|
Munye kuphela ongahlala ephila futhi kulokhu kube yisiphequluli senkanyezi seGoogle. I-iPhone, iSafari, i-Explorer kanye neFirefox esunguliwe iwele ngaphandle kwezinkinga ezandleni zabaduni abahle kakhulu emhlabeni abahlangana minyaka yonke eCanada ukuzama ukucekela phansi amasistimu adume kakhulu okwamanje nokukhombisa amaphutha abo okuphepha. Kodwa-ke, abakwazanga ukwephula imodi ebukhali ye- "sandbox" evikela i-Chrome, i-colossus eye yamelana nokuhlaselwa ngongoti bamakhompyutha abahamba phambili emhlabeni. |
Umncintiswano waminyaka yonke we-Pwn2Own e-CanSecWest security fair eVancouver uhlinzeka ngemvelo ephelele yochwepheshe bezokuphepha be-IT emhlabeni wonke ukuthi bahlanganyele ngokugcwele kuzo zonke izinhlobo zamagajethi ashisayo nesoftware. Unyaka nonyaka, bayakwazi ukugwema izithiyo zokuphepha izinhlelo ezizama ukuzibekela zona, kepha bambalwa kuphela abanelungelo lokufinyelela umncintiswano ngaphandle kokwehluleka okukodwa.
Owokuqala ukuwa yi-Apple iPhone ephumelelayo, uVincenzo Iozzo noRalf Philipp Weinmann badinga kuphela imizuzwana engama-20 ukwenza isilima sedivayisi efunwa kakhulu okwamanje. Abaduni benze kuphela i-iPhone (ngaphandle kwe-jailbreak) ukuthi ifake isiza esakhiwe yibo phambilini, lapho bekopishe khona yonke i-database ye-SMS (ngisho naleyo esusiwe) kumaseva abo. Bathe yize i-Apple yenze imizamo yokuvimba lezi zikhala, "indlela abasebenzisa ngayo ukusayinwa kwamakhodi ithambile. Bawine ama- $ 15.000 ngalokhu kukhonjiswa kobuhlakani futhi lapho nje inkampani yama-apula ilungisa i-bug yokuphepha, imininingwane yokufinyelela izokhonjiswa.
UCharlie Miller, oyi-Principal Security Analyst ku-Independent Security Evaluators, ukwazile ukugenca uSafari kwi-MacBook Pro nge-Snow Leopard futhi akatholakali, wahola u- $ 10,000. Le nja endala yomcimbi iyakwazi ukuqeda idivayisi ephethwe yi-Apple minyaka yonke. Kubukeka sengathi uthathe umtshina womkhiqizo. Ngeke kulimaze inkampani ukumqasha ukuze abone ukuthi bangaqeda unomphela amaphutha ezokuphepha emikhiqizweni yabo.
Umphenyi ozimele wezokuphepha uPeter Vreugdenhil uzuze inani elilinganayo lokugenca kwe-Internet Explorer 8, okungasamangazi noma ngubani ukubona uhlelo olulodwa nolunye futhi, njengoba ehlaselwa ukuhlaselwa kwanoma yimuphi uchwepheshe okuphakamisayo. Ukugenca i-IE8 Vreugdenhil ithi isebenzise ubungozi obubili ekuhlaselweni okuyizingxenye ezine okwedlula i-ASLR (Address Space Layout Randomization) ne-DEP (Data Execution Prevention), eklanyelwe ukusiza ukumisa ukuhlaselwa esipheqululini. Njengakweminye imizamo, uhlelo lwaphazamiseka lapho isiphequluli sivakashela isayithi ebeliphatha ikhodi enonya. Lesi sinqumo simnike amalungelo kukhompyutha, nokuyinto ayikhombisile ngokusebenzisa umshini wokubala umshini.
IFirefox nayo kudingeke ukuthi iguqe ngamadolo ebuqilini bukaNils, inhloko yocwaningo yase-UK ye-MWR InfoSecurity, owenza u- $ 10,000 ekususeni ubungozi besiphequluli ogcina iMicrosoft ikhululekile. UNils uthe wasebenzisa ubungozi benkohlakalo ememori futhi kwadingeka nokuthi anqobe i-ASLR ne-DEP ngenxa yesiphazamiso ekusetshenzisweni kweMozilla.
Futhi ekugcineni, ukuphela kwento ebisalokhu imile kube yi-Chrome. Kuze kube manje yisona kuphela isiphequluli esingahlulwa muntu, into ebesivele siyifinyelele ngesikhathi sohlelo lwango-2009 lwalo mcimbi olwenzeka eCanada nolufuna ukuxwayisa abasebenzisi ngobungozi bezinhlelo. “Kunamaphutha ku-Chrome, kodwa kunzima kakhulu ukuwasebenzisa. Baklame imodeli 'ye-sandbox', okunzima kakhulu ukuyiphula, "kusho uCharlie Miller, umgulukudu odumile, okwathi kulolu hlobo wakwazi ukuphatha iSafari kwiMacbook Pro.
Umthombo: I-Neoteo kanye neSegu-Info kanye I-ZDNET