Customer information is one of the most important assets of internet finance, but this important asset is constantly under threat from the hacker's "drag-and-drop" (data exported from the database). Recently, on the internet finance salon hosted by the security treasure and the net loan day eye, the two sides on the hacker to the problem of the library exchange and discussion, in the salon, security Bao security director Yin Yi explained the hacker the principle of the library, and the way, and advised the Internet financial users to take precautions, and the use of cloud security solutions to protect.
"Drag Library" is a hacker circle name, refers to the website of the database by hackers downloaded to the local, it will often lead to a large number of Web site data leakage, to create user privacy is stolen, passwords stolen and other serious consequences. Now, the "Drag library" problem has become a site security crisis is an important fuse, in December 2011, hackers in the online public to provide CSDN website user database downloads, including 600余万个 plaintext registered mailboxes and password leaks, triggering a large number of users panic; The disclosure of 800,000-page user data has also sparked a firestorm in the financial services industry. It can be seen that the study of the principle and approach of "drag library" is very important to protect the safety of the website.
Yin Yi explained: "The reason why the hacker wants to carry on the towing storehouse, certainly has the demonstration oneself technical level the reason, but more importantly is the interest drive." Many hackers sell the data obtained by the towing bank, or maliciously disclose the data under the employment of the competitor of the website, in order to achieve the intention of illegally profiting. Especially for the financial website, its database will often include bank card account number, user name, address, contact information, etc. have significant value, user sensitivity is very high, drag the library will obviously cause serious losses. ”
In order to improve the success rate of "drag library", hackers will take many ways, such as downloading database files remotely, using Web application vulnerabilities, using Web server (APACHE,IIS,TOMCAT, etc.) to drag the library, using the Web site to hang the horse to drag the library, spreading the malicious file to drag the library and so on, These methods accurately targeted the site in the security of the loopholes, once the hacker found that the site has the opportunity, will quickly launch an attack.
For Internet financial users such a high data value density of users, to prevent "drag library" can not exist in the mind of luck, but need to do a good job of preparation, and timely repair of the site's vulnerabilities and hidden dangers. In this respect, security Bao recommended users to deploy can quickly repair the site vulnerabilities, comprehensive defense of a variety of network security risks security Treasure Cloud security protection system. The system builds a unique white rule base for each Web site through the innovative intelligent self-learning function while accumulating the black rules. Able to quickly patch vulnerabilities, positive and accurate protection of each Web application, to prevent such as XSS, SQL injection and other issues such as more than 10 kinds of hacker attacks, to ensure that the site users worry about the "drag library" problem.