轻松背单词新浪微博 轻松背单词腾讯微博
轻松背单词微信服务号
当前位置:首页 -> 10级英语阅读 - > 远离网络 也难摆脱黑客攻击
远离网络 也难摆脱黑客攻击
添加时间:2015-10-24 19:53:07 浏览次数: 作者:未知
Tip:点击数字可快速查看单词解释  
  • 即使远离网络,也难摆脱黑客攻击

    It took the hackers2 less than two hours to take over Patsy Walsh’s life.

    不到两个小时,黑客就接管了帕斯蒂·沃尔什(Patsy Walsh)的生活。

    On a recent Friday, Mrs. Walsh, a grandmother of six, volunteered to allow two hackers to take a crack at hacking3 her home. How bad could it be?

    沃尔什是六个孩子的祖母,最近一个周五,她志愿参加一个活动,允许两名黑客入侵她家。这能有多糟呢?

    Mrs. Walsh did not consider herself a digital person. As far as she knew, her home was not equipped with any “smart devices,” physical objects like refrigerators and thermometers that transmit information to the Internet. Sure, she has a Facebook account, which she uses to keep up on friends’ lives, but rarely does she post about her own.

    沃尔什自认为不是一个数码爱好者。就她所知,她家中也没有任何“智能设备”,即可以将信息上传互联网的物品,比如智能冰箱和智能温度计。当然,她有一个Facebook帐号,她通过这个帐号来了解朋友们的生活状况,但她很少发布关于自己的内容。

    “I don’t post things about myself and don’t really understand why other people do,” Mrs. Walsh said. “The fact you can go from one friend’s profile to their friends’ profiles is creepy. I guess you could find out a lot of information about somebody if you really wanted to.”

    “我不怎么发关于自己的内容,我也真不明白为什么其他人会这么做,”沃尔什说。“你可以挨个查看朋友的主页,这有点吓人。我猜,只要你真心想查某人的信息,你就可以查出一大堆。”

    Indeed. Days before hackers even set foot in Mrs. Walsh’s home overlooking Mount Tamalpais in Marin County, Calif., they found her Facebook account and — though it was comparatively locked down — uncovered just enough to begin to take over her digital life. The New York Times was invited to witness the hacking, on the condition that Mrs. Walsh’s town not be named.

    的确如此。沃尔什居住在加利福尼亚州,可以从家中远眺马林县的塔玛珮斯山,而黑客在踏足她家的数日之前,就发现了她的Facebook账号——尽管它相对来说是保密的——获得了足以接管她的数字生活的信息。《纽约时报》应邀见证了这起黑客行动,前提是不透露沃尔什住在哪个城镇。

    The twist was that once the hackers found their way in, they discovered someone else had already been there.

    亮点在于,黑客在成功侵入之后,发现已经有人来过这里。

    The hackers could see that Mrs. Walsh had liked a page organized by Change.org. That was all they needed to construct some convincing click bait. Within 10 minutes, they composed a fake email from Change.org asking her to sign a fake petition about land use in Marin County.

    黑客可以看到沃尔什赞过Change.org发布的一个页面。仅仅是这样,他们就构建了一些令人信服的点击诱饵。不到10分钟,他们伪造了一份来自Change.org的假电邮,请她在一份关于马林县土地利用的假请愿书上签名。

    When that link led her to a page that asked her to enter her email address and password, she complied. To spare Mrs. Walsh any actual harm, the hackers used a service called Phish5, which does not actually store passwords and is often used by employers to test employees’ ability to spot malicious5 phishing cons4.

    点击该链接后,她登上一个网页,要求她输入电邮地址和密码,她照做了。为了不让沃尔什遭受任何实质上的危害,黑客使用了一个名为Phish5的服务,它并不真正存储密码,雇主通常用它来测试雇员识别恶意仿冒内容的能力。

    Had the two been actual attackers, they would have had all the information they needed to “pwn” Mrs. Walsh — hacker1 speak for taking over someone’s digital life — from afar, particularly because, Mrs. Walsh confessed, she was guilty of using the same password across many accounts.

