學(xué)習(xí)啦 > 學(xué)習(xí)英語 > 專業(yè)英語 > 計(jì)算機(jī)英語 >

新型黑客工具威脅Wi-Fi用戶安全(2)

時(shí)間: 若木620 分享

  Indeed, Gmail made end-to-end encryption its default mode in January 2010. Facebook began to offer the same protection as an opt-in security feature last month, though it is so far available only to a small percentage of users and has limitations. For example, it doesn’t work with many third-party applications.

  實(shí)際上,Gmail已于2010年一月起在其默認(rèn)模式中采用了端到端加密技術(shù)。上個(gè)月,F(xiàn)acebook也開始將同樣的保護(hù)措施作為一項(xiàng)可選擇的安全功能提供給用戶,但目前仍只限于一小部分用戶應(yīng)用。例如,它并不適用于許多第三方應(yīng)用。

  “It’s worth noting that Facebook took this step, but it’s too early to congratulate them,” said Mr. Butler, who is frustrated that “https” is not the site’s default setting. “Most people aren’t going to know about it or won’t think it’s important or won’t want to use it when they find out that it disables major applications.”

  “Facebook這么做并不值得,現(xiàn)在就為他們的成功祝賀也為時(shí)尚早。大多數(shù)人并不會了解這項(xiàng)保護(hù)措施,或者并不會認(rèn)為這有多重要,或者由于這對于大多數(shù)第三方應(yīng)用無效而不會使用它。”巴特勒先生如是說,他仍覺得“https”訪問并不是網(wǎng)站的默認(rèn)訪問設(shè)置乃是一件憾事。

  Joe Sullivan, chief security officer at Facebook, said the company was engaged in a “deliberative rollout process,” to access and address any unforeseen difficulties. “We hope to have it available for all users in the next several weeks,” he said, adding that the company was also working to address problems with third-party applications and to make “https” the default setting.

  Facebook的信息安全總監(jiān)喬·沙利文表示,他們正著手準(zhǔn)備一個(gè)“慎重的發(fā)布過程”,以發(fā)現(xiàn)并克服所有潛在的困難。他說,“我們希望在幾周后這項(xiàng)安全措施能適用于所有用戶。”此外他還補(bǔ)充說,公司正在努力解決第三方應(yīng)用方面的安全問題并力促“https”訪問方式成為默認(rèn)設(shè)置。

  Many Web sites offer some support for encryption via “https,” but they make it difficult to use. To address these problems, the Electronic Frontier Foundation in collaboration with the Tor Project, another group concerned with Internet privacy, released in June an add-on to the browser Firefox, called Https Everywhere. The extension, which can be downloaded at eff.org/https-everywhere, makes “https” the stubbornly unchangeable default on all sites that support it.

  許多網(wǎng)站通過“https”提供加密服務(wù),但這用起來并不方便。為解決這個(gè)問題,電子前哨基金會聯(lián)合Tor項(xiàng)目組(另一個(gè)互聯(lián)網(wǎng)隱私相關(guān)組織)于去年六月發(fā)布了一款名為Https Everywhere(Https無處不在)的火狐瀏覽器插件。該插件(可由eff.org/https-everywhere下載)強(qiáng)制通過https方式訪問所有支持該訪問服務(wù)的網(wǎng)站。

  Since not all Web sites have “https” capability, Bill Pennington, chief strategy officer with the Web site risk management firm WhiteHat Security in Santa Clara, Calif., said: “I tell people that if you’re doing things with sensitive data, don’t do it at a Wi-Fi hot spot. Do it at home.”

  由于并非所有網(wǎng)站都能提供“https”訪問支持,白帽安全公司(美國加州圣克拉拉的網(wǎng)絡(luò)風(fēng)險(xiǎn)管理公司)的首席策略官比爾·潘寧頓告戒大眾:“如果你要進(jìn)行涉及敏感信息的操作,不要通過Wi-Fi來做,還是回家再弄吧。”

  But home wireless networks may not be all that safe either, because of free and widely available Wi-Fi cracking programs like Gerix WiFi Cracker, Aircrack-ng and Wifite. The programs work by faking legitimate user activity to collect a series of so-called weak keys or clues to the password. The process is wholly automated, said Mr. Kitchen at Hak5, allowing even techno-ignoramuses to recover a wireless router’s password in a matter of seconds. “I’ve yet to find a WEP-protected network not susceptible to this kind of attack,” Mr. Kitchen said.

  但家里的無線網(wǎng)絡(luò)也并不一定能確保安全,因?yàn)镚erix WiFi Cracker、Aircrack-ng 和Wifite之類的自由Wi-Fi黑客程序正被廣泛使用著。此類軟件仿冒合法用戶的活動(dòng)以竊取一系列所謂弱密匙或者可能透露戶密碼的蛛絲馬跡。這個(gè)過程完全是自動(dòng)的,凱臣在Hak5上說,這使得哪怕是一個(gè)技術(shù)白癡都能在幾秒鐘內(nèi)獲得一個(gè)無線路由器的密碼。他還說:“我還沒有發(fā)現(xiàn)哪個(gè)采用WEP保護(hù)的網(wǎng)絡(luò)能夠?qū)@種攻擊免疫。”

  A WEP-encrypted password (for wired equivalent privacy) is not as strong as a WPA (or Wi-Fi protected access) password, so it’s best to use a WPA password instead. Even so, hackers can use the same free software programs to get on WPA password-protected networks as well. It just takes much longer (think weeks) and more computer expertise.

  WEP(有線等效保密)密碼并不如WPA(Wi-Fi接入保護(hù))密碼強(qiáng)大,所以使用WPA密碼方為上策。但即便如此,黑客們也還是可以用同樣的軟件得到采用WPA密碼保護(hù)的網(wǎng)絡(luò)的密碼信息。這只是需要花上更長的時(shí)間(大概是幾周),當(dāng)然也需要更多的計(jì)算機(jī)專業(yè)知識。

  Using such programs along with high-powered Wi-Fi antennas that cost less than $90, hackers can pull in signals from home networks two to three miles away. There are also some computerized cracking devices with built-in antennas on the market, like WifiRobin ($156). But experts said they were not as fast or effective as the latest free cracking programs, because the devices worked only on WEP-protected networks.

54147