“标准哥”是南京大学软件学院2010级男生刘靖康，这个外号源于今年7月刘靖康的一次“突发奇想”，他用7000张同学的照片做出南京大学各院系“标准脸”，网友送外号“标准哥”。

"Standard elder brother"The nanjing university software institute LiuJingKang level 2010 boys,This nickname LiuJingKang from July this year"Abrupt fantasy",In 7000 he made pictures of nanjing university departments"Standard face",The net friend send nickname"Standard elder brother".

　　扬子晚报曾报道过的南大“标准哥”刘靖康又成为焦点，这位曾通过电话按键音成功破解360总裁周鸿祎手机号码的“软件小子”，竟然又利用漏洞入侵学校教务员邮箱搜到期末考试试卷，并将整个入侵过程公布在人人网上。

The south Yangtze evening news reported"Standard elder brother"LiuJingKang again become the focus,The former through phone button sound successful break 360 President ZhouHongYi mobile phone number"Software boy",Unexpectedly and use loophole invasion of school educational member email search to the final exam papers,And will be announced the intrusion process in all online.

　　不过这次，他没这么幸运，学校很快知道了此事，还喊来了刘爸爸，连刘靖康自己也在人人网上说：“可能要被开除了。”南大“技术帝”真的要被开除了吗？扬子晚报记者昨日展开了追访。

But this time,He didn't so lucky,The school know this matter soon,Also called the liu dad,Even LiuJingKang oneself also said in everyone on the Internet:"Is likely to be fired."ntu"Technology of emperor"Really want to be fired?Yangzi evening news reporters yesterday launched after visit.

A “标准哥”又成焦点 A "Standard elder brother"And to focus on

发帖演示如何搜出期末试卷 Post show how to find out the final exam

　　26日晚，刘靖康在人人网上发布了一条爆炸消息，如何通过入侵老师邮箱拿到期末考卷和修改成绩：“先声明，这个漏洞是无意中发现的，我只是验证了它可行了，但是最后是没有干坏事的，否则被发现会被退学的……另外就是目测很多高校的邮箱系统都有这样的漏洞，欢迎其他学校的同学去实践和验证……”

26 night,LiuJingKang exploded in a everyone online news,How to through the invasion of the email to get the final test and modify results:"The first statement,This vulnerability was accidentally discovered,I just proved it feasible,But in the end there is no do bad things,Or is found will be dropped out……The other is the visual many colleges and universities mail system have such loopholes,Welcome to other schools the students to practice and validation……"

　　紧接着，这位“技术帝”一步步详细解析了入侵软件学院教务员信箱的整个过程。“一般来说，学院是相对独立的组织，我们的试卷都是由任课老师命题然后发给学院的教务员来打印，最终送到我们手上。怎么发呢，我觉得U盘不太靠谱也不好管理，猜测是邮箱发的，所以我们的目标就是要登录到教务员的邮箱那里，拿到试题。”“登录的话一般情况下需要密码……我们要利用的是cookie（cookie指某些网站为了辨别用户身份、进行session跟踪而储存在用户本地终端上的数据百度百科的解释），因为服务器除了密码以外也认这个东西，而且这个东西我们可以在浏览器上伪造。”

And then,the"Technology of emperor"Step by step detailed analysis of the invasion of the whole process of software college academic member mailbox."Generally speaking,,College is relatively independent of the organization,Our papers are made by teacher proposition and then sent to the college academic member to print,Finally delivered to our hands.How to send?,I don't think U disk by spectrum is bad also to management,Is email,So our aim is to log on to the academic part of mail there,To test.""Log in normally need a password……We will use the cookie(Cookie refers to some web sites in order to identify the user identity/In session tracking and stored in the data on the user's local terminal baidu encyclopedia of explanation),Because the server except the password also know this thing,And the things we can forge on the browser."

