Isihlungi esisetshenziswe ku-uBlock Origin imithetho eyengeziwe yokuvimbela imibhalo evamile yokuskena imbobo yenethiwekhi kusistimu yendawo yomsebenzisi. Ake sikukhumbuze lokho ngoMeyi ukuskena izimbobo zendawo lapho uvula i-eBay.com. Kuvele ukuthi lo mkhuba awugcini ku-eBay nabaningi (I-Citibank, i-TD Bank, i-Sky, i-GumTree, i-WePay, njll.) isebenzisa ukuskena kwembobo yesistimu yendawo yomsebenzisi lapho ivula amakhasi abo, isebenzisa ikhodi ukuze ithole imizamo yokufinyelela evela kumakhompyutha antshontshiwe ahlinzekwa isevisi ye-ThreatMetrix.
Endabeni ye-eBay, amachweba wenethiwekhi angu-14 ahlotshaniswa namaseva okufinyelela kude njenge-VNC, TeamViewer, Anyplace Control, Aeroadmin, Ammy Admin kanye ne-RDP. Mhlawumbe ukuhlola kuyaqhubeka ubukhona beminonjana yokulimala kwesistimu ngohlelo olungayilungele ikhompuyutha ukuze kuvinjelwe ukuthengwa komgunyathi kusetshenziswa ama-botnet. Ukuskena kungasetshenziswa futhi ukuthola idatha engaqondile .
Icebo elisetshenziselwa ukuskena lisekelwe ekuzameni ukusungula uxhumano kumachweba ahlukahlukene enethiwekhi yomsingathi 127.0.0.1 (i-localhost) ngokusebenzisa . Ukuba khona kwembobo yenethiwekhi evulekile kunqunywa ngokungaqondile ngokusekelwe kumehluko ekuphathweni kwephutha ekuxhumekeni ezimbobeni zenethiwekhi ezisebenzayo nezingasetshenzisiwe. I-WebSocket ikuvumela ukuthi uthumele izicelo ze-HTTP kuphela, kodwa isicelo esinjalo sembobo yenethiwekhi engasebenzi siyehluleka ngokushesha, futhi imbobo esebenzayo kuphela ngemva kwesikhathi esithile esichithwe ukuzama ukuxoxisana ngoxhumo. Ngaphezu kwalokho, esimweni sembobo engasebenzi, i-WebSocket ikhipha ikhodi yephutha lokuxhuma (ERR_CONNECTION_REFUSED), futhi esimweni sembobo esebenzayo, ikhodi yephutha yokuxoxisana.
Ngaphezu kokuskena kwembobo, iWebSockets ingakwazi futhi ngokuhlaselwa kwamasistimu onjiniyela bewebhu abasebenzisa izibambi ze-WebSocket zezinhlelo zokusebenza ze-React kusistimu yendawo. Isayithi yangaphandle ingasesha ezimbobeni zenethiwekhi, inqume ubukhona besibambi esinjalo, futhi ixhume kuyo. Uma unjiniyela enza iphutha, umhlaseli angathola okuqukethwe kwedatha yokususa iphutha, okungase kuhlanganise ulwazi olubucayi oluyisketchy.
Source: opennet.ru