Vagadziri veMatrix vakatemesa meseji chikuva nezve emergency shutdown yemaseva ΠΈ (Matrix's main client) nekuda kwekubira kweprojekiti zvivakwa. Kudzima kwekutanga kwakaitika husiku hwapfuura, mushure mezvo maseva akange asipo , uye zvikumbiro zvinovakwazve kubva kune zvinongedzo zvinyorwa. Asi maminetsi mashoma apfuura maseva aive kechipiri.
Attackers pane chikuru ruzivo rwakadzama nezve server kumisikidzwa uye data pamusoro pekuvapo kwedhatabhesi ine hashes yeanoda kusvika mamirioni mashanu nehafu vashandisi veMatrix. Sehumbowo, password hashi yemutungamiri weMatrix project inowanikwa pachena. Yakachinjwa site code mune vanorwisa 'GitHub repository (kwete mune yepamutemo matrix repository). Tsanangudzo nezve yechipiri hack kusvika zvino .
Mushure mekutanga hack nechikwata cheMatrix, chakaburitswa , iyo inoratidza kuti hack yakaitwa kuburikidza nekusagadzikana mune isina kuvandudzwa Jenkins inoenderera mberi yekubatanidza system. Mushure mekuwana mukana kune sevha yeJenkins, vapambi vakabata makiyi eSSH uye vakakwanisa kuwana mamwe maseva ezvivakwa. Zvakataurwa kuti source code nemapakeji hazvina kukanganiswa nekurwiswa. Kurwiswa kwacho hakunawo kukanganisa maModular.im maseva. Asi varwisi vakawana mukana weDBMS huru, iyo ine, pakati pezvimwe zvinhu, mameseji asina kunyorwa, tokeni dzekuwana uye password hashes.
Vese vashandisi vakarairwa kuti vachinje mapassword avo. Asi panguva yekuchinja mapassword muRiot mutengi mukuru, vashandisi nekurasikirwa kwemafaira ane backup makopi emakiyi ekudzorera encrypted tsamba uye kusakwanisa kuwana nhoroondo yemameseji apfuura.
Ngatikuyeuchidzei kuti chikuva chekuronga kufambiswa kwemashoko inounzwa sepurojekiti inoshandisa yakavhurika zviyero uye inobhadhara zvakanyanya kuonesa kuchengetedzeka uye kuvanzika kwevashandisi. Matrix inopa kuguma-kusvika-kumagumo encryption zvichienderana neprotocol yayo, kusanganisira iyo Double Ratchet algorithm (inoshandiswawo sechikamu cheSignal protocol), inotsigira kutsvaga uye kuona kusingagumi kwenhoroondo yetsamba, inogona kushandiswa kuendesa mafaera, kutumira zviziviso, kuongorora. kuvapo kwemugadziri pamhepo, kuronga teleconferences, kuita izwi uye vhidhiyo kufona. Iyo zvakare inotsigira maficha epamberi senge kutaipa zviziviso, kuverenga simbiso, kusunda zviziviso uye server-parutivi kutsvaga, kuwiriranisa kwenhoroondo yemutengi uye chimiro, sarudzo dzakasiyana dzezviziviso (email, nhamba yefoni, Facebook account, nezvimwewo).
Kuwedzera: yakaenderera mberi netsananguro yekubira kwechipiri, ruzivo nezve kudonhedza kwePGP makiyi, uye tarisiro yezvinetso zvekuchengetedza zvakakonzera kubira.
Chinhuopennet.ru
[: en]Vagadziri veMatrix vakatemesa meseji chikuva nezve emergency shutdown yemaseva ΠΈ (Matrix's main client) nekuda kwekubira kweprojekiti zvivakwa. Kudzima kwekutanga kwakaitika husiku hwapfuura, mushure mezvo maseva akange asipo , uye zvikumbiro zvinovakwazve kubva kune zvinongedzo zvinyorwa. Asi maminetsi mashoma apfuura maseva aive kechipiri.
Attackers pane chikuru ruzivo rwakadzama nezve server kumisikidzwa uye data pamusoro pekuvapo kwedhatabhesi ine hashes yeanoda kusvika mamirioni mashanu nehafu vashandisi veMatrix. Sehumbowo, password hashi yemutungamiri weMatrix project inowanikwa pachena. Yakachinjwa site code mune vanorwisa 'GitHub repository (kwete mune yepamutemo matrix repository). Tsanangudzo nezve yechipiri hack kusvika zvino .
Mushure mekutanga hack nechikwata cheMatrix, chakaburitswa , iyo inoratidza kuti hack yakaitwa kuburikidza nekusagadzikana mune isina kuvandudzwa Jenkins inoenderera mberi yekubatanidza system. Mushure mekuwana mukana kune sevha yeJenkins, vapambi vakabata makiyi eSSH uye vakakwanisa kuwana mamwe maseva ezvivakwa. Zvakataurwa kuti source code nemapakeji hazvina kukanganiswa nekurwiswa. Kurwiswa kwacho hakunawo kukanganisa maModular.im maseva. Asi varwisi vakawana mukana weDBMS huru, iyo ine, pakati pezvimwe zvinhu, mameseji asina kunyorwa, tokeni dzekuwana uye password hashes.
Vese vashandisi vakarairwa kuti vachinje mapassword avo. Asi panguva yekuchinja mapassword muRiot mutengi mukuru, vashandisi nekurasikirwa kwemafaira ane backup makopi emakiyi ekudzorera encrypted tsamba uye kusakwanisa kuwana nhoroondo yemameseji apfuura.
Ngatikuyeuchidzei kuti chikuva chekuronga kufambiswa kwemashoko inounzwa sepurojekiti inoshandisa yakavhurika zviyero uye inobhadhara zvakanyanya kuonesa kuchengetedzeka uye kuvanzika kwevashandisi. Matrix inopa kuguma-kusvika-kumagumo encryption zvichienderana neprotocol yayo, kusanganisira iyo Double Ratchet algorithm (inoshandiswawo sechikamu cheSignal protocol), inotsigira kutsvaga uye kuona kusingagumi kwenhoroondo yetsamba, inogona kushandiswa kuendesa mafaera, kutumira zviziviso, kuongorora. kuvapo kwemugadziri pamhepo, kuronga teleconferences, kuita izwi uye vhidhiyo kufona. Iyo zvakare inotsigira maficha epamberi senge kutaipa zviziviso, kuverenga simbiso, kusunda zviziviso uye server-parutivi kutsvaga, kuwiriranisa kwenhoroondo yemutengi uye chimiro, sarudzo dzakasiyana dzezviziviso (email, nhamba yefoni, Facebook account, nezvimwewo).
Kuwedzera: yakaenderera mberi netsananguro yekubira kwechipiri, ruzivo nezve kudonhedza kwePGP makiyi, uye tarisiro yezvinetso zvekuchengetedza zvakakonzera kubira.
Source: opennet.ru
[:]