　　怎么拿到cookie？刘靖康称“我们要再一次改思路：通过js让教务员把自己的cookie发回给我们。”25号晚9点多，他给教务员发了一封邮件，然后在26日收到回信后，迅速给cookie加上些东西变成了代码，再打开院邮，在chrome的console里输入登进教务员的邮箱了。“剩下的事情好办了，在邮件搜索‘卷’，就全出来了。”为了证明自己的确做到了，刘靖康还贴出了教务员邮箱有关试卷的邮件目录。“太多了，有13页，但是我们年级是3学期，所以下学期才考试哈。”刘靖康还保证，“我真没有打开过里面任何一封邮件和下载过试卷哦！”

How to get a cookie?LiuJingKang said"We want to change idea again:Through the js to academic member his cookie back to us."25 more than 9 PM,He sent an email to academic member,Then after 26 received a reply,Quickly add something into the code to cookie,To open the court mail,In the console of chrome enter an academic member of the mail."The rest of the things easy,In the email search‘roll’,It all came out."In order to prove himself is done,LiuJingKang also posted the academic member email about the paper mail directory."There is too much,There are 13 pages,But we are grade three semesters,So next semester exam."LiuJingKang also guarantee,"I really did not open any email within and download a test paper!"

　　成功“搜”出试卷之后，刘靖康还发表了一段关于“如何修改成绩”的猜想：“不出所料，成绩也是任课老师整理后在教务员那里汇总，然后再到学校教务处的，例如下面这种；方法很简单，将标题包含‘成绩’的邮件设置为spam，教务院就收不到了，然后你去spam那里去找回来，下载表格，修改成绩，以同样方法劫持任课老师的邮箱，重新发一封给教务员（大概可行吧，没试过）。”

success"search"After the papers,LiuJingKang also published a paragraph about"How to modify results"guess:"As expected,Also teacher after finishing academic member there together,And then to the school office of academic affairs,Such as below this;Method is very simple,The title contains‘results’The mail Settings for spam,Academic hospital won't accept it,Then you go to spam and go back,Download the form,Modify results,In the same way hijacked teacher's email,To send a letter to educational administration(Probably feasible!,Haven't tried)."

　　这篇日志在人人网发表后，随即被疯狂转载，引发网友大讨论。在一堆“跪拜”之后，有人表示“思路很新颖，就是不够详细啊。关键是收到老师的邮件后怎么改cookie。”还有人“求研究生入学考试专业课试题！”

This journal published in everyone nets,Immediately is reproduced crazy,A net friend big discussion.In a pile of"Bow down to"after,Someone said"Thinking is very novel,Is not enough detail.How to change after the key is to receive the teacher's email cookie."There are people"For postgraduate entrance exam specialized test!"

“标准哥”突然道歉删帖，说学校要开除他 "Standard elder brother"Suddenly an apology delete,That school to fire him

　　不过到了27日上午8:35分，刘靖康删除了自己的这篇日志。“今天早上8点接到辅导员电话，该日志被勒令删除了，抱歉”。他写道：“本人只是验证，自己并没有做坏事，也没有鼓励大家做坏事。如果真的想利用这种漏洞做坏事，我自己就一个人偷着乐了，何必发出来分享呢。反过来讲，这种漏洞其实并不那么难发现，我觉得学校可能对自己的系统太自信了，或者知道了这种漏洞也懒得去改，无论是哪一种情况，他们都不能保证说之前一定没有学生偷偷这么做过。”他表示，这个日志的传播速度也在本人预期范围内。

But also points to 27 morning,LiuJingKang deleted yourself of this journal."This morning at 8 o 'clock got a call from the instructor,The log has been ordered to delete,I'm sorry".He wrote:"I just verified,You didn't do bad things,Did not encourage everyone to do bad things.If you really want to use the loophole do bad things,I will a man steal the pleasures,Why do you send to share.In turn to speak,This hole is not so difficult to find,I think the school may be too confident of their system,Or know the vulnerabilities also lazy to change,No matter what kind of situation,They can't guarantee that no student must be secretly to do so before."He said,The log of velocity is also within the scope of my expectations.

