双语新闻 反思勒索软件攻击事件-运营管理
快捷购买    |    教材大全    |    教材店铺
您现在的位置:首页 > 新闻资讯 >运营管理

双语新闻 反思勒索软件攻击事件

2017-05-15 17:44:40 本站 点击数:824

双语新闻 反思勒索软件攻击事件

在过去的几天里,一个最新的勒索病毒侵入了全球多个国家的互联网系统,导致数据被加密,需要交纳赎金才能恢复。这篇趣味双语新闻是对勒索软件攻击事件的反思,从各个方面进行思索剖析,指出问题和存在的困境。在少儿英语教材中,学到过观点性的短文,若要阐述观点,需要事实论据和一定的论证,来自纽约时报的文章,可以在此方面做出一些示范。自然这也是科技领域的大事件,在阅读中,可以接触到一些科学术语,并注意养成良好的互联网使用习惯。

Global cyberattack came from shared failure to acknowledge threat

There is a real temptation to point fingers in the wake of the global "WCRY" (or "wanna cry") ransomware attack that over the last few days has crippled organizations from the UK's National Health Service to FedEx.

随着全球范围的勒索软件"WCRY"攻击事件的发酵,有一个真正的指责,最近几天以来,攻击已造成英国国家卫生部门和联邦快递等多个组织的系统瘫痪。

If only it were true that there were one party responsible for letting us get to this state; then we might have a chance to fix it.

如果只有一方要对我们进入这个状态负责,那么我们可能有机会解决它。

Instead, who you think had the tools, and the responsibility, to avoid WCRY before it happened depends on where you're sitting. In reality, there are many organizations on which you can pin the blame, and they have collectively created an ecosystem where this failure was allowed to occur.

然而,有工具和责任在事发之前避免WCRY攻击的人取决于其所处的位置。 实际上,有很多组织可以指责,而且他们共同创造了一个允许这种失败发生的生态系统。

The easiest place to start pointing fingers is at Microsoft. After all, Microsoft had a fix for the vulnerability used by WCRY around two months ago, but it was only distributed to users of Windows XP that paid specifically for continuing service past the 2014 "end of life" date for the operating system.

最容易受指责的地方是微软。 毕竟,微软在大约两个月之前已经修复了WCRY使用的漏洞,但是它只分发给那些在2014年“终止日期”之后继续使用Windows XP的付费用户。

Windows XP was particularly susceptible because it remains widely installed all over the world, yet no longer receives security updates as the more recent versions of Windows do. Surely, Microsoft could have foreseen an event like this and pushed such a crucial update for every user of XP in this instance? That can't be so hard for a multi-billion dollar company.

Windows XP特别容易受到影响,因为它在世界各地广泛安装,尽管不再像其他更新Windows版本那样获得安全更新。 当然,微软本来可以预见到这样的事件,却不能在这种情况下为XP用户推出这样一个重要更新? 对于一个数十亿美元的公司来说,这并不难。

On the other hand, Windows XP was released in 2001. Microsoft stopped developing new features for it in 2009, and stopped shipping security updates in 2014. It's not like these dates were secret either. Everyone who's responsible for maintaining equipment securely in 2017 should know that Windows XP is off limits.

另一方面,Windows XP于2001年发布。微软在2009年停止开发新功能,并在2014年停止了安全更新。这些已不再是秘密。2017年负责维护设备安全的每个人都应该知道Windows XP是被停用了的。

One of the reasons Microsoft didn't issue an update to XP is that there are dozens of serious vulnerabilities in XP that will never be fixed. This one just got exploited this time. This is the nature of 16-year-old software.

Microsoft之所以不再发布XP更新,是因为XP中有几十个严重的漏洞将永远不会被修复。 此次被利用的恰巧是16岁软件的特性之一。

It can be tempting to place blame, then, on the victims. They should have updated their software. They should have paid up for Windows 10, or they should have used Linux instead.

那么对受害者的指责,可能很诱人。 他们本该更新软件。 他们本该购买Windows 10,或者他们就该用Linux。

While this argument holds some water when it comes to your average workstation, there are likely millions of pieces of equipment — everything from MRIs to the server's station at your local diner — that run Windows XP, and simply can't be upgraded.

虽然这个争议在你的个人工作站看来站得住脚,但是在核磁共振实验室或当地餐馆的服务器,可能有数百万台设备运行Windows XP,并且根本无法升级。

Maybe the manufacturer went out of business, maybe the software that runs the complex hardware hasn't been updated, or maybe you're just a small hospital that needs to spend money on saving actual lives rather than on messing around with software upgrades.

也许制造商停产,也许运行复杂硬件的软件还没有更新,也许你只是一个小医院,需要花钱挽救生命,而不是软件升级。

There are a ton of reasons why saying "they should have just updated" fails to capture the full situation.

面对“他们应该更新系统”的疑问,有成千的理由,无法一一列举。

A number of other targets present themselves for the blame: the manufacturers of equipment that foolishly relied on a single operating system existing forever; governments turning a blind eye to information security problems for many years; or people's ability to ignore privacy and security violations until they happen to them.

许多其他目标将其置于受指责之地:设备制造商愚蠢地依赖单一操作系统永远存在; 政府多年来对信息安全问题视而不见; 或者个人总是无视隐私和安全侵害,直到事情发生在其身上。

In reality, all of these things, operating together in a complex ecosystem, collectively failed to address this problem. Hindsight is 20/20 of course, but every day there are new software vulnerabilities to worry about and no way of knowing that this particular one would take down entire medical systems.

实际上,所有这些组成一个复杂系统的事物,共同运作,未能解决这个问题。 当然事后诸葛亮很简单,但每天都有新的软件漏洞需要担心,也无法知道哪个特定的软件将导致整个系统瘫痪。

The fact that this is a failure not of one organization, but of an ecosystem as a whole, is what makes Friday's attack that much more concerning.

事实上,这不是一个组织的失误,而是整个系统的失败,也是星期五的攻击中更值得关切的事实。

WCRY and other large-scale cyber attacks before it, like the Mirai botnet are just the tip of an iceberg of future chaos.

WCRY和之前的大型网络攻击,像未来僵尸(Mirai botnet)只是未来的冰山一角。

If this sort of attack takes a whole ecosystem to defend against, we can expect this to repeat itself over and over until the all the players come together.

如果这种攻击需要整个生态系统来防御,我们可以预见这种情形将持续反复,直到所有的人员一起努力。

We cannot leave people behind in old versions and must encourage consumer-oriented best practices for support lifetimes.

我们不能将人们留在旧版本中,并且必须鼓励制定以消费者为导向的最佳支持生命周期。

That should include promoting software end-of-life plans that favor open sourcing software when its support ends — either because of age or bankruptcy.

这应当包括推出软件终止计划,即在其支持停止之时公开源代码,或者由于年龄,或者基于破产。

Then people have at least a fighting chance of protecting themselves.

那么人们至少有一个保护自己的机会。

Ross Schulman is a co-director of the Cybersecurity Initiative and senior policy counsel at New America's Open Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and internet governance.

网页禁止转载
原文连接:http://www.eshareedu.com/News/detail/id/598.html


英语教材课程咨询


希尔斯公众号

-->