A lokacin harin na biyu, an tura gidan yanar gizon matrix.org zuwa wani uwar garken (matrixnotorg.github.io) ta hanyar canza sigogin DNS, ta amfani da maɓalli na tsarin isar da abun ciki na Cloudflare API intercepted yayin harin farko. Lokacin sake gina abubuwan da ke cikin sabobin bayan haƙƙin farko, masu gudanar da Matrix sun sabunta sabbin maɓallan sirri kawai kuma sun rasa sabunta maɓallin zuwa Cloudflare.
A lokacin harin na biyu, sabobin Matrix sun kasance ba a taɓa su ba; an iyakance canje-canje ga maye gurbin adireshi a cikin DNS. Idan mai amfani ya riga ya canza kalmar sirri bayan harin farko, babu buƙatar canza shi a karo na biyu. Amma idan har yanzu ba a canza kalmar sirrin ba, yana buƙatar sabunta shi da wuri-wuri, tunda an tabbatar da kwararar bayanan da ke ɗauke da hashes. Shirin na yanzu shine don fara aiwatar da sake saitin kalmar sirri ta tilasta lokaci na gaba da shiga.
Baya ga zubewar kalmomin sirri, an kuma tabbatar da cewa maɓallan GPG da ake amfani da su don samar da sa hannu na dijital don fakiti a cikin ma'ajiyar Debian Synapse da kuma fitar da Riot/Web sun shiga hannun maharan. Maɓallan an kiyaye kalmar sirri. An riga an soke maɓallan a wannan lokacin. An kama maɓallan a ranar 4 ga Afrilu, tun daga lokacin ba a fitar da sabuntawar Synapse ba, amma an saki abokin ciniki na Riot/Web 1.0.7 (duba na farko ya nuna cewa ba a daidaita shi ba).
Maharin ya buga jerin rahotanni akan GitHub tare da cikakkun bayanai game da harin da shawarwari don ƙara kariya, amma an goge su. Koyaya, rahotannin da aka adana
Misali, maharin ya ba da rahoton cewa masu haɓaka Matrix ya kamata
Bugu da ƙari, an soki al'adar adana maɓalli don ƙirƙirar sa hannu na dijital akan sabar samarwa; ya kamata a ware wani keɓe mai masauki don irin waɗannan dalilai. Har yanzu ana kai hari
Sourcebudenet.ru
[: en]A lokacin harin na biyu, an tura gidan yanar gizon matrix.org zuwa wani uwar garken (matrixnotorg.github.io) ta hanyar canza sigogin DNS, ta amfani da maɓalli na tsarin isar da abun ciki na Cloudflare API intercepted yayin harin farko. Lokacin sake gina abubuwan da ke cikin sabobin bayan haƙƙin farko, masu gudanar da Matrix sun sabunta sabbin maɓallan sirri kawai kuma sun rasa sabunta maɓallin zuwa Cloudflare.
A lokacin harin na biyu, sabobin Matrix sun kasance ba a taɓa su ba; an iyakance canje-canje ga maye gurbin adireshi a cikin DNS. Idan mai amfani ya riga ya canza kalmar sirri bayan harin farko, babu buƙatar canza shi a karo na biyu. Amma idan har yanzu ba a canza kalmar sirrin ba, yana buƙatar sabunta shi da wuri-wuri, tunda an tabbatar da kwararar bayanan da ke ɗauke da hashes. Shirin na yanzu shine don fara aiwatar da sake saitin kalmar sirri ta tilasta lokaci na gaba da shiga.
Baya ga zubewar kalmomin sirri, an kuma tabbatar da cewa maɓallan GPG da ake amfani da su don samar da sa hannu na dijital don fakiti a cikin ma'ajiyar Debian Synapse da kuma fitar da Riot/Web sun shiga hannun maharan. Maɓallan an kiyaye kalmar sirri. An riga an soke maɓallan a wannan lokacin. An kama maɓallan a ranar 4 ga Afrilu, tun daga lokacin ba a fitar da sabuntawar Synapse ba, amma an saki abokin ciniki na Riot/Web 1.0.7 (duba na farko ya nuna cewa ba a daidaita shi ba).
Maharin ya buga jerin rahotanni akan GitHub tare da cikakkun bayanai game da harin da shawarwari don ƙara kariya, amma an goge su. Koyaya, rahotannin da aka adana
Misali, maharin ya ba da rahoton cewa masu haɓaka Matrix ya kamata
Bugu da ƙari, an soki al'adar adana maɓalli don ƙirƙirar sa hannu na dijital akan sabar samarwa; ya kamata a ware wani keɓe mai masauki don irin waɗannan dalilai. Har yanzu ana kai hari
source: budenet.ru
[:]