英语 英语 日语 日语 韩语 韩语 法语 法语 德语 德语 西班牙语 西班牙语 意大利语 意大利语 阿拉伯语 阿拉伯语 葡萄牙语 葡萄牙语 越南语 越南语 俄语 俄语 芬兰语 芬兰语 泰语 泰语 泰语 丹麦语 泰语 对外汉语

VOA科学技术2024--Near-miss Cyberattack Worries Officials, Tech Industry

时间:2024-08-06 07:23来源:互联网 提供网友:nan   字体: [ ]
    (单词翻译:双击或拖选)

German software developer Andres Freund was running performance tests last month when he noticed strange behavior in a little-known program. He decided1 to look into it. What he found frightened those in the software world and drew attention from tech executives and government officials.

Freund works for Microsoft in California. He discovered that the latest version of the open-source software program XZ Utils had been sabotaged3 by one of its developers. The action could have created a secret door to millions of servers across the internet.

Freund noticed the change before the latest version of XZ became widely used. His observation, security experts say, helped save the world from a digital security crisis

The near-miss has re-centered attention on the safety of open-source software. Open-source software is free. Volunteers often maintain the programs. Their openness means they serve as the foundation for the internet economy.

Many such projects depend on a small number of unpaid4 volunteers working on fixes and improvements.

XZ is a collection of file compression tools for the Linux operating system. It was long maintained by a single person, Lasse Collin.

But in a message published in June 2022, Collin said he was dealing5 with mental health issues. He suggested he was working privately6 with a new developer named Jia Tan.

Update logs available through the open-source software site Github show that Tan's role quickly expanded. By 2023 the logs show Tan was using his code in XZ. It is a sign that he had won a trusted role in the project.

But cybersecurity experts who have studied the logs say that Tan was only acting7 like a helpful volunteer. Over the next few months, they say, Tan introduced a nearly invisible backdoor into XZ.

Tan did not return messages sent to his email account. Reuters has been unable to find out who Tan is, where he is, or who he was working for. But many people who have examined his updates believe Tan is a pseudonym8 for an expert hacker9 or a group of hackers10. Experts say Tan was likely working for a powerful intelligence service.

Tan could easily have gotten away with the actions if Freund had not noticed something unusual. He noticed the latest version of XZ sometimes using an unexpected amount of processing power on the system he was testing.

Microsoft did not make Freund available for an interview. But in publicly available emails and posts to social media, Freund said a series of easy-to-miss clues led him to discover the backdoor.

The find "really required a lot of coincidences," Freund said on the social network Mastodon.

Among those in the open-source community, the discovery has been concerning. The volunteers who maintain the software that supports the internet are used to the idea of little pay or recognition. But the idea that they were now being hunted by well-resourced spies pretending to be volunteers was "incredibly intimidating," said Omkhar Arasaratnam. He is with the Open Source Security Foundation.

For government officials, the incident has raised concerns about how to protect open-source software. Assistant National Cyber Director Anjana Rajan told the online news organization Politico that "there's a lot of conversations that we need to have about what we do next" to protect open-source code.

Whatever the solution, almost everyone agrees the XZ incident shows that something must change.

"We got unreasonably11 lucky here," said Freund in another Mastodon post. "We can't just bank on that going forward."

Words in This Story

sabotage2 - v. the act of destroying or damaging something deliberately12 so that it does not work correctly

maintain - v. to reduce the size of by using special software

compression - n. to reduce the size of by using special software

role - n. a part that someone or something has in a particular activity or situation

invisible - adj. impossible to see

pseudonym - n. a name that someone uses instead of his or her real name

interview - n. a meeting at which people talk to each other in order to ask questions and get information

coincidence - n. a situation in which events happen at the same time in a way that is not planned or expected

pretend - v. to act as if something is true when it is not true

intimidate13 - v. to make afraid

conversation - n. an informal talk involving two people or a small group of people

