Na sami labari mai ban sha'awa, asalin shine Rariya.com kuma marubucin shine Kelly Jackson Higgins. Na bar fassarar shi:
The Dark Side na Java
Metasploit yana ƙara sabon tsari don sabbin hare-haren Java lokacin da Java ta zama sabon manufa da aka fi so game da masu aikata laifuka
Disamba 01, 2011 | 08:08 PM
By Kelly Jackson Higgins
Karatun duhu
Kayan aiki ne mai lalacewa daga ɓangaren masu haɓaka, amma Java ya kasance na farko kuma har yanzu ana mantawa da kasancewar kwamfutar da ke ci gaba da zama abin ƙyama ga 'yan iska.
Me yasa Java a matsayin mayaƙan hari?
Penetarfafawarsa da lambar da ba ta dace ba da tsohuwar ƙirar da ke gudana a can a kan kwamfutoci suna sa Java ta zama baƙar baƙin zaɓaɓɓu ga masu fashin kwamfuta kwanan nan. Lambobin sun faɗi duka: Kimanin tsarin kere-kere 80 sun tsufa, nau'ikan Java da ba a haɗa su ba, bisa ga bayanan Qualys. Kuma tun a cikin kwata na uku na 2010, Microsoft ya gano ko toshe kusan ƙoƙarin 6.9 na Java na cin riba a kowane kwata, don jimlar ƙoƙarin yin amfani da miliyan 27.5 a cikin wannan watannin 12.
Gabaɗaya, na'urori biliyan 3 suna amfani da Java a duniya, kuma kashi 80% na masu bincike suna yi. A halin yanzu, wasu masu amfani da ilimin tsaro suna kashewa ko cire shi gaba ɗaya a matsayin kiyayewa.
Masu haɓaka mashahurin buɗe tushen matasploit kayan aikin gwajin kutsawa a wannan makon sun ƙara sabon tsari don sabon harin Java wanda ke cin zarafin wani rauni na kwanan nan a aiwatar da Java na Oracle, Rhino. Kuskuren a cikin Oracle Java SE JDK da JRE 7 da 6 ɗaukakawa 27 da sigogin da suka gabata, waɗanda masu bincike suka sanar da farko a nan y a nan sannan kuma da sauri ya zama ya zama mai amfani a cikin kayan ɓoye na ɓoye, kamar yadda mai rubutun ra'ayin yanar gizo Brian Krebs ya gano a ciki gidan yanar gizonku. Krebs On Security ya ba da rahoton cewa ana gudanar da harin a cikin kayan aikata laifuka na BlackHole.
«Java yana duk inda yake so, kuma babu wanda ya sabunta shi yadda yakamata«In ji HD Moore, mahalicci kuma babban mai tsara gine-gine na Metasploit da CSO a Rapid7. «Kananan kamfanoni ne suka sabunta shi a kwamfutocin su.»
“Oracle yana ba da fasalin sabuntawa ta atomatik don Java, amma yana buƙatar gatan gudanarwa ga mai amfani da kwamfutar ya yi amfani da shi, abin da yawancin kamfanoni ba sa yarda"Moore ya ce.
Daraktan kamfanin Microsoft na Kamfanin Comeding Computing, Tim Rains, a farkon wannan makon ya yi nuni a cikin wani sakon da ya ce an kwashe wasu watanni ana yin kwalliya a cikin software ta Oracle. «Rashin daidaituwa a cikin software ta Java ta Oracle an kasance ana kaiwa hari a kan sikeli babba na watanni da yawa, kuma, kamar yadda na ambata, sabunta wadatar tsaro game da waɗannan larurar ta kasance akwai ɗan lokaci.»Inji ruwan sama. «Idan baku sabunta Java ba a cikin mahallan ku kwanan nan, yakamata ku tantance haɗarin da ke tattare da hakan. Daga cikin wasu abubuwa, kungiyoyi suna bukatar sanin cewa zasu iya samun nau'uka daban-daban na tafiyar Java.", Ya ce.
