时间:2019-02-25 作者:英语课 分类:经济学人商业系列


英语课

  Online business and security

网络商业及网络安全

A digital heart attack

电子心脏病

A flaw in popular internet-security software could have serious consequences for all sorts of business

广泛使用的网络安全软件出现漏洞,可能会殃及几乎所有企业

电子心脏病.jpg

THE Heartbleed bug 1 sounds like a nasty coronary condition. But it is in fact a software flaw that has left up to two-thirds of the world's websites vulnerable to attack by hackers 3. “This is potentially the most dangerous bug that we have seen for a long, long time,” says James Beeson, the chief information security officer of GE Capital Americas, an arm of GE. Since its existence was revealed on April 7th by researchers at Codenomicon, a security outfit 4, and Google, countless 5 companies around the world that rely on the internet for part or all of their business have been scrambling 6 to fix the flaw.

“心脏流血”,听起来像是某种严重的心脏病的名称。但事实上,它是一个软件漏洞的名字,此漏洞使得全球三分之二的网站暴露于被黑客攻击的危险之中。“这可能是近些年来发现过的最危险的漏洞了,”通用电气旗下的通用电气金融服务公司的首席信息安全官詹姆士·比森说道。这个漏洞是由网络安全研究团队Codenomicon和谷歌于四月七日发现的,自从那时起,全球范围内,只要是或多或少依靠互联网的公司,都火急火燎地在修补漏洞。

Ironically, the bug was discovered in OpenSSL, encryption software that was designed to make the internet more secure. Available free, this open-source code is popular with businesses and governments, which use it to help secure everything from online credit-card transactions to public services. On April 9th, for instance, Canada's tax authority shut off public access to its online services while it checked the security of its systems in the light of news about the bug.

讽刺的是,这个漏洞是在OpenSSl中发现的,而后者是一个用于提升网络安全的加密软件。OpenSSL是一个免费的开源软件,被企业和政府部门广泛使用,用于保护信用卡交易或公共服务的安全。比如加拿大税务部门的提供的公众网络服务就使用了OpenSSL,在得知漏洞的存在后,税务部门便在四月九日关闭了服务。

The flaw makes it possible for hackers to trick a server into spewing out data held in its memory. OpenSSL has a feature known as a “heartbeat” that allows a computer at one end of an encrypted link to send occasional signals to the computer at the other end of it, to check that it is still online. The researchers discovered that a hacker 2 with knowledge of the bug could replicate 7 this signal and use it to steal all manner of data from a remote computer.

“心血”漏洞增加了黑客套取存储在服务器上的数据的可能性。OpenSSL有一个名为“心跳”的功能,允许加密链接一端的电脑随机发出一条信息,确认另一端的电脑是否仍然在线。研究人发现,一个熟悉“心血”漏洞的黑客,可以通过复制这个信号来盗取远程计算机上的所有数据。

Those data could include encryption keys that let hackers decipher traffic. To make matters worse, the researchers found that the bug, which is present in some versions of OpenSSL that have been available since March 2012, allows attacks to be mounted without leaving a trace in targeted computers' “server logs”, so victims are unaware 8 their systems have been compromised. That means it is impossible to tell for sure what damage has been done.

这些数据可能包括可以让黑客解码之前通信内容的密钥。更糟糕的是,研究人员发现,此漏洞从2012起就开始在OpenSSL的一些版本中出现;而且,黑客通过此漏洞攻击时不会在其目标计算机的“服务器日志”中留下痕迹,所以,受害者无法察觉到自己的系统已经被入侵了。

The bug has forced companies to find out fast how many of their systems employ the vulnerable versions of OpenSSL. “Everyone knows they have to patch their customer-facing internet websites, but that is only the tip of the iceberg,” says Jonathan Sander of STEALTHbits Technologies, a security firm that is helping 9 one of America's biggest banks work out where it has deployed 10 the buggy software. Web-connected systems that handle things such as accounting 11 and personnel data will also need to be checked for the bug.

这个漏洞促使企业迅速查明它们自己有哪些系统使用了存在漏洞的OpenSSL。“所有人都知道要去修补他们面向客户的网站,但那些只是冰山一角,”安全公司STEALTHbits Technologies的乔纳森·桑德说。该公司正在帮助美国的一家大型银行定位其系统上的漏洞。其他联网系统,例如处理帐务和私人信息的联网系统,都有必要检查一下是否有漏洞。

Mr Sander likens the discovery of the Heartbleed bug to finding a faulty part in nearly every make and model of car. The problem is that the internet cannot be recalled. Big web companies such as Google and Yahoo have moved fast to deal with the bug. But millions of smaller e-commerce sites and other businesses face the worrying prospect 12 of being attacked by hackers alerted to the bug's existence as the firms race to fix the problem.

