Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall
The most recent online discussion of the hottest is a number of large Web site password leakage events, the most mainstream people are most familiar with the main 3 sites, respectively, "Tianya" "CSDN" "mop." I believe many friends are suffering I am also one of the victims, today, a day after the revision of their own in the various web site registration password, as soon as I write this article, put their own more attention and commonly used Web site account password has been modified, just feel relieved to write this blog post.
It is illegal to disseminate website database
Today also found someone in my blog message, said there is a database of XX website, need to add his QQ. First of all despise those who continue to disseminate information on these Web site database users, and also kindly remind those who continue to spread the law-conscious people. Today, the news of a television station has also said that the database user information leaked events. It is mentioned in the news that intentionally spread or sell other people's information on the Internet, the number of user information in more than 500, will be sentenced to 3 years of time, there are already relevant laws and regulations.
This time several well-known website database user account password leaks The event, involves the widespread, the influence is big. Believe that the relevant departments already attach importance to this, will crack down on the internet malicious dissemination of the database, even if this data is not you steal also bear the corresponding legal responsibility. So in such an environment, I hope you do not feel fun, and then spread everywhere, do not accidentally committed the law, is regarded as a typical.
Different important account, set different password
This I think is the most important, now some people in order to access the Internet, all the site passwords are set. Even if you set the password more complex is useless. For example, this time a number of Web site database leakage events, not password settings can be complex to prevent the live. So different important level of the site account, it is best to set a different password, so will not because of individual website account password leakage, and affect your registered most of the site, especially some of the personal impact of the direct benefit of the important website account. According to their own situation, in my mind the importance of the site account is divided into 5 categories. Is "Mailbox Class" "Net Silver Class" "Important Class" "Common Class" "Common Class"
Online account, the most important account is the mailbox account, because if the commonly used mailbox account is stolen, the account registered in the outside may be stolen. Because use the mailbox to retrieve the password, is now most website common method. Although now the major sites, as long as the registered account will have a mailbox service. But I believe that everyone commonly used mailbox should be 1-2, and it is best to use a large website to provide the mailbox service, Safety factor high. For frequently used mailbox accounts, it is best to set a "separate" "complex" password, to prevent easy to crack. In addition to do a variety of security settings, such as secret insurance issues, mobile phone binding and so on, if stolen, can be quickly recovered.
Then more important is the net bank account, such as Alipay, Tenpay, UnionPay and other website accounts. This type of account password I was set alone, not with me outside any one site password is the same, password best set complex point, to prevent being cracked. Such security is outside the registration of the website password has been stolen, and will not affect my network of silver account, will not cause direct pecuniary loss. In addition, net bank account security also relatively good, not easily leaked.
Another QQ account, Web site Admin account, server account, domain name management account, etc., in my heart are "important class" account. Although these accounts will not directly cause money loss, but will indirectly cause money loss, sometimes more than the net bank account password stolen loss will be greater.
If you are a webmaster, if the site domain name management account theft, resulting in the Web site can not be resolved to open the normal, to some popular web site is very big impact. For example, Baidu DNS was modified before, resulting in a long time to open the site, resulting in a very large loss. Or the server account is stolen, causing the website database to be malicious deletion and theft, these will have a very big impact. So for this type of account, I will set up a few sets of passwords, and the password will be set up complex points to prevent hackers software to crack.
Also often log in to use the site account, I will set up a number of separate sets of passwords. For example, Sina Weibo, as well as my weekly landing several blog platform and webmaster Forum. These accounts in my mind is also relatively important, these accounts, if stolen, may not have much financial impact. But if someone steals and then goes out to advertise, it will have some negative effects on the individual. To these commonly used website's account number, I also will bind the mailbox, can guarantee the website password to be stolen, at least can retrieve through the mailbox.
The last few landing sites, forums in my heart are "ordinary class" account, set the password is relatively simple, may not do any of the secret security. Because the website account of these places even if be stolen, basically do not have any influence to oneself. Also have the type of biased entertainment site account, also basically belong to unimportant account. For example, in the video site, the game site account. Of course, because everyone online habits and hobbies, for different types of site accounts of the importance of judgment will be different.
Be safe with a key account, don't bother
QQ number believe that in most people's hearts are very important account types, I often hear friends around said that they have used a few years of QQ stolen, very sad. I do not sympathize with this, since it is important why not to start the secret security. QQ number is also a network hacker most enthusiastic about the expiration of one of the user account types, I registered 8 or so QQ number, each job need to register a new QQ, I will be registered QQ success at the same time immediately set up on the secret security issues, from the beginning to prevent the password is stolen can not find hidden dangers.
QQ in the past few years, although the password has also been hacker theft landing, but have the first time to find changes, so that the loss to a minimum. For this very important account, we must not too troublesome, set up early password protection. It is best to bind the mobile phone, increase the security of the account. Especially now many users are accustomed to using QQ account binding a key landing other sites, if the QQ account password is stolen, indirectly caused by multiple Web site account theft.
Other forums have "security questions landing" function, to account security help is also very large. For example, the forum with DZ program has this function, as long as the set up "Security questions landing", so even if the user account password is stolen, steal people can not access the forum. Before the 28 push forum often members of the account is stolen, and then mass some illegal content. Later I posted a full station announcement in 28, the proposal 28 push member as far as possible set up "security question landing". In addition to some important forum accounts, such as moderators, is mandatory requirements have to set up "security questions landing." In order to avoid the Forum management account was stolen, the forum caused greater losses.
Figure: Set up "Security questions landing" Do not worry about the important forum account password leakage, is easy to land
The website password leaks The inquiry tool, is the double-edged sword
Today also found a number of Web site password leak query tools, some sites to several stolen database account password together, for netizens to inquire, to see if their account has been leaked.
Do such a tool starting point good, so that everyone can not download the database, can also be the first time to understand their account has been leaked, so the first time to modify. But it is also easy to be used by some criminals. With this tool, there is a purposeful way to understand the accounts of some of the people around you that have been compromised. To find ways to download the database, understand each other's password, do something illegal affect the interests of others. Although this thing on the internet has been very open, but not all netizens are aware of this time, there may be many people do not know that they registered in XX website account password was leaked. Today found someone through the tool to inquire about the ID of others, but also directly published in micro-blog grandstanding, so that everyone on the watch XX ID also leaked, to others indirectly caused a security risk.
So I think now online do these password leakage tool is a double-edged sword, can help some netizens to discover in time whether the password is leaked, also will be some observant and conscientious use. In particular, some password leak tool query to do very outrageous, if only show your account and the mailbox has no in the list this is more should, but some even also show the part of the password of the account. In particular, different password disclosure tools, the display of some of the password areas are also different, some only show the front of several, but some show the back of several, 2 data added, complete password almost all exposed, I think this is very bad. Instead, it provides a convenient channel for some criminals. Even if only a part of the password, will also create some security risks, so that the user's password directly cracked the possibility of increased.
This time the website account password leaks The event, also is to usually not pay attention to the password security person to ring a alarm bell, lets everybody revise the password, is also a good thing. has been stolen and has not stolen the major sites must do a good job in the database security, I hope that after the incident in the domestic web site password security technology can be a new level, or we these ordinary people too hurt. For example, because the password was stolen, the site password has been modified in batches, if the password has just changed the database of a website has been stolen. The new password is exposed again, and then go all over again, that is really too frustrating.
2011-12-27
This article first address mouchangqing Network promotion blog: http://www.muchangqing.com/post/357.html (reprint please keep)