Kuskuren Java na Oracle, wanda Oracle ya facfa a watan da ya gabata, yana ba wa applet ɗin Java damar gudanar da lambar ƙira ba tare da akwatin sandar Java ba. Moore na Rapid7's ya ce abin da ake kira Java Rhino Exploit (wanda ke aiki a dandamali da yawa, gami da Windows, iOS, da Linux) na faruwa ne a bayan fage, ba tare da sani ba ga mai amfani da abin ya shafa. Abin sha'awa, Linux ya fi fuskantar haɗari a halin yanzu. «Oracle ya facce shi, Apple ya bukaci inganta software. Amma mafi yawan masu sayarwa Masu samar da Linux ?? basu da ɗaukakawa"Moore ya ce.
Wannan galibi ana amfani dashi azaman matakin farko a cikin farmaki mai matakai da yawa, wanda ake amfani dashi don saukar da fayil mai zartarwa ko ta hanyar shigar da bot.
Wolfgang Kandek, CTO na Qualyx, ya ce tenier Metasploit na tallafawa sabon amfani zai taimaka wajen wayar da kan jama'a game da haɗarin aikace-aikacen Java da suka tsufa. «Fa'idodi da ke tattare da shi a kan Metasploit shi ne cewa mutanen kirki suna iya nuna yadda wannan [harin] yake aiki", in ji shi.
Yawancin kungiyoyi sun sami tsofaffin aikace-aikacen Java akan bayanan abokin ciniki na Qualys manyan kamfanoni ne, in ji shi. «Akwai yiwuwar rashin wadataccen tsari don patching Java. Yana tashi karkashin radar", Ya ce.
---- Kuma a nan labarin ya ƙare.
Babu shakka, wannan yana da alaƙa da abin da muka ambata a baya ... ma'ana, dangane da menene Canonical zai daina bayar da Java daga Oracle a cikin rumbun adana shi (Ubuntu, Kubuntu, Xubuntu, da sauransu), da kyau a bayyane, ee Oracle baya bada damar haɗa abubuwan sabuntawa, ba shi da daraja, saboda mai amfani zai kasance mai saurin fuskantar hare-hare kamar waɗanda muka ambata a sama.
Duk da haka, me kuke tunani game da shi? 😉
gaisuwa
PD: Jiya ina karanta wani darasi game da yadda ake girka Linux a Nokia N70 na Nokia, har yanzu ban yanke shawarar yin shi ba LOL !!!
Na jima ina amfani da IcedTea (OpenJDK, kyauta) kuma kusan koyaushe ina nakasa shi saboda da kyar nake amfani dashi ...
Ina da kadan, kimanin watanni 3 da amfani da OpenJDK, ban san takamaiman matsalar tsaro a java ba, na canza shi ne don ganin yadda aikin libreoffice ya kasance 😛
Na san wannan kusan a kashe yake amma… Linux akan Nokia? Kamar yadda? Idan zan iya ɗaukar m___ daga cikin 5800 da na yi farin ciki!
Shin kun san cewa Symbian itace kawiyar Linux ta farko? 😀
Koyaya, har yanzu ban karanta cikakken bayani game da Linux akan Nokia ba ... kar ku damu, idan na sami ingantaccen bayani zan baku hanyoyin haɗin 😉
KZKG ^ Gaara… kada ku dame ni amma… akwai wasu kurakurai a cikin fassarar, misali:
1 .- «… suna yin Java zabin bakar fashin dan gwanin kwamfuta hat latti» yakamata ya zama «.. a yan kwanakinnan sun sanya Java zabin masu satar fasaha»
2.- "Mai sayarwa" a Turanci kuma ana nufin "Mai Ba da Kaya" ("Mai Ba da Kaya") don haka kalmar "Amma galibin masu sayar da Linux ..." ya kasance ba tare da wata matsala ba "Amma yawancin masu sayar da Linux ..."
gaisuwa
Nah ba komai 😀
Gaskiya hakan bai dameni ba, ni ba kwararriyar fassara bace, kasa da LOL !!!
