Google Chrome
UGoogle ulumkisile ngotshintsho kwindlela yokusingatha umxholo oxubeneyo kumaphepha avulwe nge-HTTPS. Ngaphambili, ukuba bekukho izinto kumaphepha avulekileyo ane-HTTPS elayishwe ngaphandle kofihlo (usebenzisa i-http: // protocol), ukukhutshwa okukhethekileyo kubonisiwe.
Ngoku, kwiinguqulelo ezilandelayo zesikhangeli, kwagqitywa ekubeni kuthintelwe ukulayishwa kwezi zixhobo emiselweyo. Ke ngoko, kuya kuqinisekiswa ukuba amaphepha avulwe nge "https: //" aqukethe kuphela izixhobo ezilayishwe ngejelo lonxibelelwano elikhuselekileyo.
Kuyajongwa ukuba ngoku abasebenzisi beChannel bavule ngaphezulu kwe-90% yeesayithi ezisebenzisa i-HTTPS. Ubukho bokufakwa kwezinto ezikhutshelweyo ngaphandle kofihlo kudala isoyikiso sokophula umthetho ngokuguqula umxholo ongakhuselekanga phambi kolawulo kumjelo wonxibelelwano (umzekelo, xa uqhagamshela ngeWi-Fi evulekileyo).
Isalathi esixubeneyo somxholo sithathwa njengesingasebenziyo nesilahlekisayo, njengoko inganiki kuvavanyo olungathandabuzekiyo lokhuseleko lwephepha.
Okwangoku, Ezona ntlobo ziyingozi zomxholo oxubeneyo, ezinjengeempendulo kunye neeframes, sele zivaliwe ngokungagqibekanga, kodwa imifanekiso, iifayile zesandi kunye nevidiyo zisenokukhutshelwa nge- "http: //".
Ngokufaka imifanekiso endaweni yayo, umhlaseli unokufaka endaweni yezenzo zokulandela umkhondo wecookie, azame ukuxhaphaza ukuba semngciphekweni kweeprosesa zemifanekiso okanye enze ubuxoki, endaweni yolwazi oluboniswe kumfanekiso.
Ukuqaliswa kwebhloko kwahlulwe ngokwamanqanaba aliqela. Kwi-Chrome 79 (ecwangciselwe uDisemba 10), Iseto esitsha siya kuvela esiza kukhubaza ukubhloka kweendawo ezithile.
Useto oluchaziweyo luya kusetyenziswa kwimixholo exubileyo esele ivaliwe, ezinje ngezikripthi kunye neeframes kwaye ziya kwenziwa zisebenze kwimenyu ebonakala xa ucofa isimboli yokutshixa, ubeke endaweni yesalathi esacetywayo ngaphambili sokuvala ukubhloka.
Ngelixa le-Chrome 80 (ilindeleke ngoFebruwari 4) Inkqubo yokutshixa iya kusetyenziswa kwiifayile zeaudiyo nevidiyo, Ebandakanya ukutshintshwa ngokuzenzekelayo ukusuka ku-http: // ukuya ku-https: // okuya kuyigcina isebenza ukuba ingxaki yezixhobo ikwafumaneka nge-HTTPS.
Imifanekiso iya kuqhubeka nokulayisha ingatshintshanga, kodwa kwimeko yokukhuphela nge-http: // kwi-https: // amaphepha ephepha lonke, isibonakaliso soqhagamshelo olungakhuselekanga luya kuqaliswa. Ukutshintsha okuzenzekelayo nge-https okanye imifanekiso yebhloko, abaphuhlisi bendawo baya kuba nakho ukusebenzisa uhlaziyo-ukungakhuseleki-izicelo-kunye nokuvimba zonke izinto ezinomxholo we-CSP.
Ukuphehlelelwa kweChannel 81, icwangciselwe uMatshi 17, uya kusebenzisa ukuLungisa ngokuZenzekelayo ukusuka kwi-http: // ukuya kwi-https: // yokukhuphela imifanekiso exubeneyo.
Ukongeza, uGoogle ubhengezile ukudityaniswa kolunye lweenguqulelo zesikhangeli seChome, icandelo elitsha le- Ukukhangelwa kwephasiwedi, yenziwe ngaphambili njenge-plugin yangaphandle.
Umdibaniso uya kukhokelela kwinkangeleko yexesha elizeleyo kumphathi wegama eligqithisiweyo Izixhobo zeChannel ukuhlalutya ukuthembeka kwamagama agqithisiweyo asetyenzisiweyo ngumsebenzisi. Xa uzama ukungena nakweyiphi na indawo, igama lomsebenzisi kunye negama lokugqitha liya kuqinisekiswa ngokuchasene nesiseko sedatha yeeakhawunti ezisengozini kunye nesilumkiso xa kukho iingxaki.
Ukuqinisekiswa kwenziwa kwindawo yogcino lwedatha egubungela ngaphezulu kwe-4 yezigidigidi zeakhawunti Ezithiwe thaca kwindawo ezivuzayo zolwazi. Isilumkiso siza kuboniswa xa uzama ukusebenzisa iipassword ezingenamsebenzi ezinje nge "abc123" (iGoogle manani ama-23% amaMelika asebenzisa la maphasiwedi), okanye xa besebenzisa igama elifanayo kwiindawo ezininzi.
Ukugcina imfihlo, xa ungena kwi-API yangaphandle, zimbini kuphela ii-byte ze-hash ezigqithisiweyo zisuka kunxibelelwano ukusuka kwigama lokungena kunye negama lokugqitha (iArgon2 algorithm isetyenziselwa i-hash). I-hash epheleleyo ibhalwe ngokufihliweyo ngesitshixo esenziwe ngumsebenzisi.
I-hashes yoqobo kwindawo yogcino lwedatha kaGoogle nayo ibhalwe ngokufihliweyo kwaye zii-byte ezimbini zokuqala ze-hash ezisaleleyo kwisalathiso.
Ukukhusela ekumiseleni imixholo kwiziko ledatha le-akhawunti elonakalisiweyo ngokubala izimaphambili ezingahleliwe, idatha ebuyisiweyo ibhalwe ngokufihliweyo ngokuhambelana nesitshixo esivelisiweyo ngokusekwe kwikhonkco eliqinisekisiweyo lokungena kunye negama eligqithisiweyo.
Umthombo: https://security.googleblog.com