桑德说,发现“心血”漏洞,就好比汽车厂商在它的每款车里都发现一个同一个缺陷。但问题是,互联行业里没有召回这一说。像谷歌和雅虎这样的大型网络公司已经立即处理了漏洞。但是还有大量的小型的电商网站和其他类型的小公司只能一边抢修,一边担心被那些获悉漏洞存在的黑客的攻击。

The cure includes applying a software “patch” and then choosing new encryption keys to replace those that may have been compromised. Once this has been done, customers will often need to change their passwords too. Tumblr, a blogging service owned by Yahoo, has urged its users to change the passwords they use for all of the secure online services that hold sensitive data about them. Some companies even chose to suspend services while they were working on a fix. Bitstamp, a Bitcoin e-currency exchange, temporarily suspended new account registrations 13 and logins to its existing accounts.

补救的办法包括给软件打“补丁”,然后用新密钥替换那些可能被盗取的密钥。完成了这两步之后,用户通常还需要更改他们的密码。雅虎旗下提供博客服务的Tumblr就强烈建议用户更改所有包含他们敏感信息的服务的密码。有些公司甚至在其修补漏洞期间暂停了服务。比特币交易网站Bitstamp就暂时关闭了注册和登录服务。

Another Y2 K?

另一个千年虫?

Perhaps the risk posed by the Heartbleed bug will turn out to be overblown. But if it emerges that companies' systems have indeed been hacked 14 because of it, this could open a legal can of worms. Firms could argue that they ought not to be punished for using widely trusted security software. But aggrieved 15 customers—and their lawyers—may see things differently.

也许,“心血”漏洞可能造成的风险被夸大了。但是一旦真的有公司因此漏洞被黑客入侵了,就可能引起极为棘手的法律纠纷。企业可能会自辩说其不应该因使用被广泛信任的安全软件受罚。但受害的用户和他们的律师可不会这么想。

Quite how the bug got into the OpenSSL software in the first place is a mystery. Bruce Schneier, an internet-security expert, argues in a blog post that “the probability is close to one” that intelligence agencies have exploited the glitch 16 to nab the encryption keys needed to decipher information about their targets. His guess is that the glitch is the result of a coding error rather than the handiwork of spies, though he says he cannot be sure.

至于究竟这个漏洞最初是如何出现在OpenSSL中的,这还是一个谜。网络安全专家布鲁斯·施奈尔在他的一篇博客里称,“毫无疑问”,情报部门已利用此漏洞盗取密钥以获取其监控目标的信息。虽然他不能完全肯定,但他认为漏洞是编程失误的结果,不太可能是间谍的杰作。

No matter who is to blame, this episode is another reminder 17 of the security challenges companies face as ever more economic activity shifts online. According to eMarketer, a research outfit, worldwide business-to-consumer e-commerce sales are likely to grow by just over a fifth this year, to $1.5 trillion. That is a huge commercial opportunity, but it will also encourage cyber-crooks to target businesses even more vigorously. Expect more computer-security heartburn in boardrooms.

不管幕后黑手到底是谁,这个事件再一次提醒我们,在企业不断将经济活动向线上转移的过程中,它们将面临大量的安全挑战。据一个名为eMarketer的市场调查公司称,今年全球B2C电商的销售总额将有望达到1.5万亿美元,同比增长超过五分之一。这是巨大的商机,同时也会让网络罪犯们更坚定地咬住企业这块肥肉。就让董事会的老爷们为此烧心窝火吧。



