Shellshock暴露互联网如履薄冰

2014-10-09 18:01:15来源：可可英语

　　“The world wide web just had a birthday, turning 25. When Tim Berners Lee created it I don’tknow if he envisaged magical pocket devices where you could take phone calls from Tokyo,surf the internet and more money around,” he said. “We’ve come a long way in 25, 30 years.”Mr Ford said companies such as Google and cyber security companies such as Rapid 7 wereworking to improve some fundamental aspects of the internet. But security needed to bemore valued by consumers so that the companies creating products prioritised security.

　　他说：“万维网刚刚度过了25岁生日。当蒂姆•伯纳斯-李爵士(Sir Tim Berners-Lee)发明万维网时，我不知道他能否想象到今天各种魔术般的口袋设备。通过这些设备，人们可以从东京拨出长途电话、可以浏览互联网、还可以四处调动资金。在25或30年的时间里，我们已走得很远。”福特表示，许多企业正在着手改善互联网的某些基础性能，包括谷歌(Google)，以及Rapid 7等网络安全公司。然而，只有当消费者更加重视安全问题时，企业才会开发出注重安全性的产品。

　　“In the long run, security should not be a feature but something that is expected,” he said. “Ifear it will take more events like this to prioritise those services and investment.”

　　他说：“长期来说，安全不应被视为一种特性，而应该是一种必要属性。我担心人们要经历更多此类事件，才会把这类服务和投资放在重要位置上。”

　　Product designers had to choose between spending money on new features which were moremarketable, or on security that no one would notice, he added.

　　他补充说，产品设计人员必须做出选择：是把资金花在设计更有利于产品销售的新功能上，还是花在提升没人会注意的安全性上。

　　It is hard to prioritise security when the size of the problem remains unknown. Legislationrequiring companies to report cyber attacks also varies widely depending on the industry orcountry, but most focus on the loss of consumer data rather than other attacks aimed at takingover computer systems or stealing intellectual property.

　　在对问题严重程度一无所知的情况下，人们很难把安全问题摆在首位。要求企业报告网络攻击的立法，因国家或行业的不同而存在极大差异，但大多都着眼于用户数据的泄露，而不是其他旨在控制电脑系统或窃取知识产权的攻击。

　　The effects of Shellshock so far are hard to measure. Even though the vulnerability hasexisted for more than two decades, it is not clear if it had already been discovered by cybercriminals. There is already some evidence posted on Github, an online forum for softwareengineers, that the Shellshock bug has been used in an attack, though it is not known where orwhen.

　　到目前为止，Shellshock漏洞造成的影响还很难评估。尽管该漏洞已存在了逾20年，但不清楚网络犯罪分子是否已发现了这个漏洞。在用户主要为软件工程师的在线论坛Github上，已有人发布证据，显示Shellshock漏洞已被用在一次网络攻击中。不过，这次攻击发生的时间和地点还不清楚。

　　Sophisticated state-backed cyber criminals, known as advanced persistent threats, could usethe bug for a “stealthy attack” where they penetrate deep inside a company or a government’scomputer systems.

　　政府支持的尖端网络罪犯被视为一种高级别持续性威胁，他们可能会利用这一漏洞实施“隐秘的攻击”，深度渗透入企业或政府的计算机系统。

　　Other attackers could use the vulnerability to take hold of servers and home internet routersfrom across the world to create a giant network – known as a botnet – which would give themenough computing power to take down any website in a distributed denial of service attack.

　　其他攻击者可能会利用该漏洞控制世界各地的服务器和家用互联网路由器，从而建立一个庞大的“僵尸网络”(botnet)。这种网络会让他们获得足够的计算能力，可以用“分布式拒绝服务攻击”(DDoS)摧毁任何网站。

　　Apple’s Mac computers rely on an operating system that was originally based on Unix, so theycould be vulnerable especially if connected to public WiFi, and many so-called “internet ofthings” devices such as lightbulbs and fridges may be affected.

　　苹果公司(Apple)的Mac电脑采用一种原本基于Unix的操作系统，因此也可能受到这一漏洞的影响，特别是在连接到公共WiFi的时候。此外，许多“物联网”设备如灯泡、冰箱等可能也会受到影响。

本文关键字: Shellshock暴露互联网如履薄冰