Personal Information Protection Standard Implementation

In recent years, with the rapid development of information technology, incidents of personal information leakage have occurred from time to time. The "Guide" developed by the Ministry of Industry and Information Technology in collaboration with other departments aims to contain information crimes and protect the legitimate rights and interests of citizens from intrusion. However, CCTV reporters found that network security engineers can easily obtain the user's registration name and password in less than one minute, and CCTV points out that anyone with basic network technical knowledge can do it.

In response, the network security engineer stated that this was due to the fact that the website did not perform well in processing the user's password and did not adopt encryption to process the information. CCTV uses SouFun as an example. When a user enters a user name and password on his computer, a computer equipped with network sniffing software can easily intercept it. The reason for this phenomenon is that the website did not use any encryption technology during the transmission of the user name and password from the user's computer to the server of the web site. Instead, clear text was used to enable the "hacker" to easily capture.

According to tests conducted by organizations such as the China Software Testing Center and the Beijing Key Lab of Internet Security Technology, websites such as Hexun, Aika Auto, Tom Mail, Phoenix Weibo, ChinaHR, and Zhenai.com have the lowest level of security protection. Information is most easily leaked. Jingdong Mall, Netease 163 E-mail, Ctrip, Dangdang.com, Eslite, Gome, Taobao.com, Suning.com, Baidu.com and other websites also have the problem of transmitting the registered name and password in plaintext. There is a possibility that user information may be leaked. .

At the end of 2011, a large number of website user databases, including CSDN and Tianya Community, were hacked. About 50 million user data were leaked. At one time, website security was at stake. CSDN said afterwards that the main cause of hacker attacks is because the company's website uses clear text to store user passwords. Once a hacker enters the database, it can directly see the user's password and other information without decryption. However, this incident did not attract the attention of other well-known websites. After more than a year, personal information “stabbing” was exposed again.

On February 1st, China's first personal information protection standard "Information Security Technology Public and Business Service Information System Personal Information Protection Guide" was formally implemented. However, CCTV reporters found that many well-known websites did not provide relevant protection technology for user's personal information. Websites that Jingdong, Ctrip, Taobao, Gome and other Internet users often visit have problems with the transmission of the registered name and password in plaintext. There is user information. The possibility of being leaked.