Reporter | Liu Fang
At the beginning of this month, facial book (Facebook) father plunges into Kebaige to announce to will make this company into the gregarious platform that is a center with privacy. Crossed two weeks only however, of this happiness wish scene be attacked to break by brutal actual place.
Local time on March 21, krebs of reporter of famous network safety (Brian Krebs) explode in the website makings say, facial book begins from 2012 with form of proclaimed in writing (Plain Text) stored the Zhang name code of on 100 million users, make 20 thousand staff of company OK undertake reading extraction to these passwords. Same day, facial book makes a statement the fact that admits existence records code of on 100 million users with form of proclaimed in writing, so-called had solved relevant problem. The title of this statement is called " protective password is safe " .
Book of a face is advanced employee expresses to Krebs, the applied program that compose of facial book employee proposes recorded the password of proclaimed in writing of the user, it is with memory of simple text form on company in-house server. Investigation shows, was stored the user of the password involves 2-6 100 million people. And visit log shows, about 2000 engineers or development staff once were opposite the data element that contains code of user of proclaimed in writing had internal inquiry about 9 million times.
The software engineer of facial book Lun Fu collect (Scott Renfro) express when accepting Krebs to interview, this company has not gotten ready discuss specific figure, can visit the number of facial book employee of these data for instance.
Lun Fu collect says: "So far, we had not discovered in investigation anybody seeks the case of the password intentionally, also abuse the evidence of these data without discovery. Below this kind of circumstance, we discover these passwords are undesigned record, also do not put in the real risk that brings from this. Also do not put in the real risk that brings from this..
But the view that network expert agrees with facial book not completely. The Ba Lei of network safety expert that comes from Recorded Future abandons Wei Ji (Andrei Barysevich) express to CBS: "(network) safe regulation the first, password of for love or money should not store with form of proclaimed in writing, and must add in any moment close. Anybody, especially facial book the enterprise interior personnel of this kind of dimensions, read the limits of authority that takes user code completely without reason control. Read the limits of authority that takes user code completely without reason control..
In fact, facial book says him already according to the industry optimal safety carried out a guideline to undertake adding to all user code close. Facial book is in charge of the vice-president Pedro Canahuati of privacy expressing in statement: "With safe term for, we undertook Haxijia to the password close (Hash) and add ' salt ' (Salted) . Include to use add close key of close function and password. This actual password that close key can make we use a group of random character to replace an user not reversibly. This actual password that close key can make we use a group of random character to replace an user not reversibly..
So since already to place user code undertook,add close, is in-house personnel how did compose propose the applied program that records primitive password?
The personage inside a network security line of business that does not wish to disclose a full name expresses to interfacial news: "The safe flaw of facial book is actual it is issue of an interior government. In Internet industry, real name of downstage and faceless tiring-room is major company go regular. But the enterprise that bears the blame as, facial book should undertake 2 times adding to the password close, with limitative interior personnel get limits of authority. With limitative interior personnel get limits of authority..
He still expresses: "At present Europe " current data protects byelaw " and " network safety law " add secret method to the password, store and add 2 times wait for company interior closely the problem sets without proclaimed in writing. But and other places of city of the American California city that develops in digital economy, Ma Sazhu a place of strategic importance has optimal safety to carry out a guideline, stipulated Internet company is interior the administrative mechanism about the password and accredit mechanism. Stipulated Internet company is interior the administrative mechanism about the password and accredit mechanism..
The reporter protects a law to be pleasant to the eye in information of individual of city of Ma Sazhu a place of strategic importance, the principal part that allows why to electronic means stores or transmit information of individual of resident of city of equestrian Sa Zhu Sai should undertake adding to individual information close. And answer undertake reasonable monitoring to the system, prevent (anybody) be used without accredit or visit individual information.
To the importance of the password, business uses national code management board Huo Wei of vice director of password government office expresses to interfacial news: "The foundation that the password is system of whole network credit is propped up. 2017, aikefei divulges tycoon of letter of American ask forring be as high as information of individual of dweller of 143 million United States; Of the same age, dignity of being of Indian Id management board identifies a system to be atttacked, bring about record of information of account of 100 million banks to be divulged. Have a code only, integrality and the authenticity of system of information of network of OK and complete implementation, confidential sex, undeniable sex, solve network system effectively to prevent sham, prevent divulge a secret, prevent distort, fight deny wait for safe demand. Solve network system effectively to prevent sham, prevent divulge a secret, prevent distort, fight deny wait for safe demand..
Look at present, facial book did not accomplish safe to user code optimal practice apparently. In fact since Cambridge analysed company data to divulge a case last summer, facial book is troublesome all the time on problem of user privacy safety ceaseless. " new York Times " this month some earlier moment report, the data that American confederative inquisitor is in the company of large science and technology such as pair of face books to undertake trades to be investigated into thing of carry out a death sentence.
