ProHoster > Blog > talafou initaneti > Le leakage o upu fa'aupuga fa'amaufa'ailoga a le 'au'aunaga a Whois a le resitara Initaneti APNIC

Le leakage o upu fa'aupuga fa'amaufa'ailoga a le 'au'aunaga a Whois a le resitara Initaneti APNIC

O le resitara o le APNIC, e nafa ma le tufatufaina atu o tuatusi IP i le itulagi o Asia ma le Pasefika, na lipotia mai se mea na tupu ona o le lafoaia o SQL o le auaunaga a Whois, e aofia ai faʻamatalaga faʻalilolilo ma upu faʻamaonia, na faʻasalalau faalauaitele. E maitauina e le o le muamua lea o faʻamatalaga a le tagata lava ia i le APNIC - i le 2017, o le Whois database ua uma ona faʻaalia faalauaitele, ona o le vaavaaiga a le aufaigaluega.

I le faagasologa o le faʻalauiloaina o le lagolago mo le RDAP protocol, ua mamanuina e sui ai le WHOIS protocol, na tuʻuina e le aufaigaluega a le APNIC se faʻamaumauga SQL o le faʻamaumauga o loʻo faʻaaogaina i le auaunaga a Whois i le Google Cloud cloud storage, ae leʻi faʻatapulaaina le avanoa i ai. Ona o se mea sese i tulaga, o le SQL dump na avanoa lautele mo le tolu masina ma o lenei mea moni na faʻaalia i le aso 4 o Iuni, ina ua matauina e se tasi o tagata suʻesuʻe saogalemu tutoatasi lenei mea ma logoina le resitara e uiga i le faafitauli.

O le SQL dump o loʻo i ai uiga o le "auth" o loʻo i ai faʻamatalaga faʻaupuga mo le suia o mea mai le Maintainer and Incident Response Team (IRT), faʻapea foʻi ma nisi faʻamatalaga maʻaleʻale tagata faʻatau e le o faʻaalia i le Whois i taimi o fesili masani (masani faʻamatalaga faʻafesoʻotaʻi faaopoopo ma faʻamatalaga e uiga i le tagata faʻaoga) . I le tulaga o le toe faʻaleleia o upu faʻaulu, na mafai e le au osofaʻi ona suia mea o loʻo i totonu o fanua ma faʻamaufaʻailoga a tagata e ona poloka tuatusi IP i Whois. O le mea o le Maintainer o lo'o fa'amatalaina ai le tagata e nafa ma le suia o se vaega o fa'amaumauga e feso'ota'i i le uiga "mnt-by", ma o le mea IRT o lo'o iai fa'amatalaga fa'afeso'ota'i mo pule e tali atu i fa'amatalaga fa'afitauli. O faʻamatalaga e uiga i le password hashing algorithm faʻaaogaina e leʻo tuʻuina atu, ae i le 2017, MD5 ma CRYPT-PW algorithms tuai (8-character passwords with hashes e faʻavae i luga o le UNIX crypt function) na faʻaaogaina mo le hashing.

Ina ua uma ona faailoaina le mea na tupu, na amataina e le APNIC se toe setiina o upu faataga mo mea faitino i Whois. I luga o le itu APNIC, e leai ni faʻailoga o ni gaioiga faʻaletulafono e leʻi iloa, ae leai ni faʻamautinoaga e leʻi pa'ū faʻamaumauga i lima o tagata osofaʻi, talu ai e leai ni ogalaau atoa o avanoa i faila i Google Cloud. E pei ona maeʻa le mea na tupu muamua, na folafola e le APNIC e faʻatautaia se suʻega ma faia suiga i faiga faʻatekonolosi e puipuia ai faʻalavelave tutusa i le lumanaʻi.

puna: opennet.ru

Faaopoopo i ai se faamatalaga