    如果这两名黑客是动真格的,他们就已经远程获取了“pwn”沃尔什所需的一切信息。“pwn”是黑客的行话,指接管某人的数字生活。沃尔什承认,她在不同的账户上使用了同样的密码,而这让黑客入侵变得尤为轻松。

    All this before they had even set foot in Mrs. Walsh’s home.

    所有这一切还是在他们登门造访沃尔什之前完成的。

    The hackers, Reed Loden, the 27-year-old director of security of HackerOne, a San Francisco security start-up, and Michiel Prins, the 25-year-old co-founder of HackerOne, were greeted warmly when they arrived at her home.

    这两名黑客是旧金山初创安全企业HackerOne公司27岁的安全总监里德·洛登(Reed Loden)和25岁的联合创始人米希尔·普林斯(Michiel Prins)。到沃尔什家时,他们受到了热烈的欢迎。

    “Welcome Hackers” was scrawled6 on a heart-shaped chalkboard on the front door, and deviled eggs, tuna sandwiches and fresh iced tea were waiting. Mrs. Walsh said she expected the hackers would wear black, but Mr. Loden and Mr. Prins did not fit that stereotype7. Mr. Loden, who hails from Mississippi, ended his sentences with a warm “thank you, ma’am” — his manners intact even while explaining that he had just hacked8 Mrs. Walsh’s power of attorney form.

    前门挂着一块心形的黑板,上面写着“黑客请进”。还有魔鬼蛋、金枪鱼三明治和爽口的冰茶等着他们。沃尔什以为黑客会穿黑色的衣服,但洛登和普林斯并不符合这种刻板印象。来自密西西比州的洛登在发言结束时热情地说了句“谢谢您,夫人”。即便是在解释自己刚刚侵入了沃尔什的法律授权书时,神情也并没有变化。

    “They’re very polite,” Mrs. Walsh noted9. (Later, she invited both to Thanksgiving dinner.)

    “他们非常有礼貌,”沃尔什说(后来,她还邀请两人共进感恩节晚餐)。

    Over an hour and a half, they discovered a way to open the Walshes’ garage door. It was simply a matter of using a “brute10 force attack” against an older door opener. The process entailed11 testing thousands of code combinations until hitting the correct one. Earlier this year, the hacker Samy Kamkar demonstrated how to do this in less than 10 seconds using a Mattel toy.

    在一个半小时的时间里,他们找到了打开沃尔什家车库门的办法,只需要“用蛮力”攻击上了年头的开门器即可。这个过程需要试验数千个密码组合,直到试出正确的那个。今年早些时候,一个名叫萨米·卡姆卡尔(Samy Kamkar)的黑客演示了如何在不到十秒钟的时间里,用一个美泰(Mattel)玩具完成这件事。

    Mr. Loden and Mr. Prins also found a way to intercept12 Mrs. Walsh’s television. A service worker had not installed her DirecTV securely, with a password, which meant anyone with knowledge of the device’s I.P. address could control the television remotely.

    洛登和普林斯还发现了控制沃尔什家电视的办法。服务人员给她安装DirecTV时的做法并不安全,没有设置密码,这意味着任何人,只要知道这台设备的IP地址,就能远程控制电视。

    In this case, the hackers used their access to purchase a three-hour pass to an array of adult channels — the names of which would not be suitable for print here.

    在这个案例里,两名黑客利用自己取得的权限,购买了三小时的观看许可,可以收看一系列成人频道。这些频道的名字不宜在此刊出。

    Still, Mrs. Walsh was not impressed. “What’s so wrong about getting into my TV?” When Mr. Loden pointed13 out that someone could blast pornography in her living room in the middle of a dinner party, Mrs. Walsh conceded, “I can see how that would be a little shocking to guests.”

