Uhlelo olungayilungele ikhompuyutha olusha luvele endaweni yesehlakalo informace futhi ngokwenza kanjalo isebenzise indawo yokugcina ye-Google OAuth engadalulwanga ebizwa ngokuthi i-MultiLogin ukuze ivuselele amakhukhi wokuqinisekisa aphelelwe yisikhathi futhi ingene kuma-akhawunti omsebenzisi ngisho noma iphasiwedi ye-akhawunti isethwe kabusha. Iwebhusayithi iBleepingComputer ibike ngakho.
Ekupheleni kukaNovemba wonyaka odlule, i-BleepingComputer yabika ngenhloli ebizwa ngokuthi i-Lumma engabuyisela amakhukhi wokuqinisekisa we-Google aphelelwe yisikhathi ekuhlaselweni kwe-inthanethi. Lawa mafayela azovumela izigebengu ze-inthanethi ukuthi zithole ukufinyelela okungagunyaziwe kuma-akhawunti e-Google ngisho nangemva kokuba abanikazi bawo bephumile, bahlele kabusha amaphasiwedi abo, noma sebephelelwe yisikhathi. Ixhuma kumbiko weseva ye-CloudSEK, iwebhusayithi manje isichaze ukuthi lokhu kuhlasela kosuku lwe-zero kusebenza kanjani.
Igalari yezithombe
Ngamafuphi, iphutha livumela uhlelo olungayilungele ikhompuyutha ukuthi lufakwe kukhompuyutha yedeskithophu ukuze "ikhiphe futhi inqume imininingwane equkethwe kusizindalwazi sendawo se-Google Chrome." I-CloudSEK ithole igciwane elisha eliqondise kubasebenzisi be-Chrome ukuze bathole ukufinyelela kuma-akhawunti we-Google. Lolu hlelo olungayilungele ikhompuyutha luncike kuzilandeleli zamakhukhi.
Isizathu sokuthi lokhu kwenzeke ngaphandle kokuthi abasebenzisi baqaphele ukuthi i-spyware eshiwo ngenhla iyenza ikwazi. Ingakwazi ukubuyisela amakhukhi e-Google aphelelwe yisikhathi isebenzisa ukhiye we-API wokubuza osanda kutholwa. Ukwenza izinto zibe zimbi kakhulu, izigebengu ze-inthanethi zingasebenzisa lokhu kuxhaphaza isikhathi esisodwa ukuze zifinyelele i-akhawunti yakho ngisho noma usethe kabusha iphasiwedi ye-akhawunti yakho ye-Google.
Ungaba nentshisekelo ku
Ngokusho kwe-BleepingComputer, usexhumene ne-Google izikhathi ezimbalwa mayelana nalolu daba lwe-Google, kodwa akakayitholi impendulo.
