The cloud platform recently exposed P2P platform "Kyoshin win" system has serious security vulnerabilities
feedback domestic Internet security problems, a system called "arbitrary upload vulnerability involving money transactions". In addition to a total win, 7 net loan platform Yimin wealth, wealth, people in the letter and the rich, financial loans, British investment, venture capital and investment Zhejiang Financial music, also in the use of the system.
according to cloud information display, the vulnerability submission time for March 28th, open time is May 12th, belong to the high hazard level. In the description of the vulnerability, the cloud said, a P2P net loan system any upload vulnerability involving tens of millions of money transactions". Has been handed over to third party vendors (CNCERT National Internet Emergency Center) processing.
according to the vulnerability provided by the cloud to prove the link found that the net loan is a total win". Public information, a total of Shenzhen City, a letter to win win win financial information service Co., ltd.. The company was formally established in November 2013, the registered capital of 100 million yuan.
in the description of the security of the platform, the letter said it has a win win proficient in financial management, Internet technology and policies and regulations of the professional team, to provide the most secure investment and financing platform for the public. According to its official website data show that as of 21, the total amount of investment to win a letter of $108 million.
it is understood that the current P2P website system is mainly divided into two kinds, one is the platform of self built, and the other is to buy a technology provider, commonly known as buy template". Due to technical product line production, P2P platform loopholes will spread to many of the use of the system, weak anti risk ability.
risk control has been regarded as the core of enterprise development in the P2P industry, but the risk control platform in addition to their own business, platform security is equally important. At present, in addition to the platform itself to increase investment in hardware and software facilities, improve the level of net loan system provider is imminent.
net loan eye vice president Yuan Tao has been a conservative estimate of hacker attacks resulting in the loss of about 30 million yuan. And including all loans, pat loans, good loan network and other industries ranked on the front platform were attacked.
Liu Gang, Deputy Secretary General of China
E-Commerce Association Communications Branch of great wisdom news agency said that from a technical point of view, most of the existing P2P platform on the market there are security risks. "According to the P2P platform is currently engaged in the business, did not reach the bank level security platform can be regarded as unsafe," he believes that the current domestic trading related e-commerce platform for the vast majority of serious security risks.
P2P, a practitioner of great wisdom news agency said, according to the economic situation of most domestic platform, into the security system of funds is very limited, and most of the net loan companies belong to private lending network, also do not pay attention to the Internet security platform, most of the funds into the marketing activities.