引用本文: |
-
彭元,黄皑昌,庄军莲.国内即时通讯软件的安全脆弱性分析[J].广西科学院学报,2005,(3):189-192. [点击复制]
- Peng Yuan,Huang Aichang,Zhuang Junlian.A Discussion of Vulnerabilities of Security of Instant Messaging Softwares in China[J].Journal of Guangxi Academy of Sciences,2005,(3):189-192. [点击复制]
|
|
摘要: |
即时通讯软件在网络协议上存在一定的安全隐患,IM软件开发中涉及的多线程技术、服务器程序开发、数据库开发、脚本语言、组件开发技术等也会造成一定的安全隐患。IM软件在使用过程中存在用户账号和密码易暴露,活链接功能、开放的端口及消息收发权限可能会被恶意利用等安全性问题。建议IM软件开发商建立软件用户数据加密保护体系,提醒用户注意密码等用户私有信息的安全性;开发相应的软件插件,接受用户对恶意链接投诉,并由系统自动将其屏蔽;加强与杀毒软件开发商的合作,及时提供升级病毒库;在服务器运行先进的网络入侵监测系统,防范开放的端口及消息收发权限被恶意利用。 |
关键词: 即时通讯软件 安全 脆弱性 |
DOI: |
投稿时间:2005-05-29 |
基金项目: |
|
A Discussion of Vulnerabilities of Security of Instant Messaging Softwares in China |
Peng Yuan1, Huang Aichang2, Zhuang Junlian1
|
(1.Guangxi Academy of Sciences, Nanning, Guangxi, 530022, China;2.Guangxi Union-Industrial Engineering Consulting & Design LTD., Nanning, Guangxi, 530003, China) |
Abstract: |
The recentstudies indicate that there are some potential security bugs in the network protocol of Instant Messaging (IM) softwares.The situation would be worse when disadvantages of multithreading,the server process,database system,script language and module in IM development are considered.For instance,usernames and passwords in IM softwares can be showed up easily, and active link,open port and the authorization of received and sent news may be used balefully. Software developers should (1) establish safety and security systems to protect users' databases, (2) alarm users to pay attention to their private information such as passwords, (3) provide correlative module and investigate the complaint of baleful linkage which should be shielded immediately by the system, (4) of internet service, the advanced monitor system for internet invasion should be run in server to prevent baleful usage of open port and the authorization of received and sent news. |
Key words: instant messaging software security vulnerability |