How to lock the door to "Cloud" Storage

How to lock the door to "Cloud" Storage

Recently, Hollywood experienced the most serious "****" storm in the history of the entertainment industry. The 101 Hollywood actresses, including Oscar-winning Jennifer Lawrence, well-known singers bud Haina, and avier, are all on the "**** list ". Hackers steal private photos of actresses by attacking the Apple mobile phone's iCloud cloud system.

This event has aroused widespread attention. Data shows that the number of personal cloud storage users (web edition) in China has exceeded 0.351 billion. Today, with the rapid development of the Internet and mobile devices, how to protect the security of personal privacy data has become the topic of the whole society. What is "cloud? How can information stored in the "Cloud" be stolen? How to add a solid lock to the cloud? In order to answer these questions, the reporter invited Li Ying, a researcher at the computer research institute of Nanchang University, to answer the questions and tell everyone the correct "locking" method through experiments.

 

Explanations

Hackers frequently use brute force cracking and password dictionary to unlock passwords

Li Ying, a researcher at the Institute of Computer Science at Nanchang University, said that "cloud" refers to storing data on large shared servers.

For the reason why Hollywood actress *** leaked, instructor Li said that the "Cloud" system is generally not so easy to crack, the leakage of Hollywood women *** is mainly due to Apple's system vulnerabilities. The image explanation is that the apple system builds a house for each user, and each service in it is equivalent to a different internal room. Originally, several rooms share a very strong and well-guarded door, but this time the hacker discovered another solid but unguarded backdoor dedicated to Apple's "retrieve mobile phone" service. After several attempts, hackers access the system from the backdoor and steal some user data.

Teacher Li said that hackers must know your account and password to access your data. Many citizens have a bad habit of using the same account or password wherever they are, which increases the possibility of password leakage. We recommend that you do not use the same password as a common password when using a system with private information.

So what are the requirements for setting passwords with important information? How can we add a solid lock to the cloud? In the face of a reporter's question, Mr. Li said that, in general, when the system is perfect and there are no vulnerabilities, the most common method for hackers is to "brute force cracking" and "password dictionary" to unbind the other party's password, steal others' information. To lock the cloud, it is necessary to make it difficult for hackers to break through the password verification mechanism. That is to say, as long as you set a complex password, hackers are generally not so easy to crack unless the system has major security vulnerabilities. If you add secondary verification on the basis of complex password settings, the effect will be better.

Lab

Complex password + secondary verification = solid "Lock"

Experiment 1: Set a simple password to be "seckill"

This is an example of an experiment.

Teacher Li first attempted to crack the "Cloud" storage, such as Baidu cloud disk, which is commonly used by the public. The result was not successful. Teacher Li said, as I said before, many well-known "cloud" storage systems have a high defensive coefficient, and it is difficult to successfully crack brute force attacks. Of course, it would be hard to say if some small websites have "Cloud" storage, because they have vulnerabilities and hackers have loopholes to exploit.

How can I add a solid lock to cloud storage? In order to facilitate the experiment, Teacher Li created a "Cloud". Teacher Li said that many citizens always like to set simple passwords, and no one knows the convenience, in fact, this idea is wrong, because a simple password is easy to crack, and it is not impossible to crack it within one minute. To this end, the reporter carried a password set by Teacher Li, which is composed of numbers. Then, Teacher Li opened a software on the computer that specifically cracked the password. At 1 minute 13 seconds, the password was cracked. Teacher Li explained that he used the password dictionary method to crack the password. This is mainly for simple passwords, because the password dictionary function stores the passwords that hackers analyze most in the world, it is opened if your Password Matches the password in the password dictionary. However, if the password settings are complicated, the function of this method is not that great.

 

Experiment 2: complex passwords and secondary verification are difficult to crack

Instructor Li suggested that the public should include four elements, namely, upper-case letters, lower-case letters, numbers, and special characters, when setting a password, so that the password dictionary is useless, it is not that easy to use brute-force cracking. Hackers must constantly try this solution. Even if there are only six passwords, there are also more than 600 billion such combinations, which should be cracked in a mbps bandwidth environment, theoretically, it takes 6000. Therefore, it is almost impossible to crack.

For further verification, the reporter reset the password that was just set, except for the second digit, which is an uppercase letter. The password dictionary search method failed in this experiment. Teacher Li said that hackers generally attempt to crack the attack. They will try to set your password structure for the cracking tool. If the structure is correct, the cracking is also possible. Therefore, it is recommended that you complicate your password. Then, Teacher Li tried to crack the reporter's password. "This is just a haystack, and the success rate is very low, and it is hard to succeed even if it takes a few months or longer. In addition, you can enable the secondary verification function in the 'yun' storage system for enhanced security. The password for secondary verification is generally obtained by text message, you must enter the password, access the privacy file, or even log on to the system. In this way, hackers cannot obtain sensitive information even if they crack the logon password "......

Experts' Summary

Four tips to improve cloud storage security

Instructor Li summarized four tips for improving the Storage Security of "Cloud" for public reference.

1. passwords used on other websites should not be used in cloud storage.

2. enable secondary verification on the mobile phone if necessary. Pay attention to installing as few software as possible for secondary verification, so as to prevent hackers from stealing the password for secondary verification.

3. the logon password must contain more than 8 characters, including uppercase letters, lowercase letters, numbers, and special characters.

4. to increase the complexity of the password while keeping it easy to remember, you can modify the password that is easy to remember. For example, change the number 1 in 19901231 to the upper and lower case letters L, and change the number 0 to the letter o, place the year in the middle of the password, the month and date on both sides, add special characters before or after the year, and the password is changed to L2 @ l99o3l. Such a complex password is easy to remember and secure.