英语 英语 日语 日语 韩语 韩语 法语 法语 德语 德语 西班牙语 西班牙语 意大利语 意大利语 阿拉伯语 阿拉伯语 葡萄牙语 葡萄牙语 越南语 越南语 俄语 俄语 芬兰语 芬兰语 泰语 泰语 泰语 丹麦语 泰语 对外汉语

雅虎向黑客送上厚礼 数据泄露事件影响到10亿多用户

时间:2016-12-29 01:03来源:互联网 提供网友:mapleleaf   字体: [ ]
特别声明:本栏目内容均从网络收集或者网友提供,供仅参考试用,我们无法保证内容完整和正确。如果资料损害了您的权益,请与站长联系,我们将及时删除并致以歉意。
    (单词翻译:双击或拖选)

   Oh, Yahoo, where do I start? We used to be good together back in 2004.

  天哪,雅虎(Yahoo),我该从哪里说起呢?2004年我们在一起时曾经很快乐。
  But now I’m angry and disappointed.
  但如今,我感到既生气又失望。
  And it’s not me, it’s Yahoo.
  而问题不在我,是雅虎。
  The data breach1 the company disclosed last week, affecting more than 1bn users, dates back to 2013 — a year earlier than the breach of 500m accounts reported in September.
  雅虎上周公布的数据泄露事件影响到10亿多用户,时间要回溯到2013年,比今年9月报告的5亿账户泄密要早一年。
  Whether you use Yahoo or not, disabuse2 yourself immediately of any notion that this breach is like the last.
  不管你是否使用雅虎,马上抛弃这次泄密与上次一样的看法吧。
  The implications are worse and reach beyond the company.
  其影响更糟,而且影响范围超越该公司。
  And it’s not just about the number of people affected3.
  这不仅仅是有多少人受影响的问题。
  This time Yahoo is saying outright4 that all affected user passwords were stored in a manner that makes your average cyber security bod go nuts at the madness of the world.
  这一次,雅虎直截了当地表示,所有受影响用户的密码存储方式,都会让对网络安全稍有了解的人对世界的疯狂跳脚。
  Security! experts! slam! Yahoo! management! for! using! old! crypto! ran a headline in The Register, an industry rag, mocking the internet company’s corporate5 punctuation6.
  行业小报《The Register》的标题是:安全专家抨击雅虎管理层使用旧的加密技术!这里的惊叹号是在嘲弄雅虎这家互联网公司的标识。
  To understand the frustration7, imagine that a password database is like a bike in an area prone8 to high levels of bike theft — a university town such as Oxford9, UK.
  要了解人们的失望之情,想象一个密码数据库就像在一个自行车失窃风险很高的地方(例如英国牛津等大学城)停放的一辆自行车。
  It matters how securely your bike is stored and also how much it’s rendered unrideable with locks.
  重要的是你的自行车存放方式有多么安全,车锁在多大程度上使自行车无法被盗用。
  As Yahoo’s password bike is known to have been stolen (again), it’s the additional locks and how strong they are that now matter.
  我们已知道,雅虎的密码自行车已(再次)被窃,现在的重要问题是有没有额外的车锁以及它们有多么坚固。
  In password terms, strength equates10 to how easy is it to recover the plain-text version of what you type in — such as hansolo81 — from the unusable hashed version that the company stores.
  用密码的术语来说,密码强度相当于从该公司存储的无法使用的经过加盐(hashed)处理的版本恢复为你键入的纯文本格式(例如hansolo81)密码的容易程度。
  A hashed version would look something like: 57dddf57a98dc88c64327fe6bb5b9358.
  经过加盐处理的数据看上去像57dddf57a98dc88c64327fe6bb5b9358。
  If the thieves can recover hansolo81, they can ride it into your bank account, PayPal — or anywhere else you used this password or predictable variants11 of it, such as Hansolo81, han$olo81 or hansolo82.
  如果窃贼可以恢复hansolo81,那么他们就能顺藤摸瓜,进入你的银行账户、PayPal或者其他任何你使用这个密码或这个密码的可预测变异形式的地方,例如Hansolo81、han$olo81或者hansolo82。
  So you’d think Yahoo would deploy12 chunky chain locks like those that cycle couriers use.
