新型黑客工具威脅Wi-Fi用戶(hù)安全
下面是學(xué)習(xí)啦小編整理的新型黑客工具威脅Wi-Fi用戶(hù)安全,供廣大學(xué)者參考。
You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online.
也許你曾以為窺探你上網(wǎng)活動(dòng)的事只有政府情報(bào)人員或者藏在自家地下室的青年黑客才會(huì)干的出來(lái)。但一些簡(jiǎn)單的軟件使得哪怕是小咖啡館里在你身邊的任何人都可以看到你在瀏覽的網(wǎng)頁(yè)甚至獲得你的身份驗(yàn)證信息。
“Like it or not, we are now living in a cyberpunk novel,” said Darren Kitchen, a systems administrator for an aerospace company in Richmond, Calif., and the host of Hak5, a video podcast about computer hacking and security. “When people find out how trivial and easy it is to see and even modify what you do online, they are shocked.”
達(dá)倫·凱臣是美國(guó)加州里士滿市的一家航空公司的系統(tǒng)管理員,同時(shí)他還是一家名為Hak5的計(jì)算機(jī)黑客與信息安全視頻播客網(wǎng)站的站長(zhǎng)。他說(shuō),“不管你喜歡與否,我們現(xiàn)在正生活在一個(gè)數(shù)字龐克小說(shuō)之中。當(dāng)人們發(fā)現(xiàn)他們的網(wǎng)上信息是多么容易被黑時(shí),他們都會(huì)目瞪口呆。”
Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.
不久前若要監(jiān)視你的筆記本或智能手機(jī)通過(guò)Wi-Fi熱點(diǎn)上網(wǎng)的情況,這還只是有能力和有毅力的黑客,花費(fèi)大量時(shí)間并利用高精尖的工具才能辦到的事。但去年十月發(fā)布的一款叫做Firesheep的自由程序使得監(jiān)測(cè)未加密的Wi-Fi網(wǎng)絡(luò)變得易如反掌,利用該軟件人們可以監(jiān)測(cè)別人上網(wǎng)信息乃至登錄他人訪問(wèn)的網(wǎng)站帳戶(hù)。
Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections.
在沒(méi)有發(fā)布任何潛在安全威脅警告的情況下,網(wǎng)站管理員已經(jīng)爭(zhēng)先恐后的開(kāi)始提供附加安全保護(hù)措施了。
“I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.”
Firesheep的作者是西雅圖的自由軟件開(kāi)發(fā)者埃里克巴·特勒,他表示:“我發(fā)布Firesheep就是為了讓大家知道在網(wǎng)站安全上一個(gè)普遍的核心問(wèn)題一直以來(lái)都被大家忽略了,那就是端到端的加密。”
What he means is that while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.
當(dāng)你在Facebook、Twitter、Flickr、Amzon、eBay和紐約時(shí)報(bào)之類(lèi)的網(wǎng)站上初次輸入登錄密碼時(shí),端到端信息被加密。但當(dāng)使用cookie登錄時(shí),常常是不進(jìn)行加密的。Cookie是對(duì)記錄你的登錄信息、個(gè)人訪問(wèn)設(shè)置及某些私人信息的一段代碼的稱(chēng)呼。Firesheep就設(shè)法抓取這些cookie,這樣就可以使任何心存好奇或別有用心的用戶(hù)干脆變成你,從網(wǎng)站上登錄你的帳號(hào)。
More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use.
在過(guò)去三個(gè)月內(nèi)超過(guò)一百萬(wàn)人已下載了該程序(包括對(duì)計(jì)算機(jī)并不在行的筆者在內(nèi))。它真的很簡(jiǎn)單易用。
The only sites that are safe from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “
唯一安全的網(wǎng)站就是那些在整個(gè)會(huì)話過(guò)程中使用傳輸層加密協(xié)議或其前身SSL的網(wǎng)站。PayPal和許多銀行做了這樣的設(shè)定。但仍有一批數(shù)量驚人的網(wǎng)站沒(méi)有這么做,而通常人們卻一直相信它們能夠保護(hù)其私人信息。當(dāng)你的瀏覽器的一角出現(xiàn)一個(gè)小小的鎖形圖標(biāo)或者你所訪問(wèn)的網(wǎng)址前以“https”而不是“http”開(kāi)頭時(shí),你才能躲過(guò)那些窺視的眼睛。
“The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense,” said Chris Palmer, technology director at the Electronic Frontier Foundation, an electronic rights advocacy group based in San Francisco. “Yes, there are operational hurdles, but they are solvable.”
電子前哨基金會(huì)是一家總部位于舊金山的數(shù)字版權(quán)維權(quán)組織,它的技術(shù)總監(jiān)克利斯·帕爾默說(shuō):“網(wǎng)站不提供全程通信加密的理由通常是,這會(huì)拖慢站點(diǎn)訪問(wèn)速度并造成巨大的工程開(kāi)銷(xiāo)。要提供全程通信機(jī)密的確有一些操作上的障礙,但這些困難都是可以解決的。”