Na gyara shi yanzun nan 😉
Da gaske, na gode sosai, fahimtar Ingilishi ba abu ne mai wahala a gare ni ba, abin da ke da rikitarwa a gare ni shi ne rubuta shi da yin odar sa a cikin Sifaniyanci 😀
gaisuwa
🙂
Hakanan yana faruwa da ni tare da Mutanen Espanya; Yankin jumla da ke ƙunshe da maganganun cikin gida yana da wuyar fahimta na. Kodayake sun riga sun kasance akalla wasu har yanzu sun tsere ni.
"Black hat dan fashin gwanin kwamfuta" kalma ce da ake amfani da ita don sanyawa dan damfara mara kyau kuma hakika hayaniya ce ta fassara shi zuwa Spanish.
Gaisuwa da runguma mai karfi
Ban sani ba amma ina sane cewa "sane" bai bayyana a cikin ƙamus na RAE ba.
Hakanan muna da masu siyar da Linux kamar Tito Mark da sauran abokan aikin sa
Bari mu gani ... kwamfutar tafi-da-gidanka an kera ta ne a kasar Sin, amma sarrafa ingancin ita ce jerin HP ta B, ma’ana ... kayan aikin ana kera su ne a cikin kasar Sin (kwadago masu rahusa ...) amma wanda ya yanke shawarar wadanne kayan aikin suke da kyau. 😉
"Oracle yana ba da fasalin sabuntawa na atomatik don Java, amma yana buƙatar gatan gudanarwa ga mai amfani da kwamfutar ya yi amfani da shi, abin da yawancin kamfanoni ba su yarda da shi"
"Akwai yiwuwar rashin wadataccen tsari don facin Java."
Don haka matsalar ba Java ba ce amma masu amfani ba su da al'adar sabunta shi, shin hakan daidai ne?
Gaskiya matsalar java tsaro ce sosai, idan muka kwatanta ta da flash java ta ninka sau 20 amintacciya, matsalar itace yare ne yake rarrafe. yana da lalata don koyo amma yana da mafarki mai ban tsoro LOL!
Ina so in ce * ba tsaro ba *
Sau da yawa ba a bamu damar ba, Oracle tare da takunkumin sa.
A nawa bangare ina amfani da OpenJDK, kuma har yanzu babu korafi 🙂
Na gwada a Debian Matsi don cire rana-java in koma ga wadanda aka saba, kuma… a karshe na daina.
Maganar gaskiya itace java ta kasance mai kyau madadin tuntuni yanzu matsaloli da yawa ne kawai
Ofaya daga cikin abubuwan dogaro a Mexico shine SAT da IMSS, wanda ke tabbatar da cewa dole ne kuyi amfani da tsofaffin sifofin fiye da shekaru 3, saboda idan baza ku iya shigar da mashigar su ba.
Ina aiki mafi yawa tare da masu amfani da gudanarwa kuma basu taɓa sabunta komai kuma suna amfani da java don shirye-shiryen gwamnati da yawa kuma hakan yana buƙatar wasu sifofin da suka haɗa da manyan lahani, wannan ma batun ne da cibiyoyi kamar IMSS da SAT a Meziko yakamata su ɗauka da mahimmanci kiyaye aikace-aikacenku kuma kada ku sake rarraba software da aka kirkira a cikin 2004 ko a baya tare da irin waɗannan matsalolin
Da kyau, Na yi amfani da rana-java na ɗan wani lokaci kuma gaskiyar ita ce ba ni da ƙorafi na samun sakamakon da nake so koyaushe kuma har ma in ɗan wuce na al'ada. Openjdk don ci gaba ba abu bane wanda zan baiwa kowa shawara duk da ina tsammanin hakan shine ma'aunina. gaisuwa