The WooYun (Chinese: 乌云网; lit. 'dark cloud')[2] was a Mainland China-based vulnerability disclosure platform[3] founded in May 2010[4] by Fang Xiaodun[5] and Meng De.[6] It posted an announcement on July 20, 2016 that the site was down for an upgrade and would be restored in the shortest possible time.[7] However, as of April 12, 2021, the website remains inaccessible.[8]
Type of site | Vulnerability forum[1] |
---|---|
Dissolved | July 20, 2016 |
Founder(s) | Meng De Fang Xiaodun |
URL | www.wooyun.org |
WooYun touted itself as a "free and equal platform for reporting vulnerabilities".[9] The Wooyun.org domain name was registered on May 6, 2010.[10]
Legal incidents
editJD and Jia Wei
editThis section is empty. You can help by adding to it. (July 2021) |
Jiayuan and Yuan Wei
editA white hat by the name of Yuan Wei ("YW") submitted an SQL vulnerability to Jiayuan.com in December 2015. Jiayuan fixed the issue and publicly thanked YW, but reported him for alleged theft of more than 900 rows of personal information in January 2016. The suspect was taken into custody in April while maintaining his innocence, explaining the access as caused by the sqlmap program.[11]
Shutdown
editOn the evening of July 19, 2016, someone broke the news that all the senior managements of WooYun were taken away by the police.[12]
The Wall Street Journal said it was unclear whether the Chinese government shut it down or its organizers did.[13]
iThome.com.tw speculated that the most likely reason for the shutdown of WooYun was that hackers on the platform exposed a vulnerability in the system of China's United Front Work Department, which had leaked Chinese state secrets and stepped on the bottom line of the Chinese government.[14]
Notable disclosures
editThis section is empty. You can help by adding to it. (July 2021) |
References
edit- ^ Jeremy Kirk (Jan 8, 2014). "Nvidia takes customer site offline after SAP bug found". PC World.
- ^ Shengzhao Long; Balbir S. Dhillon (21 August 2017). Man–Machine–Environment System Engineering: Proceedings of the 17th International Conference on MMESE. Springer. pp. 734–. ISBN 978-981-10-6232-2.
- ^ Hanqing Wu; Liz Zhao (6 April 2015). Web Security: A WhiteHat Perspective. CRC Press. pp. 237–. ISBN 978-1-4665-9262-9.
- ^ Jens Grossklags (2015-10-14). "An Empirical Study of Web Vulnerability Discovery Ecosystems" (PDF). Federal Trade Commission.
- ^ "Founder of China's largest 'ethical hacking' community arrested". Hong Kong Free Press. July 30, 2016.
- ^ "The secret of the WooYun: China's largest hacker training base?". Ta Kung Pao. Dec 2, 2013.
- ^ India Ashok (August 1, 2016). "China arrests ethical hacker organisation Wooyun's founder". IBTimes UK.
- ^ "WooYun.org - free and equal platform for reporting vulnerabilities". www.wooyun.org. Archived from the original on 2011-06-18. Retrieved 2021-04-12.
- ^ "WooYun says there is a vulnerability in a branch of the Tourism Bureau of Taiwan's Ministry of Transportation and Communications". Apple Daily. 2015-12-29.
- ^ "WHOIS Record for Wooyun.org". WHOIS. Retrieved 2020-04-13.
- ^ Lei, Jianping (2016-07-06). "白帽子提交世纪佳缘漏洞后已被抓3个月 拷问网络安全边界" [White hat has been in custody for 3 months after submitting JY vulnerability, questioning network security boundaries]. tech.sina.com.cn.
- ^ "After the inaccessibility of WooYun, let's explore where the legal boundary of vulnerability testing lies?". Tmtpost.com. 2016-07-20. Archived from the original on 2020-07-27.
- ^ "China's 'White-Hat' Hackers Fear Dark Times After Community Founder Is Detained". The Wall Street Journal. Aug 1, 2016.
- ^ "Seeing the Chinese government's control over the Internet in the light of the shutdown of WooYun". iThome.com.tw. 2016-08-02. Archived from the original on 2020-07-27.