Google game da canza hanyar sarrafa gauraye abun ciki a shafukan da aka buɗe ta hanyar HTTPS. A baya can, idan akwai abubuwan da aka haɗa akan shafukan da aka buɗe ta hanyar HTTPS waɗanda aka loda su ba tare da ɓoyewa ba (ta hanyar http: // yarjejeniya), an nuna alama ta musamman. A nan gaba, an yanke shawarar toshe lodin irin waɗannan albarkatun ta hanyar tsohuwa. Don haka, shafukan da aka buɗe ta hanyar "https://" za a ba da tabbacin cewa za su ƙunshi albarkatun da aka zazzage ta hanyar amintacciyar tashar sadarwa.
An lura cewa a halin yanzu sama da kashi 90% na masu amfani da Chrome suna buɗewa ta hanyar amfani da HTTPS. Kasancewar abubuwan da aka ɗora ba tare da ɓoyewa ba yana haifar da barazanar tsaro ta hanyar gyara abubuwan da ba su da kariya idan akwai iko akan tashar sadarwa (misali, lokacin haɗawa ta hanyar buɗe Wi-Fi). An gano gaurayen abun ciki mai nuna rashin tasiri da yaudara ga mai amfani, saboda baya bayar da cikakkiyar kima na tsaron shafin.
A halin yanzu, mafi haɗari nau'ikan gauraye abun ciki, kamar rubutun da iframes, an riga an toshe su ta hanyar tsohuwa, amma ana iya sauke hotuna, fayilolin odiyo da bidiyo ta hanyar http://. Ta hanyar zurfafa hoto, maharin na iya musanya Kukis masu bin diddigin mai amfani, ko ƙoƙarin yin amfani da lahani a cikin masu sarrafa hoto, ko yin jabu ta hanyar maye gurbin bayanan da aka bayar a hoton.
Gabatarwar toshewa ya kasu kashi da yawa. Chrome 79, wanda aka tsara don 10 ga Disamba, zai ƙunshi sabon saiti wanda zai ba ku damar musaki toshewa ga takamaiman shafuka. Za a yi amfani da wannan saitin zuwa gauraya abun ciki wanda aka riga an toshe, kamar rubutun da iframes, kuma za a kira shi ta cikin menu wanda ya sauko ƙasa lokacin da ka danna alamar kulle, maye gurbin alamar da aka tsara a baya don kashe toshewa.
Chrome 80, wanda ake tsammanin ranar 4 ga Fabrairu, zai yi amfani da tsarin toshe mai laushi don fayilolin odiyo da bidiyo, yana nuna maye gurbin http: // hanyoyin haɗin kai tare da https: //, wanda zai adana aiki idan matsalar matsalar kuma ta hanyar HTTPS. . Hotuna za su ci gaba da lodi ba tare da canje-canje ba, amma idan an sauke ta http://, shafukan https:// za su nuna alamar haɗi mara tsaro ga dukan shafin. Don canzawa ta atomatik zuwa https ko toshe hotuna, masu haɓaka rukunin yanar gizon za su iya amfani da haɓaka kaddarorin CSP-buƙatun-marasa tsaro da toshe-duk-gauraye-abun ciki. Chrome 81, wanda aka shirya don Maris 17, zai gyara kai-tsaye http:// zuwa https:// don shigar da hotuna masu gauraya.
Bugu da kari, Google game da haɗawa cikin ɗaya daga cikin sakewa na gaba na mai binciken Chome na sabon ɓangaren Duba kalmar wucewa, a baya a cikin tsari . Haɗin kai zai haifar da bayyanar a cikin mai sarrafa kalmar sirri na Chrome na yau da kullun na kayan aikin don nazarin amincin kalmomin shiga da mai amfani ke amfani da su. Lokacin da kuka yi ƙoƙarin shiga kowane rukunin yanar gizon, za a bincika shiga da kalmar wucewa ta ma'aunin bayanan asusun da aka yi sulhu, tare da nuna gargadi idan an gano matsaloli. Ana gudanar da cak ɗin ne a kan bayanan da ke rufe sama da asusun ajiyar kuɗi biliyan 4 waɗanda suka bayyana a cikin bayanan bayanan masu amfani da aka leka. Hakanan za a nuna gargadi idan kuna ƙoƙarin amfani da kalmomin sirri marasa mahimmanci kamar "abc123" (by Google 23% na Amurkawa suna amfani da kalmomin sirri iri ɗaya), ko lokacin amfani da kalmar sirri iri ɗaya akan shafuka da yawa.
Don kiyaye sirri, lokacin samun dama ga API na waje, kawai baiti biyu na farko na hash na shiga da kalmar wucewa ana watsa su (ana amfani da hashing algorithm. ). An rufaffen cikakken zanta tare da maɓalli da aka samar a gefen mai amfani. Hashes na asali a cikin bayanan Google kuma an ɓoye su kuma an bar baiti biyu na farko na hash ɗin don tantancewa. Tabbacin ƙarshe na hashes wanda ya faɗo a ƙarƙashin prefix-byte biyu da aka watsa ana aiwatar da shi a gefen mai amfani ta amfani da fasahar cryptographic "“, wanda babu wata jam’iyya da ta san abin da ke cikin bayanan da ake dubawa. Don karewa daga abubuwan da ke cikin bayanan bayanan asusun da aka yi sulhu da su da ƙarfi tare da buƙatar prefixes na sabani, ana rufaffen bayanan da aka watsa dangane da maɓalli da aka samar bisa ingantacciyar haɗin shiga da kalmar sirri.
source: budenet.ru