Karshen karshen mako ya kasance mummunan lokacin zama mai gudanar da sabar. Mummunan rauni ya bayyana a Apache Log4j. Babbar matsalar? Maharan suna da damar yin amfani da buɗaɗɗen tushen fakitin Java wanda kowane nau'in aikace-aikace, daga Twitter zuwa iCloud, ke amfani da shi don aiwatar da kowace lambar da maharin ya zaɓa.
Wannan yana da ban tsoro kamar yadda yake sauti.
Abin da Apache Log4j Exploit ke nufi gare ku da ni
Na yi magana da mai binciken tsaro ta yanar gizo John Hammond daga Huntress Labs game da cin gajiyar da abin da ya biyo baya don rage barnar. Hammond ya sake yin amfani da sabar Minecraft don tashar YouTube, kuma sakamakon ya kasance fashewa.
Tambaya: Menene wannan amfani? Shin za ku iya bayyana abin da ke faruwa a ma'anar ɗan adam?
A: Wannan amfani yana ba miyagu damar samun ikon sarrafa kwamfuta tare da layi ɗaya na rubutu. A cikin sharuddan layman, fayil ɗin log yana dawo da sabon shigarwa amma yana faruwa yana karantawa kuma a zahiri yana aiwatar da bayanai a cikin fayil ɗin log ɗin. Tare da shigarwar da aka keɓance na musamman, kwamfutar da abin ya shafa za ta kai hannu ta haɗa zuwa wata na'ura mai ɓarna don zazzagewa da aiwatar da duk wani munanan ayyuka da abokin gaba ya shirya.
Tambaya: Yaya wahalar yin kwafin wannan amfani a Minecraft?
A: Wannan rauni da amfani ba shi da mahimmanci don kafawa, wanda ya sa ya zama zaɓi mai ban sha'awa ga miyagu ƴan wasan kwaikwayo. Na nuna Bidiyo na tafiya yana nuna yadda aka sake yin wannan a Minecraft, kuma "Hanyoyin maharin" yana ɗaukar watakila minti 10 don saita idan sun san abin da suke so da abin da suke bukata.
Tambaya: Wanene wannan ya shafa?
A: Daga qarshe, wannan ya shafi kowa ta wata hanya ko wata. Akwai babbar dama, kusan tabbas, cewa kowane mutum yana mu'amala da wasu software ko fasaha waɗanda ke da wannan raunin a ɓoye a wani wuri.
Mun ga shaidar rashin ƙarfi a cikin abubuwa kamar Amazon, Tesla, Steam, har ma da Twitter da LinkedIn. Abin takaici, za mu ga tasirin wannan raunin na dogon lokaci, yayin da wasu software na gado maiyuwa ba za a iya kiyaye su ba ko tura sabuntawa a kwanakin nan.
Tambaya: Menene bangarorin da abin ya shafa ke bukata su yi don kiyaye tsarin su?
A: Gaskiya, yakamata mutane su kasance da sanin software da aikace-aikacen da suke amfani da su, har ma suyi bincike mai sauƙi na Google don "[the-software-name] log4j" kuma bincika idan mai siyar ko mai ba da sabis ya raba kowane shawarwari don sanarwa game da wannan sabon. barazana.
Wannan raunin yana girgiza duk Intanet da yanayin tsaro. Jama'a su zazzage sabbin abubuwan tsaro daga masu samar da su da sauri kamar yadda suke kuma su kasance a faɗake kan aikace-aikacen da har yanzu ke jiran sabuntawa. Kuma ba shakka, har yanzu tsaro yana gangarowa zuwa tushen ƙasusuwan ƙasusuwa ba za ku iya mantawa ba: gudanar da ingantaccen riga-kafi, yi amfani da dogon lokaci, kalmomin shiga masu rikitarwa (ana ba da shawarar mai sarrafa kalmar sirri ta dijital!), kuma ku kasance da masaniya kan abin da aka gabatar a ciki. gabanka akan kwamfutarka.
Editocin mu sun ba da shawarar
Kamar abin da kuke karantawa? Za ku ji daɗin isar da shi zuwa akwatin saƙonku na mako-mako. Yi rajista don wasiƙar TsaroWatch.
'Yan sanda + Dillalan Bayanai = Matsalolin Shari'a
Masu aikata laifuka a cikin tsoffin fina-finai koyaushe sun san hanyarsu ta kowane bangare na daidai da kuskure na doka. Idan dan sanda ya yi barazanar fasa kofarsu, sai su yi murmushi su ce, “Eh? Dawo da garanti."
A halin yanzu, 'yan sanda ba sa buƙatar damuwa da samun garantin bayanan ku idan za su iya siyan bayanan daga dillalin bayanai. Yanzu, ba mu ne waɗanda za su yi soyayya da karya doka ba, amma ba ma son yiwuwar cin zarafi na mulki, ko dai.
Kamar yadda Rob Pegoraro na PCMag ya rubuta, dillalan bayanai suna ba wa jami'an tsaro da hukumomin leken asiri hanyoyin da za su iya kaiwa ga Kwaskwarima ta Hudu ta hanyar ba da izinin siyar da bayanan da aka tattara game da ƴan ƙasa masu zaman kansu. FBI ta sanya hannu kan kwangila tare da dillalin bayanai don "ayyukan da aka riga aka yi bincike" a cikin misali guda.
Godiya ga ƙayyadaddun manufofin sirri na app da sharuɗɗa da sharuɗɗan dillalin bayanai, mai yiwuwa matsakaicin ɗan ƙasar Amurka bai san yadda bayanan wurin wayar su ke shiga cikin bayanan tilasta doka ba. Shin hakan yana damun ku? Idan haka ne, lokaci ya yi da za ku ɗauki al'amura a hannunku kuma ku dakatar da tattara bayanai a tushen. Yi amfani da fasalulluka na keɓantawar wurin Apple da Google suna bayarwa don ɓoye wurinku a asirce daga wurin ku apps. iOS yana ba masu amfani damar kiyaye kowane app daga sanin wurin su, kuma Google's Android 12 yana ƙara irin wannan sarrafawa.
Me kuma ke Faruwa a Duniyar Tsaro a wannan makon?
Kamar Abin da kuke karantawa?
Shiga don Tsaro Watch wasiƙar don manyan bayanan sirrinmu da labarun tsaro waɗanda aka isar da su kai tsaye zuwa akwatin saƙo naka.
Wannan wasiƙar na iya ƙunsar tallace-tallace, ciniki, ko hanyoyin haɗin gwiwa. Biyan kuɗi ga wasiƙar yana nuna yardar ku ga mu Sharuddan Amfani da kuma takardar kebantawa. Kuna iya cire rajista daga wasiƙun labarai a kowane lokaci.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
English
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba