icloud by hackers and leaks trigger "public cloud" panic

September 1, Jennifer Laurence and other Hollywood stars leaked on the internet, confirmed that hackers have attacked multiple icloud accounts, coupled with the first-half exposure of the iOS backdoor incident, so that Apple security again questioned. But in the interview, many security vendors believe that the safety of iOS than Android relatively high, and this time the problem of cloud security, in fact, is incomprehensible.

"From this point of view, the problem is not in the data center, but on the client side. "Jinshan Network private cloud Products senior director Kai told reporters," in the cloud security, man-made factors than technical factors more hidden dangers. Even without brute force hacking, hackers can get passwords through relationships, social engineering, and so on, especially for stars, where privacy protection is more difficult. He says security is always used to deal with unknown black horses with known technology. As long as any content that accesses Internet channels is compromised, what users should do is not put private content on a cloud server.

Apple security login strategy not enough

More than 40 hours after the celebrity leaked the leak, Apple issued a statement: "We found that some celebrity accounts have been targeted for user names, passwords and security issues, which has become commonplace online." None of the cases we investigated were due to the intrusion of Apple's systems such as icloud or Findmyiphone. And you want the user to "use a stronger password."

Lin believes that Apple does not have much responsibility in this matter, more is the user's own security awareness is insufficient. "But it is not possible for manufacturers to train users in security awareness." This can be reduced if users can set up more complex passwords, change their passwords regularly, and notice unusual login reminders. ”

But Xiahuijun, the technical director of the network, said that from this leak, Apple did not have a sound user login security policy. "This incident is a hacker using Findmyiphone API to allow unlimited attempts to icloud account password to obtain the password." But if Apple can set the number of logins, at least there will be no violent cracking. And in the ' Find password ' way, through the phone can verify the way two times authentication. ”

As we all know, the only security protection is the password, and the password must have "retrieve the password" and "Forget the password", so the key to keep the internal management personnel leaks is also a potential hidden danger. Kai that this involves corporate governance issues, but at present it is difficult to completely eliminate.

More hidden in the data center

In the process of cloud storage, the user data goes through the terminal app, the cloud service provider enters the data center, the dynamic transmission and the static storage all have the corresponding security hidden trouble. "The incident is a dynamic transmission leak for a small number of specific users, but more recent cloud platform crashes are occurring in the static storage center." "August 25, Acer launched the" Build Cloud "strategy, the cloud Service storage Center on the PC computer, but also mainly for security reasons.

But Kai and Xiahuijun agree that private cloud is suitable for enterprise software, but it is difficult to apply to consumer markets. Kai said, "In fact, the majority of security companies in the market now use security technology is not very different." Private cloud structures are less vulnerable than public clouds because fewer people have the ability to access data centers. The general private cloud uses the inside and outside network isolation and the Management Authority classification and so on the form protects the data security, but this with the terminal market emphasis simple type is contrary. ”

Xiahuijun added, "The core value of the cloud is data concentration and sharing, and if all people are implemented in the form of ' private cloud ', it runs counter to their core values. Furthermore, the technical requirements of the Cloud Center on hardware are not possible for PCs. ”