下面是學習啦小編整理的新型黑客工具威脅Wi-Fi用戶安全，供廣大學者參考。

　　You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online.

　　也許你曾以為窺探你上網(wǎng)活動的事只有政府情報人員或者藏在自家地下室的青年黑客才會干的出來。但一些簡單的軟件使得哪怕是小咖啡館里在你身邊的任何人都可以看到你在瀏覽的網(wǎng)頁甚至獲得你的身份驗證信息。

　　“Like it or not, we are now living in a cyberpunk novel,” said Darren Kitchen, a systems administrator for an aerospace company in Richmond, Calif., and the host of Hak5, a video podcast about computer hacking and security. “When people find out how trivial and easy it is to see and even modify what you do online, they are shocked.”

　　達倫·凱臣是美國加州里士滿市的一家航空公司的系統(tǒng)管理員，同時他還是一家名為Hak5的計算機黑客與信息安全視頻播客網(wǎng)站的站長。他說，“不管你喜歡與否，我們現(xiàn)在正生活在一個數(shù)字龐克小說之中。當人們發(fā)現(xiàn)他們的網(wǎng)上信息是多么容易被黑時，他們都會目瞪口呆。”

　　Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.

　　不久前若要監(jiān)視你的筆記本或智能手機通過Wi-Fi熱點上網(wǎng)的情況，這還只是有能力和有毅力的黑客，花費大量時間并利用高精尖的工具才能辦到的事。但去年十月發(fā)布的一款叫做Firesheep的自由程序使得監(jiān)測未加密的Wi-Fi網(wǎng)絡變得易如反掌，利用該軟件人們可以監(jiān)測別人上網(wǎng)信息乃至登錄他人訪問的網(wǎng)站帳戶。

　　Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections.

　　在沒有發(fā)布任何潛在安全威脅警告的情況下，網(wǎng)站管理員已經(jīng)爭先恐后的開始提供附加安全保護措施了。

　　“I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.”

　　Firesheep的作者是西雅圖的自由軟件開發(fā)者埃里克巴·特勒，他表示：“我發(fā)布Firesheep就是為了讓大家知道在網(wǎng)站安全上一個普遍的核心問題一直以來都被大家忽略了，那就是端到端的加密。”

　　What he means is that while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.

　　當你在Facebook、Twitter、Flickr、Amzon、eBay和紐約時報之類的網(wǎng)站上初次輸入登錄密碼時，端到端信息被加密。但當使用cookie登錄時，常常是不進行加密的。Cookie是對記錄你的登錄信息、個人訪問設置及某些私人信息的一段代碼的稱呼。Firesheep就設法抓取這些cookie，這樣就可以使任何心存好奇或別有用心的用戶干脆變成你，從網(wǎng)站上登錄你的帳號。

　　More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use.

　　在過去三個月內(nèi)超過一百萬人已下載了該程序(包括對計算機并不在行的筆者在內(nèi))。它真的很簡單易用。

　　The only sites that are safe from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “

　　唯一安全的網(wǎng)站就是那些在整個會話過程中使用傳輸層加密協(xié)議或其前身SSL的網(wǎng)站。PayPal和許多銀行做了這樣的設定。但仍有一批數(shù)量驚人的網(wǎng)站沒有這么做，而通常人們卻一直相信它們能夠保護其私人信息。當你的瀏覽器的一角出現(xiàn)一個小小的鎖形圖標或者你所訪問的網(wǎng)址前以“https”而不是“http”開頭時，你才能躲過那些窺視的眼睛。

　　“The usual reason Web sites give for not encrypting all communication is that it will slow down the site and would be a huge engineering expense,” said Chris Palmer, technology director at the Electronic Frontier Foundation, an electronic rights advocacy group based in San Francisco. “Yes, there are operational hurdles, but they are solvable.”

　　電子前哨基金會是一家總部位于舊金山的數(shù)字版權(quán)維權(quán)組織，它的技術(shù)總監(jiān)克利斯·帕爾默說：“網(wǎng)站不提供全程通信加密的理由通常是，這會拖慢站點訪問速度并造成巨大的工程開銷。要提供全程通信機密的確有一些操作上的障礙，但這些困難都是可以解決的。”