mumavhiki apfuura tinogovana pano pa blogzvimwe zve Noticias izvo zvakaziviswa nezvemakesi ekubira a Nvidia uye Samsung nehacker boka Lapsus $, uyo akakwanisawo kuwana ruzivo kubva kuUbisoft.
Uye ndizvozvo munguva pfupi yapfuura GitGuardian akaongorora Samsung's source code yeruzivo zvakavanzika, senge makiyi akavanzika (API kiyi, zvitupa) uye akawana 6695 yavo. Ichi chigumisiro chakawanikwa panguva yekuongorora iyo yakashandisa zvinopfuura mazana matatu nemakumi mashanu emagetsi ega ega, imwe neimwe ichitsvaga maitiro chaiwo emhando yekiyi yakavanzika, ichipa migumisiro nekunyatsojeka.
Mukutsvaga uku, vatsvakurudzi GitGuardian isingabatanidzi mhinduro kubva kune generic high-entropy detectors uye generic password detectors, sezvo inogona kazhinji kusanganisira nhema positives uye nekudaro inoburitsa mhedzisiro. Uine izvozvo mupfungwa, nhamba chaiyo yemakiyi akavanzika inogona kunge yakakwira zvakanyanya.
Kune avo vasingazive GitGuardian, iwe unofanirwa kuziva kuti iyi ikambani yakavambwa muna 2017 naJérémy Thomas naEric Fourrier uye yakagamuchira 2021 FIC Kutanga-up Award uye inhengo yeFT120.
Kambani yakazvimisikidza semazvikokota mukuona makiyi akavanzika uye inotarisa kuedza kwayo R&D pamhinduro dzinoenderana neyakagovaniswa mutoro modhi pakuita kweAppSec ichifunga nezve ruzivo rwevagadziri.
Sezvatinogona kuona muchidimbu chemigumisiro, mitsva misere yekutanga inomiririra 90% yezviwanikwa uye, kunyange zvazvo iine ruzivo rwakanyanya, inogona kuva yakaoma zvikuru kune anorwisa kushandisa, sezvo zvichida inoreva maitiro emukati.
Ichi inosiya anodarika mazana matanhatu echokwadi makiyi akavanzika izvo zvinopa mukana kune dzakasiyana siyana masevhisi akasiyana uye masisitimu ayo munhu anorwisa anogona kushandisa kuti apinde nepakati kune mamwe masisitimu.
»Pamakiyi anodarika zviuru zvitanhatu nemazana matanhatu anowanikwa muSamsung source code, angangoita makumi mapfumbamwe muzana ndeemukati Samsung masevhisi uye zvivakwa, nepo yakakosha yasara gumi muzana inogona kupa mukana kune ekunze masevhisi kana maturusi kubva kuSamsung, senge AWS, GitHub, zvigadzirwa, uye Google,” anotsanangura kudaro Mackenzie Jackson, Developer Advocate kuGitGuardian.
Chirevo chazvino cheGitGuardian chakaratidza kuti musangano rine avhareji yevagadziri mazana mana, makiyi ekuvanzika anopfuura chiuru anowanikwa mukati mekodhi kodhi repositori (Source State of Secrets Sprawl 400).
Kana makiyi akavanzika akadai akaburitswa, zvinogona kukanganisa kugona kweSamsung kugadzirisa mafoni zvakachengeteka, kupa mhandu mukana kune ruzivo rwakadzama rwevatengi, kana kuvapa mukana weiyo Samsung yemukati masisitimu, nekugona kutangisa kumwe kurwiswa.
Mackenzie Jackson anowedzera kuti:
Kurwiswa uku kunofumura dambudziko iro vazhinji vari muindasitiri yekuchengetedza vakaridza alarm nezve: yemukati sosi kodhi ine inogara ichiwedzera huwandu hwe data inonzwisisika, asi ichiramba chiri chinhu chisingavimbike zvakanyanya. Source kodhi inowanikwa zvakanyanya kune vanogadzira mukambani yese, inotsigirwa pamasevha akasiyana, akachengetwa pamichina yevagadziri vemunharaunda, uye kunyange kugovaniswa kuburikidza nemukati zvinyorwa kana email masevhisi. Izvi zvinovaita kuti vatariswe zvakanyanya kune vavengi uye saka tinoona kushingirira mukuwanda kwekurwiswa uku. "
PaLapsus $ Telegraph chiteshi, tichakwanisa kuona kuti boka rehacker rinowana sei mukana kune idzi repositori nekutumira izvo zvinonyanya kufona kune vashandi vemasangano makuru kuti vaburitse masvikiro avo.
Nehurombo, isu hatisati tapedza kuona kurwiswa seizvi, boka rave kugovera sarudzo, zvakare kuburikidza neTeregiramu chiteshi, vachibvunza vateereri vavo kuti ndeipi kodhi yekodhi yavanofanira kuburitsa, zvichiratidza kuti kune mamwe akawanda angangouya. mune ramangwana.
Finalmente Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.