"Password Gate" event for China cloud computing security sounded the alarm

A few days ago, China's Internet outbreak has been the most widespread, the largest and most harmful leakage incidents, the cumulative leak user password up to 230 million. It is also predicted that because users may use the same registration name, mailbox, password in other sites that are not compromised, the disclosure will indirectly affect the information security of a total of 500 million accounts.

Such a serious password leak has once again put the Internet security issue on the cusp. Since China's current Internet applications are used to communicate or publish information, users are still relatively little stored in private data from operators. However, with the widespread use of cloud computing, the database is not only a password, but also includes the user's private data, business data, financial data, customer information, business confidential documents, and because cloud computing needs of SOA synergy, can be a password leakage of users all data exposure to the Internet development environment.

At present, China's Internet operators in data security has 5 major security risks:

1, the use of the Microsoft series of server operating systems, such as WIN2003, such as the OS, known as unsafe. Because catches and hackers are numerous. Plus this OS is Microsoft, the U.S. government can access any country or region of data that runs on that OS system at any time when the national interest is in conflict. Even we can see in the Chinese police to crack the criminal's report, the ordinary civilian police may quickly enter any criminals with the password computer.

2, the use of open source OS, most people like Linux. Because fewer people are used, the security problems of the past are not exposed much. However, with the popularity of mobile phone Android, Linux security issues have begun to be exposed. Android is packaged on a Linux basis, and UNIX is the same thing.

3, website operation is not only installed an OS, but also need a database, whether Oracle, or SQL, all think that the need to open the development interface, there must be loopholes, in addition, the site to improve data communications, but also to open the port, these standards and technologies are not in China, we just use to learn. China does not have its own OS and database, and there is no security for data.

4, excessive superstition antivirus software and firewalls. They may be the biggest security risk. This is a contradictory topic. The time to sell firewalls warns users that there is no secure operating system or database; Selling the operating system says we don't need firewalls to be safe. In fact, the two are used together to protect against known security risks, but also to double the unknown risk.

5, the biggest insecurity factor is the person. It may be a code hacker, but this person is more likely to be your company's system administrator or an employee. Hackers are not a need to create a type of work, anyone, may be at any time to become hackers, such as you accidentally see someone else's QQ password, and use; For example, because your own cell phone is out of power, you are curious to read their SMS or phone records after you have borrowed a colleague's phone.

With the rapid development of cloud computing, the problem of cloud security is becoming more and more noticeable. Security experts say "cloud threats" are far more damaging than traditional threats. We will enter the era of comprehensive prevention of "cloud threat", the future of the road should be more cautious.