特黄特色三级在线观看免费,看黄色片子免费,色综合久,欧美在线视频看看,高潮胡言乱语对白刺激国产,伊人网成人,中文字幕亚洲一碰就硬老熟妇

學(xué)習(xí)啦 > 學(xué)習(xí)英語 > 專業(yè)英語 > 計算機英語 > 黑客工具如何威脅Wi-Fi用戶安全

黑客工具如何威脅Wi-Fi用戶安全

時間: 澤燕681 分享

黑客工具如何威脅Wi-Fi用戶安全

  在信息安全里,“黑客”指研究智取計算機安全系統(tǒng)的人員。利用公共通訊網(wǎng)路,如互聯(lián)網(wǎng)和電話系統(tǒng),在未經(jīng)許可的情況下,載入對方系統(tǒng)的被稱為黑帽黑客接下來小編為大家整理黑客工具如何威脅Wi-Fi用戶安全,希望對你有幫助哦!

  You may think the only people capable of snooping on your Internet activity aregovernment intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online.

  也許你曾以為窺探你上網(wǎng)活動的事只有政府情報人員或者藏在自家地下室的青年黑客才會干的出來。但一些簡單的軟件使得哪怕是小咖啡館里在你身邊的任何人都可以看到你在瀏覽的網(wǎng)頁甚至獲得你的身份驗證信息。

  “Like it or not, we are now living in a cyberpunk novel,” said Darren Kitchen, a systems administrator for an aerospace company in Richmond, Calif., and the host of Hak5, a video podcast about computer hacking and security. “When people find out how trivial and easy it is to see and even modify what you do online, they are shocked.”

  達倫·凱臣是美國加州里士滿市的一家航空公司的系統(tǒng)管理員,同時他還是一家名為Hak5的計算機黑客與信息安全視頻播客網(wǎng)站的站長。他說,“不管你喜歡與否,我們現(xiàn)在正生活在一個數(shù)字龐克小說之中。當(dāng)人們發(fā)現(xiàn)他們的網(wǎng)上信息是多么容易被黑時,他們都會目瞪口呆。”

  Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.

  不久前若要監(jiān)視你的筆記本或智能手機通過Wi-Fi熱點上網(wǎng)的情況,這還只是有能力和有毅力的黑客,花費大量時間并利用高精尖的工具才能辦到的事。但去年十月發(fā)布的一款叫做Firesheep的自由程序使得監(jiān)測未加密的Wi-Fi網(wǎng)絡(luò)變得易如反掌,利用該軟件人們可以監(jiān)測別人上網(wǎng)信息乃至登錄他人訪問的網(wǎng)站帳戶。

  Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections.

  在沒有發(fā)布任何潛在安全威脅警告的情況下,網(wǎng)站管理員已經(jīng)爭先恐后的開始提供附加安全保護措施了。

  “I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.”

  Firesheep的作者是西雅圖的自由軟件開發(fā)者埃里克巴·特勒,他表示:“我發(fā)布Firesheep就是為了讓大家知道在網(wǎng)站安全上一個普遍的核心問題一直以來都被大家忽略了,那就是端到端的加密。”

  What he means is that while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.http://www.24en.com愛思英語網(wǎng)

  當(dāng)你在Facebook、Twitter、Flickr、Amzon、eBay和紐約時報之類的網(wǎng)站上初次輸入登錄密碼時,端到端信息被加密。但當(dāng)使用cookie登錄時,常常是不進行加密的。Cookie是對記錄你的登錄信息、個人訪問設(shè)置及某些私人信息的一段代碼的稱呼。Firesheep就設(shè)法抓取這些cookie,這樣就可以使任何心存好奇或別有用心的用戶干脆變成你,從網(wǎng)站上登錄你的帳號。http://www.24en.com愛思英語網(wǎng)

  More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use.http://www.24en.com愛思英語網(wǎng)

  在過去三個月內(nèi)超過一百萬人已下載了該程序(包括對計算機并不在行的筆者在內(nèi))。它真的很簡單易用。

  The only sites that are safe from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “http.”http://www.24en.com愛思英語網(wǎng)

  唯一安全的網(wǎng)站就是那些在整個會話過程中使用傳輸層加密協(xié)議或其前身SSL的網(wǎng)站。PayPal和許多銀行做了這樣的設(shè)定。但仍有一批數(shù)量驚人的網(wǎng)站沒有這么做,而通常人們卻一直相信它們能夠保護其私人信息。當(dāng)你的瀏覽器的一角出現(xiàn)一個小小的鎖形圖標或者你所訪問的網(wǎng)址前以“https”而不是“http”開頭時,你才能躲過那些窺視的眼睛。http://www.24en.com愛思英語網(wǎng)

  “The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense,” said Chris Palmer, technology director at the Electronic Frontier Foundation, an electronic rights advocacy group based in San Francisco. “Yes, there are operational hurdles, but they are solvable.”

