GitHub ikozvino inoda vese vashandisi vanopa kodhi kuti vashandise FA2 pakupera kwa2023

github logo

Kwemwedzi yakati wandei ikozvino takanga tatsinhira pamusoro pezvinyorwa zvakawanda zvatinoita nezve pmatambudziko ekuchengetedza izvo zvakamuka muGitHub uye nezve matanho avakange varonga kubatanidza mupuratifomu kuti vakwanise kupikisa kusvika pamwero mukuru wedziviriro migero iyo vapambi vakatora mukana wekuwana purojekiti repositori.

Saka zvino parizvino, GitHub yakaburitsa kuti ichada kuti vese vashandisi vanopa kodhi kupuratifomu gonesa imwe kana kupfuura mafomu maviri-factor authentication (2FA).

"GitHub iri munzvimbo yakasarudzika pano, nekuda kwekuti ruzhinji rwevanhu vakavhurika sosi nharaunda nevagadziri vanogara paGitHub.com, isu tinogona kuita yakakosha kuchengetedzeka kwepasirese ecosystem nekusimudza bhawa yehutsanana hweruzivo. , "akadaro Mike Hanley, mukuru wezvekuchengetedzwa kweGitHub (CSO). "Tinotenda kuti ichi ndicho chimwe chezvakanakisa ecosystem-yakafara mabhenefiti atinogona kupa, uye isu takazvipira kuona kuti chero matambudziko kana zvipingaidzo zvinokundwa kuti tive nechokwadi chekugamuchirwa. »

GitHub yakazivisa kuti vese vashandisi vanoisa kodhi kusaiti vanozoda kugonesa imwe kana kupfuura mafomu maviri-nzira mbiri-factor authentication (2FA) mukupera kwa2023 kuitira kuti varambe vachishandisa chikuva.

Iyo itsva policy yakaziviswa mune blog post  naGitHub Chief Security Officer (CSO) Mike Hanley, uyo akasimbisa basa reMicrosoft's proprietary platform mukuchengetedza kutendeseka kwehurongwa hwekuvandudza software kubva pakutyisidzirwa kunogadzirwa nevatambi vane hutsinye vari kutora masimba. yemaakaundi emugadziri.

Ehe, ruzivo rwemushandisi rwemugadziri rwunotariswa zvakare, uye Mike Hanley anosimbisa kuti ichi chinodiwa hachizokukuvadza iwe:

"GitHub yakazvipira kuona kuti kuchengetedzeka kwakasimba kweakaundi hakuuye nekurasikirwa kwechiitiko chikuru chemugadziri, uye chinangwa chedu chekupera kwa2023 chinotipa mukana wekugadzirisa izvozvo. Sezvo mazinga achishanduka, isu ticharamba tichitsvaga nzira nyowani dzekuchengetedza vashandisi zvakachengeteka, kusanganisira password isina kutendeka. Vagadziri kutenderera pasirese vanogona kutarisira kwakawanda kutendeseka uye kudzoreredza account sarudzo, zvakare

Kunyangwe kuwanda-factor kuvimbiswa kunopa imwe dziviriro zvakakosha kumaakaundi epamhepo, Tsvagiridzo yemukati yeGitHub inoratidza kuti 16,5% chete yevashandisi vanoshanda (anenge mumwe muvatanhatu) pari zvino gonesa matanho ekuchengetedza akawedzerwa pamaakaunti avo, nhamba inoshamisa yakaderera yakapihwa kuti chikuva kubva kune mushandisi chigadziko chinofanirwa kuziva nezve njodzi dzekudzivirira-password chete.

Nekutungamira vashandisi ava kune mwero wakaderera wepamusoro kuchengetedza account, GitHub inotarisira kusimbisa kuchengetedzwa kwese yenharaunda yekuvandudza software yese.

"Muna Mbudzi 2021, GitHub yakazvipira kukudyara kutsva munpm account chengetedzo zvichitevera kutorwa kwenpm mapakeji nekuda kwekukanganisa kwemaakaundi emugadziri asina 2FA inogoneswa. Isu tinoenderera mberi nekuvandudza npm account kuchengetedza uye takazvipirawo kuchengetedza maakaundi evagadziri kuburikidza neGitHub.

"Kutyorwa kwakawanda kwekuchengetedza hakusi kugadzirwa kwekurwiswa kwezuva rezero, asi kunosanganisira kurwiswa kwakachipa kwakadai sehuinjiniya hwemagariro, kuba kana kudonha, uye dzimwe nzira dzinopa vanorwisa kuwanda kwekuwana maakaundi evakabatwa uye zviwanikwa. vanoshandisa. kuwana. Maakaundi akakanganiswa anogona kushandiswa kuba kodhi yakavanzika kana kuita shanduko yakaipa kune iyo kodhi. Izvi zvinofumura kwete chete vanhu nemasangano ane chekuita nemaakaundi akakanganiswa, asiwo vese vashandisi vekodhi yakakanganiswa. Nekuda kweizvozvo, mukana wekudzika kwerukova kukanganisa pane yakakura software ecosystem uye yekugovera cheni yakakura.

Muedzo watoitwa nechikamu chechikamu chevashandisi veGitHub platform yatoisa muenzaniso wekuda kushandiswa kwe2FA ine diki diki yevashandisi vepuratifomu, mushure mekuiedza nevabatsiri kumaraibhurari akakurumbira eJavaScript akagoverwa nenpm package management software.

Sezvo anoshandiswa zvakanyanya npm mapakeji anogona kudhawunirodherwa mamirioni enguva pasvondo, iwo anonyanya kutaridzika chinangwa chevanoshandisa malware. Mune zvimwe zviitiko, matsotsi akakanganisa maakaundi evanopa npm uye vakaashandisa kuburitsa zvigadziriso zvesoftware zvakaiswa nevanoba password uye crypto miners.

Mukupindura, GitHub yakaita zvinhu zviviri-zvisizvo zvinosungirwa kune vachengeti vepamusoro 100 npm mapakeji kubva munaFebruary 2022. Kambani inoronga kuwedzera zvinodiwa zvakafanana kune vanopa mapeji epamusoro 500 pakupera kwaMay.

Mukutaura, izvi zvinoreva kuisa nguva yakareba yekuita kuti kushandiswa kwe2FA kusungirwe mhiri kwesaiti uye gadzira akasiyana-siyana ekuyerera anoyerera kutyaira vashandisi kusvika pakutorwa nguva isati yakwana 2024 isati yasvika, Hanley akadaro.

Kuchengetedza yakavhurika sosi software kunoramba kuri kunetsekana kune indasitiri yesoftware, kunyanya mushure mekusagadzikana kwegore rapfuura log4j. Asi nepo mutemo mutsva weGitHub uchidzikisa kumwe kutyisidzira, matambudziko ehurongwa anoramba aripo: Mazhinji akavhurika sosi software mapurojekiti achiri kuchengetedzwa nevaya vasingabhadharwe, uye kuvhara gaka remari kunoonekwa senyaya hombe kune tech indasitiri yakazara.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako