推特被曝部分源代码遭泄露已数月 涉事人或于去年离职 E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Weixin 2023年3月27日,据外媒报道,一份法律文件显示,推特平台部分底层源代码已经泄露到网上。推特上周五采取行动,向出现平台源代码的开发者社区GitHub发送版权侵权通知,要求删除泄露的源代码,GitHub于当天删除这些内容。目前还不清楚这些代码泄露到网上具体有多长时间,但似乎至少已经有几个月。 文件显示,推特还向美国加州北区地方法院提出申请,要求GitHub确认共享代码的人以及下载过代码的其他人。泄露源代码的人在GitHub网站上注册的名字似乎是“FreeSpeechEnthusiast”。这名用户的相关信息显示今年1月初他曾给GitHub做出过贡献,目前该用户仍处于活跃状态。 两名了解内部调查情况的人士表示,推特已经对这次源代码泄露事件展开调查。负责此事的高管猜测,相关责任人可能去年就离开了公司。自从马斯克去年10月份以440亿美元的价格收购推特以来,已经有约75%的员工被解雇或主动辞职。 安全问题不容忽视 – JumpServer堡垒机 尽管各大科技公司都很重视,但源代码一直是黑客等觊觎的目标。科技公司通常将源代码视为自家机密,因为它们担心这可能会让黑客或其他人获得提取用户数据,给竞争对手带来优势,或暴露出自身安全漏洞。 2022年,黑客组织Lapsus$声称从微软内部的Azure DevOps服务器上窃取了Bing、Cortana和其他项目的源代码。37GB的源代码遭到泄露。一些安全研究人员认为,黑客组织是付钱给企业内部人士以获取访问权限。 2020年,自动驾驶汽车技术领域的知名工程师Anthony Levandowski因为准备跳槽期间从谷歌窃取源代码而被判18个月监禁。 马斯克也曾担心,在公司大规模裁员期间,心怀不满的前员工可能会出现泄露信息和盗窃等问题。去年11月份,马斯克封锁了推特办公室,要求员工在裁员期间不得进入。在过去的几个月时间里,推特还要求工程师不得在裁员之前修改平台源代码,因为他们担心有人会在离职时搞破坏。 服务器是企业的核心,针对此类恶意泄露信息或修改代码的行为,Sinokap推荐企业使用JumpServer堡垒机,它是一套运维安全审计系统,服务器上重要操作都要通过堡垒机进行并且会被记录为视频,方便事后追查。同时,采用单一账号登录、管理多台设备的形式,能够避免密码泄露,方便管理层安全管控。 IT安全培训 事实上,离职员工删除或泄露公司代码这类事件并非少数,之前Sinokap也为大家分享过一些真实案例,例如,程序员试用期遭劝退删光公司代码,被判10个月! 对于此类安全事故的发生,除了在公司重要数据的访问上设置级别权限,更重要的是平时对于员工的安全意识培训,让大家了解数据泄露的危害。如果您的企业有IT安全培训的需求,欢迎联系我们! 文章部分内容来源:网易科技 Table of Contents What We Provide IT Outsourcing Service Managed IT Service IT Infrastructure Services Office Move & Relocation NetworkContinue reading “Twitter Says Parts of Its Source Code Were Leaked On GitHub”
Category Archives: IT Security
Microsoft Security Update March 2023 | Vulnerability Notifications
Microsoft Security Update March 2023 | Vulnerability Notifications E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Weixin Microsoft has recently issued patches for around 80 newly discovered security vulnerabilities on March 14th, 2023. Among these vulnerabilities were two zero-day exploits, namely CVE-2023-23397 and CVE-2023-24880. The severity of theseContinue reading “Microsoft Security Update March 2023 | Vulnerability Notifications”
OneNote : Password Protects Your Notes
OneNote : Password Protects Your Notes E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Youtube Weixin Bilibili In today’s digital age, safeguarding your personal and professional information is paramount. Microsoft OneNote offers a valuable feature that allows users to password-protect their notes, ensuring that sensitive data remains confidential. OneNote supports automaticContinue reading “OneNote : Password Protects Your Notes”
How to Transfer Confidential Files Securely
How to Transfer Confidential Files Securely E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Youtube Weixin Bilibili As many companies adopt hybrid work models, data security becomes increasingly challenging. To address this, Sinokap shares guidelines on secure data storage and transfer. Employees are prohibited from using unencrypted mobile hard drives or USBContinue reading “How to Transfer Confidential Files Securely”
What is Two-Factor Authentication and How to Use It?
