本文摘要:TheShellshockbugthathasleftvastswathsoftheinternetvulnerabletocybercriminalsformorethan20yearshighlightshowthebasicfoundationsofthenetworkarenotfitforthe21stcenturyweb,securityexpertshavewarned

亚博网页版登录

我担忧人们要经历更加多此类事件,才不会把这类服务和投资放到最重要方位上。”Product designers had to choose between spending money on new features which were more marketable, or on security that no one would notice, he added.他补足说道,产品设计人员必需作出自由选择:是把资金花上在设计更加不利于产品销售的新功能上,还是花上在提高没人会留意的安全性上。

It is hard to prioritise security when the size of the problem remains unknown. Legislation requiring companies to report cyber attacks also varies widely depending on the industry or country, but most focus on the loss of consumer data rather than other attacks aimed at taking over computer systems or stealing intellectual property.在对问题相当严重程度一无所知的情况下,人们很难把安全性问题摆在首位。拒绝企业报告网络攻击的法律,因国家或行业的有所不同而不存在很大差异,但大多都侧重用户数据的泄漏,而不是其他目的掌控电脑系统或盗取知识产权的反击。The effects of Shellshock so far are hard to measure. Even though the vulnerability has existed for more than two decades, it is not clear if it had already been discovered by cyber criminals. There is already some evidence posted on Github, an online forum for software engineers, that the Shellshock bug has been used in an attack, though it is not known where or when.到目前为止,Shellshock漏洞导致的影响还很难评估。尽管该漏洞已不存在了逾20年,但不确切网络犯罪分子否已找到了这个漏洞。

在用户主要为软件工程师的在线论坛Github上,有数人公布证据,表明Shellshock漏洞已被用在一次网络攻击中。不过,这次反击再次发生的时间和地点还不确切。Sophisticated state-backed cyber criminals, known as advanced persistent threats, could use the bug for a “stealthy attack” where they penetrate deep inside a company or a government’s computer systems.政府反对的尖端网络罪犯被视作一种高级别持续性威胁,他们可能会利用这一漏洞实行“不为人知的反击”,深度渗入进企业或政府的计算机系统。

Other attackers could use the vulnerability to take hold of servers and home internet routers from across the world to create a giant network – known as a botnet – which would give them enough computing power to take down any website in a distributed denial of service attack.其他攻击者可能会利用该漏洞掌控世界各地的服务器和家用互联网路由器,从而创建一个可观的“僵尸网络”(botnet)。这种网络不会让他们取得充足的计算能力,可以用“分布式拒绝服务反击”(DDoS)毁坏任何网站。Apple’s Mac computers rely on an operating system that was originally based on Unix, so they could be vulnerable especially if connected to public WiFi, and many so-called “internet of things” devices such as lightbulbs and fridges may be affected.苹果公司(Apple)的Mac电脑使用一种原本基于Unix的操作系统,因此也有可能受到这一漏洞的影响,特别是在相连到公共WiFi的时候。此外,许多“物联网”设备如灯泡、冰箱等有可能也不会受到影响。

Chris Wysopal, chief technology officer of cyber security company Veracode, said this moment between the announcement of a problem and people fixing it by rolling out a software update – or patch – is “the most dangerous time”.网络安全公司Veracode首席技术官克里斯马里夫卡帕尔(Chris Wysopal)回应,从漏洞发布到科技企业公布修缮漏洞的软件改版(或补丁)这段时间是“最危险性的”。“The thing that has people worried is that they don’t know the scope of how many devices are affected,” he said.他说道:“人们担忧的问题在于,目前不确切有多少设备受到了这一漏洞的影响。

本文关键词:亚博网页版登录

本文来源:亚博网页版登录-www.comocomenzarunnegocio.com