Har yanzu muna zub da jini daga raunukan da Heartbleed ya bar mana kasa da shekara guda da ta gabata kuma wani babban batun tsaro ya addabi duniyar bude hanya: GHOST, ramin tsaro a dakin karatun Linux na glibc. A wannan lokacin, duk da haka, ainihin haɗarin yana ƙasa quite mun bayyana dalilin da yasa ƙasa.
Menene GHOST?
Rashin lafiyar GHOST, wanda masu binciken tsaro a Qualys suka sanar a makon da ya gabata, yana zaune a cikin ayyukan gethostbyname na ɗakin karatu na glibc. Ga wadanda basu sani ba, glibc shine sunan da aka san dakunan karatu na GNU C, wanda da shi ake tara yawancin tsarin Linux da shirye-shiryen software da yawa kyauta. Musamman, ana amfani da ayyukan gethostbyname don warware sunayen yanki zuwa adiresoshin IP, kuma ana amfani dasu ko'ina cikin aikace-aikacen buɗe tushen.
Maharan za su iya amfani da ramin tsaro na GHOST don ƙirƙirar ambaliyar ƙwaƙwalwar ajiya, wanda ke ba da damar gudanar da kowane irin mummunar muguwar lamba da aikata kowane irin mummunan abubuwa.
Duk waɗannan abubuwan da ke sama suna nuna cewa GHOST labari ne mara kyau ga masoya kayan aikin kyauta. Abin farin ciki, haɗarin gaske ya bayyana bai zama mai girma ba. Da alama dai an gyara kwaroron a watan Mayu 2013, wanda ke nufin cewa duk wani sabar Linux ko PC tare da sabbin kayan aikin software yana da aminci daga hari.
Bugu da kari, an maye gurbin ayyukan gethostbyname da wasu sababbi wadanda zasu iya rike muhallin sadarwar zamani, saboda sun hada da tallafi ga IPv6, a tsakanin sauran sabbin abubuwa. A sakamakon haka, sababbin aikace-aikace galibi basa amfani da ayyukan gethostbyname kuma basa cikin haɗari.
Kuma wataƙila mafi mahimmanci, a halin yanzu babu wata sananniyar hanyar aiwatar da hare-haren GHOST akan yanar gizo. Wannan yana rage damar yin amfani da wannan yanayin don satar bayanai daga masu amfani da hankali ko ɓarnatar da haɗari.
Daga qarshe, da alama GHOST ba shi da wata matsala irin ta yau Ajiyar zuciya o Shellshock, ramukan tsaro na kwanan nan cewa sun shafi software kyauta gaba ɗaya da Linux musamman.
Ta yaya zaka san idan GHOST zai iya shafar ka?
Mai sauƙi, kawai kuna buɗe tashar mota ku shigar da umarni mai zuwa:
ldd - juyarwa
Ya kamata ya dawo da wani abu makamancin wannan:
ldd (Ubuntu GLIBC 2.19-10ubuntu2) 2.19 Hakkin mallaka (C) 2014 Free Software Foundation, Inc. Wannan software ce ta kyauta; duba tushen don yin kwafin yanayi. BABU garanti; ba ma don HANKALI KO GIRMAN SHARI'A BA. Wanda ya rubuta Roland McGrath da Ulrich Drepper.
Don zama amintacce, sigar glibc dole ne ta fi ta 2.17. A cikin misali, an sanya 2.19. Idan har yanzu kuna amfani da tsohuwar sigar, kawai kuna buƙatar gudanar da waɗannan umarnin (ko kwatankwacin waɗanda ke cikin rarrabawarku):
sudo dace-samu sabunta sudo apt-samun dist-inganci
Bayan shigarwa ya zama dole a sake kunna PC tare da umarnin mai zuwa:
sudo sake yi
A ƙarshe, dole ne ku sake yin gudu sau ɗaya don bincika sigar na gblic.
Na canza daga windows zuwa Linux ... saboda sunce Linux din yana da lafiya, amma gaskiyar lamari daban, virus bayan virus da suke ganowa a cikin Linux, kamar (rootkit, bash vulnerability da GHOST), mafi munin duka .... wannan Ghost virus din da suke fada wanda aka gabatar dashi tun 2003. Har yaushe ne karyar?
Babu Tsarin Aiki da yake da cikakkiyar lafiya, amma idan zan iya tabbatar muku da wani abu shine Linux ya fi Windows aminci sosai. Yanzu ina tambayar ku mutane nawa ne wannan abin da ake kira Fatalwa ya shafa? Saboda kawai yana wurin tun dinosaur baya nufin ana amfani dashi tun.
