ari maneja we iyo kodhi yekutambira chikuva GitHub, vari kushingairira kuongorora akateedzana ekurwiswa kwavo kweyakavakirwa gore, sezvo rudzi urwu rwekurwisa rwakatendera vabiridzi kushandisa maseva ekambani kuita zvisiri pamutemo kucherwa yemari yemadhora.
Uye ndeyekuti mukati mekota yechitatu ya2020, izvi kurwiswa kwaive kwakavakirwa mukushandisa kweGitHub ficha inonzi GitHub Maitiro iyo inobvumira vashandisi kutanga mabasa otomatiki mushure meimwe chiitiko kubva kwavo GitHub repositori.
Kuti uwane izvi kushandisa, matsotsi akatora kutonga kwepamutemo nekuisa yakaipa code mukodhi yekutanga paGitHub Actions uye wozoita chikumbiro chekudhonza uchipesana neyekutanga repamutemo kuti ubatanidze kodhi yakashandurwa nekodhi yepamutemo.
Sechikamu chekurwiswa kweGitHub, vezvekuchengetedzeka vatsvaguriri vakashuma kuti vabeki vanogona kumhanyisa vanosvika zana emagetsi e cryptocurrency mune kamwe kurwisa, Kugadzira mitoro mikuru yekuverenga pane iyo GitHub zvivakwa. Parizvino, vabiridzi ava vanoita kunge vanoshanda zvisina mutsindo uye pamwero mukuru.
Kutsvagurudza kwakaratidza kuti angango account imwe inoita mazana ezvikumbiro zvekuvandudza zvine kodhi yakaipa. Parizvino, varwisi vacho havaite senge vari kushingairira vashandisi veGitHub, pachinzvimbo chekutarisa pakushandisa GitHub's gore kwezvivakwa kubata crypto migodhi.
Dutch security engineer Justin Perdok akaudza The Record kuti kanenge kamwe chete hacker iri kunongedzera GitHub repositories uko GitHub zviito zvinogona kugoneswa.
Kurwiswa kwacho kunosanganisira kumisikidza repamutemo repamutemo, kuwedzera zviito zvine utsinye zveGitHub kukodhi yekutanga, wozoendesa chikumbiro chekudhonza neyekutanga repodhi yekubatanidza kodhi neyeiyo yekutanga.
Mhosva yekutanga yekurwiswa iyi yakataurwa nemainjiniya wesoftware muFrance munaNovember 2020. Senge maitiro ayo pachiitiko chekutanga, GitHub yakati iri kunyatsoongorora kurwisa kwazvino. Nekudaro, GitHub inoita kunge inouya ichienda mukurwisa, sevabeki vanongogadzira maakaundi matsva kana maakaundi ane hutachiona aonekwa nekuremara nekambani.
MunaNovember gore rakapera, timu yeGoogle IT nyanzvi dzekuchengetedza dzakapihwa basa rekutsvaga 0-zuva kushupika kwakaburitsa kukanganisa kwekuchengetedzwa mupuratifomu yeGitHub. Sekureva kwaFelix Wilhelm, nhengo yeProjekti Zero akazviwana, iko kukanganisa kwakakanganisa mashandiro eGitHub Actions, chishandiso chekugadzirisa basa revagadziri. Izvi zvinodaro nekuti maActional workflow mirairo ari "panjodzi yekurwiswa nejekiseni":
Github Zviito zvinotsigira chinodaidzwa kunzi kufambiswa kwemirayiro senge nzira yekutaurirana pakati peAction broker uye chiitiko chiri kuitwa. Workflow mirairo inoitwa mumhanyi / src / Runner.Worker / ActionCommandManager.cs uye shanda nekuparadzanisa STDOUT yezviito zvese zvakaitirwa imwe yeaya maviri mamaki mamaki.
GitHub Actions inowanikwa paGitHub Yemahara, GitHub Pro, GitHub Yemahara yeMasangano, GitHub Team, GitHub Enterprise Cloud, GitHub Enterprise Server, GitHub One, uye GitHub AE maakaunzi. GitHub Zviito hazviwanikwe kune zvakavanzika zvinyorwa zvine maakaunzi vachishandisa zvirongwa zvekare.
Cryptocurrency yekuchera zviitiko zvinowanzovanzwa kana kumhanya kumashure pasina maneja kana mvumo yemushandisi. Iko kune maviri marudzi eane yakaipa crypto migodhi:
- Binary modhi: iwo anokuvadza maficha anotorwa pasi uye akaiswa pane chakanangwa chishandiso nechinangwa chekuchera cryptocurrencies. Mimwe mhinduro dzekuchengetedza dzinozivisa mazhinji eanokushandisa seTrojans.
- Browser mode - Iyi yakaipa kodhi yeJavaScript yakadzika mune peji rewebhu (kana zvimwe zvezvinhu zvacho kana zvinhu), yakagadzirirwa kuburitsa cryptocurrency kubva kubhurawuza revashanyi vesaiti. Iyi nzira inonzi cryptojacking yave ichinyanya kufarirwa nevashandisi vemakomputa kubvira pakati pa2017. Dzimwe nzira dzekuchengetedza dzinoona mazhinji emakopi ekunyora mari iyi seanogona kunge asingadiwe.