I-Opensubtitles.org yaqhekezwa kwaye izigidi zedatha zavuza

Indawo edumileyo yomboniso bhanyabhanya kunye nothotho lwemibhalo engezantsi, I-OpenSubtitles ibhengeze kule veki kubasebenzisi bayo ukuba ihlaselwe yi-hacker, ilumkise abasebenzisi ngoLwesibini, nge-18 kaJanuwari emva kokuba i-hacker ivuze i-database ye-intanethi.

Kwiposti yebhlog kwiforum yabo, iqela lesayithi libonise ukuba i-hacker yaqhagamshelana nabo ngo-Agasti wokugqibela ngeTelegram ukubazisa ukuba inokufikelela kwidatha yabo bonke abasebenzisi, malunga ne-7 yezigidi, kubandakanywa i-imeyile kunye needilesi ze-IP, amagama omsebenzisi kunye neephasiwedi.

Kwabo batsha kwi-OpenSubtitles, kuya kufuneka uyazi ukuba yinkonzo ethandwa kakhulu enikezela ngeefayile ezingezantsi zeemuvi kunye nothotho. Inkonzo ifikeleleka kwii-domains "opensubtitles.org" kunye ne "opensubtitles.com", apho igcina iforum yeengxoxo.

Ngokomyalezo wabalawulis yesiza abahlaseli bakwazile ukufikelela kuluhlu lwabasebenzisi ngo-Agasti ka-2021. Ekubeni abaqhubi be I-OpenSubtitles ayizange iphendule kwiimfuno zentlawulelo, idatha yofikelelo ngoku iyavela kwi-Intanethi. Ngokutsho kweqela, i-database yomsebenzisi iquka ngaphezulu kwe-6,7 yezigidi zamangenelo.

Ipakethe ehluziweyo iqulethe iidilesi ze-imeyile, ii-IP, amagama abasebenzisi, amazwe emvelaphi yabasebenzisi, kunye namagama ayimfihlo ngendlela ye-MD5 hash. Iqela liyavuma ukuba kuncinci okwenziwe ukuqinisa ukhuseleko kwiminyaka yamuva nje, okwavumela umhlaseli ukuba enze inaliti ye-SQL emva kokuphazamisa igama eliyimfihlo lomlawuli omkhulu.

“Ngo-Agasti ka-2021, safumana umyalezo kwiTelegram ovela kumgebenga, owasibonisa ukuba ukwazile ukufikelela kwitafile yomsebenzisi opensubtitles.org kwaye wakhuphela i-SQL yokulahla (ikopi yedatha eluhlaza). Wafuna intlawulelo kwii-bitcoins ngokungavezi oku kuluntu kwaye wathembisa ukucima idatha. Asizange samkele, kuba yayingeyomali incinci. Usixelele indlela anokufikelela ngayo kwaye wasincedisa ukulungisa impazamo. Ngokobuchwephesha, ukwazile ukuqhekeza igama eliyimfihlo leSuperAdmin elingakhuselekanga, ”ufundeka isithuba seqela.

"Ndandikwazi ukufikelela kwiskripthi esingakhuselekanga, esasifumaneka kuphela kwi-SuperAdmins. Esi script samvumela ukuba enze iinaliti zeSQL kwaye akhuphe idatha, ”utshilo isithuba. Ngelixa akukho nanye yedatha egqekeziweyo evuzayo ngo-Agasti ophelileyo, nge-11 kaJanuwari, ngo-2022, i-OpenSubtitles yafumana enye imbalelwano evela "kumnikeli we-hacker wokuqala" owenza izicelo ezifanayo. I-hacker yokuqala ayinakuqhagamshelwa ngoncedo, kwaye nge-15 kaJanuwari, indawo yafunda ukuba idatha ikhutshwe kwi-intanethi ngosuku olungaphambili.

Le projekthi "Ngaba-nda- ndi-pwned?" irekhode idatha kwaye yongeza kwisiseko sedatha Khangela zonke iinkcukacha ezivuzayo zoluntu. Oku kuvumela abasebenzisi ukuba bajonge ukuba idilesi ye-imeyile okanye igama eliyimfihlo lichaphazelekile.

I-OpenSubtitles ithe i ulwazi lwekhadi lokuthenga ngetyala aluzange luchaphazeleke.

"I-hacker inokufumana ukufikelela kwiiakhawunti zabasebenzisi. Ngoko unokukhuphela imibhalo engezantsi njalo njalo, kodwa awukhange ube nokufikelela kwikhadi letyala okanye enye idatha; ezo zigcinwe ngaphandle kweqonga lethu, ”ubhale umphathi wesiza, “OSS,” wabhala.

I-OpenSubtitles ichaza i-hack njenge "sifundo esinzima", evuma iimpazamo kukhuseleko lwayo. Ke i-OpenSubtitles iphucule ukhuseleko lwayo ngokwenza utshintsho oluthile phantsi kwe-hood.

"Isiza sigcine amagama ayimfihlo kwi-md5 () yehashes engaxutywanga, eyatshintshwa yi-hash_hmac kunye ne-SHA-256 enetyuwa," yatsho i-OSS. Ukongeza, i-OpenSubtitles iphinde yazisa umgaqo-nkqubo omtsha wegama lokugqitha, ukuvalwa kweakhawunti emva kokungaphumeleli kwemizamo yokungena, i-captcha ekusetweni kwakhona igama eliyimfihlo, iphepha lokungena kunye nezinye iindawo.

Esona sisongelo sikhawulezileyo kubasebenzisi abasebenzise idilesi ye-imeyile efanayo kunye ne-password indibaniselwano kwezinye iisayithi. Umhlaseli ngoko unokufikelela kwiiakhawunti zomntu wesithathu. Kwakhona, inokuba yingxaki kubasebenzisi be-OpenSubtitles abahlala rhoqo kwiiphothali ezineziqinisekiso ezifanayo.

Yiyo loo nto ukuba abanye abafundi bethu bandwendwela rhoqo, kuyacetyiswa ukuba batshintshe igama lokugqitha labo kwi-openSubtitles.org kunye ne-openSubtitles.com domains.

Umthombo: https://forum.opensubtitles.org/


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.