GitHub tshaj tawm tias nws tau ntxiv dag zog rau kev tiv thaiv cov ntaub ntawv rhiab uas tsis tau tso rau hauv txoj cai los ntawm cov neeg tsim khoom los ntawm kev nkag mus rau nws cov chaw khaws cia. Piv txwv li, nws tshwm sim tias cov ntaub ntawv teeb tsa nrog DBMS passwords, tokens lossis API nkag yuam sij xaus rau hauv qhov chaw cia khoom. Yav dhau los, scanning tau ua nyob rau hauv passive hom thiab ua rau nws muaj peev xwm txheeb xyuas cov xau uas twb tau tshwm sim thiab tau suav nrog hauv qhov chaw cia khoom. Txhawm rau tiv thaiv kev xau, GitHub tseem tau pib muab txoj hauv kev los txiav txim siab txiav txim siab uas muaj cov ntaub ntawv rhiab heev.
Kev kuaj xyuas yog nqa tawm thaum lub sij hawm git thawb thiab ua rau lub cim ntawm kev ceeb toom kev ruaj ntseg yog tias tokens rau kev sib txuas rau cov qauv APIs raug kuaj pom hauv cov cai. Tag nrho ntawm 69 tus qauv tau siv los txheeb xyuas ntau hom yuam sij, tokens, daim ntawv pov thawj thiab daim ntawv pov thawj. Txhawm rau tshem tawm qhov tsis zoo, tsuas yog lees paub hom token raug kuaj xyuas. Tom qab ib qho thaiv, tus tsim tawm raug hais kom rov xyuas cov teeb meem code, txhim kho qhov xau, thiab rov ua dua lossis kos lub thaiv tsis tseeb.
Qhov kev xaiv rau kev tiv thaiv kev tawm tsam tam sim no tsuas yog muaj rau cov koom haum uas tau nkag mus rau GitHub Advanced Security kev pabcuam. Passive hom scanning yog pub dawb rau txhua qhov chaw khaws ntaub ntawv pej xeem, tab sis tseem them rau cov chaw khaws cia ntiag tug. Nws tau tshaj tawm tias passive scanning twb tau txheeb xyuas ntau dua 700 txhiab qhov xau ntawm cov ntaub ntawv tsis pub lwm tus paub hauv cov chaw khaws khoom ntiag tug.
Tau qhov twg los: opennet.ru