ProHoster > Блог > labaran intanet > Hacking matrix.org kayayyakin more rayuwa

Hacking matrix.org kayayyakin more rayuwa

[:ru]

Masu haɓaka dandamalin saƙon da ba a san su ba na Matrix sanar game da rufewar gaggawa na sabobin matrix.org и Rikicin.im (Babban abokin ciniki na Matrix) saboda hacking na kayan aikin. Kashewar farko ta faru ne a daren jiya, bayan haka ba a samu na’urorin ba mayar da, kuma ana sake gina aikace-aikacen daga tushen tunani. Amma 'yan mintoci kaɗan da suka gabata sabobin sun kasance daidaitawa karo na biyu.

Maharan aka buga a kan babban shafi na aikin cikakken bayani game da tsarin uwar garken da bayanai kan kasancewar rumbun bayanai tare da hashes kusan miliyan biyar da rabi masu amfani da Matrix. A matsayin shaida, zaton kalmar sirri na jagoran aikin Matrix yana samuwa ga jama'a. Canja lambar rukunin yanar gizo aka buga a cikin ma'ajin GitHub na maharan (ba a cikin ma'ajin matrix na hukuma ba). Cikakkun bayanai game da hack na biyu ya zuwa yanzu bata.

Bayan hack na farko ta ƙungiyar Matrix, an buga shi rahoto, wanda ke nuna cewa an yi hack ɗin ta hanyar lahani a cikin tsarin haɗin kai na Jenkins wanda ba a sabunta ba. Bayan samun damar shiga uwar garken Jenkins, maharan sun katse maɓallan SSH kuma sun sami damar shiga wasu sabar kayan aikin. An bayyana cewa harin bai shafi lambar tushe da kunshin ba. Har ila yau harin bai shafi sabar Modular.im ba. Amma maharan sun sami damar shiga babban DBMS, wanda ya ƙunshi, da sauran abubuwa, saƙonnin da ba a ɓoye ba, alamun shiga da hashes.

An umurci duk masu amfani da su canza kalmomin shiga. Amma yayin aiwatar da canza kalmomin shiga a cikin babban abokin ciniki na Riot, masu amfani fuskantar tare da asarar fayiloli tare da kwafin maɓallan maɓalli don maido da rufaffen wasiku da rashin iya shiga tarihin saƙonnin da suka gabata.

Bari mu tunatar da ku cewa dandali don tsara tsarin sadarwa mara kyau matrix an gabatar da shi azaman aikin da ke amfani da buɗaɗɗen ƙa'idodi kuma yana ba da kulawa sosai don tabbatar da tsaro da sirrin masu amfani. Matrix yana ba da ɓoyayyen ƙarshen-zuwa-ƙarshen dangane da ƙa'idarsa, gami da Double Ratchet algorithm (wanda kuma ake amfani dashi azaman ɓangaren siginar yarjejeniya), yana goyan bayan bincike da kallon tarihin wasiƙa mara iyaka, ana iya amfani dashi don canja wurin fayiloli, aika sanarwa, kimantawa. kasancewar mai haɓakawa akan layi, shirya tarho, yin murya da kiran bidiyo. Hakanan yana goyan bayan fasalulluka na ci gaba kamar buga sanarwar, karanta tabbatarwa, sanarwar turawa da binciken gefen uwar garken, aiki tare da tarihin abokin ciniki da matsayi, zaɓuɓɓukan ganowa daban-daban (imel, lambar waya, asusun Facebook, da sauransu).

Arin: Aka buga a ya ci gaba da bayanin kutse na biyu, bayanai game da yadda makullan PGP suka zube, da kuma bayyani kan matsalolin tsaro da suka haifar da kutse.

Sourcebudenet.ru

[: en]

Masu haɓaka dandamalin saƙon da ba a san su ba na Matrix sanar game da rufewar gaggawa na sabobin matrix.org и Rikicin.im (Babban abokin ciniki na Matrix) saboda hacking na kayan aikin. Kashewar farko ta faru ne a daren jiya, bayan haka ba a samu na’urorin ba mayar da, kuma ana sake gina aikace-aikacen daga tushen tunani. Amma 'yan mintoci kaɗan da suka gabata sabobin sun kasance daidaitawa karo na biyu.

Maharan aka buga a kan babban shafi na aikin cikakken bayani game da tsarin uwar garken da bayanai kan kasancewar rumbun bayanai tare da hashes kusan miliyan biyar da rabi masu amfani da Matrix. A matsayin shaida, zaton kalmar sirri na jagoran aikin Matrix yana samuwa ga jama'a. Canja lambar rukunin yanar gizo aka buga a cikin ma'ajin GitHub na maharan (ba a cikin ma'ajin matrix na hukuma ba). Cikakkun bayanai game da hack na biyu ya zuwa yanzu bata.

Bayan hack na farko ta ƙungiyar Matrix, an buga shi rahoto, wanda ke nuna cewa an yi hack ɗin ta hanyar lahani a cikin tsarin haɗin kai na Jenkins wanda ba a sabunta ba. Bayan samun damar shiga uwar garken Jenkins, maharan sun katse maɓallan SSH kuma sun sami damar shiga wasu sabar kayan aikin. An bayyana cewa harin bai shafi lambar tushe da kunshin ba. Har ila yau harin bai shafi sabar Modular.im ba. Amma maharan sun sami damar shiga babban DBMS, wanda ya ƙunshi, da sauran abubuwa, saƙonnin da ba a ɓoye ba, alamun shiga da hashes.

An umurci duk masu amfani da su canza kalmomin shiga. Amma yayin aiwatar da canza kalmomin shiga a cikin babban abokin ciniki na Riot, masu amfani fuskantar tare da asarar fayiloli tare da kwafin maɓallan maɓalli don maido da rufaffen wasiku da rashin iya shiga tarihin saƙonnin da suka gabata.

Bari mu tunatar da ku cewa dandali don tsara tsarin sadarwa mara kyau matrix an gabatar da shi azaman aikin da ke amfani da buɗaɗɗen ƙa'idodi kuma yana ba da kulawa sosai don tabbatar da tsaro da sirrin masu amfani. Matrix yana ba da ɓoyayyen ƙarshen-zuwa-ƙarshen dangane da ƙa'idarsa, gami da Double Ratchet algorithm (wanda kuma ake amfani dashi azaman ɓangaren siginar yarjejeniya), yana goyan bayan bincike da kallon tarihin wasiƙa mara iyaka, ana iya amfani dashi don canja wurin fayiloli, aika sanarwa, kimantawa. kasancewar mai haɓakawa akan layi, shirya tarho, yin murya da kiran bidiyo. Hakanan yana goyan bayan fasalulluka na ci gaba kamar buga sanarwar, karanta tabbatarwa, sanarwar turawa da binciken gefen uwar garken, aiki tare da tarihin abokin ciniki da matsayi, zaɓuɓɓukan ganowa daban-daban (imel, lambar waya, asusun Facebook, da sauransu).

Arin: Aka buga a ya ci gaba da bayanin kutse na biyu, bayanai game da yadda makullan PGP suka zube, da kuma bayyani kan matsalolin tsaro da suka haifar da kutse.

source: budenet.ru

[:]

Add a comment