Una vez más, Idatha yomsebenzisi evela ubuncinci kwiiwebhusayithi ezingama-3.400 kubandakanya iFitbit, i-Une kunye ne-1Password, iveziwe, Ngeli xesha, ngenxa yolwaphulo lokhuselo lweCloudflare, ke kuyacetyiswa ukuba utshintshe kwangoko iphasiwedi.
Idatha yomsebenzisi evela kwiiwebhusayithi ezingaphezulu kwama-3.400 zikhona ihluziwe kwaye igcinwe kwiinjini yokukhangela njengesiphumo se-bug yokhuseleko kwi-Cloudflare, inethiwekhi yokuhambisa umxholo esetyenziswa ngamawaka eewebhusayithi. Kwiinyanga, iiwebhusayithi ezinje ngo-Uber, uFitbit okanye indawo yokuthandana OKCupid phakathi kwamawaka, zichaphazele. I-1Password ikwasebenzisa iCloudflare, nangona kunjalo inkampani ibanga ukuba enkosi ekupheliseni ukubethela ukuphela, idatha yabathengi bayo ayichazwanga.
Isiphene sokhuseleko esibonisa idatha yamakhulu amawaka abasebenzisi
Ukhuseleko kunye nemfihlo yedatha yethu yobuqu yinto exhalabisa ngakumbi nangakumbi abantu mihla le. Ngakumbi nangakumbi idatha yobuqu esiyigcina "efini" kwaye nabani na anokufikelela kuyo, kwiimeko ezininzi, ngokwazi nje igama lomsebenzisi kunye negama lokugqitha. Kungoko lUlwazi olupapashwe namhlanje lubaluleke kakhulu, ngokomgangatho kwaye ngokomthamo wabasebenzisi unokuchaphazela.
Ngokutsho li papashwe ArsTechnica, Umphandi wezokhuseleko kuGoogle uTavis Ormandy wafumanisa ukuba isiphoso ku-Cloudflare, uthungelwano lokusasaza umxholo olusetyenziswa zizigidi zewebhusayithi, luvumele idatha yomsebenzisi kwiiwebhusayithi ezingaphezulu kwama-3.400 ukuba zityatyulwe.
Inkonzo esetyenziswe zizigidi ezi-5,5 zewebhusayithi zinokuba neepassword ezivuzayo kunye neethokheni zokuqinisekisa.
Isampulu yedatha yeOrmandy. Lo ngumyalezo wabucala ovela kwindawo yokuthandana okcupid | UMFANEKISO: ArsTechnica
Phakathi kwezi webhusayithi zichaphazelekayo ziifemu ezithandwayo njengeFitbit okanye i-Uber, kunye ne-1Password, ethi, nangona kunjalo, sele ichaze ukuba idatha yabasebenzisi bayo ihlala ikhuselekile ngenxa yokubethela ukuphela.
Siqwalasele izitshixo zokubhala ngokufihlakeleyo, iicookies, iiphasiwedi, iiposti zedatha, kunye nezicelo zeHTTPS zezinye iisayithi eziphezulu ezibanjelwe ilifu ezivela kwabanye abasebenzisi. Nje ukuba sikuqonde esikubonayo kunye nefuthe, sayeka kwangoko kwaye sanxibelelana nokhuseleko lwamafu.
ICloudflare iyasivuma isiphoso, kodwa inokubuthatha kancinci ubunzima bayo
ICloudflare sele ivumile ukuba isiphoso sokhuseleko senzekile, kodwa bobabini uTavis Ormandy kunye nabanye abaphandi bezokhuseleko bakholelwa ukuba inkampani ibuthatha kancinci ubuzaza besiganeko. Kwi isikhundla Kuthunyelwe kwibhlog yenkampani phantsi kwesihloko "Ingxelo yesiganeko sokuvuza kwenkumbulo okubangelwa yi-Cloudflare parser bug", Cloudflare iyavuma ukuba ulwaphulo-mthetho lwalunzulu, kodwa ikwaphawula ukuba abukho ubungqina bokuba ibug iye yaxhatshazwa.
Impazamo yayinzulu kuba imemori evuzayo inokuqulatha ulwazi lwabucala kwaye kuba ibiya kugcinwa kwiinjini yokukhangela. Asifumananga nabuphi na ubungqina bokuxhaphaza ngolunya i-bug okanye ezinye iingxelo zobukho bayo.
U-Ormandy wakhawuleza wanikezela nge impendulo kwiingxelo zenkampani ezichaza ukuba iposti epapashwe yi-Cloudflare inikezela ngohlalutyo oluhle kakhulu "lwe-postmortem" kodwa kwangaxeshanye "kunciphisa kakhulu umngcipheko kubathengi."
Kuyacetyiswa ukuba utshintshe ipassword
URyan Lackey, omnye umphandi oqaqambileyo wezokhuseleko, uyavumelana neengxelo zika-Ormandy, esithi, Nangona amathuba okuvezwa kweephasiwedi ephantsi, obo bungozi bukhona, ke abasebenzisi bayakhuthazwa ukuba bazitshintshe.
UGoogle, Bing, Yahoo, kunye nezinye iinjini zokukhangela sele zicoca idatha egciniweyo, kungoko iinyani sele zenziwe zacaca esidlangalaleni, kodwa I-ArsTechnica iqaphela ukuba ezinye iinkcukacha ezigciniweyo zihlala zikhona.