HackerOne platform, uas tso cai rau cov kws tshawb fawb txog kev ruaj ntseg qhia cov neeg tsim khoom txog kev txheeb xyuas qhov tsis zoo thiab tau txais khoom plig rau qhov no, tau txais txog koj tus kheej hacking. Ib tug ntawm cov kws tshawb fawb tau tswj kom nkag mus rau tus account ntawm tus kws tshuaj ntsuam kev ruaj ntseg ntawm HackerOne, uas muaj peev xwm saib cov ntaub ntawv cais, suav nrog cov ntaub ntawv hais txog qhov tsis zoo uas tseem tsis tau kho. Txij li thaum lub platform pib, HackerOne tau them nyiaj rau cov neeg tshawb nrhiav tag nrho $ 23 lab txhawm rau txheeb xyuas qhov tsis zoo hauv cov khoom lag luam los ntawm ntau dua 100 tus neeg siv khoom, suav nrog Twitter, Facebook, Google, Apple, Microsoft, Slack, Pentagon, thiab US Navy.
Nws yog noteworthy tias tus account takeover ua tau vim tib neeg yuam kev. Ib qho ntawm cov kws tshawb fawb tau xa daim ntawv thov rau kev tshuaj xyuas txog qhov muaj peev xwm ua rau muaj kev cuam tshuam hauv HackerOne. Thaum lub sij hawm soj ntsuam ntawm daim ntawv thov, tus kws tshuaj ntsuam HackerOne tau sim rov ua dua cov txheej txheem hacking, tab sis qhov teeb meem tsis tuaj yeem rov tsim dua, thiab cov lus teb raug xa mus rau tus sau daim ntawv thov thov cov ntsiab lus ntxiv. Nyob rau tib lub sijhawm, tus kws tshuaj ntsuam tsis pom tias, nrog rau cov txiaj ntsig ntawm kev kuaj xyuas tsis tiav, nws tsis tau xa cov ntsiab lus ntawm nws qhov kev sib tham Cookie. Tshwj xeeb, thaum lub sijhawm sib tham, tus kws tshuaj ntsuam tau muab piv txwv ntawm HTTP thov los ntawm cov khoom siv hluav taws xob curl, suav nrog HTTP headers, los ntawm qhov nws tsis nco qab tshem cov ntsiab lus ntawm qhov kev sib tham Cookie.
Tus kws tshawb fawb pom qhov kev saib xyuas no thiab muaj peev xwm nkag mus rau hauv tus account muaj cai ntawm hackerone.com los ntawm kev ntxig rau qhov pom ntawm Cookie tus nqi yam tsis tas yuav mus dhau ntau qhov kev lees paub siv hauv kev pabcuam. Qhov kev tawm tsam tau ua tau vim tias hackerone.com tsis khi qhov kev sib kho rau tus neeg siv tus IP lossis browser. Cov teeb meem kev sib tham ID raug muab tshem tawm ob teev tom qab tshaj tawm cov ntaub ntawv xau. Nws tau txiav txim siab them tus kws tshawb fawb 20 txhiab nyiaj rau kev qhia txog qhov teeb meem.
HackerOne tau pib qhov kev tshuaj xyuas los txheeb xyuas qhov tshwm sim ntawm cov khoom qab zib zoo sib xws yav dhau los thiab los ntsuas qhov muaj peev xwm xau ntawm cov ntaub ntawv ntiag tug txog cov teeb meem ntawm cov neeg siv khoom. Kev tshuaj xyuas tsis tau qhia txog cov pov thawj ntawm kev xau yav dhau los thiab txiav txim siab tias tus kws tshawb fawb uas pom qhov teeb meem tuaj yeem tau txais cov ntaub ntawv hais txog kwv yees li 5% ntawm tag nrho cov kev pabcuam uas tau nthuav tawm hauv cov kev pabcuam uas nkag mus rau tus kws tshuaj ntsuam uas nws qhov kev sib tham tau siv.
Txhawm rau tiv thaiv cov kev tawm tsam zoo sib xws yav tom ntej, peb tau ua raws li kev sib tham ntawm tus yuam sij rau tus IP chaw nyob thiab lim cov yuam sij kev sib tham thiab kev lees paub qhov tokens hauv cov lus. Yav tom ntej, lawv npaj yuav hloov kev khi rau IP nrog kev khi rau cov neeg siv khoom siv, txij li kev khi rau IP tsis yooj yim rau cov neeg siv nrog qhov chaw nyob dynamically. Nws kuj tau txiav txim siab nthuav dav lub cav nrog cov ntaub ntawv hais txog cov neeg siv nkag mus rau cov ntaub ntawv thiab siv cov qauv ntawm granular nkag rau cov kws tshuaj ntsuam rau cov neeg siv khoom cov ntaub ntawv.
Tau qhov twg los: opennet.ru