Cloud vulnerabilities leak privacy, which does not affect high security

Cloud vulnerabilities leak privacy, which does not affect high security

On Sunday evening, several celebrity photos began to spread on the U.S. website and Twitter. Some users posted the photos on the discussion version 4Chan in the United States and said the photos were exported after hackers attacked multiple iCloud accounts. Stars with nude photos include Victoria Justice, Emily Browning, Kate Bosworth, and Jenny McCarthy) and Kate Upton ).

ICloud

"We take user privacy very seriously and are actively investigating this report," said Apple spokesman Natalie Kerris ." The leaked photos are authentic and false. Darian Kindlund, Chief Information Security threat officer of FireEye, pointed out that the attack may be a direct violent attack. In other words, if some additional information security measures are taken, accidents can be completely avoided. Apple has not widely promoted such security measures. "On the whole, Apple provided such protection measures late and did not publicize them," he said. You need to view the technical support documentation to find the relevant content ."

A GitHub article also showed that a user found a vulnerability in the Apple Find My iPhone service. With this vulnerability, hackers can continue to try the password until the correct password is found. This article was updated on Monday and shows: "fun is over. Apple just fixed it ."

Analysis:

It can be preliminarily determined from the above content that a security vulnerability in the general logon mode of Apple cloud service iCloud has been exploited. This vulnerability is intended for common users who do not adopt the Secondary authentication service. Hackers can continuously try to find the correct password, which can be implemented through software.

Dialectically look at the problem:

1. A large software such as iCloud does have vulnerabilities, bugs, backdoors, and so on, which may be exploited by Heihe or the bad guys, posing security risks, A large proportion of WINDOWS, IOS, Android, Weibo, and even security software updates are detected and compensated for vulnerabilities. However, these products that have passed the strict development cycle are much safer than the "Operating Systems" or apps launched by some small companies. If a Chinese operating system wants to challenge WINDOWS, the first problem to be solved is the maturity of its own software. Otherwise, even if it is not developed based on an open-source platform, each original code is yours, it may still contain a large number of vulnerabilities that can be exploited by hackers.

2. confidential and private data should not be stored in open spaces without security protection. Top secret data should not appear on the public network. Both storage and dissemination should be physically isolated.

3. Whether it is a mobile phone or a PC, we should try our best to build a secure environment to improve the security protection capability.

4. Even in an insecure environment, a sound security management mechanism may provide high security protection. Apple uses closed IOS to provide high security protection. However, compared with closed IOS, controllable Android and Linux are easier for third parties to take further security protection measures.

5. If something goes wrong, go online and directly deny iCloud, which will inevitably face greater security risks.

This article permanently updates the link address: