Indeed, Gmail made end-to-end encryption its default mode in January 2010. Facebook began to offer the same protection as an opt-in security feature last month, though it is so far available only to a small percentage of users and has limitations. For example, it doesn’t work with many third-party applications.

　　實際上，Gmail已于2010年一月起在其默認模式中采用了端到端加密技術(shù)。上個月，F(xiàn)acebook也開始將同樣的保護措施作為一項可選擇的安全功能提供給用戶，但目前仍只限于一小部分用戶應用。例如，它并不適用于許多第三方應用。

　　“It’s worth noting that Facebook took this step, but it’s too early to congratulate them,” said Mr. Butler, who is frustrated that “https” is not the site’s default setting. “Most people aren’t going to know about it or won’t think it’s important or won’t want to use it when they find out that it disables major applications.”

　　“Facebook這么做并不值得，現(xiàn)在就為他們的成功祝賀也為時尚早。大多數(shù)人并不會了解這項保護措施，或者并不會認為這有多重要，或者由于這對于大多數(shù)第三方應用無效而不會使用它。”巴特勒先生如是說，他仍覺得“https”訪問并不是網(wǎng)站的默認訪問設置乃是一件憾事。

　　Joe Sullivan, chief security officer at Facebook, said the company was engaged in a “deliberative rollout process,” to access and address any unforeseen difficulties. “We hope to have it available for all users in the next several weeks,” he said, adding that the company was also working to address problems with third-party applications and to make “https” the default setting.

　　Facebook的信息安全總監(jiān)喬·沙利文表示，他們正著手準備一個“慎重的發(fā)布過程”，以發(fā)現(xiàn)并克服所有潛在的困難。他說，“我們希望在幾周后這項安全措施能適用于所有用戶。”此外他還補充說，公司正在努力解決第三方應用方面的安全問題并力促“https”訪問方式成為默認設置。

　　Many Web sites offer some support for encryption via “https,” but they make it difficult to use. To address these problems, the Electronic Frontier Foundation in collaboration with the Tor Project, another group concerned with Internet privacy, released in June an add-on to the browser Firefox, called Https Everywhere. The extension, which can be downloaded at eff.org/https-everywhere, makes “https” the stubbornly unchangeable default on all sites that support it.

　　許多網(wǎng)站通過“https”提供加密服務，但這用起來并不方便。為解決這個問題，電子前哨基金會聯(lián)合Tor項目組(另一個互聯(lián)網(wǎng)隱私相關(guān)組織)于去年六月發(fā)布了一款名為Https Everywhere(Https無處不在)的火狐瀏覽器插件。該插件(可由eff.org/https-everywhere下載)強制通過https方式訪問所有支持該訪問服務的網(wǎng)站。

　　Since not all Web sites have “https” capability, Bill Pennington, chief strategy officer with the Web site risk management firm WhiteHat Security in Santa Clara, Calif., said: “I tell people that if you’re doing things with sensitive data, don’t do it at a Wi-Fi hot spot. Do it at home.”

　　由于并非所有網(wǎng)站都能提供“https”訪問支持，白帽安全公司(美國加州圣克拉拉的網(wǎng)絡風險管理公司)的首席策略官比爾·潘寧頓告戒大眾：“如果你要進行涉及敏感信息的操作，不要通過Wi-Fi來做，還是回家再弄吧。”

　　But home wireless networks may not be all that safe either, because of free and widely available Wi-Fi cracking programs like Gerix WiFi Cracker, Aircrack-ng and Wifite. The programs work by faking legitimate user activity to collect a series of so-called weak keys or clues to the password. The process is wholly automated, said Mr. Kitchen at Hak5, allowing even techno-ignoramuses to recover a wireless router’s password in a matter of seconds. “I’ve yet to find a WEP-protected network not susceptible to this kind of attack,” Mr. Kitchen said.

　　但家里的無線網(wǎng)絡也并不一定能確保安全，因為Gerix WiFi Cracker、Aircrack-ng 和Wifite之類的自由Wi-Fi黑客程序正被廣泛使用著。此類軟件仿冒合法用戶的活動以竊取一系列所謂弱密匙或者可能透露戶密碼的蛛絲馬跡。這個過程完全是自動的，凱臣在Hak5上說，這使得哪怕是一個技術(shù)白癡都能在幾秒鐘內(nèi)獲得一個無線路由器的密碼。他還說：“我還沒有發(fā)現(xiàn)哪個采用WEP保護的網(wǎng)絡能夠?qū)@種攻擊免疫。”

　　A WEP-encrypted password (for wired equivalent privacy) is not as strong as a WPA (or Wi-Fi protected access) password, so it’s best to use a WPA password instead. Even so, hackers can use the same free software programs to get on WPA password-protected networks as well. It just takes much longer (think weeks) and more computer expertise.

　　WEP(有線等效保密)密碼并不如WPA(Wi-Fi接入保護)密碼強大，所以使用WPA密碼方為上策。但即便如此，黑客們也還是可以用同樣的軟件得到采用WPA密碼保護的網(wǎng)絡的密碼信息。這只是需要花上更長的時間(大概是幾周)，當然也需要更多的計算機專業(yè)知識。

　　Using such programs along with high-powered Wi-Fi antennas that cost less than $90, hackers can pull in signals from home networks two to three miles away. There are also some computerized cracking devices with built-in antennas on the market, like WifiRobin ($156). But experts said they were not as fast or effective as the latest free cracking programs, because the devices worked only on WEP-protected networks.