Una vez más, idatha yomsebenzisi evela kumawebhusayithi angama-3.400 okungenani afaka iFitbit, Une kanye ne-1Password, iveziweOkwamanje, ngenxa yokwephulwa kwezokuphepha kwe-Cloudflare, kunconywa ukuthi ushintshe ngokushesha amaphasiwedi wokufinyelela.
Idatha yomsebenzisi evela kumawebhusayithi angaphezu kwama-3.400 ibe kuhlungiwe futhi kwalondolozwa yizinjini zokusesha njengomphumela wesiphazamisi sokuphepha ku-Cloudflare, inethiwekhi yokusabalalisa okuqukethwe esetshenziswa izinkulungwane zamawebhusayithi. Izinyanga, amawebhusayithi afana ne-Uber, i-Fitbit noma isayithi lokuphola i-OKCupid phakathi kwezinkulungwane, athintekile. I-1Password ibuye isebenzise i-Cloudflare, kepha inkampani ithi ngenxa yokubethela kwayo ukuphela, idatha yamakhasimende ayo ayidalulwanga.
Iphutha lokuphepha eliveza idatha yamakhulu ezinkulungwane zabasebenzisi
Ukuphepha nobumfihlo bemininingwane yethu yinto ethinta abantu abaningi mihla namalanga. Idatha yomuntu siqu engaphezulu esiyigcina "efwini" futhi noma ngubani angafinyelela kuyo, ezimweni eziningi, ngokwazi igama lethu lomsebenzisi nephasiwedi. Ngakho lImininingwane eshicilelwe namhlanje ibucayi kakhulu, zombili ngokwezinga nangokuya ngevolumu yabasebenzisi kungathinta.
Ngokusho ishicilelwe I-ArsTechnica, Umcwaningi wezokuphepha wakwaGoogle uTavis Ormandy uthole ukuthi iphutha ku-Cloudflare, inethiwekhi yokusabalalisa okuqukethwe esetshenziswa yizigidi zamawebhusayithi, ivumele idatha yomsebenzisi kusuka kumawebhusayithi angaphezu kwama-3.400 XNUMX ukuthi iputshuke.nokugcinwa enqolobaneni yezinjini zokusesha.
Insiza esetshenziswa amawebhusayithi ayisigidi esingu-5,5 kungenzeka inamaphasiwedi aputshukile namathokheni okuqinisekisa.
Isampula ledatha u-Ormandy ayibonile. Lo umlayezo oyimfihlo ovela kusayithi lokuphola okcupid | ISITHOMBE: ArsTechnica
Phakathi kwalawo mawebhusayithi athintekile kukhona amafemu adumile afana neFitbit noma i-Uber, kanye ne-1Password, okuthe noma kunjalo, isivele isho ukuthi idatha yabasebenzisi bayo ihlala iphephile ngenxa yokubethela kokuphela kokuphela.
Sibone okhiye bokubethela, amakhukhi, amaphasiwedi, iziqu zedatha ye-POST, kanye nezicelo ze-HTTPS zamanye amasayithi aphezulu aphethwe ngamafu avela kwabanye abasebenzisi. Lapho nje sesikuzwile esikubonayo kanye nemiphumela, savele sama futhi saxhumana nokuphepha kwe-cloudflare.
ICloudflare iyavuma iphutha, kepha ingabubukela phansi ubunzima bayo
ICloudflare isivele ivumile ukuthi iphutha lokuvikela lenzeke ngempela, kepha bobabili uTavis Ormandy nabanye abacwaningi bezokuphepha bakholelwa ukuthi inkampani ibuthatha kancane ubucayi besigameko. Phakathi ku iposi Kuthunyelwe kubhulogi yenkampani ngaphansi kwesihloko esithi "Umbiko wesigameko ngokuvuza kwenkumbulo okubangelwe yi-Cloudflare parser bug," i-Cloudflare iyavuma ukuthi ukwephula lokho kwakukukhulu, kepha futhi kuphawula lokho abukho ubufakazi bokuthi le bug isetshenzisiwe.
Iphutha belibucayi ngoba imemori evulekile ingaqukatha imininingwane eyimfihlo futhi ngoba ngabe ibilondolozwe yizinjini zokusesha. Futhi asibutholanga obunye ubufakazi bokuhlukunyezwa okunonya kwale bug noma eminye imibiko yokuba khona kwayo.
U-Ormandy washesha ukunikela nge- impendulo ezitatimendeni zenkampani ezithi okuthunyelwe okushicilelwe yi-Cloudflare kunikeza ukuhlaziywa okuhle kakhulu kwe- "postmortem" kodwa ngasikhathi sinye "kunciphisa kakhulu ubungozi kumakhasimende.
Kunconywa ukushintsha amaphasiwedi
URyan Lackey, omunye umphenyi ohlonishwayo wezokuphepha, uyavumelana nezitatimende zika-Ormandy, ethi, Yize amathuba okuvezwa kwamaphasiwedi ephansi, leyo ngozi ikhona, ngakho-ke abasebenzisi bayakhuthazwa ukuthi bayishintshe.
I-Google, i-Bing, i-Yahoo, kanye nezinye izinjini zokusesha sezivele zisula idatha efakwe kunqolobane, yingakho amaqiniso manje enziwe obala, kepha I-ArsTechnica iphawula ukuthi eminye imininingwane egciniwe isekhona.