Ako je s\u00fa\u010dasn\u00e1 digit\u00e1lna infra\u0161trukt\u00fara Interntom zranite\u013en\u00e1. 29. marca osamel\u00fd bezpe\u010dnostn\u00fd v\u00fdskumn\u00edk ozn\u00e1mil , \u017ee objavil, preva\u017ene n\u00e1hodou, tajn\u00e9 zadn\u00e9 vr\u00e1tka v xz Utils. Tento nejasn\u00fd, ale \u017eivotne d\u00f4le\u017eit\u00fd softv\u00e9r je s\u00fa\u010das\u0165ou opera\u010dn\u00fdch syst\u00e9mov Linux, ktor\u00e9 riadia svetov\u00e9 internetov\u00e9 servery. Ak by neboli zadn\u00e9 vr\u00e1tka spozorovan\u00e9 v\u010das, v\u0161etko od kritickej n\u00e1rodnej infra\u0161trukt\u00fary a\u017e po webov\u00fa str\u00e1nku, na ktorej s\u00fa umiestnen\u00e9 obr\u00e1zky va\u0161ich ma\u010diek, by bolo zranite\u013en\u00e9.<\/p>\n
Zadn\u00e9 vr\u00e1tka implantoval anonymn\u00fd prispievate\u013e, ktor\u00fd si z\u00edskal d\u00f4veru ostatn\u00fdch k\u00f3derov t\u00fdm, \u017ee viac ako dva roky prispieval u\u017eito\u010dn\u00fdmi pr\u00edspevkami. T\u00e1 trpezlivos\u0165 a pracovitos\u0165 nesie odtla\u010dky prstov \u0161t\u00e1tnej spravodajskej slu\u017eby. Tak\u00e9to rozsiahle \u00fatoky \u201edod\u00e1vate\u013esk\u00e9ho re\u0165azca\u201c \u2013 ktor\u00e9 sa necielia na jednotliv\u00e9 zariadenia alebo siete, ale na z\u00e1kladn\u00fd softv\u00e9r a hardv\u00e9r, na ktor\u00fdch sa spoliehaj\u00fa \u2013 s\u00fa \u010doraz \u010dastej\u0161ie. V rokoch 2019-20 SVR, rusk\u00e1 zahrani\u010dn\u00e1 spravodajsk\u00e1 slu\u017eba, prenikla do siet\u00ed americkej vl\u00e1dy kompromitovan\u00edm platformy na spr\u00e1vu siete s n\u00e1zvom SolarWinds Orion. Ned\u00e1vno \u010d\u00ednski \u0161t\u00e1tni hackeri upravili firmv\u00e9r smerova\u010dov Cisco, aby z\u00edskali pr\u00edstup k ekonomick\u00fdm, komer\u010dn\u00fdm a vojensk\u00fdm cie\u013eom v Amerike a Japonsku.<\/p>\n
Internet je vo svojej podstate zranite\u013en\u00fd vo\u010di sch\u00e9mam ako zadn\u00e9 vr\u00e1tka xz Utils. Rovnako ako mnoh\u00e9 in\u00e9, na ktor\u00e9 sa spolieha, aj tento program je open-source \u2014 \u010do znamen\u00e1, \u017ee jeho k\u00f3d je verejne dostupn\u00fd; sk\u00f4r ako Wikipedia, zmeny v nej m\u00f4\u017ee navrhn\u00fa\u0165 ktoko\u013evek. \u013dudia, ktor\u00ed spravuj\u00fa open-source k\u00f3d, to \u010dasto robia vo svojom vo\u013enom \u010dase. Absurdnos\u0165 situ\u00e1cie zachyt\u00e1val titulok z roku 2014, po odhalen\u00ed katastrof\u00e1lnej zranite\u013enosti v n\u00e1stroji Open ssl , ktor\u00fd je \u0161iroko pou\u017e\u00edvan\u00fd na bezpe\u010dn\u00fa komunik\u00e1ciu a ktor\u00fd mal rozpo\u010det len \u200b\u200b2 000 dol\u00e1rov: \u201eInternet chr\u00e1nia dvaja chlapi menom Steve.”<\/p>\n
Je l\u00e1kav\u00e9 predpoklada\u0165, \u017ee rie\u0161enie spo\u010d\u00edva v zaveden\u00ed centr\u00e1lnej kontroly, \u010di u\u017e zo strany \u0161t\u00e1tov alebo spolo\u010dnost\u00ed. Hist\u00f3ria v skuto\u010dnosti nazna\u010duje, \u017ee softv\u00e9r s uzavret\u00fdm zdrojom nie je o ni\u010d bezpe\u010dnej\u0161\u00ed ako softv\u00e9r s otvoren\u00fdm zdrojom. Americk\u00fd feder\u00e1lny org\u00e1n Cyber \u200b\u200bSafety Review Board len tento t\u00fd\u017ede\u0148 pokarhal Microsoft za \u017ealostn\u00e9 bezpe\u010dnostn\u00e9 \u0161tandardy, ktor\u00e9 Rusku umo\u017enili ukradn\u00fa\u0165 podpisov\u00fd k\u013e\u00fa\u010d \u2013 \u201ekryptografick\u00fd ekvivalent korunova\u010dn\u00fdch klenotov pre ka\u017ed\u00e9ho poskytovate\u013ea cloudov\u00fdch slu\u017eieb\u201c. To mu poskytlo rozsiahly pr\u00edstup k \u00fadajom. Na porovnanie, softv\u00e9r s otvoren\u00fdm zdrojov\u00fdm k\u00f3dom m\u00e1 mnoho v\u00fdhod, preto\u017ee umo\u017e\u0148uje kolekt\u00edvnu kontrolu a zodpovednos\u0165.<\/p>\n
