英国新闻听力 电话银行的危险性(在线收听) |
'Welcome to the Internet banking support service. To reset your security details please press 1. For all other enquiries press 2.' Banking by telephone is hardly new. But it's not so much old-fashioned phones that have caused the banks problems as computers. They've allowed criminals to do from home what they used to do with a mask and a sawn-off shotgun. So now that telephony is moving onto the net should we be worried? The real problem with VOIP is that it means that the telephone system is now going to be as secure as the Internet. In other words yes, very worried. The Grug as he styles himself is a leading security expert specialising in Internet telephony or VOIP as it is often called. What I expect we are going to be seeing in a few months, and what's already technically possible, is for an attacker to gain access to a call centre. Because Internet telephony is software based it's vulnerable to hacking and it offers a way in for attackers with potentially serious consequences. An attacker would be able to break into the call centre. He could then set up a server which would monitor all of the traffic and during the hold music it would be possible for an attacker to inject content such as, 'in order for us to better serve you please enter your account number and pin code.' When I caught up with the Grug he was in Malaysia for the Hack In The Box Security Conference where he both gave a key note speech and held training sessions for security professionals. In my training class I actually have several guys from banks who are freaking out because they had showed up hoping to learn how to secure VOIP and deploy VOIP internally within their own infrastructures. And they have learned that but they have also found out that that's not going to be enough. They need to make sure that everywhere, everyone who has a VOIP system that is connected to the Internet is secure. Otherwise the entire system falls apart. It's basically a house of cards. “欢迎您使用网上银行服务支持系统。重设安全信息请按1,其他业务请按2。” 电话银行已经不算是新鲜事物了。但老式电话机造成的银行问题还是没有计算机造成的问题多。计算机使得以前戴着面具,举着短枪的歹徒现在在家中就可以进行犯罪。现在,电话业务已经被转移到了互联网上,我们是不是也要担心呢? VOIP(因特网声传协议)的真正问题在于,电话系统的安全性现在正变得和互联网一样。 换句话说,是的,我们要非常担心。格拉格把自己称作因特网电话方面--或者经常被简称为VOIP方面的顶级安全专家。 我本来预期我们要几个月后才能见面,而现在黑客已经掌握了进入电话中心的技术了。 因为因特网电话是以软件为基础的,所以它不可避免会受到黑客的攻击,而且它为黑客提供的这条通道极有可能会产生严重后果。 黑客将可能进入电话系统,然后建立一个服务器,监测所有的电话。在等候音乐期间,黑客有可能加入一条信息,内容比如为“为了更好地为您服务,请输入您的账号和密码。” 当我终于和格拉格见面时,他正在马来西亚参加黑客安全大会。在大会上,他做了一个公开演讲,并对安全技术人员开展了相关培训。 在培训课上我亲身感受到,好几个银行方面的人员都异常激动,近乎失控。他们表现出极大的愿望,想要学习如何才能做好VOIP的安全工作,如何在他们的下属机构内部配备VOIP。他们已经学习了相关知识,但他们仍然觉得那些知识不够用。他们必需确保每个地方,每个人使用的VOIP系统都是连接到安全的因特网上。否则,整个系统就会分崩离析--那样的话,系统就只是一栋有着多张门卡的房子。 |
原文地址:http://www.tingroom.com/lesson/ygxwtl/518472.html |