weekend when we don’t know what to do or again trying to escape the jail of our honeypot. But what do we really know about them? Most of people don’t know where they meet and discuss about their attacks and their exploits, the tools they code and use and so on. Why? Simply because of the LANGUAGE BARRIER.
I’ve been studying Chinese for a few years and I can speak Chinese at intermediate level (yeah, it’s cool but you don’t know how many efforts it requires unless you try :P) so I thought: why not to explore Chinese websites looking for something interesting? Today I decided to share some links with you so I’ve been digging the web, performing manual searches of Chinese infosec keywords and collecting links of Chinese websites and personal blogs about ethical hacking and pentesting. This is the result of my efforts:
I created a github repo with the list of websites I found so far. No matter if you are Chinese or a foreigner you are free to contribute in multiple ways:
- making pull requests for adding new links
- reporting broken links (as of today 23/10/15 you shouldn’t find any 404 error, I manually browsed and selected each and every website)
- recommending a web scraping tool and the workflow that could help me to collect more websites in an efficient way
A NON-EXHAUSTIVE LIST OF CHINESE WEBSITES ABOUT ETHICAL HACKING AND PENTESTING
http://www.isafe.cc (contains also private toolsi)
http://www.leesec.com hacking tools
http://ver007.com/tools/APTnotes/ APT notes [HOT]
A FEW CONSIDERATIONS
If you were to look for Chinese websites you would probably restrict the search to .cn domains, but as you can see there are many non .cn domains that are actually used. Let’s think about the possible reasons:
- avoiding the Chinese censorship
- giving a more international name for increasing the audience
- the Chinese person may be an expat and live in a foreign country
Another thing to notice about the domain names is that many contain the word “hack” or “sec” in it and sometimes “cn” that stands for China. A few others instead use the abbreviation of their personal name or a fantasy name.
Chinese love numbers. Usually most of websites registered by people coming from other countries tend to contain letters rather than numbers or at least in a minor quantity, instead Chinese people seem to particularly like them. P.S. the number 520 that you see in a few URLs means “I love you”.
Author: Fabio Baroni Date: 2015-10-23 03:08:23