-
(单词翻译:双击或拖选)
Tech Companies Racing1 to Fix At-Risk Internet Software
Computer security experts around the world are trying to fix one of the worst software weaknesses found in years.
The vulnerability is in an open-source program widely used by government and industry. It has become a major threat to organizations around the world.
"The internet's on fire right now," said Adam Meyers. He is the vice2 president at the cybersecurity company Crowdstrike.
The problem is found in an open-source Apache utility called log4j. It is used to run websites and other web services. The vulnerability is known as "Log4Shell."
The software problem's severity was rated 10 on a scale from one to 10 by the Apache Software Foundation, which oversees3 development of the software.
The vulnerability was reported on November 24 by the Chinese technology company Alibaba. It took two weeks to develop a patch.
Last week, Meyers said that within 12 hours of discovering the problem it had been "fully4 weaponized." He said criminals have already developed and distributed tools to exploit it.
Experts say the bug5, another word for a software problem, may be the worst computer weakness discovered in years. The Apache software is used in almost all cloud computing6 servers, across industry and government.
Unless it is fixed7, the bug gives criminals the ability to easily access internal networks. There, they could steal important data, put malware in place, and do much more damage.
Joe Sullivan is the head of security for Cloudflare, a company that protects websites from security threats.
"I'd be hard-pressed to think of a company that's not at risk," he said. Millions of servers have the software, and experts said the impact would not be known for several days.
Amit Yoran is the head the cybersecurity company Tenable. He called it "the single biggest, most critical vulnerability of the last decade," and maybe the history of modern computing.
Experts said the vulnerability makes it easy for an attacker to access a web server, and makes it very dangerous. There is no password required to access a server.
Patching the bug could be a difficult job. Most organizations and cloud providers like Amazon should be able to update their web servers easily. But the same Apache software is also used by many third-party programs, which often can only be updated by their owners.
Yoran, of Tenable, said organizations need to act as if they have been affected8 and fix the problem.
The first clear signs of the bug's exploitation appeared in Minecraft, an online game popular with children. Attackers were able to take over one of the world-building game's servers before Microsoft, which owns Minecraft, patched the problem.
Microsoft said it had completed a software update for Minecraft users. "Customers who apply the fix are protected," the company said.
Researchers say the vulnerability could also be exploited in servers run by companies like Apple, Amazon, Twitter and Cloudflare.
Words in This Story
vulnerability — n. something open to attack, harm, or damage
utility — n. a computer program that does a specific task
patch — n. a program that corrects or updates an existing program
exploit — v. to use in a way that helps you unfairly
malware — n. a computer program that is designed to damage or break into a computer
收听单词发音 |
1
racing
|
|
| n.竞赛,赛马;adj.竞赛用的,赛马用的 | |
参考例句: |
|
|
|
|
2
vice
|
|
| n.坏事;恶习;[pl.]台钳,老虎钳;adj.副的 | |
参考例句: |
|
|
|
|
3
oversees
|
|
| v.监督,监视( oversee的第三人称单数 ) | |
参考例句: |
|
|
|
|
4
fully
|
|
| adv.完全地,全部地,彻底地;充分地 | |
参考例句: |
|
|
|
|
5
bug
|
|
| n.虫子;故障;窃听器;vt.纠缠;装窃听器 | |
参考例句: |
|
|
|
|
6
computing
|
|
| n.计算 | |
参考例句: |
|
|
|
|
7
fixed
|
|
| adj.固定的,不变的,准备好的;(计算机)固定的 | |
参考例句: |
|
|
|
|
8
affected
|
|
| adj.不自然的,假装的 | |
参考例句: |
|
|
|
购买
在百度中搜索