Alibaba Cloud has been exposed to major security flaws. All machine permissions and all user data have been leaked.

Just as Alibaba Cloud was promoting its data security in a high-profile manner, a major security incident occurred!

On September 1, multiple cloud hosting forums and discussion groups exploded. The reason was that Alibaba Cloud, the largest cloud hosting service provider in China, had another major security incident, and system commands and executable files were deleted from a wide range of users. Many netizens publicly disclosed on Weibo that on Alibaba Cloud ECS machines, every time a command is executed, the system deletes a command, which has seriously affected their daily operation and maintenance work.

On the day of the incident, Alibaba Cloud issued an announcement saying: ldquo; A bug was triggered by the upgrade of the malicious file detection and killing function of the Yundun An Knight server component, resulting in a small number of executable files on some servers being mistakenly isolated. The system started the rollback as soon as possible, and the files that had been mistakenly isolated have been basically recovered. We are visiting some customers who have not yet recovered to assist in recovering as soon as possible. For affected customers, we will immediately initiate hundredfold time compensation and avoid similar mistakes from happening again. We are aware of the impact and loss of this error on your business and once again offer our deepest apologies.& amp;rdquo;

Seeing this announcement, I believe many netizens have ldquo; spurted blood rdquo;, an upgrade can actually lead to such a wide range of failures?! Process killed, file deleted, unable to view the day hellip; hellip; and so on abnormal, really is the cloud shield upgrade caused by accidental problems?

Many netizens expressed doubts about Alibaba Cloud's reply. One of the netizens said that in fact, some users had complained earlier that Alibaba Yundun scanning took up a large amount of CPU, and suspected that Yundun regularly injected SQL into the monitoring port of the cloud host, regardless of whether this practice is reasonable or the necessity of this behavior. Since some users are troubled by this, Alibaba Cloud should give users a transparent explanation to enhance enterprises 'confidence in the cloud amid the vigorous development of cloud computing.

Amid doubts from netizens, another disastrous security issue with Alibaba Cloud was exposed!

An industry insider who declined to be named revealed to the author that the root cause of Alibaba Cloud's security problems may not be Yundun, but bugs at the management system level. This Bug can cause a series of security issues, and the deletion of system commands and executable files is just one of the problems. This Bug will lead to Alibaba Cloud data disclosure. The main manifestation is that through this BUG, customers (or hackers) can enter Alibaba Cloud's internal network and obtain all Alibaba Cloud user data + permissions. Including the customer's associated account, customer information, server permissions, etc.(see Figure 1). This means that all machine permissions and all user data of Alibaba Cloud may have been leaked. Whether the password was intercepted due to Yundun being injected is still uncertain.

Figure 1: User data obtained through bugs (provided by the person who exposed the explosion)

Careful people will find that someone has already reported this BUG to Alibaba Cloud through forums. Alibaba Cloud customer service said: ldquo; This Bug was accidentally triggered in the partner interface and has been checked and processed. (See Figure 2 for details)

Figure 2: A thank-you letter sent by Alibaba Cloud Service to the person who gave feedback on the Bug (screenshot of Alibaba Cloud Forum)

As the cloud hosting manufacturer with the highest brand recognition in China, Alibaba Cloud should be the benchmark in the industry. However, the successive occurrences of large-scale failures and major security risks will greatly undermine users 'confidence in Alibaba Cloud and even affect the development of the entire industry. What Alibaba Cloud should do most now is not to engage in media public relations, but to show sincerity, give end users a satisfactory answer, and give users a transparent and credible explanation.

In fact, cloud security has always been one of the most concerned issues for users and one of the biggest challenges facing Alibaba Cloud. Alibaba Cloud has many users, and a small Bug may affect thousands of corporate users. In recent years, Alibaba Cloud has made a lot of efforts in security operation and maintenance, and its achievements are remarkable. For example, the introduction of Alibaba Yundun has enabled many users to solve the problem of DDoS attacks. The market does not lie. If you make good products, you will naturally have users. With the continuous improvement of product experience, Alibaba Cloud's market share continues to expand, and its influence and reputation in the industry have also rapidly increased. Qi Shunjie, vice president of Halo New Network, said in an exchange with the author that Alibaba Cloud is the only cloud hosting service provider in China that has the ability to compete with Amazon in the United States.

However, achievements are achievements, problems are problems, and flaws that do not obscure the merits are not applicable to Alibaba Cloud! What is more worth mentioning is that the core of this issue is exactly the rdquo; Yundun ldquo; that Alibaba Cloud was once proud of! A thousand-mile embankment creates an ant nest. I hope that this security incident will attract enough attention from Ali, thoroughly reflect on it, and make arrangements for the future as soon as possible!【Author: Li Haigang]

China Ali, come on! (End)