  電子前哨基金會是一家總部位于舊金山的數(shù)字版權(quán)維權(quán)組織,它的技術(shù)總監(jiān)克利斯·帕爾默說:“網(wǎng)站不提供全程通信加密的理由通常是,這會拖慢站點訪問速度并造成巨大的工程開銷。要提供全程通信機密的確有一些操作上的障礙,但這些困難都是可以解決的。”

  Indeed, Gmail made end-to-end encryption its default mode in January 2010. Facebook began to offer the same protection as an opt-in security feature last month, though it is so far available only to a small percentage of users and has limitations. For example, it doesn’t work with many third-party applications.http://www.24en.com愛思英語網(wǎng)

  實際上,Gmail已于2010年一月起在其默認模式中采用了端到端加密技術(shù)。上個月,F(xiàn)acebook也開始將同樣的保護措施作為一項可選擇的安全功能提供給用戶,但目前仍只限于一小部分用戶應(yīng)用。例如,它并不適用于許多第三方應(yīng)用。

  “It’s worth noting that Facebook took this step, but it’s too early to congratulate them,” said Mr. Butler, who is frustrated that “https” is not the site’s default setting. “Most people aren’t going to know about it or won’t think it’s important or won’t want to use it when they find out that it disables major applications.”

  “Facebook這么做并不值得,現(xiàn)在就為他們的成功祝賀也為時尚早。大多數(shù)人并不會了解這項保護措施,或者并不會認為這有多重要,或者由于這對于大多數(shù)第三方應(yīng)用無效而不會使用它。”巴特勒先生如是說,他仍覺得“https”訪問并不是網(wǎng)站的默認訪問設(shè)置乃是一件憾事。

  Joe Sullivan, chief security officer at Facebook, said the company was engaged in a “deliberative rollout process,” to access and address any unforeseen difficulties. “We hope to have it available for all users in the next several weeks,” he said, adding that the company was also working to address problems with third-party applications and to make “https” the default setting.

  Facebook的信息安全總監(jiān)喬·沙利文表示,他們正著手準備一個“慎重的發(fā)布過程”,以發(fā)現(xiàn)并克服所有潛在的困難。他說,“我們希望在幾周后這項安全措施能適用于所有用戶。”此外他還補充說,公司正在努力解決第三方應(yīng)用方面的安全問題并力促“https”訪問方式成為默認設(shè)置。

  Many Web sites offer some support for encryption via “https,” but they make it difficult to use. To address these problems, the Electronic Frontier Foundation in collaborationwith the Tor Project, another group concerned with Internet privacy, released in June an add-on to the browser Firefox, called Https Everywhere. The extension, which can be downloaded at eff.org/https-everywhere, makes “https” the stubbornly unchangeable default on all sites that support it.

  許多網(wǎng)站通過“https”提供加密服務(wù),但這用起來并不方便。為解決這個問題,電子前哨基金會聯(lián)合Tor項目組(另一個互聯(lián)網(wǎng)隱私相關(guān)組織)于去年六月發(fā)布了一款名為Https Everywhere(Https無處不在)的火狐瀏覽器插件。該插件(可由eff.org/https-everywhere下載)強制通過https方式訪問所有支持該訪問服務(wù)的網(wǎng)站。

  Since not all Web sites have “https” capability, Bill Pennington, chief strategy officer with the Web site risk management firm WhiteHat Security in Santa Clara, Calif., said: “I tell people that if you’re doing things with sensitive data, don’t do it at a Wi-Fi hot spot. Do it at home.”http://www.24en.com愛思英語網(wǎng)

  由于并非所有網(wǎng)站都能提供“https”訪問支持,白帽安全公司(美國加州圣克拉拉的網(wǎng)絡(luò)風(fēng)險管理公司)的首席策略官比爾·潘寧頓告戒大眾:“如果你要進行涉及敏感信息的操作,不要通過Wi-Fi來做,還是回家再弄吧。”

  But home wireless networks may not be all that safe either, because of free and widely available Wi-Fi cracking programs like Gerix WiFi Cracker, Aircrack-ng and Wifite. The programs work by faking legitimate user activity to collect a series of so-called weak keys or clues to the password. The process is wholly automated, said Mr. Kitchen at Hak5, allowing even techno-ignoramuses to recover a wireless router’s password in a matter of seconds. “I’ve yet to find a WEP-protected network not susceptible to this kind of attack,” Mr. Kitchen said.

