Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest stationmaster buy cloud host technology Hall
Yesterday, has repeatedly disclosed the network security loophole cloud net suddenly announces temporarily closes, carries on the system upgrade, causes the Netizen's attention and the hot discussion.
The original obscure cloud net, recently in a series of Web site leaks to fame. The site has exposed csdn, Tianya, when, Jingdong Mall and other sites have security vulnerabilities.
Frequent attack, seems to let cloud site on the cusp. Now, at the height of the leak, the site suddenly closes. Why?
Yesterday, Chengdu newspaper reporters after many contacts, and cloud network organizer Wooyun Online dialogue, the "well-meaning hackers" to reporters about a "hacker war."
Disclosure loophole "white hat"
Yesterday, Chengdu Commercial News reporter through the industry contact Wooyun, he readily agreed, but the condition is not the telephone, only through QQ and mail exchange; even QQ on the network name can not be published, but reluctantly agreed to use "Wooyun" as a code name.
Wooyun told reporters that the cloud net is a "hacker" of the Gathering place. However, they are all "white hats".
In the eyes of the general public, "hackers" as if the mysterious and dangerous pronoun, however, in the hacker world, they can be divided into three types: the first Category: White hat, described as a positive hacker, he can identify computer systems or network system security vulnerabilities, but not malicious to use, but to disclose their vulnerabilities. In this way, the system will be able to fix the vulnerability before being exploited by someone else, such as a black hat. The second category: gray hats, they are good at attacking technology, but not easy to cause damage, they are proficient in attack and defense, while the mind has a macro-awareness of the information security system. The third Category: black hats, they study attack technology, the only purpose is to trouble.
"We are not an organization, just a platform that brings together some people who are safe-loving technologies." "According to its introduction, through the cloud platform, a total of more than 500 researchers for more than 120 enterprises submitted close to 4,000 security issues."
"White hats" are the way to fight: Mining the site's security vulnerabilities, in the "Black Hat" before using them, submitted to the platform, or to the manufacturer report, I hope the manufacturers timely repair.
"We actually protect the manufacturer's users, but a lot of vendors are trying to avoid these problems on the basis of PR, so we want to use this platform to do it better." "In view of the recent network security atmosphere tension, Wooyun analysis, it is estimated that some large sites on the security of the lack of attention or even avoid, only to cause more and more serious security risks." "The security hidden danger that is not understood, is the real serious security hidden danger".
As a senior "white hat", Wooyun told Chengdu newspaper reporters that their job is to "improve the overall security level of China's Internet, and gain respect and share of the fun". He believes that the relevant departments will be able to find the source of information leaks, to curb the leakage of data. "We believe that doing the right thing is valuable. ”
Tan Chen may be used
For cloud network practices, security experts believe that the vulnerability report is a double-edged sword, it is possible to create loopholes are used by outlaws, and even outlaws posing as "white hat" on the platform to publish false vulnerability information. Therefore, it is necessary to adjust the process of the website.
"2011 is about to end in such a way that we want to start 2012 in a better way." Yesterday, Wooyun released a message announcing that it would temporarily shut down the cloud network for system upgrades and would adjust the vulnerability process and open mechanism. At the same time, the cloud platform will solicit suggestions from the public on the vulnerability disclosure mechanism to reduce the actual potential impact.
Some netizens speculate that the dark clouds may have been pressured by all sides to suspend service. Wooyun to Chengdu Business newspaper reporter Tan Chen, "Cloud Network disclosure vulnerability may be ' black hat ' use, the current mechanism is indeed not complete." "But he denies that someone pretends to be a" white hat "and publishes false leaks on the platform.
As for how to guarantee the vulnerability of the people are "white hat", Wooyun said, "only look at his behavior, submitted security issues and sharing technology, we can recognize white hats." I believe you will be responsible for your actions. ”
Wooyun said there would be no major changes to the cloud net, but that the disclosure and verification would be adjusted more rationally. "The short-term rectification and correction will go further, after all, the new Year is coming." ”