bank on- phrasal v. to feel confident or sure about


点击收听单词发音收听单词发音  

1 decided lvqzZd     
adj.决定了的,坚决的;明显的,明确的
参考例句:
  • This gave them a decided advantage over their opponents.这使他们比对手具有明显的优势。
  • There is a decided difference between British and Chinese way of greeting.英国人和中国人打招呼的方式有很明显的区别。
2 sabotage 3Tmzz     
n.怠工,破坏活动,破坏;v.从事破坏活动,妨害,破坏
参考例句:
  • They tried to sabotage my birthday party.他们企图破坏我的生日晚会。
  • The fire at the factory was caused by sabotage.那家工厂的火灾是有人蓄意破坏引起的。
3 sabotaged 033e2d75029aeb415d2358fe4bf61adb     
阴谋破坏(某事物)( sabotage的过去式和过去分词 )
参考例句:
  • The main pipeline supplying water was sabotaged by rebels. 供水主管道被叛乱分子蓄意破坏了。
  • They had no competition because competitors found their trucks burned and sabotaged. 他们之所以没有竞争对象,那是因为竞争对象老是发现自己的卡车遭火烧或被破坏。 来自教父部分
4 unpaid fjEwu     
adj.未付款的,无报酬的
参考例句:
  • Doctors work excessive unpaid overtime.医生过度加班却无报酬。
  • He's doing a month's unpaid work experience with an engineering firm.他正在一家工程公司无偿工作一个月以获得工作经验。
5 dealing NvjzWP     
n.经商方法,待人态度
参考例句:
  • This store has an excellent reputation for fair dealing.该商店因买卖公道而享有极高的声誉。
  • His fair dealing earned our confidence.他的诚实的行为获得我们的信任。
6 privately IkpzwT     
adv.以私人的身份,悄悄地,私下地
参考例句:
  • Some ministers admit privately that unemployment could continue to rise.一些部长私下承认失业率可能继续升高。
  • The man privately admits that his motive is profits.那人私下承认他的动机是为了牟利。
7 acting czRzoc     
n.演戏,行为,假装;adj.代理的,临时的,演出用的
参考例句:
  • Ignore her,she's just acting.别理她,她只是假装的。
  • During the seventies,her acting career was in eclipse.在七十年代,她的表演生涯黯然失色。
8 pseudonym 2RExP     
n.假名,笔名
参考例句:
  • Eric Blair wrote under the pseudonym of George Orwell.埃里克·布莱尔用乔治·奧威尔这个笔名写作。
  • Both plays were published under the pseudonym of Philip Dayre.两个剧本都是以菲利普·戴尔的笔名出版的。
9 hacker Irszg9     
n.能盗用或偷改电脑中信息的人,电脑黑客
参考例句:
  • The computer hacker wrote that he was from Russia.这个计算机黑客自称他来自俄罗斯。
  • This site was attacked by a hacker last week.上周这个网站被黑客攻击了。
10 hackers dc5d6e5c0ffd6d1cd249286ced098382     
n.计算机迷( hacker的名词复数 );私自存取或篡改电脑资料者,电脑“黑客”
参考例句:
  • They think of viruses that infect an organization from the outside.They envision hackers breaking into their information vaults. 他们考虑来自外部的感染公司的病毒,他们设想黑客侵入到信息宝库中。 来自《简明英汉词典》
  • Arranging a meeting with the hackers took weeks againoff-again email exchanges. 通过几星期电子邮件往来安排见面,他们最终同意了。 来自互联网
11 unreasonably 7b139a7b80379aa34c95638d4a789e5f     
adv. 不合理地
参考例句:
  • He was also petty, unreasonably querulous, and mean. 他还是个气量狭窄,无事生非,平庸刻薄的人。
  • Food in that restaurant is unreasonably priced. 那家饭店价格不公道。
12 deliberately Gulzvq     
adv.审慎地;蓄意地;故意地
参考例句:
  • The girl gave the show away deliberately.女孩故意泄露秘密。
  • They deliberately shifted off the argument.他们故意回避这个论点。
13 intimidate 5Rvzt     
vt.恐吓,威胁
参考例句:
  • You think you can intimidate people into doing what you want?你以为你可以威胁别人做任何事?
  • The first strike capacity is intended mainly to intimidate adversary.第一次攻击的武力主要是用来吓阻敌方的。
本文本内容来源于互联网抓取和网友提交,仅供参考,部分栏目没有内容,如果您有更合适的内容,欢迎点击提交分享给大家。
------分隔线----------------------------
TAG标签:   VOA英语  慢速英语  科学技术
顶一下
(0)
0%
踩一下
(0)
0%
最新评论 查看所有评论
发表评论 查看所有评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
验证码:
听力搜索
推荐频道
论坛新贴