Cestou vpred je preto maxim\u00e1lne vyu\u017ei\u0165 open source a z\u00e1rove\u0148 zmierni\u0165 obrovsk\u00e9 bremeno, ktor\u00e9 to kladie na mal\u00fd po\u010det neplaten\u00fdch a \u010dasto prenasledovan\u00fdch jednotlivcov. Pom\u00f4c\u0165 m\u00f4\u017ee aj technika. Neziskov\u00e1 organiz\u00e1cia Let’s Encrypt urobila internet bezpe\u010dnej\u0161\u00edm za posledn\u00e9 desa\u0165ro\u010die pomocou \u0161ikovn\u00e9ho softv\u00e9ru, ktor\u00fd zjednodu\u0161uje \u0161ifrovanie pripojen\u00ed pou\u017e\u00edvate\u013eov k webov\u00fdm str\u00e1nkam. <\/p>\n
Pokro\u010dilej\u0161ia umel\u00e1 inteligencia by nakoniec mohla by\u0165 schopn\u00e1 naraz odhali\u0165 anom\u00e1lie v mili\u00f3noch riadkov k\u00f3du. Ostatn\u00e9 opravy s\u00fa regula\u010dn\u00e9. Americk\u00e1 kybernetick\u00e1 strat\u00e9gia, zverejnen\u00e1 minul\u00fd rok, objas\u0148uje, \u017ee zodpovednos\u0165 za zlyhania by nemali nies\u0165 v\u00fdvoj\u00e1ri open source, ale \u201ezainteresovan\u00e9 strany, ktor\u00e9 s\u00fa najschopnej\u0161ie podnikn\u00fa\u0165 kroky na zabr\u00e1nenie zl\u00fdm v\u00fdsledkom\u201c.<\/p>\n
V praxi to znamen\u00e1 vl\u00e1dy a technologick\u00fdch gigantov, ktor\u00ed maj\u00fa obrovsk\u00fd prospech z kni\u017en\u00edc slobodn\u00e9ho softv\u00e9ru. Obe by mali roz\u0161\u00edri\u0165 financovanie a spolupr\u00e1cu s neziskov\u00fdmi in\u0161tit\u00faciami, ako s\u00fa Open Source Initiative a Linux Foundation, ktor\u00e9 podporuj\u00fa open-source ekosyst\u00e9m. Nad\u00e1cia New Responsibility Foundation, nemeck\u00fd think-tank, navrhuje, aby vl\u00e1dy napr\u00edklad umo\u017enili zamestnancom prispieva\u0165 na softv\u00e9r s otvoren\u00fdm zdrojov\u00fdm k\u00f3dom vo svojom vo\u013enom \u010dase a zmiernili z\u00e1kony, ktor\u00e9 kriminalizuj\u00fa \u201ebiely klob\u00fak\u201c alebo etick\u00fd hacking.<\/p>\n
Mali by kona\u0165 r\u00fdchlo. Zadn\u00e9 vr\u00e1tka XZ Utils sa pova\u017euj\u00fa za prv\u00fd verejne objaven\u00fd \u00fatok dod\u00e1vate\u013esk\u00e9ho re\u0165azca na k\u013e\u00fa\u010dov\u00fd softv\u00e9r s otvoren\u00fdm zdrojov\u00fdm k\u00f3dom . To v\u0161ak neznamen\u00e1, \u017ee to bol prv\u00fd pokus. Pravdepodobne nebude ani posledn\u00fd. <\/p>\n","protected":false},"excerpt":{"rendered":"
Ako je s\u00fa\u010dasn\u00e1 digit\u00e1lna infra\u0161trukt\u00fara Interntom zranite\u013en\u00e1. 29. marca osamel\u00fd bezpe\u010dnostn\u00fd v\u00fdskumn\u00edk ozn\u00e1mil , \u017ee objavil, preva\u017ene n\u00e1hodou, tajn\u00e9 zadn\u00e9 vr\u00e1tka v xz Utils. Tento nejasn\u00fd, ale \u017eivotne d\u00f4le\u017eit\u00fd softv\u00e9r je s\u00fa\u010das\u0165ou opera\u010dn\u00fdch syst\u00e9mov Linux, ktor\u00e9 riadia svetov\u00e9 internetov\u00e9 servery. Ak by neboli zadn\u00e9 vr\u00e1tka spozorovan\u00e9 v\u010das, v\u0161etko od kritickej n\u00e1rodnej infra\u0161trukt\u00fary a\u017e po webov\u00fa […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-29758","post","type-post","status-publish","format-standard","hentry","category-exo-news"],"_links":{"self":[{"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/posts\/29758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/comments?post=29758"}],"version-history":[{"count":1,"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/posts\/29758\/revisions"}],"predecessor-version":[{"id":29759,"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/posts\/29758\/revisions\/29759"}],"wp:attachment":[{"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/media?parent=29758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/categories?post=29758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/extraslovensko.sk\/spravy\/wp-json\/wp\/v2\/tags?post=29758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}