Linux专家警告开源软件日益吸引黑客
Linux expert warns of open source's growing appeal to hackers
Linux专家警告开源软件日益吸引黑客
《purple endurer注:1、warn of:警告(发出)
2、appeal to:对...有吸引力;对...产生吸引力》
by John McCormick
作者:John McCormick
翻译;Purple Endurer
英文来源:http://articles.techrepublic.com.com/5100-1009_11-6130846.html?tag=nl.e101
Tags: Linux | Open source | Hacking | Security threats | Patches
标签: Linux | 开源 | Hacking | 安全威胁 | 补丁
Takeaway: Alan Cox, a well-respected Linux developer, warned attendees of London's LinuxWorld that open source software is becoming more attractive to commercial hackers. In this edition of the IT Locksmith, John McCormick fills you in on Cox's statement and tells you about a new organization aiming to stop zero-day exploits.
导读:很受尊敬的Linux开发人员Alan Cox,警告参加伦敦Linux世界会议的人员,开源软件对商业黑客正越来越有吸引力。在本期IT锁匠里,John McCormick向你传输Cox的声明,并告诉你一个新组织旨在停止零日攻击。
《purple endurer注:1、attractive to:对…具有吸引力的
2、fill in:填写》
A Linux guru cautions that open source's growing popularity is attracting the unwanted attention of more hackers. Meanwhile, a new organization aims to stop zero-day exploits by making patches available sooner.
一位Linux领袖警告,开源软件的日益流行对更多黑客有不必要的吸引力。同时,一个新组织旨在通过更迅速地制作补丁来停止零日攻击。
Details
详情
Linux expert Alan Cox warned attendees of London's LinuxWorld conference last week that hackers were putting a lot of money and effort into cracking Linux and other open source projects. Cox, who works for Red Hat, was especially critical of uninformed media statements about how open source software is more secure and reliable. While some well-known open source projects are quite secure, the same doesn't hold true for lesser known projects.
Linux开发人员Alan Cox警告参加上周伦敦Linux世界会议的人员,黑客正投入更多的资金和努力破解Linux和其它开源项目。为红帽子工作的Cox,特别批判了声称开源软件如何更安全理工可靠的不知情媒体。尽管一些众所周知的开源项目确实安全,但对一些不太为人所知的项目则未必如此。
《purple endurer注:1、critical of:对…挑剔的
2、 It is universal truth that holds true for the whole world.这是一条放之四海而皆准的普遍真理。》
The veteran developer also took a shot at the European Commission's Software Quality Observatory for Open Source Software (SQO-OSS). The newly launched project aims to monitor the quality of open source development. It will release the core code under the BSD license.
这位老练的开发人员也回应了SQO-OSS。这个新启动的项目旨在监视开源发展的质量。它将在BSD许可协议下发行核心代码。
《purple endurer注:1、take a shot:开枪,照相,投球
2、European Commission:欧盟委员会
3、Software Quality Observatory for Open Source Software(SQO-OSS)该联盟是由研究机构、从事开放源代码项目的机构组成的,它一半的资金来自成员机构,另一半资金则来自欧盟委员会。SQO-OSS的目标之一是提供源代码质量标准,帮助证明开放源代码适合在企业部署。它还将根据自己的检测发布报告,为开放源代码软件打分。》
Several observers say that SQO-OSS, which boasts a 2.47 million Euro budget, focuses on the wrong metrics of quality and security, particularly by counting all bugs as equal. The overall goal of SQO-OSS is to improve the acceptance and competitiveness of EU software development projects by demonstrating their security. For a list of the project's goals, check out this fact sheet.
若干观察家说号称247万欧元预算的SQO-OSS,把注意力集中在错误的质量和安全标准上,特别是不分大小地计算所有的bug。SQO-OSS的总目标是通过展示安全性来增强欧盟软件开发项目的认同和竞争能力。按项目目标列表检验情况。
《purple endurer注:1、check out:离开(登记,检验,合格,计算总价并收钱,开支票付款,死)
2、fact sheet:情况说明书》
Less than zero?
少于零?
Becoming increasingly more concerned about businesses that are ignoring cyberattacks until they reach the point of wide exploitation, security experts have coined a new term—the "less than zero-day" attack. Zero-day attacks are ones that take place between the time of an exploit's publication and the release of the initial patch or antivirus/malware signature.
对商业公司忽略网络攻击直至其泛滥忧虑日益增加,安全专家们已造出了一个新术语—“小于零”攻击。零日攻击发生于漏洞公布日到发布补丁或反病毒/恶意软件特征码日之间。
《purple endurer注:1、concern about:对…的关心/忧虑》
But rather than waiting until "official" vendor patches become available, a new online organization—the Zeroday Emergency Response Team (ZERT)—aims to respond to release reliable non-vendor "emergency" patches for exploits as soon as they appear to pose a serious risk of exploitation. Of special interest to many users may be the ZProtector framework for patching zero-day vulnerabilities for Windows—beginning with Windows 95! As you probably know, this range includes a number of platforms no longer supported by Microsoft.
但不必等到官方补丁可用,一个新的在线组织—零日紧急响应小组(ZERT)—致力于针于可能产生严重风险的漏洞发布可靠的非官方紧急补丁。对一些用户特别有趣的可能是针对Windows零日漏洞打补丁的ZProtector framework——从Windows 95开始。你也许知道,这个范围包括许多微软不再支持的平台。
《purple endurer注:1、rather than:宁可...也不愿(与其...倒不如,而不是)
2、appear to:看来像是(看来似乎)》
Although ZERT works with a number of security tool vendors, the organization has no direct affiliation with any particular vendor. To see how ZERT approaches emergency patching of zero-day threats as compared to the official Microsoft patches, check out this ZERT analysis PDF document of the recently patched CVE-2006-4868 vulnerability.