  因此你会以为,雅虎会使用结实的链条锁,就像那些骑车的快递员所用的那种。
  But, actually, it looks as if the company instead tied a ribbon between the front wheel and the frame.
  但实际上,该公司好像是用一条丝带把前轮和车架拴在一起。
  In the jargon13, they used a method involving a function called MD5 — the same poor choice made by adultery website Ashley Madison for some of its users’ passwords, and by music service Last.fm, both of which experienced breaches14.
  用术语来说,他们所用的方法采用了一种被称为MD5的函数,与成人网站Ashley Madison为其一部分用户的密码以及音乐服务公司Last.fm做出的糟糕选择一样,这两家公司都遭遇信息被窃。
  Ask tech nerds what they think about MD5 and you’ll hear incredulity that any company (let alone a large, internet-based company) was still using it in 2013, that doing so is outright negligence15, that there’s no excuse for it and that it was discredited16 a couple of decades ago.
  问问那些科技迷他们对MD5的看法吧,你会听到他们说,任何公司(更别提一家大型互联网公司了)如果在2013年仍使用这种方法简直匪夷所思;这么做是绝对的失职;对此没有任何借口;这种方法在20年前就被否定了。
  By the time of the 2014 breach, Yahoo had nearly finished a wildly overdue17 upgrade to its locks, switching to bcrypt.
  到了发生2014年那次黑客入侵时,雅虎已接近完成早该进行的对其密码加锁方法的升级,即改用bcrypt加密工具。
  If well implemented18, this makes its password bike unusable to thieves.
  如果实施得当,这将让窃贼无法盗用雅虎的密码自行车。
  Getting from 57dddf57a98dc88c64327fe6bb5b9358 to hansolo81 would be very unlikely.
  从57dddf57a98dc88c64327fe6bb5b9358恢复到hansolo81将是极不可能的。
  So, while that breach endangered users, it was a less epic19 fail than the more recently reported compromise.
  因此,尽管那次泄密危及用户,但与最近报道的事件相比,那还是一个不那么严重的失误。
  It’s worth being clear about the consequences of Yahoo’s incredibly poor security practices as recently as three years ago: the company has probably unleashed20 the single biggest known data set showing how the world constructs passwords.
  值得明确雅虎在仅仅3年前非常糟糕的安全做法的后果:该公司很可能泄露了已知单一最大数据集,显示世界是如何构建密码的。
  This is a powerful tool for guessing one’s way into accounts, especially on services that don’t limit such attempts well or offer additional security measures, such as two-factor authentication21.
  这是依靠猜测侵入账户的强大工具,特别是对于没有很好地限制这种企图或者没有提供额外安全措施(例如二元验证)的服务。
  And it’s a gift to malicious22 actors who increasingly know us better than we know ourselves.
  这是送给那些恶意黑客的一份厚礼,后者对我们的了解日益超过我们自己。
  Also, Yahoo can force password resets23 only on its own service.
  另外,雅虎只能强迫用户在其网站上重置密码。
  There is nothing Yahoo can do to make people change identical or similar passwords used on other sites.
  它无法让用户修改在其他网站使用的同样或类似的密码。
  Furthermore, as with the last breach, the company hasn’t disclosed how many security questions and answers were badly stored.
  此外,与上次泄密一样,雅虎没有披露有多少安全问题和答案是以糟糕的方式存储的。
  They state only that the data were kept either encrypted or unencrypted — the latter being in readable text.
  他们只是声明,这些数据的存储方式可能加密,也可能未加密,后一种意味着可读文本。
  How many people can remember whether or not they once had a Yahoo account, let alone what security information they used, and whether they used that same information in their other accounts?
  有多少人还能记得他们是否曾经拥有过雅虎账户?更别提他们用过的安全信息、以及他们是否在其他账户上使用过同样的信息了。
  Where else did you use your mother’s maiden24 name, first pet, favourite colour, school or teacher?
  你还在哪里使用过你母亲的娘家姓氏、第一只宠物的名字、最喜欢的颜色、学校或老师的名字?
