I-MITM kwinqanaba lomboneleli: Inguqulelo yaseYurophu

Sithetha ngomthetho oyilwayo omtsha eJamani kunye namanyathelo angaphambili ajolise ngokufanayo.

/unsplash/ UFábio Lucas

Inokubonakala njani

Ekuqaleni kwale nyanga, abasemagunyeni baseJamani bazise umthetho oyilwayo oza kuvumela ii-arhente zokunyanzeliswa komthetho ukuba zisebenzise iziseko zababoneleli be-Intanethi ukufaka iinkqubo zokucupha kwizixhobo zabemi. Njani ingxelo upapasho Iindaba zaBucala kwi-Intanethi, eziphethwe ngumnikezeli we-VPN uFikelelo lwe-Intanethi lwaBucala kunye nokhethekileyo kwiindaba zokhuseleko lolwazi, kuthiwa usebenzisa isoftware yeFinFly ISP evela kwaFinFisher ukuphumeza iMITM. Funda ngakumbi malunga nayo wathetha ngesiHabré njengenxalenye yeendaba ezifanayo.

Yintoni enye esibhala ngayo kuHabré:

• Umsebenzi womboneleli: ukhetho lwezixhobo malunga neeprotocol, i-IT kunye neziseko zonxibelelwano
• Ababoneleli baseMelika bacelwa ukuba basuse imida yokukhuphela idatha - yintoni umphumo
• Izinto ezingaqhelekanga nezicacileyo ezichaphazela uthungelwano lothungelwano lwamashishini kunye nomsebenzi wababoneleli

Incwadana enikwe yiWikiLeaks ithi isoftware yeFinFly ISP yenzelwe ukusebenza kuthungelwano lwababoneleli ngenkonzo ye-Intanethi, iyahambelana nazo zonke iiprothokholi ezisemgangathweni kwaye inokufakwa kwikhompyuter ekujoliswe kuyo kunye nohlaziyo lwesoftware. Omnye wabahlali beHacker News kumsonto wethematic kucetyisiweukuba inkqubo ingasetyenziselwa ukuphumeza uhlaselo lwe-QUANTUMINSERT. Njengoko kuphawuliwe kwiWired, yena isetyenzisiwe kwi-NSA ngo-2005. Ikuvumela ukuba ufunde i-ID yesicelo se-DNS kwaye uqondise kwakhona umsebenzisi kwisixhobo esingeyonyani.

Uqheliselo oludala kakhulu

Emuva kwi-2011, iingcali ezivela kwi-Chaos Computer Club (CCC) - Umbutho weHacker waseJamani - uxelelwe malunga nesoftware esetyenziswa kunyanzeliso lomthetho eJamani. Le yiTrojan ekwaziyo ukufaka i-backdoors kunye nokuqalisa iinkqubo ukude. Wayeyazi nendlela yokuthatha imifanekiso-skrini kwaye uvule ikhamera yekhompyuter kunye nemakrofoni. Nalapho le nkqubo yagxekwa kanobom.

Ngo-2015 esi sihloko kwakhona eziswe kwingxoxo. Kwavela umbuzo womgaqo-siseko wolu hlobo lokucupha. Njani wabhala Umsasazi wamazwe ngamazwe waseJamani uDW kunye nabameli bombutho wezopolitiko "Iqela elihlaza" bayichasile le nkqubo. Baye baphawula ukuba "iziphelo zokunyanzeliswa komthetho azithetheleli iindlela."

/unsplash/ UThomas Bjornstad

Ibali le-MITM kwinqanaba le-ISP laqala ukuxoxwa ngokubanzi kwintambo kwiHacker News. Abahlali abaliqela baphakamise imibuzo malunga nale meko nge ubumfihlo bedatha yomntu ngokubanzi.

Siphinde sathetha malunga nezibophelelo zokugcina idatha kwicala lababoneleli be-Intanethi, kwaye umntu wade wakhumbula ityala I-Crypto_AG. Ngumvelisi wehlabathi jikelele wezixhobo ze-cryptographic ezaziphethwe ngokufihlakeleyo yi-US Central Intelligence Agency. Umbutho uthathe inxaxheba ekuphuhliseni i-algorithms kwaye unike imiyalelo yokubethelela i-backdoors. Eli bali likwaneenkcukacha ezininzi igutyungelwe kuHabré.

Yintoni elandelayo

Isigqibo sokugqibela malunga nomthetho oyilwayo omtsha asikenziwa kwaye sisaza kubonakala. Kodwa sele kucacile ukuba ingxaki ye-spoofing yewebhusayithi inokuba nzima ngakumbi. Kodwa ngubani oya kukwazi ukuxhamla kwimeko ngababoneleli beVPN. Sele zikhankanyiwe phantse kuyo yonke intambo okanye i-habrapost enesihloko esifanayo.

Yintoni onokuyifunda kwibhlog yethu yeshishini:

• Indlela yokubonelela nge-Wi-Fi yasimahla ngokomthetho
• Ukudubula ezinyaweni, okanye iimpazamo ezinzulu ekwakhiweni kweenethiwekhi ze-telecom operator
• IPv6 Ukuphunyezwa – FAQ kuBaboneleli beIntanethi

umthombo: www.habr.com