Una vez más, masu binciken wasan bidiyo sun gano wata dabara ta fasahar sihiri (spoofing) wannan yana da kyakkyawan aiki na ɓoye niyyar amman damfara.
A matsayin ɗayan manyan dandamali na rarraba dijital a duniya don wasannin bidiyo, Steam fasalta abubuwa da yawa na abubuwan UX na gari, kamar jerin abokai da ikon musanya abubuwan wasa tare da sauran masu amfani.
Duk da yake wannan kyakkyawan mayar da hankali kan al'umma ya taimaka Steam ficewa a cikin kasuwar da ke daɗa cunkoson jama'a, hakanan ya bar masu amfani da shi a buɗe ga ayyukan yaudara.
An sake faɗakar da buƙatar sa ido akan dandamali yayin ƙarshen mako, lokacin da Wani matashi dan shekara 22 mai karatun kimiyyar kwamfuta mai suna 'Aurum' ya ba da cikakkun bayanai game da wata sabuwar zamba ta bogi ga Steam.
Yanar gizo don satar asusun Steam
A cewar mai binciken, shafin mai leƙan asirri ba wai kawai ya yi ƙoƙarin yaudarar masu amfani da ingantaccen takardar shaidar SSL ba ne, har ma da ƙaramin yanki na JavaScript wanda zai samar da taga mai fa'ida wanda ke bayyana cewa an loda uwar garken da yawa sannan kuma ana rokon wanda aka azabtar ya shiga tare da asusun su na Steam. don samun damar shiga shafin.
A cikin kalmomin Aurum ya bayyana yadda ya gane shi:
“Hirar ta zama kamar kai tsaye, dan damfarar ya so ya ba ni wata sana’ar da za ta ci riba (sun ci gaba da kokarin sa ni in kara su da Discord saboda wasu dalilai).
Kusa da tattaunawar “ciniki”, an bukace ni da in shiga wani shafin yanar gizo mai farashi mai sauki na Steam domin su samu damar sanin nawa kayan nawa.
Yanar gizo mai leƙan asirri, https://tradeit.cash. Gidan yanar gizon ya kasance ainihin kwafin halattaccen gidan yanar gizon Steam, https://skins.cash. "
Ko da yake 'yan damfara sun kirkirar kirkirarrun mutane, Aurum ya gano cewa hakan bai haifar da yanayi biyu na Chrome ba akan aikin ba, kuma kawai "taga daya ne kawai a cikin yanar gizo mai damfara."
"Har ma sun yi wasu maballin don abubuwan Chrome UI," in ji shi. "An tabbatar da hakan ta hanyar ƙoƙarin danna dama-dama a yankin sandunan take na taga mai faɗakarwa, wanda ya buɗe menu na dama-dama mahallin shafin yanar gizo."
Masu fashin kwamfuta sun ɗauki lokaci da "matsala" don karɓar rukunin yanar gizo na leƙen asirinsu akan CloudFare kuma har ma sun zaɓi amfani da takardar shaidar CloudFare SSL don sanya shi amintacce kamar yadda zai yiwu.
Satar bayanan ta fara ne da wata sanarwa da ta nemi ka shiga Steam, tana mai cewa shafin "mai leken asiri" ya cika lodi.
Game da gidan yanar gizo na karya
Steam Phishing Site yi amfani da fasaha mai leƙan hoto-a-hoto don kwaikwayon allon shiga ta OpenID ba tare da gazawa ba.
Aurum ya lura cewa wani abu ba daidai bane, saboda shafin da yayi imanin cewa karya ne tun daga farko yana buɗe pop-up na shiga Login Steam.
Hare-hare irin wannan dabi'ar ba sabon abu bane. An bayyana irin wannan fasaha a cikin wannan takaddar tun 2007.
Steam ya riga ya ƙunshi cikakken jagora da nufin taimaka wa masu amfani kiyaye asusunsu lafiya.
Shafin yana wajen layi yanzu saboda an cire rikodin DNS kimanin 'yan sa'o'i da suka gabata.
Pero wani mai amfani ya sami hoton shafin da duk lambar kafin a cire shi, kuma ya ɗauki 'yanci na raba shi akan GitHub. Haɗin haɗin shine wannan.
Kyakkyawan lamba ne mai sauƙi, a ƙarshe.
Masu satar bayanan sun kwafi halattaccen rukunin kasuwancin da kuma shafin shiga na Steam Community, sannan suka kara lambar JavaScript zuwa duka biyun, tare da yin HTML kadan.
Gabaɗaya, an ƙara finafinan JS guda uku: na farkon ya gano masu warwarewa (dan abin da ya samo asalin gidan yanar gizo na asali), na biyu ya bude burauzar karya sannan ya lika shafin shiga na karya cikin wata iframe, na ukun (wanda yake gudana akan iframe) yana tattara takardun shaidarka daga shafin daga Steam login da aka kwafa.
Kamar yadda kakata take cewa, kyau yana cikin sauki. Mai sauƙi, inganci da kyau, yanki na lamba.
Na karanta cikakken labarin… Kuma menene alakar sa da Linux?