U-Alan Pope, owayesakuba nguMphathi woBunjineli kunye noLuntu kwiCanonical, uqaphele uhlaselo olutsha olujolise kubasebenzisi bekhathalogu ye-app yeSnap Store. Endaweni yokubhalisa iiakhawunti ezintsha, abahlaseli baqalise ukuthenga iidomeyini eziphelelwe lixesha ezidweliswe kwiidilesi ze-imeyile zabaphuhlisi beSnap ababhalisiweyo. Emva kokuthenga idomeyini, abahlaseli bathumela ithrafikhi ye-imeyile kwiseva yabo kwaye, emva kokuba befumene ulawulo lwedilesi ye-imeyile, baqalise inkqubo yokubuyisa igama eligqithisiweyo elilibeleyo ukuze bafikelele kwiakhawunti.
Ngokulawula iakhawunti ekhoyo, abahlaseli banokuthumela uhlaziyo olunobungozi kwii-apps ezishicilelwe ngaphambili, ezithembekileyo, bengayilandeli imiqathango ephuculweyo esetyenziswa kubasebenzisi abatsha kwaye baphephe ukongeza iilebhile zesilumkiso kwiiprojekthi ezintsha. U-Alan Pope uchonge ubuncinane ii-domain ezimbini (enstorewise.tech kunye ne-vagueentertainment.com) ezithengwe ngabahlaseli ukuze baqweqwedise ii-akhawunti, kodwa kukholelwa ukuba kukho ezinye iimeko ezinjalo ezininzi.
Ngaphambili, abahlaseli bazikhawulela ekubhaliseni iiakhawunti zabo kunye nokupapasha iipakeji ezinobungozi ezizenza izakhiwo ezisemthethweni zesoftware edumileyo okanye zisebenzisa amagama afana neepakeji ezikhoyo (typosquatting). Ukuphendula, iCanonical yazisa ukuqinisekiswa ngesandla kwamagama amatsha eepakeji athunyelwe kwiVenkile yeSnap okokuqala. Ukusukela ngoko, abasasazi be-malware baye bagxila kakhulu ekuthumeleni iipakeji zokuqala, ukuzikhuthaza kwimidiya yoluntu, kwaye ekugqibeleni bapapashe uhlaziyo olunobungozi oluzama ukudlula ukujonga kunye nezihluzi ezizenzekelayo zeVenkile yeSnap.
Ngoku i-attack vector itshintshele ekuthengeni kwakhona ii-domains eziphelelwe lixesha, njengoko indawo yokugcina idatha ye-Snap Store ingakhange isebenzise uvavanyo lokufaneleka. amagama eedomeyini, isetyenziswa kwiidilesi ze-imeyile. Kunyaka ophelileyo, indawo yokugcina i-PyPI (Python Package Index) ifumene ingxaki efanayo, iphawula ngokuzenzekelayo iidilesi ze-imeyile ezineedomeyini eziphelelwe lixesha njengezingaqinisekiswanga. Iidilesi ze-imeyile ezingaphezu kwe-1800 ezinjalo zavalwa kwi-PyPI.
umthombo: opennet.ru