  The consequences of organisations’ poor security decisions will come back to haunt us.
  公司糟糕安全决定的后果将回过头来困扰我们。
  I only hope Yahoo marks the worst, if not the last.
  我只希望雅虎标志着最糟糕的的安全实践,如果不是最后一个的话。

点击收听单词发音收听单词发音  

1 breach 2sgzw     
n.违反,不履行;破裂;vt.冲破,攻破
参考例句:
  • We won't have any breach of discipline.我们不允许任何破坏纪律的现象。
  • He was sued for breach of contract.他因不履行合同而被起诉。
2 disabuse yufxb     
v.解惑;矫正
参考例句:
  • Let me disabuse of that foolish prejudices.让我消除那个愚蠢的偏见。
  • If you think I'm going to lend you money,I must disabuse you of that wrong idea.你若认为我会借钱给你,我倒要劝你打消那念头。
3 affected TzUzg0     
adj.不自然的,假装的
参考例句:
  • She showed an affected interest in our subject.她假装对我们的课题感到兴趣。
  • His manners are affected.他的态度不自然。
4 outright Qj7yY     
adv.坦率地;彻底地;立即;adj.无疑的;彻底的
参考例句:
  • If you have a complaint you should tell me outright.如果你有不满意的事,你应该直率地对我说。
  • You should persuade her to marry you outright.你应该彻底劝服她嫁给你。
5 corporate 7olzl     
adj.共同的,全体的;公司的,企业的
参考例句:
  • This is our corporate responsibility.这是我们共同的责任。
  • His corporate's life will be as short as a rabbit's tail.他的公司的寿命是兔子尾巴长不了。
6 punctuation 3Sbxk     
n.标点符号,标点法
参考例句:
  • My son's punctuation is terrible.我儿子的标点符号很糟糕。
  • A piece of writing without any punctuation is difficult to understand.一篇没有任何标点符号的文章是很难懂的。
7 frustration 4hTxj     
n.挫折,失败,失效,落空
参考例句:
  • He had to fight back tears of frustration.他不得不强忍住失意的泪水。
  • He beat his hands on the steering wheel in frustration.他沮丧地用手打了几下方向盘。
8 prone 50bzu     
adj.(to)易于…的,很可能…的;俯卧的
参考例句:
  • Some people are prone to jump to hasty conclusions.有些人往往作出轻率的结论。
  • He is prone to lose his temper when people disagree with him.人家一不同意他的意见,他就发脾气。
9 Oxford Wmmz0a     
n.牛津(英国城市)
参考例句:
  • At present he has become a Professor of Chemistry at Oxford.他现在已是牛津大学的化学教授了。
  • This is where the road to Oxford joins the road to London.这是去牛津的路与去伦敦的路的汇合处。
10 equates 7b5a7f0640b2cedfd39d5d5473d911d4     
v.认为某事物(与另一事物)相等或相仿( equate的第三人称单数 );相当于;等于;把(一事物) 和(另一事物)等同看待
参考例句:
  • He equates success with material wealth. 他认为成功等同于物质财富。 来自《简明英汉词典》
  • This equates to increased and vigor, better sleep and sharper mental acuity. 也就是说可以起到增强活力,改善睡眠,提高心智的作用。 来自互联网
11 variants 796e0e5ff8114b13b2e23cde9d3c6904     
n.变体( variant的名词复数 );变种;变型;(词等的)变体
参考例句:
  • Those variants will be preserved in the'struggle for existence". 这些变异将在“生存竞争”中被保留下来。 来自辞典例句
  • Like organisms, viruses have variants, generally called strains. 与其他生物一样,病毒也有变种,一般称之为株系。 来自辞典例句
12 deploy Yw8x7     
v.(军)散开成战斗队形,布置,展开
参考例句:
  • The infantry began to deploy at dawn.步兵黎明时开始进入战斗位置。
  • The president said he had no intention of deploying ground troops.总统称并不打算部署地面部队。
13 jargon I3sxk     
n.术语,行话
参考例句:
  • They will not hear critics with their horrible jargon.他们不愿意听到评论家们那些可怕的行话。
  • It is important not to be overawed by the mathematical jargon.要紧的是不要被数学的术语所吓倒.
