Iingcali kwi-cyberbecurity evela kwi-seckersution ifumanise iseti ye-hacker entsha ye-WHIDT, eyona nto iphambili ekufuneka itshintshe ilogo kunye nephepha elikwiphepha lezempilo ngexesha lokuziqhelanisa kwangoko.
Isixhobo se-Logit, ngokutsho kwe-wieriq, kudala isetyenziswe yi-cybercripherriphertors ngexesha lokuhlaselwa kobuqhetseba. Ifakiwe ngaphezulu kwe-300 ye-domain kwiveki ephelileyo, nangaphezulu kwe-700 kulo nyaka. Iingcali zithatha inqaku lokuba i-LOGKIT ithumela amakhonkco omoya kubasebenzisi abaneedilesi ze-imeyile.
"Nje ukuba umntu ahambe kwikhonkco, isixhobo seLogit sifumana uphawu lenkampani apho lusebenza khona ngokuyifaka kwinkonzo yeqela lesithathu. Idilesi ye-imeyile yomsebenzisi inamathele ngokuzenzekelayo kwicandelo elihambelanayo, ngenxa yokuba ixhoba licinga ukuba sele igunyazisiwe kule ndawo. Emva kokuba ixhoba lingena kwi-password, i-thukit yokuphumeza isicelo se-AJAX, sithumela iziqinisekiso ezifunyenweyo kwiserver yangaphandle, emva koko yaphinda yathumela umsebenzisi kwindawo yokwenyani yombutho, "yithi kwi-Mishq:
Ingcali inqaku lokuba isixhobo seLogit sinomsebenzi ofanayo ngenxa yeseti esekwe kwi-javascript, "enokongezwa kuyo nayiphi na indlela egunyazisiweyo okanye yamaxwebhu antsonkothileyo yeHTML." Ezo ndlela zahluke kakhulu kwiiseti ezisemgangathweni zezixhobo zobuqhetseba, uninzi lwazo lufuna iipateni ezichanekileyo zokulinganisa iphepha lokubhaliswa kwephepha.
I-modumilacy ye-Lodokiit iseti ivumela i-cybercrritist ukuba ibambe uhlaselo phantse kuyo nayiphi na inkampani abayifunayo, ngeendleko ezincinci zokubeka.
I-SEPIQ inike ingxelo yokuba ngoJanuwari 2021 kwaqatshelwa ukuba isixhobo seLogit sisetyenziselwa ukulinganisa kwaye sizenze amaphepha ogunyaziso kwiinkonzo ezifundiweyo (ezivela kwilifu eliqhelekileyo le-Overporal kwizitya zewebhu (i-Adobe, iofisi ye-Adobe tshintshiselana
Kubalulekile ukuba uqaphele ukuba i-Logitokit yefayile ye-javascript, ke izibonelelo zayo nazo zinokufakwa kwiinkonzo ezinokuthathelelwa esidlangalaleni - i-firebase, i-Gitle, ilifu, uninzi lwazo zidweliswe kuluhlu lwabasebenzi, kunjalo Abasebenzisi abayi kufumana naziphi na izilumkiso ", - zishwankathelwe kwi-sengerqq.
Inqaku elinomdla ngakumbi kwiCisoclub.ru. Bhalisela kuthi: I-facebook | VK | I-Twitter | I-Instagram | I-Telegraph | I-Zen | Messeser | ICQ ENTS | I-YouTube | Pulse.