    但沃尔什并没有很在意。“破解我家的电视有什么大问题吗?”但当洛登指出,有人可以在她举办家宴时,让客厅的电视突然播放色情作品之后,沃尔什承认,“我能想象客人会有些震惊。”

    From there, the hackers made their way to the back of Mrs. Walsh’s house, where her PC was waiting. With her passwords posted on the nearby router, their task was easy. Within minutes, they had not only broken into Mrs. Walsh’s email account, but also that of her daughter — who at some point had allowed the computer’s browser14 to auto-fill her password. (As a courtesy, the hackers made sure to send Mrs. Walsh’s daughter an email from her own account with the subject line: “Reminder15: Change my password.”)

    然后,两名黑客来到沃尔什家的后院。她的个人电脑放在那里,正等待黑客侵入。因为密码贴在了附近的路由器上,他们的任务很容易。只用了几分钟,他们不仅进入了沃尔什的电子邮箱账户,还进入了她女儿的账户。她女儿在某个时刻允许了这台电脑的浏览器自动输入她的密码。(两人做了件好事,用沃尔什女儿自己的账户给她发了一封电子邮件,主题栏上写着:“提醒:改密码。”)

    They searched Mrs. Walsh’s email for the term “SSN” and within seconds had access to her Social Security number, her PayPal account, her air miles account and her insurance information. They had even gotten their hands on her power of attorney form.

    他们在沃尔什的邮件中搜索“SSN”,几秒钟后便获取了她的社会安全号码、PayPal账号、航空里程积分账号和保险信息。他们甚至还能对她的法律授权书做手脚。

    What’s worse, they weren’t the only ones with access to all of the above. Mr. Loden and Mr. Prins ran a scan for malicious programs running on Mrs. Walsh’s machine and found roughly 20, including InstallBrain, an installer that can download malicious programs on demand, like one that helps attackers mine for Bitcoin. And others like DefaultTab, FunWebProducts, SearchProtect, SlimCleaner and Supreme16 Savings17 that can change a victim’s home page, spy on search and browsing18 histories, or replace ads on websites like Facebook and Google with intrusive19 programs.

    更糟糕的是,他们不是唯一能获取上述所有信息的人。在对沃尔什电脑上运行的程序进行扫描后,洛登和普林斯发现了大约20个恶意程序,包括InstallBrain。这是一个安装程序,能够按指令下载恶意程序,如一款帮助攻击者生成比特币(Bitcoin)的程序。其他像DefaultTab、FunWebProducts、SearchProtect、SlimCleaner和Supreme Savings这样的程序,更改受害者的主页,并监视用户的搜索和浏览记录,或是将Facebook和谷歌等网站上的广告替换成侵入性的程序。

    After they were through “pwning” Mrs. Walsh, the two hackers sat down with their victim for a debriefing20. Critical points were that Mrs. Walsh needed a new garage door opener, a password for her television and a password manager to help her set unique and far more complicated passwords for each of her accounts.

    结束对沃尔什的数字生活进行的“pwn”后,两名黑客和受害人坐了下来,简单向对方介绍了情况。关键的点是,沃尔什的车库门需要换一个新的开门器;电视机需要设置密码;需要一个密码管理程序,来帮她给每个账户设置独一无二的、复杂度远高于现在的密码。

    The hackers advised her to turn on two-step authentication21, a service that sends a second, one-time password to users’ phones when they try to log in from an unrecognized machine. They also gave her a quick lesson in phishing attacks and a lecture on the importance of installing software updates.

    两位黑客建议沃尔什开启两步验证。这项服务会在用户试图从陌生设备上登录时,向用户的手机再发送一个一次性的验证码。他们还向她简要介绍了钓鱼攻击和安装软件更新的重要性。

    Best to switch on automatic updates, they said, for core services like Apple’s iOS operating system, Google’s Chrome browser and Windows. And, they said, her PC needed to be completely wiped. The good news was they promised to return to do this for her, possibly when they visit for Thanksgiving dinner.

