129770966837343750_374Yang Yang on March 23, dangdang, Senior Operations Director Liang Jianpeng was surprised to find, from the 19th to the 22nd, 74 hours, dangdang, all of the user accounts were frozen only 6-bit call dangdang reflect account exception. Another Liang Jianpeng more catch. 19th dangdang to approximately 500,000 on account balancesAnd gift card issued to users of the SMS, the message. In accordance with their own ideas, you must have at least 80% customers to modify their own password. But in fact, these three days of data display, only 5% users cannot change their passwords. Dangdang risked damage to goodwill of significant risk throughout the network to freeze accounts of decision-making, has been the result of Congress give consent, this isA misjudgment of the crisis? What prompted the dangdang CEO Francis Chan emergency made the decision, 74 after what happened in hours? Phenomenon of abnormal signs dangdang user accounts as early as a month ago there have been clues. According to dangdang Liang Jianpeng memories, head of customer service center, there are several sporadic user complaints in February, as a personal passwordLog in failure or not. Dangdang temporary developed a number of targeted measures to help user return to normal use. But because of the distance from CSDN account was stolen two months have passed, the two most of the users of the Web site contact ratio is not high, and CSDN is user weapons leaks, exception occurred when dangdang was just a few users, dangdang and therefore cannot conclude that the userAccount exceptions will certainly CSDN event-related. When dangdang analysis concluded that there may be users usually are not careful disclosure of your account information online-for example in public, or is revealed to his friends and family, disclosure of account number and password. Therefore only take Home notice reminding users on, due to a CS-DN event, please login user changesPassword to ensure your account security. "Quiet", in the first week of March, almost nothing happened. But in the second week of March, suddenly began to have many users complained to dangdang, reflecting their account exception, unable to log in, the amount is wrong, or is there a strange order, sometimes as many as twenty or thirty complaints a day. DangdangCustomer service and technical staff have been aware that things are not so simple, much more serious than expected. They urgently measures to dangdang
tera gold, head of programmes at the same time the first time CEO Francis Chan reports on this matter. Freezing of the balances and gift cards for all user accounts in the 19th to dangdang, CEO of a multi-sectoral meeting convened by Francis ChanWill--this by customer service center, and Technology Department, and method works Department and operation Department all sector responsibility who total seven people participation of emergency meeting actually in day morning and afternoon held has two times, morning of meeting by Francis Chan personally decided, decided freeze all has gift card and balance of account, by SMS and message of way notification all user Internet modified password, all user loss Dang Dang to compensation,Alarm, as well as to the public security organs. 19th afternoon, Francis Chan meets again, summarizes the implementation of the decisions
tera gold, and immediately set out to arrangement payment process improvements--before making payment to receive a verification code. Francis Chan to see the data is, freezing from mid-February to March 19 before user accounts, account exception reports a total of 197 cases and loss account paymentsRanging from dozens of the hundreds of, only a very high amount of individual accounts. Dangdang subsequently issued a public statement recognized the fact that some user accounts being stolen. Francis Chan instructions to notify all users via text messaging, e-mail, and so on all the way quickly to dangdang, change password, and check whether your account has been stolen, and when to reduce user when – despite their losses by the MinistryThink when you may not have to afford the full responsibility, but Francis Chan insists on account to full and partial compensation of losses, plan period is two weeks, of course, after verifying the user did suffer a loss. Francis Chan and his team to face at this time is the first difficult problem, how many user accounts being stolen, lost what? The Internet companyOnly through their website announcement, SMS and email reminders for users logged in your account, change your new password and check gift card balances, account for exceptions. In fact, they are most concerned about is that the user was stolen but have not yet noticed. Another thorny issue is that the stolen money and loss of what-if is the order that has already occurred, dangdang, not onlyLost goods and also to compensation to users, equivalent to twice the loss. Francis Chan believed that although dangdang may not need all of the responsibility on the legal, but in reasonably dangdang, it cannot live up to the user's trust, must be compensated in full – even millions of dollars. Francis Chan in the hope that in three days time, most users updated their own password. He so muchFreeze all funds, gift card account and cost reasons, perhaps due to Chinese users on the importance of password security as if A4 paper color light. Weak passwords according to dangdang, judging from the disaster, some criminals steal the account and password of the user to operate. In fact on some slightly more technically speaking this is easy, many users in differentUsing the same account name and password on the site, gave criminals a chance to steal. The largest manufacturers of network security 360 Safety Center at the end of 2011 has published a guide to the password security, according to the national list of popular dictionary of password cracking software break, finishing up 25 most commonly used among Chinese Internet users "weak". Based on 360All experts to provide this information, Chinese Internet users commonly used TOP25 "weak", there are 9 identical to foreign Internet users habits. Which, with the exception of password, abc123, ILOVEYOU, QWERTY, the world's definitive "weak", the rest are digital combination. Simple number combinations, seems to be moreMost Internet users love
tera power leveling, accounted for nearly half of the list. For example, "666,666" and "888,888" auspicious number, almost all Chinese hackers of passwords in the dictionary, and "5,201,314" (I love you forever) apparently placed by people of strong feelings, for Chinese characteristic "weak". Common Internet users "weak" including JaneSingle digit combination, combination of characters in the order and combination of adjacent character combinations and special meaning, the four categories. And from the Chinese version of "weak" list, domestic Internet users accustomed to setting 6-character password. As much as 18 in the TOP25 is a 6-bit characters, up to the 72%. In addition, "a1b2c3" and "p@ssWOrd" this kind of combination-type passwordSeemingly complex, is also in the hackers to focus in the password list. If the system account or other Accounts using these "weak" password can easily be exploited by hackers dictionary automatically "Mongolia", resulting in leakage of personal information, and even property damage. Francis Chan accounts frozen for three days in an attempt to 80% the dangdang users for their account settingsStrong passwords. However three days down and exception report 6 user accounts and user to change the password of the 5% was not only the fact that Congress give consent. What causes so that customers do not care about their property in the account? Perhaps it is because the amount of money in the account is less, probably because some users have not received messages from dangdang accounts can be stolen, perhaps due toAre gift cards from all costs, maybe-they don't care about why, exactly what a dangdang staff unwilling to believe that one reason, but the possibility is very high – Francis Chan "full compensation" commitment. Also not lost if lost, why would you bother to change a password? (Editors: Yin Liang)
Others:
沒有留言:
張貼留言