Social:WooYun

From HandWiki
Short description: Defunct Chinese vulnerability disclosure platform
WooYun
Type of site
Vulnerability forum[1]
DissolvedJuly 20, 2016
Founder(s)Meng De
Fang Xiaodun
Websitewww.wooyun.org

The WooYun (Chinese: 乌云网; literally: 'dark cloud')[2] was a Mainland China-based vulnerability disclosure platform[3] founded in May 2010[4] by Fang Xiaodun[5] and Meng De.[6] It posted an announcement on July 20, 2016 that the site was down for an upgrade and would be restored in the shortest possible time. [7] However, as of April 12, 2021, the website remains inaccessible.[8]

WooYun touted itself as a "free and equal platform for reporting vulnerabilities".[9] The Wooyun.org domain name was registered on May 6, 2010.[10]

Legal incidents

JD and Jia Wei

Jiayuan and Yuan Wei

A white hat by the name of Yuan Wei ("YW") submitted an SQL vulnerability to Jiayuan.com in December 2015. Jiayuan fixed the issue and publicly thanked YW, but reported him for alleged theft of more than 900 rows of personal information in January 2016. The suspect was taken into custody in April while maintaining his innocence, explaining the access as caused by the sqlmap program.[11]

Shutdown

On the evening of July 19, 2016, someone broke the news that all the senior managements of WooYun were taken away by the police.[12]

The Wall Street Journal said it was unclear whether the Chinese government shut it down or its organizers did.[13]

iThome.com.tw speculated that the most likely reason for the shutdown of WooYun was that hackers on the platform exposed a vulnerability in the system of China's United Front Work Department, which had leaked Chinese state secrets and stepped on the bottom line of the Chinese government.[14]

Notable disclosures

References

  1. Jeremy Kirk (Jan 8, 2014). "Nvidia takes customer site offline after SAP bug found". PC World. https://www.pcworld.com/article/2086080/nvidia-takes-customer-site-offline-after-sap-bug-found.html. 
  2. Shengzhao Long; Balbir S. Dhillon (21 August 2017). Man–Machine–Environment System Engineering: Proceedings of the 17th International Conference on MMESE. Springer. pp. 734–. ISBN 978-981-10-6232-2. https://books.google.com/books?id=WDUyDwAAQBAJ&pg=PA734. 
  3. Hanqing Wu; Liz Zhao (6 April 2015). Web Security: A WhiteHat Perspective. CRC Press. pp. 237–. ISBN 978-1-4665-9262-9. https://books.google.com/books?id=9469BwAAQBAJ&pg=PA237. 
  4. Jens Grossklags (2015-10-14). "An Empirical Study of Web Vulnerability Discovery Ecosystems". Federal Trade Commission. https://www.ftc.gov/es/system/files/documents/public_comments/2015/10/00079-98131.pdf. 
  5. "Founder of China's largest 'ethical hacking' community arrested". Hong Kong Free Press. July 30, 2016. https://hongkongfp.com/2016/07/30/founder-chinas-largest-ethical-hacking-community-arrested/. 
  6. "The secret of the WooYun: China's largest hacker training base?". Ta Kung Pao. Dec 2, 2013. http://finance.takungpao.com/tech/q/2013/1202/2077828.html. 
  7. India Ashok (August 1, 2016). "China arrests ethical hacker organisation Wooyun's founder". IBTimes UK. https://www.ibtimes.co.uk/china-arrests-ethical-hacker-organisation-wooyuns-founder-1573538. 
  8. "WooYun.org - free and equal platform for reporting vulnerabilities". http://www.wooyun.org/. Retrieved 2021-04-12. 
  9. "WooYun says there is a vulnerability in a branch of the Tourism Bureau of Taiwan's Ministry of Transportation and Communications". Apple Daily. 2015-12-29. https://tw.appledaily.com/life/20151229/DUJWSU4R5YF4OQAMNM7XVO5K6A/. 
  10. "WHOIS Record for Wooyun.org". WHOIS. https://whois.domaintools.com/wooyun.org. Retrieved 2020-04-13. 
  11. Lei, Jianping (2016-07-06). "白帽子提交世纪佳缘漏洞后已被抓3个月 拷问网络安全边界". https://tech.sina.com.cn/zl/post/detail/i/2016-07-06/pid_8507899.htm. 
  12. "After the inaccessibility of WooYun, let's explore where the legal boundary of vulnerability testing lies?". 2016-07-20. https://www.tmtpost.com/2419016.html. 
  13. "China's 'White-Hat' Hackers Fear Dark Times After Community Founder Is Detained". Aug 1, 2016. https://www.wsj.com/articles/BL-CJB-29440. 
  14. "Seeing the Chinese government's control over the Internet in the light of the shutdown of WooYun". 2016-08-02. https://www.ithome.com.tw/news/107478. 

See also




Retrieved from "https://handwiki.org/wiki/index.php?title=Social:WooYun&oldid=2589600"