Reborn 2005: The Internet Myth

Wang is sleeping soundly in his new house, but the Microsoft Security Response Center on the other side of the ocean is a little busy.

Since the bounty mechanism was announced, and I promised to give some money, but I also issued an announcement to express my gratitude, I have received many vulnerability reports day and night.

Some of them cannot be considered vulnerabilities at all, but the uploader will still mark them as "Threat Level: Ultra High"! However, sufficient manpower must be used to read these vulnerability reports one by one extremely carefully, and verify and reproduce them.

There is no way, the Windows system is the lifeblood of Microsoft.

Serious vulnerabilities may even cause huge losses, such as the famous "Shock Wave" virus, which caused at least $500 million in economic losses around the world.

The main job of Microsoft senior researcher Parker is to reproduce important vulnerabilities reported by Microsoft staff around the world after screening and provide solutions.

Parker's job is very leisurely, because he only has to deal with vulnerabilities with a threat level of "extremely high". Such vulnerabilities are rare, and he is usually free to do his own research.

He came to the office early in the morning, drank a sip of coffee, sat comfortably in front of the computer, and opened the work system.

Looking at three consecutive vulnerability reports in the system, Parker felt nervous and almost choked on the fragrant coffee. After looking at the sources of the reports, they all came from Microsoft Asia, and the submitter was named "Hu".

Opening the vulnerability report, the description of the vulnerability is very specific and complete. Looking at the principle of the vulnerability, the wording is very precise and the expression is very specific.

Parker was about to try to reproduce the vulnerability and think about how to fix it, but he saw a solution at the end of the report.

Well, the senior researcher doesn't bother looking at other people's solutions.

Of course, just by looking at the report, you know that the vulnerability is absolutely real and extremely threatening.

Parker quickly reproduced the principle in the report and broke out in a cold sweat because he could instantly think of several ways to use this vulnerability to spread the virus on a large scale.

And this vulnerability affects all Windows systems, including all personal and server versions.

When there is a vulnerability, it is easy to patch it, but the difficult thing is how to solve it quickly. In the process of thinking, Parker thought of the solution attached to the report. Maybe he can refer to it?

The solution is also expressed in the same way, specific and precise.

It didn't even take Parker long to create a patch package based on the solution, and he didn't change a single thing.

Can't be changed.

Optimal solution!

What makes Parker feel horrified is that the three vulnerability reports and solutions are all like this. They are as precise as machines, accurately digging out hidden vulnerabilities, and then filling them in the most reasonable and perfect way.

God, if this person comes to Microsoft, I'm afraid I'm going to give him a hand?!

Parker still had to report to his superiors.

For vulnerabilities with extremely high threat levels, Microsoft acted very quickly. It immediately arranged for the patch package to be put online, and held a press conference in Seattle to call on users around the world to update the patches in a timely manner. At the press conference, Microsoft expressed its utmost gratitude to the vulnerability discoverer "Hu" grateful.

He also said that he welcomes Hu to join Microsoft and has prepared office clouds for him.

Microsoft Daxia also updated its Chinese website as soon as possible and held a press conference, calling on users to update the patch as soon as possible and thanking "Huo Rong". The wording was similar to that at Microsoft headquarters.

One morning passed, and the Internet in Daxia gradually began to agitate.

Many people may not understand what patching means, but that doesn't stop them from knowing that Huorong is so awesome that even a world-class company like Microsoft held a press conference to express its gratitude.

When Wang Zheng got up from his sleep, the Internet was already overwhelmingly filled with information about Huo Rong.

Microsoft's announcement was reprinted on several major portal websites, and they also published their own comments. Without exception, the comments were full of praise and praise for Huo Rong, and at the same time they also speculated on Huo Rong's true identity. identity.

It was an instant hit.

Wang Zheng did not expect Microsoft to move so quickly. It was just three advanced threat vulnerabilities. What was the situation? It couldn't be possible.

When I saw Microsoft announcing three "ultra-high threat" vulnerabilities, it became clear.

This should be caused by the different standards for vulnerability classification. Technology is advancing with each passing day. It is expected that these vulnerabilities released in 2007 would have different threat levels in 2005.

When he opened his mailbox, Microsoft Daxia had sent him a lengthy email in Chinese.

The main gist is what was said at the press conference. In addition, he expressed the hope to get Huo Rong's name, address, phone number and other information. They will come to express their gratitude in person and offer bonuses.

Wang Zheng felt that such a large company should not default on its debts, but it was unnecessary to meet him. He was not a security expert in the first place, and even the vulnerability report was ripped out of the patch package intact.

Wouldn't it be obvious if we just chatted a few words when we met?

So I wrote back: There's no need to meet. I don't plan to work at Microsoft. I'll just give you a card and the money will be transferred. It's best to exchange it directly for Daxia money, not US dollars. I hope my identity will be kept confidential.

Of course, this confidentiality is to protect gentlemen from villains. It is better to keep it secret, but if not...

This is Daxia! What can you do if I don’t talk to you?

In less than twenty minutes, I received a message on my phone and credited 300,000 yuan.

When I opened my mailbox, there was indeed a new email.

It means respecting Huo Rong and doing what Huo Rong said. He also said that 300,000 is a bonus from Microsoft Asia, and there will be additional incentives from Microsoft headquarters. He hopes that Huo Rong will continue to work hard.

Ouch! Is it possible to make money by checking bugs?

Three hundred thousand is not a small amount of money. It is enough to buy a big house in Nandu City and still have some money left for decoration.

Then I’ll give you three more!

After submitting the vulnerability, Wang Zheng closed the page and started studying.

"Fire Rong" must take advantage of this wave to be released, but before that, he must learn how to modify the software UI.

A piece of software is divided into two parts, the kernel and the UI.

The kernel is the core of the software, and specific functions are implemented by the kernel. UI is the collective name for the interface, text, and function buttons that the user sees.

The core of the software cannot be tampered with, and of course, Wang Zheng cannot move it either. The UI is fine.

Once he understands the UI of "Huo Rong", he can freely control what is displayed on the interface and what is not displayed.

Then, eliminate all text that would reveal the time and company name, and officially publish it!

Plan passes.

After the installation of "Huo Rong" was completed, there were a lot of files in the folder. Wang Zheng didn't know the specific functions, but he recognized the words "UI files" displayed in the resource manager!

The developers of Huorong are awesome!

I sighed and started searching online for tutorials on how to open UI files, how to modify them, etc. Fortunately, it didn't look difficult.

Just try it, if it doesn't work, let's talk again.

After carefully studying various tutorials, I finally found a software called "notepad++" and successfully opened the UI file.

Thanks to his long-term contact with computers, Wang Zheng also taught himself a lot of English. Daily communication is difficult, but he can still understand some commonly used computer terms.

Soon, he understood the program structure of "Tinder". The main interface contains four buttons: antivirus, protection, one-click optimization, and security tools. These are basic functions and have a separate UI file.

The security tools include "pop-up blocking", "vulnerability repair", "system repair", "junk cleaning" and other functions, which are modular. Each module has a separate program and a UI file.

This is very convenient.

Find the corresponding function, open the UI file, and directly mess with it!