360 Cloud Security: Some sites should repair the login vulnerability as soon as possible

At the beginning of 2011, Jinshan Poison PA and 360 on "whether to disclose the user's privacy" just erupted a war of words, in this respect, 360 security expert Dr. Shi Xiaohong explained the technology of "cloud security", said, "360 did not disclose user privacy, but cloud security, cloud computing, the new technology system may put individual Login Vulnerability ' site leaked user privacy collection. If you want to fundamentally eliminate this situation, not only the safety manufacturers should pay attention to the proper handling of user information, Internet stations also need to actively repair the vulnerability.　　"Do not involve online banking, network payments and other accounts are currently verified by 360 Security Center, there is a" login vulnerability "of the site is not many, mainly some security mechanisms are not strictly the site, does not involve online banking, online payment, net games and other important accounts.　　Shi Xiaohong, 360 security expert, said the Web site's "login Vulnerability" is due to the use of H TTPG ET to authenticate users when they log on, as long as the way to turn off this login, using a more secure H ttppost mode, can repair the site's "login vulnerability." Dr. Shi Xiaohong an analogy: "The site has a" login loophole, the equivalent of a person to the bank card number, password and the bank is recorded on a note.　　This is a very unreasonable way of secrecy, if the whole piece of paper is lost, it will make their own property in danger of theft. 360 has taken measures for the "login Vulnerability" Some netizens commented that the Golden Hill and 360-port is a "login loophole" for individual websites to blame. Dr Shi Xiaohong explains: "In order to find the Trojan attack source, 360 and other domestic and foreign security manufacturers generally used the ' Hook Horse Web page trigger suspicious URL upload ' mechanism, that is, when the user is under the Horse page attack, will be the current all not closed pages of the U R L Web site uploaded to the log server for verification, To add it to a malicious Web site library. If at this time the user just visited the existence of the ' login Vulnerability ' site, it is possible to disclose the user name and password of the Web site uploaded together, causing security risks. "According to the introduction, 360 Security Center has taken the lead in response to the website" login loophole "to take measures: when a user accesses a Web site with a" login vulnerability ", the 360 screen shield will no longer upload a sample, even if it encounters an unknown web attack. In addition, the 360 network Shield would also post a function to detect the Web site" Login Vulnerability "　　, when the user opens this kind of website after the first time carries on the security prompt, the maximum protection good user privacy. Reporter Li Quanquan