Password Gate event, a wake-up call to China's cloud computing

CSDN Web site has been exposed more than 6 million users after the leak, 51CTO, CNZZ, enet, U-uu9, yy voice, Lily Nets, happy net (micro-bo), Renren, the United States and Space Network, cherish the network and many other well-known websites have been plunged into the user data leakage.

The total number of leaked accounts is estimated to be over 200 million, and may indirectly affect the information security of a total of 500 million accounts because users use the same registration name, mailbox, and password on other sites that are not compromised.

Since Internet applications are currently used to communicate or publish information, users are relatively few and far between private data stored in carriers.

Once the cloud is widespread, not just passwords, but also the user's private data, business data, financial data, customer information, and commercially confidential documents, and because of the SOA synergy required by cloud computing, a password leak can expose all of the user's data to the Internet development environment.

In fact, Chinese internet operators have never been on the safe basis of data.

1, using the Microsoft family of server operating systems, such as WIN2003 OS, is notoriously unsafe. Because catches and hackers are numerous.

Plus this OS is the Microsoft Company in the United States, when the national interest is contradictory, the U.S. government can always get any country, region running on the OS system data.

Even we can see in the Chinese police to crack the criminal's report, the ordinary civilian police may quickly enter any criminals with the password computer.

2, with open source OS, most people like Linux. Because fewer people are used, the security problems of the past are not exposed much. However, with the popularity of mobile phone Android, Linux security issues have begun to be exposed. Android is packaged on a Linux basis, and UNIX is the same thing.

3, website operation is not only installed an OS, but also need a database, whether Oracle, or SQL, all think that the need to open the development interface, there must be loopholes, in addition, the site to improve data communications, but also to open the port, these standards and technologies are not in China, we just use to learn.

China does not have its own OS and databases, and there is no security for data.

4, do not superstitious antivirus software and firewalls. They may be the biggest security risk. This is a contradictory topic. The time to sell firewalls warns users that there is no secure operating system or database; Selling the operating system says we don't need firewalls to be safe. In fact, the two are used together to protect against known security risks, but also to double the unknown risk.

5, the biggest insecurity factor is people. It may be a code hacker, but this person is more likely to be your company's system administrator or an employee.

Hackers are not a type of work that needs to be made, and anyone can be a hacker at any time, such as you accidentally see someone's QQ password and makeFor example, because your cell phone is out of power, you are curious to read their text messages or call histories after using a colleague's cell phone.

Workaround:

Instead of telling users to change their passwords frequently, this is futile. Because the hacker attack is not the user's computer, but the server secret or the flaw.

1, severe punishment in the legal sense.

2, distributed data storage. Some of the data allows the user to remain on the local computer and make the local computer a storage resource used by cloud computing.

Data encryption is done on the client.

3, to the confidential staff to issue high confidentiality fees and the signing of professional terms, malfeasance clause. In the security agencies for the record. (Similar to the street unlock industry).

4, hackers will continue to exist, operators do a good job in the crisis plan it.
 

(editor: Heritage)