Blog

19 uJan 2017

Lesi sishaja esisha se-Gmail sokwehlisa ubugebengu siyakhohlisa ngisho namakhasimende awazi kahle: Nansi imfihlo yokuyiqaphela

/
Posted By

Abahlaziyi bezokuphepha ku-WordFence umklami odumile wezixhobo zokuphepha baye babona lokho okukubiza ngokuthi "ukuhlambalaza okuphanga kakhulu" okuye kwakhohlisa amakhasimende we-Google Gmail ekutholeni izakhi zabo ezizungezile zokungena ngemvume. Lokhu kukhwabanisa kuthiwa ukuqoqa ubuningi ngamaklayenti okuphatha i-imeyili futhi kuqukethe ugibe oluqondile ukuthi ngisho namehlo ahlelwe kakhulu azocabanga ukuthi kunzima ukuthatha inothi. Ngemuva kokuhlukanisa lesi sikhalazo, i-WordFence imemezele okufanayo kubhulogi yabo futhi ixwayise ngokushaya.

Isebenza kanjani

Ukwehla kobugebengu be-phishing kuyinto uhlelo oluhlakaniphile kakhulu. Ukuhlukunyezwa noma iklayenti le-Gmail kuzothola kuqala i-imeyili kusuka kulokho iklayenti ibona ukuthi isithembekile oxhumana naye. Ukufakwa ku-imeyili yinto enayo yonke into ephawulekayo yokurekhoda ejwayelekile kumklamo we-.pdf. Amaklayenti asolisayo ane-propensity yokulanda uxhumano uzothola okuthile okungahlosiwe okubonakala emgqeni olandelayo.

Ukuthinta insimu engobo yomlando ingxenye enkulu kunika amaklayenti ukubuyekeza umbiko. Ukuthelela kulolu xhumano ngaphandle kwalokho, kuzokungena ngemvume ngemvume ngekhasi le-Google ukuze ufike ku-archive. Amakhasimende angenayo i-ID azofaka i-ID yabo ye-imeyili kanye nekhiye yangasese bese uqhubeka.

Idatha ye-Gmail ye-URI

Leli khasi lokungena liyisikhathi sesibili senkinga encane ehambelanisiwe. Kuthatha ngempela amaklayenti kulokho okukhona konke okubonakalayo okuthembekile ebuhleni 'Ngena ngemvume ngeGoogle' ikhasi. I-client clueless izofaka phakathi ukuvumelanisa kwabo hhayi ukuqaphela ukuthi lezo zici ezicashile ziqondiswa ngokuqondakalayo ku-database.

Imiyalo yesinyathelo ngesinyathelo ukuhlukanisa

Ukwaziswa okuhloniphekile lapha i-URL ekhasini. Ilahleka "idatha.text / html.https ..." empeleni njengoba ibhulogi ikhiphe ilwazi layo i-URI hhayi i-URL. 'Ukwaziswa URI' okusetshenziswe njengengxenye yalolu hlelo kuhlanganisa irekhodi lonke ebhasini lendawo yokuhlela.

Ngesikhathi lapho iklayenti ichofoza lokho akushoyo ukuthi uxhumano nokubuyekezwa kombiko ku-imeyili, ivula idokhumenti kwelinye ithebhu (ngokuphindaphindiwe 'Ngena ngemvume ngekhasi le-Google') kuphela ukuthi leli liyiqiniso futhi lithumela imininingwane yakho kumuntu ohlukumezayo.

Ingxenye yesibili yokwaziswa ukuhlukanisa lesi saga sobugebengu bokweba nobugebengu bokweba nobugebengu bokweba nobugebengu obuyingozi (phishing scam Iphakamisa, ukuthi indlela engcono kakhulu yokuqaphela lokhu kungukuthi kwenzeka yini ukuthi ube nesihenqo esiphezulu sokuzimisela esizobonisa ukuthi ukuxhumeka ekubuyekezweni kwengobo yomlando ngempela kuyisithombe esiphezulu (njengoba singakhulumi) esivula idokhumenti. Ngaphandle kokuthi kungenzeka ukuthi i-fide ixhumekile, iyakwazi ukulinganisa ngokufanelekile, kodwa lokhu futhi kungumsebenzi wamakhasimende ambalwa angayibona futhi abaningi bayodlulisela ithuba elikhulu.

Uma kungenzeka ukuthi usalokhu ucwaninga, ibhulogi ibonisa ukuthi ungaya ku-haveibeenpwned.com bese uhlola nge-imeyili yakho kule sayithi enokwethenjelwa.

Ngabe izinga lobugebengu bubekwe ngaphi lapho?

Ngokusho kwephuzu lephuzu le-blog yi-CEO ye-WordFence uMark Maunder, lokhu kuhlaselwa kubalwe esikhathini samasonto amuva nje. Yini okucindezelayo ukuthi kuye kwabalwa ukuthi akuyona iklayenti eyisisekelo, kodwa kunalokho okukhethekile noma ukuhlangabezana namakhasimende akhononda ngokushaywa yilo. Iqiniso litsheliwe, kuncane kakhulu ngisho ne-Google engayenza ukulwa nokuhlaselwa okunjalo njengoba isimemezelo esivela ku-Google sikhuphukile:

"Siyakhumbula le nkinga futhi siqhubeke siqinisa ukulwa kwethu ngokumelene nalo. Siza ukuvikela amaklayenti kusuka ekuhlaselweni ngobugebengu bokuphanga ngendlela ehambisanayo, kufaka phakathi: ukufakwa komshini wokuhlonza imilayezo ye-phishing, izaziso zokuphequlula eziphephile ezikwazisa amaklayenti okuxhumana okuyingozi kwimilayezo nezinhlelo, ukugwema ukungena ngemvume okusolayo, nesibhakabhaka umkhawulo kusuka lapho. Amaklayenti angenza kanjalo ukuqinisekiswa kwezinyathelo ezimbili ukuze uthole irekhodi elengeziwe lokuphepha. "

Ungazivikela kanjani ekuhlaselweni okunjalo?

Uma kwenzeka ucabanga ukuthi uyingozi, into engcono kakhulu okumele uyenze ishintshe ukhiye wakho wemfihlo, lokhu kunikezwa umhlukumezi unalokhu engakugcinanga erekhodi lakho ngokwenza okufanayo kusukela ekupheleni kwakhe. Ungenza ibhokisini yelogi lakho lokubhala irekhodi ukuze ubone ukuthi ngabe omunye umuntu umakwe kumlando wakho. Ungakwenza lokhu ngokuvula irekhodi lakho le-Gmail futhi ngemuva kwalokho kwesokudla kwesokudla, thepha ku-Imininingwane.

Uma kwenzeka ungazange uhlaselwe, futhi usola ukuthi kungenzeka uthinte ukuxhumanisa okunjalo emavikini amuva nje, manje manje kungaba yisikhathi esifanele sokushintsha ukhiye oyimfihlo.

Njengoba i-Google idinga ukunakekelwa, indlela enhle kunazo zonke yokuhlala iphephile ngokuthembekile, ukunika amandla ukuqinisekiswa kwesigaba ezimbili noma ukuhlola ukuphepha okurekhodiwe okungeziwe.

Nge-ID ye-imeyli ye-imeyli kanye negama eliyimfihlo, umhlukumezi angenza noma yini ayithandayo ngezitifiketi. Ngakho empeleni lihlaba kahle kahle ukushintsha igama lakho eliyimfihlo le-Gmail njalo njalo ukuze uhlale uphephile.

shiya impendulo

GTranslate Please upgrade your plan for SSL support!
GTranslate Your license is inactive or expired, please subscribe again!