    他们说,最好是为苹果的iOS操作系统、谷歌的Chrome浏览器和Windows等核心服务,打开自动更新。他们还表示,需要彻底清除沃尔什个人电脑上的东西。好消息是,他们许诺会在下次来的时候帮她清理。可能就是来共进感恩节晚餐的时候。

     10级    英文科普 


    点击收听单词发音收听单词发音  

    1 hacker [ˈhækə(r)] Irszg9   第9级
    n.能盗用或偷改电脑中信息的人,电脑黑客
    参考例句:
    • The computer hacker wrote that he was from Russia. 这个计算机黑客自称他来自俄罗斯。
    • This site was attacked by a hacker last week. 上周这个网站被黑客攻击了。
    2 hackers ['hækərz] dc5d6e5c0ffd6d1cd249286ced098382   第9级
    n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客”
    参考例句:
    • They think of viruses that infect an organization from the outside.They envision hackers breaking into their information vaults. 他们考虑来自外部的感染公司的病毒,他们设想黑客侵入到信息宝库中。 来自《简明英汉词典》
    • Arranging a meeting with the hackers took weeks againoff-again email exchanges. 通过几星期电子邮件往来安排见面,他们最终同意了。 来自互联网
    3 hacking ['hækiŋ] KrIzgm   第9级
    n.非法访问计算机系统和数据库的活动
    参考例句:
    • The patient with emphysema is hacking all day. 这个肺气肿病人整天不断地干咳。
    • We undertook the task of hacking our way through the jungle. 我们负责在丛林中开路。
    4 cons [kɔnz] eec38a6d10735a91d1247a80b5e213a6   第7级
    n.欺骗,骗局( con的名词复数 )v.诈骗,哄骗( con的第三人称单数 )
    参考例句:
    • The pros and cons cancel out. 正反两种意见抵消。 来自《现代英汉综合大词典》
    • We should hear all the pros and cons of the matter before we make a decision. 我们在对这事做出决定之前,应该先听取正反两方面的意见。 来自《简明英汉词典》
    5 malicious [məˈlɪʃəs] e8UzX   第9级
    adj.有恶意的,心怀恶意的
    参考例句:
    • You ought to kick back at such malicious slander. 你应当反击这种恶毒的污蔑。
    • Their talk was slightly malicious. 他们的谈话有点儿心怀不轨。
    6 scrawled [skrɔ:ld] ace4673c0afd4a6c301d0b51c37c7c86   第10级
    乱涂,潦草地写( scrawl的过去式和过去分词 )
    参考例句:
    • I tried to read his directions, scrawled on a piece of paper. 我尽量弄明白他草草写在一片纸上的指示。
    • Tom scrawled on his slate, "Please take it -- I got more." 汤姆在他的写字板上写了几个字:“请你收下吧,我多得是哩。”
    7 stereotype [ˈsteriətaɪp] rupwE   第7级
    n.固定的形象,陈规,老套,旧框框
    参考例句:
    • He's my stereotype of a schoolteacher. 他是我心目中的典型教师。
    • There's always been a stereotype about successful businessmen. 人们对于成功商人一直都有一种固定印象。
    8 hacked [hækt] FrgzgZ   第9级
    生气
    参考例句:
    • I hacked the dead branches off. 我把枯树枝砍掉了。
    • I'm really hacked off. 我真是很恼火。
    9 noted [ˈnəʊtɪd] 5n4zXc   第8级
    adj.著名的,知名的
    参考例句:
    • The local hotel is noted for its good table. 当地的那家酒店以餐食精美而著称。
    • Jim is noted for arriving late for work. 吉姆上班迟到出了名。
    10 brute [bru:t] GSjya   第9级
    n.野兽,兽性
    参考例句:
    • The aggressor troops are not many degrees removed from the brute. 侵略军简直象一群野兽。
    • That dog is a dangerous brute. It bites people. 那条狗是危险的畜牲,它咬人。