14 breaches f7e9a03d0b1fa3eeb94ac8e8ffbb509a     
破坏( breach的名词复数 ); 破裂; 缺口; 违背
参考例句:
  • He imposed heavy penalties for breaches of oath or pledges. 他对违反誓言和保证的行为给予严厉的惩罚。
  • This renders all breaches of morality before marriage very uncommon. 这样一来,婚前败坏道德的事就少见了。
15 negligence IjQyI     
n.疏忽,玩忽,粗心大意
参考例句:
  • They charged him with negligence of duty.他们指责他玩忽职守。
  • The traffic accident was allegedly due to negligence.这次车祸据说是由于疏忽造成的。
16 discredited 94ada058d09abc9d4a3f8a5e1089019f     
不足信的,不名誉的
参考例句:
  • The reactionary authorities are between two fires and have been discredited. 反动当局弄得进退维谷,不得人心。
  • Her honour was discredited in the newspapers. 她的名声被报纸败坏了。
17 overdue MJYxY     
adj.过期的,到期未付的;早该有的,迟到的
参考例句:
  • The plane is overdue and has been delayed by the bad weather.飞机晚点了,被坏天气耽搁了。
  • The landlady is angry because the rent is overdue.女房东生气了,因为房租过期未付。
18 implemented a0211e5272f6fc75ac06e2d62558aff0     
v.实现( implement的过去式和过去分词 );执行;贯彻;使生效
参考例句:
  • This agreement, if not implemented, is a mere scrap of paper. 这个协定如不执行只不过是一纸空文。 来自《现代汉英综合大词典》
  • The economy is in danger of collapse unless far-reaching reforms are implemented. 如果不实施影响深远的改革,经济就面临崩溃的危险。 来自辞典例句
19 epic ui5zz     
n.史诗,叙事诗;adj.史诗般的,壮丽的
参考例句:
  • I gave up my epic and wrote this little tale instead.我放弃了写叙事诗,而写了这个小故事。
  • They held a banquet of epic proportions.他们举行了盛大的宴会。
20 unleashed unleashed     
v.把(感情、力量等)释放出来,发泄( unleash的过去式和过去分词 )
参考例句:
  • The government's proposals unleashed a storm of protest in the press. 政府的提案引发了新闻界的抗议浪潮。
  • The full force of his rage was unleashed against me. 他把所有的怒气都发泄在我身上。 来自《简明英汉词典》
21 authentication jO5yS     
鉴定,认证
参考例句:
  • Computer security technology includes mainly:Authentication,Encryption,Access Control,Auditing and so on.计算机网络安全技术主要有: 认证授权、数据加密、访问控制、安全审计等。
22 malicious e8UzX     
adj.有恶意的,心怀恶意的
参考例句:
  • You ought to kick back at such malicious slander. 你应当反击这种恶毒的污蔑。
  • Their talk was slightly malicious.他们的谈话有点儿心怀不轨。
23 resets c0fdbf9242c72a661f26d16e7b81afe2     
v.重新安放或安置( reset的第三人称单数 );重拨(测量仪器指针);为(考试、测试等)出一套新题;重新安置,将…恢复原位
参考例句:
  • Regenerating the map resets the statistics in the Info screen. 重新生成地图时,信息窗口的统计数据会重置。 来自互联网
  • This resets CSS values that browsers tend to set for you. 用于重置页面,对没有指定css属性的页面元素指定缺省值。 来自互联网
24 maiden yRpz7     
n.少女,处女;adj.未婚的,纯洁的,无经验的
参考例句:
  • The prince fell in love with a fair young maiden.王子爱上了一位年轻美丽的少女。
  • The aircraft makes its maiden flight tomorrow.这架飞机明天首航。
本文本内容来源于互联网抓取和网友提交,仅供参考,部分栏目没有内容,如果您有更合适的内容,欢迎点击提交分享给大家。
------分隔线----------------------------
TAG标签:   雅虎
顶一下
(0)
0%
踩一下
(0)
0%
最新评论 查看所有评论
发表评论 查看所有评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
验证码:
听力搜索
推荐频道
论坛新贴