What is Two-Factor Authentication (2FA) and How to Use It? E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Youtube Weixin Bilibili Nowadays, the network environment is becoming more and more complex, the attack methods of hackers are gradually diversified, and the risk of account password leakage is also increasing, and the securityContinue reading “What is Two-Factor Authentication and How to Use It?”
Beware of Domain Name Fraud and Do Not Pay Easily
谨防域名诈骗,切勿轻易付款! E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Weixin 随着知识经济的发展,电子商务和互联网的普遍运用,企业无形资产的领域不断扩大,域名,成为了网络时代一项新型的、重要的无形资产。保护域名无形资产也越来越受到企业和个人的重视。下面是由WIPO(世界知识产权组织)整理的每年域名相关诉讼案件数据表格。 Total number of domain dispute administered by WIPO per year 数据图片来源于WIPO官网,Sinokap截取 域名诈骗真实案例 近期Sinokap的一位重要客户就收到了域名到期续费的诈骗邮件,由于日常的IT安全意识培训比较到位,用户将邮件内容转发给了IT进行二次确认,成功避免了这次诈骗。下图是对方发送的邮件真实内容。 常见域名诈骗手段 1、利用“域名到期续费”行骗。假冒某某域名注册机构或冒充受原域名服务商委托,向企业传真域名续费通知单,以域名到期不续费将被删除,帮企业域名续费为名骗取费用。 下面就是Sinokap客户收到的到期通知函,PDF文件看起来十分正规,极具欺骗性。 2、利用“中文域名遭抢注,优先保护注册”为名行骗。假冒是中国互联网络信息中心 (CNNIC)相关工作人员,通知企业其中文域名限几天内付费注册,否则将接受他人抢注等来骗取钱财。 如何应对域名诈骗 1、确认域名是否需要继续使用。 如果不准备使用了,请确认域名是否备案,如果备案域名,您需要通过取消备案来避免其他域名买卖平台将你的域名作为免备案域名出售,而如何要继续使用域名,请确认信息真伪。 2、确认信息真伪。 收到域名续费通知时,可以通过新网的whois域名查询功能(https://whois.domaintools.com),查询域名是否过期,英文信息中“Expiration Date”表示域名过期时间。 注意:只要在域名过期后的30天内及时续费,您的域名所有权仍然有效。 3、联系原域名服务商,通过正轨渠道续费 如果域名将要过期或是在30内的续费期,最好通过电话与原域名服务商核实,确认身份以及付款账号的真实性。如果原服务商结业或其他因素导致无法核实续费的真实性,可以联系正规的服务商,如新网寻求帮助,由其指导帮助您转到那里续费。 Table of Contents What We Provide IT Outsourcing Service Managed IT Service ITContinue reading “Beware of Domain Name Fraud and Do Not Pay Easily”
What is Phishing Email and How to Avoid it?
What is Phishing Email and How to Avoid it? E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Youtube Weixin Bilibili With the increase in remote work, face-to-face communication among employees has significantly decreased, making it essential to be vigilant against phishing emails. Cybercriminals often disguise their identity or content to deceive recipients.Continue reading “What is Phishing Email and How to Avoid it?”
DO NOT Use Private WeChat to Transfer Confidential Files
DO NOT Use Private WeChat to Transfer Confidential Files E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Youtube Weixin Bilibili In the previous article, sinokap shared with you the high-security storage regulations of enterprises. At the end of the article, we reminded everyone not to use private WeChat to transfer files. InContinue reading “DO NOT Use Private WeChat to Transfer Confidential Files”
How to Set a Password to Protect Your Documents
How to Set a Password to Protect Your Documents E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Youtube Weixin Bilibili In today’s digital age, ensuring the security of your documents is paramount. PDFs are widely used for sharing information, but without proper protection, they can be vulnerable to unauthorized access and alterations.Continue reading “How to Set a Password to Protect Your Documents”
What’s a Guest Wi-Fi Network, and Why do you Need One?
What’s a Guest Wi-Fi Network, and Why do you Need One? E-Mail: consulting@sinokap.com Site Link: Premium IT Outsourcing Services in China Share: Youtube Weixin Bilibili The modern world is so hooked up to online services that when guests come around, “How ya doing?” will probably be followed by “What’s your Wi-Fi password?” If all guestsContinue reading “What’s a Guest Wi-Fi Network, and Why do you Need One?”