Shulou(Shulou.com)06/01 Report--

The daily chat style of the security team.

   boss A: just now there was a complaint from a user that someone logged on to the site and saw other people's content. The problem is serious. The system must have been hacked. Your security team will solve it quickly.

   boss B: a classmate of the group boss Wang said that the camera in their house was turning last night for no reason and suspected that the camera had been hacked! Boss Wang is the boss of HR. Hurry up and deal with it. Is it true that one of the loopholes you mentioned last time was discovered?

   boss C: last night.

Please don't be confused.

   security veteran drivers should be familiar with the daily chat above. You don't know anything, and the other party doesn't fully understand the situation, the better thing is to figure out the situation, but no matter whether you understand it or not, and then throw out a sentence, there is a safety question, you hurry up to deal with it. That kind of momentum is more or less what your security team cooks, and the safety problems have been discovered by the customers. You are not clear yet. You still have the nerve to ask me the details. Why don't you deal with them quickly? And often these people are more level bosses than you.

  , are you going to be confused, ready to accept the conclusion that your boss has been hacked, and look for accurate evidence to support your boss's judgment according to the direction pointed out by your boss, then you are completely confused. In most cases, you can't find a conclusion along this direction, or you find a conclusion that seems to support the boss's judgment, and then move on to the company's system.

At this point, you need two principles for troubleshooting problems.

  , no matter how experienced the boss is and how urgent the problem is, we have to follow the routine. Compared with flight safety, even if the plane is about to crash, the pilot needs to carry out the scheduled hard landing process. What helps us to troubleshoot problems quickly is that reason is not authority, not shame or fear. Then let's learn the two principles of troubleshooting that I have summed up in my work.

Occam's razor principle

The    Occam razor principle (reference) refers to listing all possible causes of this abnormal situation, and according to the difficulty of occurrence, from the easiest to the most difficult, and then from the easiest possibilities to constantly check the possibilities through the evidence sought. This method of troubleshooting is often very effective, especially when some novice users think that they have found a big loophole, but in fact it is just an anti-human design that does not have any user habits. We summed up this "Occam Razor principle" after we checked countless times because users misunderstood the product, or gave their passwords to others that they forgot. Because technicians tend to naturally forget to think about challenging technical issues and forget that triggering that kind of high-end operation is not something novice users can do. Even if the complainant is a self-proclaimed computer master, you should remember to bring a sharp Occam razor and check with that expert. If he is indeed a master, he will provide evidence to help you quickly negate many possible situations.

Bayesian principle

The    Occam razor is easy to use, but it's too expensive to analyze each time from zero, and it doesn't take advantage of previous experience in troubleshooting similar phenomena. At this time, we need the Bayesian principle. (reference) our Bayesian principle is to list all the causes of such anomalies before, and sort them according to the total number of times, from the most to the least, so that the most likely to be checked later, the possibility of continuous investigation by looking for evidence.

A case study of my experience

   received a complaint from the customer service center one day. Client A reported that he found his camera turning at 10:00 on the 3rd, but the customer was sure that he had not operated the camera. If I were 7 young, I was naturally confused, and now I have my own two principles to start the list.

The family of the Occam Bayes 1 user knows that the account is logged in elsewhere, watching the device serial number 2, the user shares the camera to other users, the local area network is hacked, 3 the user uses a weak password, the other guesses a hidden loophole, 4 the device is automatically rebooted, and the self-test rotation process server is hacked. To tell you the result: the user shares it with other users.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.