新型黑客工具威胁Wi-Fi用户安全
下面是小编整理的新型黑客工具威胁Wi-Fi用户安全,供广大学者参考。
You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online.
也许你曾以为窥探你上网活动的事只有政府情报人员或者藏在自家地下室的青年黑客才会干的出来。但一些简单的软件使得哪怕是小咖啡馆里在你身边的任何人都可以看到你在浏览的网页甚至获得你的身份验证信息。
“Like it or not, we are now living in a cyberpunk novel,” said Darren Kitchen, a systems administrator for an aerospace company in Richmond, Calif., and the host of Hak5, a video podcast about computer hacking and security. “When people find out how trivial and easy it is to see and even modify what you do online, they are shocked.”
达伦·凯臣是美国加州里士满市的一家航空公司的系统管理员,同时他还是一家名为Hak5的计算机黑客与信息安全视频播客网站的站长。他说,“不管你喜欢与否,我们现在正生活在一个数字庞克小说之中。当人们发现他们的网上信息是多么容易被黑时,他们都会目瞪口呆。”
Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.
不久前若要监视你的笔记本或智能手机通过Wi-Fi热点上网的情况,这还只是有能力和有毅力的黑客,花费大量时间并利用高精尖的工具才能办到的事。但去年十月发布的一款叫做Firesheep的自由程序使得监测未加密的Wi-Fi网络变得易如反掌,利用该软件人们可以监测别人上网信息乃至登录他人访问的网站帐户。
Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections.
在没有发布任何潜在安全威胁警告的情况下,网站管理员已经争先恐后的开始提供附加安全保护措施了。
“I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.”
Firesheep的作者是西雅图的自由软件开发者埃里克巴·特勒,他表示:“我发布Firesheep就是为了让大家知道在网站安全上一个普遍的核心问题一直以来都被大家忽略了,那就是端到端的加密。”
What he means is that while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.
当你在Facebook、Twitter、Flickr、Amzon、eBay和纽约时报之类的网站上初次输入登录密码时,端到端信息被加密。但当使用cookie登录时,常常是不进行加密的。Cookie是对记录你的登录信息、个人访问设置及某些私人信息的一段代码的称呼。Firesheep就设法抓取这些cookie,这样就可以使任何心存好奇或别有用心的用户干脆变成你,从网站上登录你的帐号。
More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use.
在过去三个月内超过一百万人已下载了该程序(包括对计算机并不在行的笔者在内)。它真的很简单易用。
The only sites that are safe from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “
唯一安全的网站就是那些在整个会话过程中使用传输层加密协议或其前身SSL的网站。PayPal和许多银行做了这样的设定。但仍有一批数量惊人的网站没有这么做,而通常人们却一直相信它们能够保护其私人信息。当你的浏览器的一角出现一个小小的锁形图标或者你所访问的网址前以“https”而不是“http”开头时,你才能躲过那些窥视的眼睛。
“The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense,” said Chris Palmer, technology director at the Electronic Frontier Foundation, an electronic rights advocacy group based in San Francisco. “Yes, there are operational hurdles, but they are solvable.”
电子前哨基金会是一家总部位于旧金山的数字版权维权组织,它的技术总监克利斯·帕尔默说:“网站不提供全程通信加密的理由通常是,这会拖慢站点访问速度并造成巨大的工程开销。要提供全程通信机密的确有一些操作上的障碍,但这些困难都是可以解决的。”