　　随后刘靖康又在人人网上称，可能要被退学，爸爸已经被学校叫来谈话。“技术帝”被开除了，这一爆炸性消息再次激起网友的热议，一名自称刘靖康学弟的南大学生还给本报微博发来私信，“学长昨晚发现学校邮箱的漏洞破解了教务员的密码，学校打电话给他爸爸要开除他……”

Then LiuJingKang said in everyone online again,Is likely to be dropped out,Daddy has been the school called to talk."Technology of emperor"fired,The explosive news once again aroused the net friend of hot debate,A claim LiuJingKang drove the ntu students back to this micro bo sent occasionally,"Seniors find vulnerabilities cracked academic member of the school email last night of the password,The school to call his father to fire him……"

　　不过，很快刘靖康又做出了解释：“非常抱歉，刚刚关于退学的状态，是我父亲把老师的意思理解并传达错了。”昨天下午，刘靖康再次正式道歉：“在此，为我的冲动、浮躁和做事方式，向担心我的人、受到不好影响的人，以及因此事受损的软件学院，表达我的歉意，对不起！而事情的结果会按照学校正常的处理流程得出。另外我还是希望此事对院邮，其他学校的系统和受日志启发去思考和验证的同学会有积极的结果。”

but,Soon LiuJingKang and made the explanation:"I'm very sorry,Just about out of state,Is my father understand and convey the meaning of the teacher was wrong."Yesterday afternoon,LiuJingKang formally apologize again:"In this,For my impulse/Impetuous and ways,To worry about me/Affected by the bad man,And therefore things damaged software college,Express my apologies,I'm sorry!And the results of the things will be in accordance with the school normal process.Other I still hope that the matter to court mail,Other school systems and inspired by the log to think and validation of the students will have positive results."

当事人变“忐忑”，学校暂无处理决定 The variable"eventually",School no decision

　　昨天下午，扬子晚报记者再次拨通了刘靖康电话，之前因为他的“创新”，记者已经多次电话和他沟通，不过这次这名傲视群雄的“技术帝”一反常态，忐忑地表示不希望接受采访。

Yesterday afternoon,Yangzi evening news reporter dialed the telephone LiuJingKang again,Before because of him"innovation",Reporter has many times phone communication with him,But this time the standings"Technology of emperor"Agreed to,Eventually to say don't want to accept an interview.

　　记者随后联系了南京大学软件学院相关负责人，当记者询问是否会对刘靖康做出退学处理，她表示暂没有处理决定，而且处理此事将按照学校正常流程走，并不是软件学院的单方面决定。

Reporters then contacted the relevant person in charge of the nanjing university software institute,When reporters asked whether to LiuJingKang to quit school,She said no decision,And attention to this matter will be in accordance with the school normal process,Is not software college of unilateral decision.

B 网友热议 B/hot debate

是学校漏洞，还是“标准哥”玩过头 Is the school leak,or"Standard elder brother"Play too

　　“如果没有充分考量后果，技术开发只能带来灾难”

"Without considering the consequences,Technology development can only lead to disaster"

　　从盗用7000张照片P成南大各院系“标准脸”，到2秒内通过电话按键音破解360总裁周鸿祎手机号码，南大软件学院刘靖康名噪一时，他的才能还博得李开复的青睐，被邀请加入“创新工场”。不过此次入侵邮箱看考卷事件在网上争议颇多。甚至引发了一番关于“技术及人文、责任”的讨论。

From theft 7000 photo P into university departments"Standard face",To 2 seconds by telephone key sound break 360 President ZhouHongYi mobile phone number,Ntu LiuJingKang software institute,He can still win the favour of li,To be invited to join"Innovation workshop".But the incursion mail see test events on the Internet quite a lot dispute.Even caused a about"Technology and the humanities/responsibility"The discussion of the.