Ina iya baku tabbacin cewa matsalar tsaro ba tsarin aiki bane, amma wacce ke bayan keyboard
Menene tsarin da dole yake buƙatar riga-kafi, windows. Ba sauran magana.
PS: Nemi riga-kafi don windows a cikin google, kuma tuni akwai sakamako na shirye-shiryen karya waɗanda suke girka talla, Trojans ko wasu malware da suke bayyana kamar ƙirar cuta (yi haƙuri, riga-kafi).
gaisuwa
Zan iya cewa na biya shari'ar giya ga duk mutumin da ya nuna min hujja cewa sun kamu da cutar ko kuma malware a cikin Linux ... kuma kusan tabbas, mafi yawan zan biya 2 ko 3 akasari 😉
Kuna gunaguni game da manyan ƙwayoyin cuta guda 3 ko 4 a cikin Linux? Don ƙwayoyin cuta na Windows suna fitowa koyaushe tunda yanayin rauni ya fi girma cikin tsarin wannan nau'in. Linux yana da tsaro sosai amma ba shine OS mafi aminci a duniya ba, amma yana da aminci kuma yafi Windows.
A INGILI SUKA CE WANNAN:
Ularfafawa wanda zai ba da izinin sarrafa Linux, ana iya amfani da wannan kuskuren tsaro ta amfani da aikin gethostbyname glibc, wanda aka yi amfani da shi a kusan dukkanin kwamfutocin Linux waɗanda ke da hanyar sadarwa, lokacin da kumburi ke kiran wani ta amfani da fayil / sauransu / runduna ko amfani da DNS. Abin da kawai ake buƙatar yi wa maharin yana haifar da ɓarna ta amfani da suna mara aiki a kan sabis ɗin mai karɓar DNS. Wannan ya sa maharin zai iya amfani da tsarin ta hanyar mai amfani da ke aiki da sabar DNS, ba tare da sanin takardun shaidarka ba.
Abin da ke ban mamaki game da wannan yanayin, wanda aka ruwaito shi a fili kwanakin ƙarshe, Ina cikin annashuwa tun daga 2000 kuma ba a warware shi ba har zuwa 2013.
An warware matsalar rashin lafiyar a baya, a cikin 2012 lokacin da aka saki Glibc 2.17, abin da ya faru shi ne nau'ikan LTS na Linux OS da yawa ba su haɗa da facin da ya dace da sigar kafin Glibc 2.17 ba, wannan shi ne abin da ya faru.
Na farko, babu wanda ke magana game da ƙwayoyin cuta, suna magana ne game da yanayin rauni, wani abu daban.
Abu na biyu, cewa kayi amfani da FreeBSD (idan baka amfani da wata hanya don Wakilin Mai amfani), hakan ba zai tseratar da kai daga irin waɗannan matsalolin ba, FreeBSD ma tana da rauni irin na zamani.
http://www.securitybydefault.com/2011/12/exploit-para-vulnerabilidad-de.html
Kar a manta OpenBSD.
Wannan ba kwayar cuta ba ce!
Amma mafi mahimmanci shine cewa aminci shine abin mamaki!
Lokacin da ka fahimci cewa komai ya zama kara bayyana
Don ku san sauran abubuwan da nake gaya muku cewa 'yar uwata tana da littafin yanar gizo wanda bayan shigar XP sau biyu ta nemi in canza zuwa Linux kuma har sai kayan aikinta sun lalace ba ta da sauran matsala. Haka yake a gidan surukina, tsawon shekaru uku ba tare da matsala ba kuma lokacin da na girka Windows a wani bangare na wasannin ƙuruciyata, ba wata ɗaya da ta wuce ba tare da wata malware ta karɓi hanyar ta ba. Kuma su ne misalai biyu kawai.
Hakanan yana faruwa a gidana, babu wanda yake son dawowa da tagogi.
Ko da OpenBSD yana da raunin da ba a warware shi ba, kuma don kammala shi, GHOST rauni ne, ba kwayar cutar kanta ba. Yi damuwa game da ko kuna da Shellshock ko Heartbleed.
Kuma af, me nake yi a cikin wannan wutar?
Karanta wannan sannan kayi magana:
http://www.taringa.net/posts/linux/18068456/Virus-en-GNU-Linux-Realidad-o-mito.html
HAHAHAHAHA hakika labarin asali namu ne: https://blog.desdelinux.net/virus-en-gnulinux-realidad-o-mito/
Hahaha, ban ma tuna hehehe ba.