IMeow ukuhlasela okuqhubeka nokuthola umfutho futhi lokho sekuyizinsuku ezimbalwa manjezikhishwe izindaba ezahlukahlukene lapho ukuhlaselwa okuhlukahlukene okungaziwa kubhubhisa idatha ezindaweni ezingavikelekile Ukufinyelela komphakathi kwe-Elasticsearch ne-MongoDB.
Ngaphandle kwalokho amacala angawodwa wokuhlanza nawo aqoshwa (cishe i-3% yazo zonke izisulu eziphelele) yolwazi olungavikelekile olususelwa ku-Apache Cassandra, CouchDB, Redis, Hadoop, ne-Apache ZooKeeper.
Mayelana neMeow
Lokhu kuhlaselwa kwenziwa nge-bot ebala uhlu lwamachweba wenethiwekhi ye-DBMS ejwayelekile. Ukutadisha ukuhlaselwa kwesiphakeli somgunyathi kukhombisile lokho ukuxhumana kwe-bot kwenziwa ngeProtonVPN.
Imbangela yezinkinga ukuvulwa kokufinyelela komphakathi ku-database ngaphandle kwezilungiselelo zokuqinisekisa ezifanele.
Ngephutha noma ngokunganaki, umphathi wesicelo akazibandakanyi nekheli langaphakathi le-127.0.0.1 (localhost), kepha kuzo zonke izixhumi zenethiwekhi, kufaka phakathi naleyo yangaphandle. Ku-MongoDB, lokhu kuziphatha kwenziwa lula ukumiswa kwesampula enikezwa ngokuzenzakalela, naku-Elasticsearch ngaphambi kwenguqulo 6.8, uhlobo lwamahhala aluzange lusekele ukulawulwa kokufinyelela.
Umlando nomhlinzeki we-VPN «UFO» uyakhombisa, eveze i-database etholakala esidlangalaleni engu-894GB Elasticsearch.
Umhlinzeki uzimise njengokukhathazeka ngemfihlo yomsebenzisi nokungagcini amarekhodi. Ngokuphikisana nalokho okwakushiwo, kwakukhona amarekhodi ku-database Ama-pop-ups afaka imininingwane emayelana namakheli e-IP, isixhumanisi seseshini nesikhathi, omaka bendawo yomsebenzisi, imininingwane ngohlelo lokusebenza lomsebenzisi nedivayisi, kanye nohlu lwezizinda zokufaka izikhangiso kumgwaqo we-HTTP ongavikelekile.
Futhi, i-database ibiqukethe amaphasiwedi acacile wokufinyelela kumbhalo nokhiye beseshini, okuvumela ukuthi izikhathi ezibanjiwe zisuswe ukubethelwa.
Umhlinzeki we-VPN «UFO» waziswa ngalolu daba ngoJulayi 1, kodwa umyalezo wahlala ungaphendulwanga amasonto amabili futhi esinye isicelo sathunyelwa kumhlinzeki wokusingathwa ngoJulayi 14, ngemuva kwalokho i-database ivikelwe ngoJulayi 15.
Inkampani iphendule kwisaziso ngokuhambisa i-database kwenye indawo, kodwa waphinda futhi akakwazanga ukukuvikela kahle. Kungakabiphi, ukuhlaselwa kukaMeow kwamqeda.
Kusukela ngoJulayi 20, le database iphinde yavela kusizinda somphakathi kwi-IP ehlukile. Ngezikhathi zamahora, cishe yonke idatha isusiwe ku-database. Ukuhlaziywa kwalokhu kususwa kukhombisile ukuthi kuhlotshaniswa nokuhlaselwa okukhulu okubizwa nge-Meow okusuka egameni lezinkomba ezisele ku-database ngemuva kokususwa.
"Lapho imininingwane eveziwe itholakele, yavela okwesibili ngoJulayi 20 ekhelini elihlukile le-IP: wonke amarekhodi acekelwa phansi ngokunye ukuhlaselwa irobhothi i-'Meow '," kusho uDiachenko ku-twitter ekuqaleni kwaleli sonto. .
UVictor Gevers, umongameli wesisekelo esingenzi nzuzo IGDI, nayo ibone lokhu kuhlaselwa okusha. Uthi lo mlingisi uphinde ahlasele imininingwane egciniwe kaMongoDB. Umphenyi uphawule ngoLwesine ukuthi noma ngubani owenza lokhu kuhlasela ubonakala ebhekise kunoma iyiphi i-database engavikelekile futhi engatholakali kwi-Intanethi.
Ukusesha ngenkonzo kaShadan ikhombise ukuthi amanye amaseva angamakhulu amaningana nawo abe yizisulu zokususwa. Manje inani lemininingwane ekude lisondela ku-4000 okuyi-mNgaphezu kwe-97% yalezi yizizinda zolwazi ze-Elasticsearch neMongoDB.
Ngokuya kweLeakIX, iphrojekthi ekhomba izinkonzo ezivulekile, i-Apache ZooKeeper nayo yayiqondisiwe. Okunye ukuhlaselwa okungenabungozi kuphinde kwamaka amafayili angama-616 ElasticSearch, MongoDB kanye naseCassandra ngentambo "university_cybersec_experiment".
Abaphenyi baphakamise ukuthi kulokhu kuhlaselwa, abahlaseli babonakala bekhombisa kubanakekeli besizinda sedatha ukuthi amafayela asengozini yokubukwa noma ukususwa.