    11 entailed [inˈteild] 4e76d9f28d5145255733a8119f722f77   第7级
    使…成为必要( entail的过去式和过去分词 ); 需要; 限定继承; 使必需
    参考例句:
    • The castle and the land are entailed on the eldest son. 城堡和土地限定由长子继承。
    • The house and estate are entailed on the eldest daughter. 这所房子和地产限定由长女继承。
    12 intercept [ˌɪntəˈsept] G5rx7   第8级
    vt.拦截,截住,截击
    参考例句:
    • His letter was intercepted by the Secret Service. 他的信被特工处截获了。
    • Gunmen intercepted him on his way to the airport. 持枪歹徒在他去机场的路上截击了他。
    13 pointed [ˈpɔɪntɪd] Il8zB4   第7级
    adj.尖的,直截了当的
    参考例句:
    • He gave me a very sharp pointed pencil. 他给我一支削得非常尖的铅笔。
    • A safety pin has a metal covering over the pointed end. 安全别针在尖端有一个金属套。
    14 browser [ˈbraʊzə(r)] gx7z2M   第8级
    n.浏览者
    参考例句:
    • View edits in a web browser. 在浏览器中看编辑的效果。
    • I think my browser has a list of shareware links. 我想在浏览器中会有一系列的共享软件链接。
    15 reminder [rɪˈmaɪndə(r)] WkzzTb   第9级
    n.提醒物,纪念品;暗示,提示
    参考例句:
    • I have had another reminder from the library. 我又收到图书馆的催还单。
    • It always took a final reminder to get her to pay her share of the rent. 总是得发给她一份最后催缴通知,她才付应该交的房租。
    16 supreme [su:ˈpri:m] PHqzc   第7级
    adj.极度的,最重要的;至高的,最高的
    参考例句:
    • It was the supreme moment in his life. 那是他一生中最重要的时刻。
    • He handed up the indictment to the supreme court. 他把起诉书送交最高法院。
    17 savings ['seɪvɪŋz] ZjbzGu   第8级
    n.存款,储蓄
    参考例句:
    • I can't afford the vacation, for it would eat up my savings. 我度不起假,那样会把我的积蓄用光的。
    • By this time he had used up all his savings. 到这时,他的存款已全部用完。
    18 browsing [b'raʊzɪŋ] 509387f2f01ecf46843ec18c927f7822   第7级
    v.吃草( browse的现在分词 );随意翻阅;(在商店里)随便看看;(在计算机上)浏览信息
    参考例句:
    • He sits browsing over[through] a book. 他坐着翻阅书籍。 来自《简明英汉词典》
    • Cattle is browsing in the field. 牛正在田里吃草。 来自《简明英汉词典》
    19 intrusive [ɪnˈtru:sɪv] Palzu   第11级
    adj.打搅的;侵扰的
    参考例句:
    • The cameras were not an intrusive presence. 那些摄像机的存在并不令人反感。
    • Staffs are courteous but never intrusive. 员工谦恭有礼却从不让人感到唐突。
    20 debriefing [ˌdi:'bri:fɪŋ] 37197f47cce1841d1d1653df4174015f   第12级
    n.任务报告,任务报告中提出的情报v.向(外交人员等)询问执行任务的情况( debrief的现在分词 )
    参考例句:
    • We've got the rescued soldiers in there for debriefing. 我们把被救的士兵带到了这里做一个报告。 来自电影对白
    • Attention, all fighters are to return to moon base for debriefing. 注意,所有战斗机返回月球基地做任务报告。 来自互联网
    21 authentication [ɔ:ˌθenti'keiʃən] jO5yS   第11级
    鉴定,认证
    参考例句:
    • Computer security technology includes mainly:Authentication,Encryption,Access Control,Auditing and so on.计算机网络安全技术主要有: 认证授权、数据加密、访问控制、安全审计等。

    文章评论 共有评论 0查看全部

      会员登陆
      热门单词标签
    我的单词印象
    我的理解: