当心了!家中NAS如果开了FTP选项,文件可以被Google索引到
回家得看一下我的NAS有没有FTP选项,是否关闭了。报道显示谷歌可检索某些本地网络存储设备的个人文件: http://www.cnbeta.com/articles/384745.htm
原文:http://www.csoonline.com/article/2906137/cloud-security/lost-in-the-clouds-your-private-data-has-been-indexed-by-google.html?page=3
内容
Network-attached drives can be super convenient for keeping your backups and files remotely accesible without relying on servers form a third party like Dropbox or OneDrive. But as an investigation conducted by CSO has found out, if not properly configured, you could be getting more than you bargained for.
The report says some personal cloud devices and external hard disks connected to routers with FTP enabled have been indexed by Google, resulting in personal files appearing in search results. These include everything from personal emails, journal entries, passports, tax records, financial statements, mortgage documents, passwords, private photos and more.
CSO was reportedly able to map a family's personal and financial history going back to 2009 by searching their name. The data was archived on a Western Digital hard drive connected to a Linksys WRT1900AC router. When warned about the problem, the family confirmed it was too late.
"I simply could not figure out how someone got the info minutes after I'd activate them. My system was clean and secured more than the average person," said one member of the family. Now I know. difficult when my backups were public and being indexed on Google.”
CSO noted that devices including Seagate Personal Cloud, Seagate Business NAS, Western Digital My Cloud and LaCie CloudBox also popped up in searches. The culprit, again, is improperly configured remote access features.
The report includes a detailed guide on how to check if your network-attached storage devices are letting Google index your files.
据CSO报道,有部分通过路由器以本地网络连接或FTP协议链接的存储设备文件可以被谷歌检索到(注:这段翻译的不准,应该是“一些个人云存储设备和连接到路由器的外接硬盘,如果开启了FTP,就已经被Google检索了”),导致个人隐私文件或重要财务文件泄露。CSO就通过谷歌检索到一个家庭的2009年至今的财务记录,包含信用卡信息账号。据悉这份家庭使用的存储设备为西数硬盘,通过Linksys WRT1900AC路由器以本地网络连接,这户家庭表示他们发现这一问题时已经太迟了,他们一直搞不清为什么他们甚至的信用卡账号信息,在激活后的数分钟就被别人使用了。原来这些信息居然可以通过Google检索。
这么牛叉,没有密码登录么? 求如何上谷歌 本帖最后由 philip64 于 2015-4-13 16:06 编辑
保安做得不好. 應該要關閉匿名登入, 強制登入帳號必須使用密碼. 谷歌堵在外面路上。。 本帖最后由 kebaojun305 于 2015-4-13 19:00 编辑
win7的ftp服务打开了 整了半天没有配置好。暂时没有时间整了,SVN服务 没事吧。{:titter:}
估计ftp最后会换个 软件整,win7自带的 没玩过不会玩。
页:
[1]