　　有网友认为，刘靖康发现漏洞不仅没有联系学校有关人员，反而在人人网上广而告之，“其实是无知带来的蝴蝶效应式的连锁反应。”“在技术开发之前如果没有对可能后果的足够充分，足够理性的考量，技术就只能带来灾难，或者更糟糕的，带来无法预知的甚至人类无法理解的问题。”“这就像故事皇帝的新装，明明是学校的邮件系统有漏洞，被学生发现破解后，应该是马上想办法把这个漏洞补上，而不是先要惩罚学生。”不少网友为他打抱不平，“呃……刘靖康同学只是发现而已，又没黑它，不能拿学生开刀吧……”

Netizens think,LiuJingKang found holes not only contact the relevant personnel,But in all online advertising,"Actually is ignorant of the butterfly effect of chain reaction.""Before the technology development of the possible consequences if not enough,Enough rational considerations,Technology can only bring disaster,Or worse,Bring unpredictable even human beings cannot understand the problem.""It's like the story the emperor's new clothes,Is the school's mail system have holes,Discovered by students after the break,Should be immediately to the holes,Rather than to punish students first."A lot of net friend) for him,"er……LiuJingKang classmates just found,No black it again,Can't take students' operation……"

　　也有网友质疑其学校的学习氛围，“软件专业的学生，不是应该给他自由发挥的空间吗，我认为这位热爱互联网，执着于自己的专业，并用所学知识发现问题，这本身是值得鼓励的，但是发布到网上，教大家如何去破解，有点过分了。”

Netizens also questioned the school study atmosphere,"Software professional students,Should not give him the space of free play,I think the love the Internet,Immersed in their own professional,And knowledge discovery,It is worth to encourage,But on the Internet,Teach you how to solve,A bit too much."

C 记者追访 C reporters follow

多数高校真的用邮箱传试卷 Most college really E-mail the test paper

　　是不是真的如刘靖康所说，学校考卷通过邮箱传送呢？记者昨日调查中证实了刘靖康的说法，在南京审计学院、南京财经大学等大部分高校，出卷老师从邮箱给教务老师发送试卷。一所高校相关人士告诉记者，在本校，历年的期中、期末的试卷都是由各院系教研室的专门老师负责出题的，确定题目审核无误之后，就直接发至教务处存档。然后由学校教务处联系印刷厂组织统一印刷。比如语文、英语、思修等通识课程。“学校为试卷传送设置了专门的邮箱，只有专门负责此事的老师知道密码。”

Really like LiuJingKang said,School just transmitted via email?Survey reporters yesterday confirmed LiuJingKang,In nanjing audit college/Nanjing university of finance and economics, etc. Most of the colleges and universities,A roll of the teacher send papers to academic teacher from the mailbox.A university relevant personage told reporters,In the school,The period of calendar year/The final papers are teaching by the departments of special teacher in charge of the set,Determine the topic after review and correct,Directly to office of academic affairs for our file.And then by the school office of academic affairs contact printing enterprise organization uniformly.Such as Chinese/English/Think of general courses."School for transfer paper set up a special email,Only responsible for the matter of the teacher know the password."

两种情况下邮箱密码可破解 Two kinds of circumstances email password can be cracked

　　什么情况下邮箱密码可被破解？记者昨天请教一名计算机专业人士。“通过发送邮件，回复邮件，套取cookie，从理论上说是无法实现的。”这名专业人士认为，刘靖康可能隐瞒了一些操作步骤。他分析，两种情况下，邮箱密码可以被破解的。一种是操作者电脑系统有漏洞，学生和老师都使用校园局域网，学生找到漏洞后，可以远程破解老师电脑windows密码,如果这名老师邮箱是“直接登录状态”，就可直接登录。如果设有密码，可以通过植入木马控制邮箱密码，实现登录。另一种情况是邮件系统漏洞，也就是服务器漏洞，也可以通过一些手段把邮箱中的数据提取出来。

Under what circumstances the email password can be cracked?Reporters yesterday to consult a computer professionals."Through the email,Reply E-mail,Show the cookie,Theoretically, unable to realize."Think the professionals,LiuJingKang may hide some procedures.He analysis,Two kinds of cases,The email password can be cracked.Is a computer operator system has holes,Students and teachers are using the campus LAN,After students find loopholes,Can remote crack teacher computer Windows password,If the teacher is"Direct login state",Can log in directly.If a password,Control can be implanted Trojan email password,To realize the login.Another situation is mail system vulnerabilities,Is the server,Can also through some method to the data in the mail.