ZERT尽管与许多安全工具提供商协作,这个组织不直接与特定提供商打交道。想看看与微软件官方补丁相比,ZERT如何处理零日威胁紧急补丁,就找近期ZERT对CVE-2006-4868 vulnerability漏洞补丁的分析PDF文档罢。
《purple endurer注:1、affiliate with:交往
2、as compared to:相比(同...比较起来)》
Final word
结束语
It should be obvious that the growing adoption of Linux by many businesses and government organizations means a lot of serious commercial hackers will be turning their attention to exploiting any flaws they can locate. However, it will likely take a number of public statements from respected Linux developers to really draw attention to this fact.
显而易见,一些商业公司和政府组织采用Linux的增长意味着大量商业黑客将把注意力转向利用其可定位的漏洞。然而,这同样使来自受尊敬的Linux开发人员的大量公开声明转向真正注意这个事实。
《purple endurer注:1、draw attention to:促使...注意(引起对...的注意)》
And speaking of obvious, it should go without saying that cyberthreats are most dangerous before an official patch is available. Unfortunately, many network managers aren't paying enough attention to this reality—even though their networks are the ones most at risk. I like the idea behind ZERT, but the project is in its infancy. Only time will tell if ZERT really has the solution.
说到明显,不用说,在官方补丁可用前网络威胁是最严重的。不幸地是,一些网络管理员c对此不够注意——即使他们的网络是最危险的。我喜欢ZERT的主意,但该项目还处于初期,只有时间会说明ZERT是否真的有解决方法。
《purple endurer注:1、speaking of:说到,谈到,至于....》
Linux专家警告开源软件日益吸引黑客相关推荐
- LVS(Linux Virtual Server,Linux虚拟服务器)开源软件创始人——章文嵩
章文嵩是技术专家,也是LVS(Linux Virtual Server,Linux虚拟服务器)开源软件创始人,曾经是TelTel公司的首席科学家,ChinaCluster的共同创办人.他对自己的看法是 ...
- Ubuntu Linux 操作系统-清华大学开源软件镜像站下载
Ubuntu 是一个由全球化的专业开发团队建造的操作系统.它包含了所有您需要的应用程序:浏览器.Office 套件.多媒体程序.即时消息等.Ubuntu 是一个 Windows 和 Office 的开 ...
- Linux下通过开源软件fail2ban进行远程登录防护
一.通过开源软件fail2ban实现防暴力破解: Fail2ban程序可以监视系统日志,匹配日志错误信息执行相应的屏蔽动作,可以通过发送e-mail通知系统管理员 fail2ban就是防暴力破 ...
- linux堡垒机开源软件,Jumpserver开源堡垒机
Jumpserver开源跳板机系统部署 1.简介 Jumpserver使用Python / Django进行开发,遵循Web 2.0规范,配备了业界领先的Web Terminal解决方案,交互界面美观 ...
- linux 添加路由_在 Linux 上使用开源软件创建 SDN | Linux 中国
使用开源路由协议栈 Quagga,使你的 Linux 系统成为一台路由器.https://linux.cn/article-12199-1.html作者:M Umer译者:messon007 网络路由 ...
- linux堡垒机开源软件,开源堡垒机-01-JumpServer的安装
前段时间曾经用过JumpServer帮助一个客户完成了他的关于堡垒机的需求,由于当时赶进度,没来得及将整个过程记录和完善,现在抽时间慢慢整理下. 1)JumpServer的介绍 Jumpserver ...
- linux 系统下开源软件 ngspice 仿真实例,调侃Spice历史和GNU/Linux下做Spice电路仿真...
更应该注意一个细节问题:BSD在开发SPICE那时,就已经Open Source么? 经过小小的考证(所以,我说这个文章是"调侃"),原来大家非常熟悉的BSD License最早可 ...
- 嵌入式linux系统移植的四大步骤_如何移植开源软件到嵌入式Linux系统
我们知道,在PC机Linux上,安装开源软件,一般来讲,大多是如下几个步骤就搞定了. tar -xzf open_source_software.tar.gz cd open_sourc ...
- linux开源软件_使用Linux和免费的开源软件进行专业媒体制作
linux开源软件 是否可以使用免费的开源软件在Linux上制作专业媒体? 我们在Dototot坚信这一点. 我们仅运行Linux(Mint是我们的首选口味),并在可行时使用免费的开源软件. 在Ope ...
最新文章
- SQL Server 储存过程的output 参数
- 再见中台,你好!企业数字化转型
- 如何让Web.xml变得简洁?
- Android 截屏并写入SD卡中
- 【Python刷题】_5
- 黑马程序员——OC语言基本语法知识(一)
- hdu 3449(依赖背包)
- SEO是企业发展的永恒主题
- msf生成php,使用msfpayload生成后门(asp,aspx,php,jsp,exe)等
- elasticSearch5.x与mysql数据库同步
- 张家口全国计算机等级考试,河北省张家口市2018年上半年计算机等级考试公告...
- python Pandas文件读写
- Mybatis破MySql8小时断线问题
- 基于深度学习的SLAM综述:迈向空间机器智能时代
- js实现数字转化为大写金额——js技能提升
- Meterpreter命令详解
- 什么是即席查询及即席查询实现
- 【MATLAB】clear和clc用法
- 2013-2014 ACM-ICPC, NEERC, Southern Subregional Contest Problem F. Judging Time Prediction 优先队列...
- 人工智能-机器学习-特征工程