Dawb Huv Grail Ntawm Tus Phom Vwm Hacker
Ib qho ntawm qhov kev ruaj ntseg ntawm cov ntaub ntawv yog ua kom koj lub nruab patched thiab tshiab. Thaum cov neeg muag khoom kawm txog cov tshiab vulnerabilities nyob rau hauv lawv cov khoom, xws li cov kws tshawb xyuas neeg thib peb los ntawm lawv tus kheej discoveries, lawv tsim kho, plhaub, kev pab packs thiab kev ruaj ntseg tshiab kho lub qhov.
Tus Dawb Huv Grail rau kev siab phem program thiab tus kab mob sau ntawv yog qhov "zero day exploit". Kev siv xoom hnub nyoog yog thaum siv cov kev ruaj khov raug tsim ua ntej, los yog nyob rau tib lub hnub uas qhov muaj kev ruaj ntseg yog kawm txog los ntawm tus muag khoom. Los tsim ib qho kabmob lossis kabmob uas siv sijhawm zoo rau tus neeg muag khoom tseem tsis tau paub txog thiab rau cov uas tsis muaj tam sim no muaj thaj ua rau tus neeg ua tuaj yeem tuaj yeem ua ntau qhov teeb meem.
Qee qhov vulnerabilities yog dubbed xoom hnub siv vulnerabilities los ntawm cov xov xwm, tab sis lo lus nug yog xoom hnub uas nws daim ntawv qhia hnub? Feem ntau cov neeg muag khoom thiab cov chaw lag luam tseem ceeb paub txog lub limtiam uas tsis zoo los yog ib lub hlis dhau los ua ntej kev tsim tawm los yog ua ntej qhov muaj kev ruaj ntseg yog qhia tawm.
Ib qho piv txwv ntawm qhov no yog SNMP (Kev Tswj Tawm Tswv Yim Tswj Network yooj yim) thaum lub Ob Hlis Ntuj xyoo 2002. Cov tub ntxhais kawm ntawv nyob hauv Oulu University hauv Finland yeej pom tias cov kev ua haujlwm nyob rau lub caij ntuj sov xyoo 2001 thaum ua haujlwm hauv PROTOS project, ib lub suite tsim los kuaj SNMPv1 (version 1).
SNMP yog ib txoj hauv kev yooj yim rau kev sib tham ua ke. Nws yog siv rau cov cuab yeej kom ntaus ntawv sib txuas lus thiab rau cov chaw taws teeb xyuas thiab kev teeb tsa ntawm cov khoom siv network los ntawm cov thawj coj. SNMP tseem muaj nyob hauv kev sib txuas ntawm network (routers, keyboards, hubs, thiab lwm yam.), Cov luam ntawv, cov tshuab luam ntawv, cov tshuab fax, cov khoom siv khoos phis siab heev thiab nyob rau txhua qhov kev khiav haujlwm.
Tom qab paub tias lawv yuav crash lossis lov tes taw uas siv lawv cov PROTOS qhov kev ntsuam xyuas suite, cov tub ntxhais kawm ntawv hauv Oulu University discreetly qhia cov powers uas tau thiab lo lus tawm mus rau cov neeg muag khoom. Txhua tus tau zaum ntawm cov xov xwm ntawd thiab khaws cia zais cia kom txog thaum nws tau xyov mus rau lub ntiaj teb tias PROTOS xeem suite nws tus kheej, uas yog dawb dawb thiab laj mej pej xeem muaj, yuav siv tau raws li cov cai siv los coj cov SNMP li. Tsuas yog tom qab ntawd ua cov neeg muag khoom thiab lub ntiaj teb khib nyiab los tsim thiab tso thaj ua rau thaj chaw teeb meem.
Lub ntiaj teb ntshai thiab nws raug kho raws li xoom-hnub kev siv thaum qhov tseeb ntau tshaj 6 lub hlis dhau los los ntawm lub sij hawm qhov kev ruaj khov tau pib tshawb nrhiav. Zoo sib xws, Microsoft pom qhov tshiab lossis yog qhia rau qhov tshiab hauv lawv cov khoom ua ntu zus. Ib txhia ntawm lawv yog ib qhov teeb meem ntawm kev txhais lus thiab Microsoft yuav yog lossis tsis pom zoo tias nws yog qhov tseeb los yog qhov tsis zoo. Tab sis, txawm tias muaj ntau ntawm cov neeg uas lawv pom zoo yog cov tsis muaj teeb meem yuav muaj lub lis piam los yog lub hlis uas mus los ntawm ua ntej Microsoft tso tawm kev ruaj ntseg hloov tshiab los yog cov kev pabcuam uas cuam tshuam qhov teebmeem.
Ib lub koom haum kev ruaj ntseg (PivX Solutions) siv los tuav lub npe ntawm Microsoft Internet Explorer vulnerabilities uas Microsoft tau ua paub tab sis tseem tsis tau patched. Muaj lwm qhov chaw hauv lub vev-xaij uas muaj npe ntawm cov neeg tawg rog uas muaj npe ntawm cov vulnerabilities paub thiab qhov chaw hackers thiab siab phem cov neeg tsim tawm cov ntaub ntawv luam tawm thiab.
Qhov no tsis yog hais tias qhov kev siv xoom-hnub tsis muaj nyob. Hmoov tsis nws kuj tau tshwm sim tas mus li thaum thawj zaug uas cov neeg muag khoom lossis lub ntiaj teb raug ua kom paub txog lub qhov yog thaum ua qhov kev tshawb nrhiav qhov kev tshawb nrhiav kom paub tias qhov system tau tawg los yog thaum twg los soj ntsuam ib tus kab mob uas twb tau tshaj tawm hauv cov tsiaj qus xyuas seb nws ua haujlwm li cas.
Txawm hais tias cov neeg muag khoom paub txog qhov kev tiv thaiv ib xyoo dhau los los yog pom txog nws cov lus sawv ntxov no, yog tias siv cov cai siv thaum muaj qhov tsis yooj yim rau pej xeem nws yog siv xoom-hnub tawm ntawm koj daim ntawv qhia hnub.
Qhov zoo tshaj plaws uas koj tuaj yeem ua tau los tiv thaiv cov kev siv xoom-hnub siv yog ua raws li kev ruaj ntseg zoo hauv thawj qhov chaw. Los ntawm kev txhim kho thiab ceev koj tus kab mob software anti-virus mus txog hnub tim, thaiv cov ntaub ntawv txuas rau emails uas tej zaum yuav muaj teeb meem thiab ua kom koj lub cev patched tawm tsam cov neeg tawg rog uas koj twb paub txog koj tuaj yeem ruaj khov rau koj qhov system los yog network tawm tsam 99% ntawm dab tsi yog tawm .
Ib qho zoo tshaj plaws rau kev tiv thaiv tawm tsam kev ntshai tam sim no yog ntiav ib qho khoom siv los yog software (los yog ob qho tag nrho) kev ruaj ntseg . Koj tuaj yeem pab heuristic scanning (lub tshuab siv los sim thaiv kabmob lossis kabmob uas tsis tau paub txog) hauv koj tus kabmob software. Txhawm rau thaiv cov kev ruaj ntseg hauv thawj qhov chaw nrog qhov khoom siv hluav taws xob, thaiv kev nkag mus rau cov kev pab cuam thiab cov kev pab cuam nrog software firewall los yog siv koj tus kab mob anti-virus software los pab tshawb xyuas kev coj cwj pwm zoo uas koj tuaj yeem tiv thaiv koj tus kheej kom tsis txhob muaj kev tsis txaus siab hnub dhau hnub.