n.虫子;故障;窃听器;vt.纠缠;装窃听器
  • There is a bug in the system.系统出了故障。
  • The bird caught a bug on the fly.那鸟在飞行中捉住了一只昆虫。
n.能盗用或偷改电脑中信息的人,电脑黑客
  • The computer hacker wrote that he was from Russia.这个计算机黑客自称他来自俄罗斯。
  • This site was attacked by a hacker last week.上周这个网站被黑客攻击了。
n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客”
  • They think of viruses that infect an organization from the outside.They envision hackers breaking into their information vaults. 他们考虑来自外部的感染公司的病毒,他们设想黑客侵入到信息宝库中。 来自《简明英汉词典》
  • Arranging a meeting with the hackers took weeks againoff-again email exchanges. 通过几星期电子邮件往来安排见面,他们最终同意了。 来自互联网
n.(为特殊用途的)全套装备,全套服装
  • Jenney bought a new outfit for her daughter's wedding.珍妮为参加女儿的婚礼买了一套新装。
  • His father bought a ski outfit for him on his birthday.他父亲在他生日那天给他买了一套滑雪用具。
adj.无数的,多得不计其数的
  • In the war countless innocent people lost their lives.在这场战争中无数无辜的人丧失了性命。
  • I've told you countless times.我已经告诉你无数遍了。
v.快速爬行( scramble的现在分词 );攀登;争夺;(军事飞机)紧急起飞
  • Scrambling up her hair, she darted out of the house. 她匆忙扎起头发,冲出房去。 来自《现代英汉综合大词典》
  • She is scrambling eggs. 她正在炒蛋。 来自《简明英汉词典》
v.折叠,复制,模写;n.同样的样品;adj.转折的
  • The DNA of chromatin must replicate before cell division.染色质DNA在细胞分裂之前必须复制。
  • It is also easy to replicate,as the next subsection explains.就像下一个小节详细说明的那样,它还可以被轻易的复制。
a.不知道的,未意识到的
  • They were unaware that war was near. 他们不知道战争即将爆发。
  • I was unaware of the man's presence. 我没有察觉到那人在场。
n.食物的一份&adj.帮助人的,辅助的
  • The poor children regularly pony up for a second helping of my hamburger. 那些可怜的孩子们总是要求我把我的汉堡包再给他们一份。
  • By doing this, they may at times be helping to restore competition. 这样一来, 他在某些时候,有助于竞争的加强。
(尤指军事行动)使展开( deploy的过去式和过去分词 ); 施展; 部署; 有效地利用
  • Tanks have been deployed all along the front line. 沿整个前线已部署了坦克。
  • The artillery was deployed to bear on the fort. 火炮是对着那个碉堡部署的。
n.会计,会计学,借贷对照表
  • A job fell vacant in the accounting department.财会部出现了一个空缺。
  • There's an accounting error in this entry.这笔账目里有差错。
n.前景,前途;景色,视野
  • This state of things holds out a cheerful prospect.事态呈现出可喜的前景。
  • The prospect became more evident.前景变得更加明朗了。
n.登记( registration的名词复数 );登记项目;登记(或注册、挂号)人数;(管风琴)音栓配合(法)
  • In addition to the check-in procedures, the room clerks are customarily responsible for recording advance registrations. 除了办理住宿手续外,客房登记员按惯例还负责预约登记。 来自辞典例句
  • Be the Elekta expert for products registrations in China. 成为在中国注册产品的医科达公司专家。 来自互联网
生气
  • I hacked the dead branches off. 我把枯树枝砍掉了。
  • I'm really hacked off. 我真是很恼火。
adj.愤愤不平的,受委屈的;悲痛的;(在合法权利方面)受侵害的v.令委屈,令苦恼,侵害( aggrieve的过去式);令委屈,令苦恼,侵害( aggrieve的过去式和过去分词)
  • He felt aggrieved at not being chosen for the team. 他因没被选到队里感到愤愤不平。 来自《简明英汉词典》
  • She is the aggrieved person whose fiance&1& did not show up for their wedding. 她很委屈,她的未婚夫未出现在他们的婚礼上。 来自《简明英汉词典》
n.干扰;误操作,小故障
  • There is a glitch in the computer program somewhere.这个计算机程序中的某个部分有点小问题。
  • It could just be a random glitch that can be solved by restarting the machine.可能只是一个小故障,重新启动主机就能解决了。
n.提醒物,纪念品;暗示,提示
  • I have had another reminder from the library.我又收到图书馆的催还单。
  • It always took a final reminder to get her to pay her share of the rent.总是得发给她一份最后催缴通知,她才付应该交的房租。
标签: 经济学人
学英语单词
acardiacus anceps
accessable
accretionary structure
alimentary system
antiparalytical
autoclassified
baccatas
Bartramia
basket-weaving
bearded oyster
Benzaiten
blackfaced
bohols
bottom engine
brat pack, bratpack
builder furnished equipment
cement hardener
cerolysin
charge of rupture
Chloronase
clearing heart and inducing resuscitation
confectio
coregulators
crossful
declining balance rate
diesel LHD
digestible energy
discontinuity stress
downconvertor
drammach
eocryptozoic eon
exoethnonyms
face lathe
field activation item
fokkema
frequency shift modulation
frontolenticular
full-floating axle
gas shell
Goldberg Mohn friction
hails from
hierophants
house to house
international procedure of frequency assignment
irsay
joint surface
knuckle gear
lavochka
leucophanes albescens
line negative
Lophophora
luginar
macro-accounting
magnesiofoitite
make havoc
Moschcowitz's operation
multiple well system
neutron-removal cross-section
northwest monsoon
outcome yield
overlay network
oxyacetylene powder gun
parabundle
parvorders
pitch damping device
plane the way
platymeters
plaudits
primno abyssalis
process identification number
put something in the hopper
Quang Yen
reciprocal strain ellipsoid
residual air volume
rhotacize
Rosenwald
RRI
schockley partial dislocation
set-
Shcherbinka
sidi barrani
silverpot
skip operation
sodium deuteroxide
Sol, Pta.del
songbook
Spratly Islands
stone tumor
ststment
tarverse motion
taxonomic phonemics
thigh
trideoxynucleotide
Udarnyy
UNCOR
under-ones
unique id listing
V formation
water-removing leaves
xcvi
xfc