新闻链接 News link

他加分进南大 曾三门课交“白卷” He points into ntu has three classes"Blank examination paper"

　　让打火机的光在墙上画画、简易3D转换技术，摄像头识别人体动作……南京大学软件学院2010级男生刘靖康稀奇古怪的创意有不少，他本人也有些特立独行。

Let the light of the lighter painting on the wall/Simple 3 d conversion technology,Camera to identify human body movement……Nanjing university software institute level 2010 boys LiuJingKang strange ideas have many,He himself has some independence.

“电脑”加20分进南大 "The computer"Added 20 points in ntu

　　刘靖康的父亲是广东一家毛绒玩具厂负责人，母亲曾在银行工作。刘靖康从小学五六年级开始就自己琢磨着制作网页、网站，他的发明在常人眼里“稀奇古怪”。高中时，他参加了当时的全国中小学生电脑制作大赛，根据谷歌地图可以帮助用户看到世界各地街景的功能，他设计了一个“外挂”：用摄像头识别用户腿部前进、后退、转弯的动作，根据这些动作在电脑中显示相应“走”到的地方的街景。刘靖康因为这个项目获奖，在高考时获得了20分的加分，顺利进入南大学习。

LiuJingKang's father is in charge of a plush toy factory in guangdong,Mother used to work in a bank.LiuJingKang myself wondering from primary school grade five or six years beginning make a web page/Web site,His invention in the eyes of ordinary people"strange".In high school,He took part in the national primary and middle school students' computer competition at that time,According to Google maps can help users see the function of the street all over the world,He designed a"This plugin":Use camera to identify users leg forward/back/Turn the action of,According to the action in the computer display"go"The place where the street.LiuJingKang award for this project,A 20 points at the college entrance examination,Enter university study smoothly.

期末三门交“白卷” The final three hand in"Blank examination paper"

　　“我这个学期的期末考试有三门课交了白卷，准备开学来了再补考吧。”在接受采访时，刘靖康语出惊人，自己大部分时间都花在了感兴趣的“新玩意”设计上，那才是“主业”。上课的时间，刘靖康就琢磨自己的发明创造：用光感应的原理设计一面可以用打火机、手电筒的光“画画”的墙、“山寨版”3D技术，人人网推出“暗恋”功能时，他还自己设计了一个页面。

"Final exams this semester I have three classes in a blank examination paper,Ready to open to the make-up exam again."In an interview,LiuJingKang surprisingly,Their most of the time spent on interested"New stuff"On the design,That's what"Its main business".The time in class,LiuJingKang figured his own invention:The principle of light sensor design a lighter can be used/The light of the flashlight"Drawing a picture"The wall of the/"Fortress version"3 d technology,Everyone nets launched"Unrequited love"Function as the,He also designed a page.

　　他还写了一个可供苹果、安卓校园手机用户进行二手物品交易的软件。随后，他又花了一个月的时间完成了在视频中插入植入式广告的技术。在父亲的鼓励下，小刘期待将自己的作品投入到商业应用中，用技术进行自主创业，吸引了多家公司与他洽谈合作业务。（扬子晚报记者 蔡蕴琦 张琳）

He also wrote a for apple/Reviewing the campus mobile phone users in secondhand goods transactions of the software.then,He spent a month time to finish the video insert of implantable advertising technology.In his father's encouragement,Xiao liu to put their work into commercial applications,Use technology for self-employed,Attracted many companies to cooperate business with him.(Yangzi evening news reporter CaiYunQi zhang Lin)