Wolemba APNIC, yemwe ali ndi udindo wogawa ma adilesi a IP m'chigawo cha Asia-Pacific, adafotokoza zomwe zidachitika chifukwa chotaya kwa SQL kwa Whois service, kuphatikiza zinsinsi zachinsinsi ndi mawu achinsinsi, zidaperekedwa poyera. Ndizofunikira kudziwa kuti uku sikunali kutulutsa koyamba kwa data yamunthu mu APNIC - mu 2017, database ya Whois idapangidwa kale poyera, komanso chifukwa choyang'anira antchito.
Poyambitsa chithandizo cha protocol ya RDAP, yopangidwa kuti ilowe m'malo mwa protocol ya WHOIS, ogwira ntchito ku APNIC adayika SQL kutaya kwa database yomwe imagwiritsidwa ntchito muutumiki wa Whois mu Google Cloud yosungirako mitambo, koma sanalepheretse kupeza. Chifukwa cha zolakwika m'makonzedwe, kutaya kwa SQL kunalipo poyera kwa miyezi itatu ndipo izi zinawululidwa pa June 4, pamene mmodzi wa ochita kafukufuku odziimira payekha adawona izi ndikudziwitsa registrar za vutoli.
Kutaya kwa SQL kunali ndi "auth" zomwe zimakhala ndi mawu achinsinsi osinthira zinthu za Maintainer and Incident Response Team (IRT), komanso zidziwitso zamakasitomala zomwe sizikuwonetsedwa mu Whois panthawi yamafunso wamba (nthawi zambiri zambiri zolumikizirana ndi zolemba za wogwiritsa ntchito) . Pankhani yobwezeretsa mawu achinsinsi, owukirawo adatha kusintha zomwe zili m'mindayo ndi magawo a eni ake adilesi ya IP ku Whois. Chinthu cha Maintainer chimatanthawuza munthu yemwe ali ndi udindo wosintha gulu la zolemba zomwe zimagwirizanitsidwa ndi "mnt-by", ndipo chinthu cha IRT chimakhala ndi mauthenga okhudzana ndi olamulira omwe amayankha zovuta. Zambiri za mawu achinsinsi a hashing algorithm omwe amagwiritsidwa ntchito sanaperekedwe, koma mu 2017, ma aligorivimu akale a MD5 ndi CRYPT-PW (ma password a zilembo 8 okhala ndi ma hashes kutengera ntchito ya UNIX crypt) adagwiritsidwa ntchito ngati hashing.
Pambuyo pozindikira zomwe zidachitika, APNIC idakhazikitsanso mawu achinsinsi azinthu za Whois. Kumbali ya APNIC, palibe zizindikiro za ntchito zosavomerezeka zomwe zapezedwabe, koma palibe zitsimikizo kuti deta siinagwere m'manja mwa otsutsa, popeza palibe zipika zonse zopezera mafayilo mu Google Cloud. Monga zomwe zidachitika m'mbuyomu, APNIC idalonjeza kuti ichita kafukufuku ndikusintha njira zaukadaulo kuti apewe kutulutsa kofananako mtsogolo.
Source: opennet.ru