Kuwani waa aaladaha joojiyay marin u helka internetka sababtuna tahay shahaadada Aynu Encrypt

Darkcrizt

Daqiiqado 4

Maanta oo ah 30 -ka September, Shahaadada xididka IdenTrust nolosheedu way dhacday waana taas shahaadadan waxaa loo adeegsaday in lagu saxeexo shahaadada Aynu Encrypt (ISRG Root X1), oo ay gacanta ku hayso beesha oo siisa shahaadooyin lacag la’aan dadka oo dhan.

Shirkaddu waxay hubisay kalsoonida Aynu Encrypt shahaadooyinka ku haysanno aalado aad u ballaaran, nidaamyada hawlgalka iyo daalacashada inta ay isku darayaan Aynu Encrypt shahaaddeeda xidid u noqonno dukaamada shahaadada xididka.

Waxaa markii hore la qorsheeyey in ka dib DST Root CA X3 uu dhammaado, mashruuca Aan Encrypt waxay u beddeli doontaa abuurista saxiixyada iyadoo la adeegsanayo kaliya shahaadadaada, laakiin tallaabada noocaas ahi waxay u horseedi doontaa luminta is waafajinta oo leh nidaamyo badan oo hore oo aan samayn. Gaar ahaan, ku dhawaad ​​30% aaladaha Android ee la adeegsado ma hayaan xog ku saabsan Aynu Encrypt shahaadada xididka, taageeradaas oo u muuqatay kaliya madal Android 7.1.1, oo la sii daayay dhammaadkii 2016.

Aynu Encrypt qorsheynin inay gasho heshiis cusub oo saxiix ah, maaddaama tani ay dusha ka saareyso dhinacyada heshiiska, mas'uuliyad dheeri ah, oo ka xayuubisa madaxbannaanida, oo gacmahooda ku xirta inay u hoggaansamaan dhammaan habraacyada iyo xeerarka hay'ad kale oo shahaado bixin ah.

Laakiin dhibaatooyin ka dhalan kara tiro badan oo ah aaladaha Android, ayaa qorshaha dib loo eegay. Heshiis cusub ayaa lala saxeexay maamulka shahaadada IdenTrust, kaas oo lagu beddeli karo Beddelka Aynu Encrypt shahaado dhex-dhexaad ah oo la saxiixay. Saxiixa iskutallaabta wuxuu socon doonaa saddex sano wuxuuna sii wadi doonaa inuu la jaanqaado aaladaha Android laga bilaabo nooca 2.3.6.

Si kastaba ha ahaatee, shahaadada cusub ee dhexe ma daboolayo nidaamyo kale oo badan oo dhaxalgal ah. Tusaale ahaan, ka dib markii uu dhammaado shahaadada DST Root CA X3 (maanta oo ah 30ka Sebtember), Shahaadooyinka Encrypt mar dambe laguma aqbali doono qalabka aan la taageerin iyo nidaamyada hawlgalka, taas oo, si loo hubiyo aaminaadda shahaadooyinka Aan Encrypt, waxaad u baahan doontaa inaad gacanta ku darto Xididka ISRG. Shahaadada X1 ee kaydinta shahaadada xididka. Dhibaatooyinku waxay isu muujin doonaan:

OpenSSL ilaa iyo ay ku jirto laanta 1.0.2 (dayactirka laanta 1.0.2 waa la joojiyay December 2019);

  • NSS <3,26
  • Java 8 <8u141, Java 7 <7u151
  • Daaqadaha
  • macOS <10.12.1
  • macruufka <10 (iPhone <5)
  • Android <2.3.6
  • Mozilla Firefox <50
  • Ubuntu <16.04
  • Debian <8

Xaaladda OpenSSL 1.0.2, dhibka waxaa keenay qalad ka hortaagan in si sax ah loo maamulo shahaadooyinka waa la saxiixay haddii mid ka mid ah shahaadooyinka asaasiga ah ee ku lug leh saxiixa uu dhacayo, in kasta oo silsilado kale oo aamin ah oo sugan la dhowro.

Dhibaatada markii ugu horreysay soo baxday sannadkii hore ka dib markii uu dhammaaday shahaadada AddTrust loo adeegsado isdhaafsiga shahaadooyinka maamulka shahaadada Sectigo (Comodo). Ujeeddada dhibka ayaa ah in OpenSSL ay u shaabadeysay shahaadada sidii silsilad toosan, halka sida ku xusan RFC 4158, shahaadadu waxay matali kartaa jaantus goos goos ah oo la qaybiyey oo leh barroosinno aaminaad oo kala duwan oo u baahan in la tixgeliyo.

Isticmaalayaasha qaybinta waayeelka ee ku saleysan OpenSSL 1.0.2 waxaa la siiyaa saddex xal si loo xaliyo dhibaatada:

  • Gacanta ka saar IdenTrust DST Root CA X3 shahaadada xididka oo rakib shahaadada xididka ISRG Root X1 oo kali ah (saxeex ma laha).
  • Sheeg ikhtiyaarka "–trusted_first" marka aad waddo xaqiijinta openssl iyo amarada macmiilka.
  • Adeegso shahaado ku taal server-ka kaas oo ay shahaado siisay SRG Root X1 oo ah shahaadada xididka oo aan la saxiixin (Aynu Encrypt bixinno ikhtiyaar si aad u codsato shahaadadan oo kale). Habkani wuxuu u horseedi doonaa luminta iswaafajinta macaamiishii hore ee Android.

Intaa waxaa dheer, mashruuca Aynu Encrypt ka gudubno heerka ugu sarreeya laba bilyan oo shahaadooyin ah oo la soo saaray. Hal bilyan oo guulo ah ayaa la gaaray bishii Febraayo ee sanadkii hore. Maalin kasta 2,2-2,4 milyan oo shahaadooyin cusub ayaa la soo saaraa. Tirada shahaadooyinka firfircoon waa 192 milyan (shahaadadu waxay shaqeyneysaa saddex bilood) waxayna dabooshaa ku dhawaad ​​260 milyan oo domains (sanad ka hor waxay daboolay 195 milyan oo domains, laba sano ka hor - 150 milyan, saddex sano ka hor - 60 milyan).

Marka loo eego tirakoobka adeegga Telemetry Firefox, saamiga caalamiga ah ee codsiyada bogga ee HTTPS waa 82%(hal sano ka hor - 81%, laba sano ka hor - 77%, saddex sano ka hor - 69%, afar sano ka hor - 58%).

source: https://scotthelme.co.uk/


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Ka mas'uul ah xogta: AB Internet Networks 2008 SL
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.