Questions remain after thief raids new Alibaba auction site
When traders buy or sell on auction sites, they have to assume the site will protect their data. Any security compromise that can cost users money will be remembered for a long time.
So it was interesting to see the complaint last week by Taobao, the new consumer arm of business-to-business auction site Alibaba.
According to a cease-and-desist letter sent to Yahoo!, 1Pai.com.cn, the auction site launched this month by Yahoo! and Sina, managed to steal business data including the contact details of 50,000 of Taobao's traders. Sounds like they got off lightly, as Taobao claims to have 600,000 users.
Even more surprising was the way the heist was allegedly carried out. Taobao said that over a period of four days, access to its site was unusually slow and by the time its tech staff had traced the source of the problem, someone had managed to download 121 gigabytes of data to a fixed IP address belonging to Yahoo!
It is hard to know what to marvel at the most - the apparent discrepancy between the number of contact details stolen and the number of customers Taobao claimed to have, that it took engineers four days to find why the site was inaccessible, that so much data could be downloaded to a single-fixed IP address without anyone noticing, or that the data should be available to any passing hacker.
Alibaba recently received US$82 million from investors to help expand its China business. Too bad it didn't spend some of that on hiring a network administrator.
Shanghai authorities may not be serious in their latest attempts to catch citizens surfing subversive sites.
The Shanghai Daily last week reported that authorities in the city planned to install surveillance cameras in 1,325 internet cafes to control the public's insatiable search for forbidden websites.
The State Administration for Radio, Film and Television said it would install software to check users' ID cards or passwords before granting access to a PC.
Just consider the practicalities of this. A spokesman for the administration said the cafes housed 110,000 computers. Just supposing one camera was needed for every two displays, if an inspector is to have any chance of gauging whether a site is illegal, that would mean 55,000 cameras would need to be installed, and several thousand pairs of eyes hired to monitor them.
If Shanghai was really serious about the whole business, maybe they could just post a guard in every cafe.