Sebakeng se lulang se fetoha sa ts'ireletso ea marang-rang, ho hlaha litšokelo tse ncha tse phephetsang metheo ea lisebelisoa tsa rona tsa dijithale. Tšokelo e 'ngoe e joalo, e bitsoang ShadowRay, e fane ka moriti o lefifi holim'a mekhatlo e itšetlehileng ka moralo oa AI oa mohloli o bulehileng oa Ray. Letšolo lena le bolotsana le shebile ho ba kotsing e kholo (CVE-2023-48022) ka har'a Ray, e behang kotsi e kholo ho lik'hamphani tse likete ho pholletsa le makala a fapaneng. Ho sa tsotellehe tlhekefetso e tsoelang pele bakeng sa likhoeli tse supileng tse fetileng, bahlahisi ba ka morao ho Ray ha ba e-s'o fane ka patch, ba siea likhoebo li kotsing ea ho sebelisoa le ho senya data.
Letšolo la ShadowRay: Tšebeliso le Liphello
Letšolo la ShadowRay le ipapisitse le ho sebelisa CVE-2023-48022 hampe, e leng tlokotsi e kholo e nang le CVSS lintlha tsa 9.8, tse lumellang bahlaseli ba hole hore ba phethe khoutu ba sebelisa API ea tlhahiso ea mosebetsi. Phoso ena e nyenyefatsa taolo ea netefatso ka har'a Dashboard ea Ray le likarolo tsa Client, e fana ka phihlello e sa lumelloeng ea ho fana, ho hlakola, le ho fumana mesebetsi, hammoho le ho etsa litaelo tse hole.
Liphello tsa ketso ena li mpe haholo. Baseki ba atlehile ho tlola lihlopha tse ngata tsa Ray GPU, ba beha datha tse tebileng joalo ka li-password tsa database tsa tlhahiso, linotlolo tsa SSH, li-tokens tsa phihlello, esita le bokhoni ba ho thetsa mefuta ea AI. Li-server tse senyehileng li fetohile libaka tsa ho ikatisa bakeng sa basebetsi ba morafong ba chelete ea crypto le lisebelisoa tse nolofaletsang phihlello e tsitsitseng, e leng ho mpefatsang boemo ba tšokelo.
Maano a ho Khetholla le ho Tlosa
Ho bona le ho tlosa ShadowRay ho hlahisa phephetso e kholo ka lebaka la tlhaho ea eona ea lekunutu le mekhoa e tsoetseng pele ea ho qoba. Leha litharollo tsa setso tsa antivirus li ka thatafalloa ho tseba tšokelo, ho na le mehato e mengata eo mekhatlo e ka e nkang ho fokotsa kotsi:
- Ts'ebetso ea Ts'ebetso: Kamehla beha leihlo tikoloho ea tlhahiso le lihlopha tsa AI bakeng sa liphoso, haholo-holo ka har'a moralo oa Ray.
- Melao ea Li-firewall le Lihlopha tsa Tšireletso: Kenya ts'ebetsong melao e thata ea firewall kapa lihlopha tsa ts'ireletso ho thibela phihlello e sa lumelloeng ea lihlopha tsa Ray.
- Authorization Layer: Sebelisa lera la tumello boema-kepeng ba Ray Dashboard (kamehla: 8265) ho thibela phihlello le ho thibela tlhahiso e sa lumelloeng.
- IP e tlamang: Qoba ho tlama Ray ho 0.0.0.0 bakeng sa bonolo; ho e-na le hoo, sebelisa liaterese tsa IP tse tsoang ho marang-rang a tšepahalang kapa li-VPC/VPN tse ikemetseng.
- Ho falimeha ka Li-Defaults: Netefatsa litlhophiso ka botlalo, 'me u qobe ho itšetleha feela ka litlhophiso tsa kamehla, tse ka senolang bofokoli u sa ikemisetsa.
- Lintlafatso le Lipache khafetsa: Lula u tseba ka lintlafatso tsa ts'ireletso le lipache tse lokollotsoeng ke Anyscale bakeng sa moralo oa Ray. Le ha patch ea CVE-2023-48022 e ntse e le thata, likhatiso tsa nako e tlang li ka sebetsana le tlokotsi ena e kholo.
- Ruta Basebeletsi: Koetlisa basebetsi ka mekhoa e metle ea tšireletseho ea Marang-rang, ho kenyeletsoa ho hloaea liketsahalo tse belaetsang le ho tlaleha litšokelo tse ka bang teng hanghang.
Mehato ea Thibelo le Mekhoa e Molemo ka ho Fetisisa
Ntle le maano a hanghang a phokotso, mekhatlo e ka nka mehato e matla ho sireletsa meaho ea bona ea AI khahlano le litšokelo tse tlang:
- Koetliso ea Tlhokomeliso ea Tšireletso: Ruta basebetsi ka mekhoa e metle ea cybersecurity, ho kenyeletsoa tlhokomeliso ea phishing, bohloeki ba password, le ho lemoha liketso tse belaetsang.
- Liphuputso le Litlhahlobo tsa Kamehla: Etsa liphuputso tse tloaelehileng tsa ts'ireletso le litekolo tsa meaho ea AI ho bona bofokoli le ho bo rarolla hang-hang.
- Fokotsa Litokelo tsa Phihlello: Kenya ts'ebetsong molao-motheo oa monyetla o fokolang oa ho thibela phihlello ea lits'ebetso tsa bohlokoa le data, ho fokotsa tšusumetso ea litlolo tse ka bang teng.
- Mekhoa e sireletsehileng ea ntlafatso: Amohela mekhoa e sireletsehileng ea likhoutu le ho etsa litlhahlobo tse hlakileng tsa khoutu ho fokotsa kotsi ea ho hlahisa bofokoli lits'ebetsong tsa AI.
- Tsamaiso ea Kotsi ea barekisi: Lekola boemo ba ts'ireletso ea barekisi ba mekhatlo ea boraro le meralo e bulehileng joaloka Ray, ho etsa bonnete ba hore ba latela litekanyetso tse matla tsa ts'ireletso.
fihlela qeto e
The ShadowRay tšoso ea cyber e totobatsa bohlokoa ba bohlokoa ba ho sireletsa lisebelisoa tsa AI khahlano le litšokelo tse ntseng li fetoha. Ka ho kenya ts'ebetsong maano a matla a ho fokotsa, ho falimehela matšoao a ho sekisetsa, le ho nka mehato ea ts'ireletso e matla, mekhatlo e ka matlafatsa ts'ireletso ea eona le ho fokotsa kotsi e hlahisoang ke ShadowRay le litšokelo tse tšoanang tsa cyber. Ha maemo a cybersecurity a ntse a tsoela pele ho fetoha, mehato ea ts'ireletso e matla e ntse e le motheo oa boemo bo sebetsang ba cybersecurity.