  但家里的無線網(wǎng)絡(luò)也并不一定能確保安全,因為Gerix WiFi Cracker、Aircrack-ng 和Wifite之類的自由Wi-Fi黑客程序正被廣泛使用著。此類軟件仿冒合法用戶的活動以竊取一系列所謂弱密匙或者可能透露戶密碼的蛛絲馬跡。這個過程完全是自動的,凱臣在Hak5上說,這使得哪怕是一個技術(shù)白癡都能在幾秒鐘內(nèi)獲得一個無線路由器的密碼。他還說:“我還沒有發(fā)現(xiàn)哪個采用WEP保護的網(wǎng)絡(luò)能夠?qū)@種攻擊免疫。”

  A WEP-encrypted password (for wired equivalent privacy) is not as strong as a WPA (or Wi-Fi protected access) password, so it’s best to use a WPA password instead. Even so,hackers can use the same free software programs to get on WPA password-protected networks as well. It just takes much longer (think weeks) and more computer expertise.

  WEP(有線等效保密)密碼并不如WPA(Wi-Fi接入保護)密碼強大,所以使用WPA密碼方為上策。但即便如此,黑客們也還是可以用同樣的軟件得到采用WPA密碼保護的網(wǎng)絡(luò)的密碼信息。這只是需要花上更長的時間(大概是幾周),當(dāng)然也需要更多的計算機專業(yè)知識。

  Using such programs along with high-powered Wi-Fi antennas that cost less than ,hackers can pull in signals from home networks two to three miles away. There are also some computerized cracking devices with built-in antennas on the market, like WifiRobin (6). But experts said they were not as fast or effective as the latest free cracking programs, because the devices worked only on WEP-protected networks.

  使用這些程序和大功率的Wi-Fi天線的成本不到90美元,這樣黑客們就能監(jiān)聽到兩三英里內(nèi)的家庭無線網(wǎng)絡(luò)信號了。市場上還有一些帶有內(nèi)置天線的黑客設(shè)備,例如售價156美元的WifiRobin之類。但專家們稱這些設(shè)備并不如最新的自由黑客程序來的便捷有效,這些設(shè)備只能針對采用WEP保護的網(wǎng)絡(luò)使用。

  To protect yourself, changing the Service Set Identifier or SSID of your wireless network from the default name of your router (like Linksys or Netgear) to something lesspredictable helps, as does choosing a lengthy and complicated alphanumeric password.

  要保護你自己,最好將你的服務(wù)集標識符或無線網(wǎng)絡(luò)服務(wù)組標識符(SSID)由路由器的默認名(Linksys或Netgear之類)改成一個比較不易預(yù)測的名字,就像選擇夠長夠復(fù)雜的字母數(shù)字混合的密碼那樣。http://www.24en.com愛思英語網(wǎng)

  Setting up a virtual private network, or V.P.N., which encrypts all communications you transmit wirelessly whether on your home network or at a hot spot, is even more secure. The data looks like gibberish to a snooper as it travels from your computer to a secure server before it is blasted onto the Internet.http://www.24en.com愛思英語網(wǎng)

  建立一個虛擬專用網(wǎng)絡(luò)將對你收發(fā)的所有信息進行加密,無論你使用的是家用無線網(wǎng)絡(luò)或是Wi-Fi熱點。這會更安全些。你的計算機發(fā)出的數(shù)據(jù)會先經(jīng)過一個網(wǎng)絡(luò)安全服務(wù)器再在互聯(lián)網(wǎng)上傳播,這樣加密后的數(shù)據(jù)在嗅探軟件看來就像是一堆亂碼一樣。

  Popular V.P.N. providers include Vyper, HotSpot and LogMeIn Hamachi. Some are free; others are as much as a month, depending on how much data is encrypted. Free versions tend to encrypt only Web activity and not e-mail exchanges.

  流行的提供商包括Vyper, HotSpot 和LogMeIn Hamachi。其中一些是免費的,另一些則依加密的數(shù)據(jù)量的多少來計費(如每月18美金)。免費版本的通常只加密Web訪問信息而不加密電郵。http://www.24en.com愛思英語網(wǎng)

  However, Mr. Palmer at the Electronic Frontier Foundation blames poorly designed Web sites, not vulnerable Wi-Fi connections, for security lapses. “Many popular sites were not designed for security from the beginning, and now we are suffering the consequences,” he said. “People need to demand ‘https’ so Web sites will do the painful integration work that needs to be done.”

  但電子前哨基金會的帕爾默先生卻認為網(wǎng)絡(luò)安全的疏失更多的要歸咎于糟糕的網(wǎng)站設(shè)計,而非Wi-Fi連接本身的脆弱性。他說:“許多熱門網(wǎng)站在其設(shè)計之初就對安全問題考慮不足,現(xiàn)在不得不自食其果,大眾要求使用‘https’,因此網(wǎng)站不得不艱難的履行其義務(wù)。”

447651