The disclosure of the hottest icloud caused public

  • Detail

The disclosure of icloud caused anxiety in the "public cloud"

on September 1, nude photos of Hollywood stars such as Jennifer Lawrence were leaked on the Internet. It was confirmed that hackers attacked multiple icloud accounts. Coupled with the IOS backdoor incident exposed in the first half of the year, apple's security was once again questioned

however, in the interview, many security manufacturers believed that the safety factor of "shoes of the week" IOS was relatively higher than that of Android, and the cloud security problem this time was actually incomprehensible

from this incident, the problem is not in the data center, but in the client. Lin Kai, senior director of jinshanluo private cloud products, told that in terms of cloud security, human factors are more hidden than technical factors. Even if it cannot be brutally cracked, hackers can also obtain passwords through interpersonal relationships, social engineering, etc., especially for stars, privacy protection is more difficult. He said that safety is always to use known technology to deal with unknown dark horses. As long as any content accessed to the Internet channel may be leaked, what users should do is not to put private content on cloud servers

Apple's security login strategy is insufficient

more than 40 hours after the disclosure of the private photos of stars, apple immediately issued a statement: we found that some celebrity accounts were targeted attacks against user names, passwords and security issues, which has become very common in. All the cases we investigated were not due to the intrusion of Apple's systems such as IC cloud or f ind m yiphone. Users are expected to use strong passwords

Lin believes that Apple really doesn't have much in this matter, which is more due to the lack of security awareness of users themselves. However, it is impossible for the manufacturer to carry out safety awareness training for users. If users can set more complex passwords, change passwords regularly and pay attention to abnormal login reminders, this kind of thing may be reduced

but Xia Huijun, technical director of ricai, believes that from this leak, apple does not have a sound user login security strategy. This incident is that hackers are allowed to try the icloud account password to obtain the password without restriction with the development of new energy vehicles through the a PI used by find m yiphone. But if Apple can set the login times, at least there will be no violent cracking. As for the way to retrieve the password, it can be verified again by means of verifiability

as we all know, the only security guarantee for logging in to the public cloud disk is the password, and if there is a password, there must be retrieving the password and forgetting the password. Therefore, the disclosure of the secret by the internal management personnel of the key custody is also a potential hidden danger. Lin Kai believes that this involves company management issues, but it is difficult to completely eliminate at present

the greater hidden danger is that the diameter of the bending center can be determined according to the diameter of the steel bar. According to the center

in the process of cloud storage, user data passes through the terminal app, and the cloud service provider enters the data center. There are corresponding security risks in dynamic transmission and static storage. This incident is a dynamic transmission leak of small-scale specific users, but recently, more cloud platform accidents have occurred in static storage centers. On August 25, Acer launched its self built cloud strategy, placing the cloud service storage center on a PC, also for security reasons

however, both Lin Kai and Xia Huijun believe that private cloud is suitable for enterprise software, but it is difficult for the consumer market. Lin Kai said that in fact, the safety technology used by most safety manufacturers in the market at present, most manufacturers use transmission systems: at present, some transmission systems of experimental machines in the market adopt reducer technology, and the difference is not great. The private cloud structure is relatively less attacked than the public cloud because fewer people have the ability to enter the data center. Generally, private cloud will adopt internal and external isolation and management permission classification to protect data security, but this is contrary to the simple type emphasized by the terminal market

Xia Huijun added that the core value of cloud is data centralization and sharing. If everyone realizes it in the form of private cloud, it runs counter to its core value. Moreover, the technical requirements of cloud center on hardware cannot be realized by PC

Copyright © 2011 JIN SHI