GitHub account dzakabiwa kuburikidza nekurwiswa kwepishing

Akaundi yeGitHub yakabiwa


2020 Iri harisi gore rakanaka maererano nekomputa chengetedzo. David akavaudza rimwe zuva kutengeswa kweZoom account. Uye zvinoita sekudaro panguva ino kwaive kuchinjika kweGitHub, yeMicrosoft yekubata uye shanduro yekushandura sevhisi. Zvakaudzwa kuti vazhinji vevashandisi vayo vari kuve vanobatwa nemushandirapamwe wekubiridzira wakagadzirirwa kunyanya kutora nekuba zvitupa zvavo kuburikidza neapocryphal mapeji anoteedzera iyo GitHub yekupinda peji.

GitHub maakaundi abiwa. Njodzi chaiyo kune vanogadzira nevashandisi

Pakarepo mushure mekutora kutonga kweakaunzi, iyeVanorwisa vanopfuurira kurodha mukati mezvakachengetedzwa zvakavanzika pasina kunonoka, kusimbisa avo Iyo midziyo yemaakaunzi esangano nevamwe vanobatsirana.

Zvinoenderana neGitHub's Security Incident Response Team (SIRT), idzi ndidzo njodzi

Kana iye akarwisa akabudirira kubira matsamba eGitHub mushandisi account, vanogona kukurumidza kugadzira yavo yega GitHub yekuwanika tokeni kana kubvumidza OAuth kunyorera kuaccount kuchengetedza kuchengetedza kana mushandisi achinja password yavo.

Zvinoenderana neSIRT, iyi danidziro yekubiridzira inonzi Sawfish, inogona kukanganisa ese anoshanda maGitHub maakaunzi.

Chishandiso chikuru chekuwana maakaunzi iemail. Iwo mameseji anoshandisa nzira dzakasiyana siyana kuti vagamuchire kuti vadzvanye pane yakashata link iri mune zvinyorwa: vamwe vanoti chiitiko chisina kubvumidzwa chakaonekwa, nepo vamwe vachitaura shanduko kuzvitoro kana kumarongero eakaundi yemushandisi.

Vashandisi vanowira mukunyengera uye tinya kuti vatarise zviitiko zveakaundi Ivo vanobva vadzoserwa kune yekunyepedzera GitHub yekupinda peji iyo inounganidza avo magwaro uye inotumira iwo kumaseva anodzorwa neanorwisa.

Peji rekunyepedzera rinoshandiswa nevanorwisa iwe zvakare uchawana maviri-nhanho yekusimbisa makodhi munguva chaiyo yevakabatwa kana vari kushandisa nguva-yakavakirwa-imwe-nguva password (TOTP) nharembozha.

Kune iyo SIRT kusvika parizvino, maakaunzi akachengetedzwa nekiyi-yakachengetedzwa makiyi ekuchengetedza haasi panjodzi yekurwiswa uku.

Aya ndiwo mashandiro anoita kurwisa

Sezvinozivikanwa, ivo vakasarudzika vanobatwa mumushandirapamwe uyu wekubata hove pari zvino vashandisi veGitHub vanoshandira makambani ehunyanzvi munyika dzakasiyana uye vanozviita vachishandisa email kero dzinozivikanwa pachena.

Kutumira phishing maemail se shandisa nzvimbo dzakatenderwa, kungave kushandisa zvakambokanganiswa maseva emaimeri kana nerubatsiro rwezvibiwa zveAPI kubva kune vanobvumirwa vazhinji vevashandi veemail.

Vanorwisa tIvo zvakare vanoshandisa URL kupfupisa masevhisi yakagadzirirwa kuvanza ma URL emapeji ekumhara. Ivo vanotonongedza akawanda URL kupfupisa masevhisi pamwechete kuti aone zvakanyanya kunyanyooma. Pamusoro pezvo, kushandiswa kwePHP-based redirects kubva kunzvimbo dzakakanganiswa kwakaonekwa.

Dzimwe nzira dzekuzvidzivirira kubva pakurwiswa

Zvinoenderana nezvakakurudzirwa nevaya vane chekuita nekuchengetedza, zviri nyore kuti kana uine account yeGitHub uite zvinotevera:

  • Chinja password
  • Reset ari kupora Codes mumatanho maviri.
  • Wongorora wega ekuwanika tokeni.
  • Chinja kune Hardware kana WebAuthn kusimbiswa.
  • Shandisa browser-based password password. Izvi zvinopa dziviriro padanho rekubata hove sezvo vachizoona kuti hachisi chinhu chakamboshanyirwa

Uye zvechokwadi, imwe isingambokundikana. Usambofa wadzvanya pane chinongedzo chinotumirwa kwauri neemail. Nyora kero yacho pachako kana unayo mumabhukumaki.
Zvisinei, inhau dzinoshamisa. Hatisi kutaura nezve social network asi saiti iyo zvinoenderana nerondedzero yayo ndeiyi:

inobatanidza software yekuvandudza chikuva chekutora mapurojekiti uchishandisa iyo Git vhezheni yekudzora system. Iyo kodhi inochengetwa pachena, kunyangwe ichigonawo kuitwa muchivande ...

Mune mamwe mazwi, vashandisi vayo ndivo vanhu vanogadzira mashandisiro atinoshandisa uye nekudaro vanofanirwa kuwedzera maficha ekuchengetedza. Izvo zvakaita sekuba kubva kuDhipatimendi reMapurisa.


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako