—— 持续领航 品牌经营 ——


搜索关键词:  as  test  xxx

开云体育全站app下载:即使远离网络 也难摆脱黑客攻击

来源:开云体育全站app下载   发布时间:2022-12-16 10:37nbsp;  点击量:

本文摘要:It took the hackers less than two hours to take over Patsy Walsh’s life.将近两个小时,黑客就接管了帕斯蒂·沃尔什(Patsy Walsh)的生活。


It took the hackers less than two hours to take over Patsy Walsh’s life.将近两个小时,黑客就接管了帕斯蒂·沃尔什(Patsy Walsh)的生活。On a recent Friday, Mrs. Walsh, a grandmother of six, volunteered to allow two hackers to take a crack at hacking her home. How bad could it be?沃尔什是六个孩子的祖母,最近一个周五,她志愿参与一个活动,容许两名黑客侵略她家。这能有多难受呢?Mrs. Walsh did not consider herself a digital person. As far as she knew, her home was not equipped with any “smart devices,” physical objects like refrigerators and thermometers that transmit information to the Internet. Sure, she has a Facebook account, which she uses to keep up on friends’ lives, but rarely does she post about her own.沃尔什自指出不是一个数码爱好者。

就她熟知,她家中也没任何“智能设备”,即可以将信息上载互联网的物品,比如智能冰箱和智能温度计。当然,她有一个Facebook帐号,她通过这个帐号来理解朋友们的生活状况,但她很少公布关于自己的内容。“I don’t post things about myself and don’t really understand why other people do,” Mrs. Walsh said. “The fact you can go from one friend’s profile to their friends’ profiles is creepy. I guess you could find out a lot of information about somebody if you really wanted to.”“我不怎么放关于自己的内容,我也何必明白为什么其他人不会这么做到,”沃尔什说。

“你可以挨个查阅朋友的主页,这有点可怕。我猜中,只要你真为心想坎某人的信息,你就可以追查一大堆。”Indeed. Days before hackers even set foot in Mrs. Walsh’s home overlooking Mount Tamalpais in Marin County, Calif., they found her Facebook account and — though it was comparatively locked down — uncovered just enough to begin to take over her digital life. The New York Times was invited to witness the hacking, on the condition that Mrs. Walsh’s town not be named.的确如此。

沃尔什居住于在加利福尼亚州,可以从家中眺望马林县的塔玛珮斯山,而黑客在踏上她家的数日之前,就找到了她的Facebook账号——尽管它相对来说是保密的——取得了不足以接管她的数字生活的信息。《纽约时报》受邀亲眼了这起黑客行动,前提是不透漏沃尔什住在哪个城镇。The twist was that once the hackers found their way in, they discovered someone else had already been there.亮点在于,黑客在顺利入侵之后,找到早已有人来过这里。

The hackers could see that Mrs. Walsh had liked a page organized by Change.org. That was all they needed to construct some convincing click bait. Within 10 minutes, they composed a fake email from Change.org asking her to sign a fake petition about land use in Marin County.黑客可以看见沃尔什赞过Change.org公布的一个页面。意味着是这样,他们就建构了一些令人信服的页面诱饵。将近10分钟,他们假造了一份来自Change.org的假电邮,请求她在一份关于马林县土地利用的假请愿书上亲笔签名。

When that link led her to a page that asked her to enter her email address and password, she complied. To spare Mrs. Walsh any actual harm, the hackers used a service called Phish5, which does not actually store passwords and is often used by employers to test employees’ ability to spot malicious phishing cons.页面该链接后,她攀上一个网页,拒绝她输出电邮地址和密码,她照做了。为了不想沃尔什遭到任何实质上的危害,黑客用于了一个取名为Phish5的服务,它并不确实存储密码,雇员一般来说用它来测试雇员辨识蓄意假货内容的能力。Had the two been actual attackers, they would have had all the information they needed to “pwn” Mrs. Walsh — hacker speak for taking over someone’s digital life — from afar, particularly because, Mrs. Walsh confessed, she was guilty of using the same password across many accounts.如果这两名黑客是动真格的,他们就早已远程提供了“pwn”沃尔什所须要的一切信息。

“pwn”是黑客的行话,指接管某人的数字生活。沃尔什否认,她在有所不同的账户上用于了某种程度的密码,而这让黑客侵略显得最为精彩。All this before they had even set foot in Mrs. Walsh’s home.所有这一切还是在他们登门拜访沃尔什之前已完成的。The hackers, Reed Loden, the 27-year-old director of security of HackerOne, a San Francisco security start-up, and Michiel Prins, the 25-year-old co-founder of HackerOne, were greeted warmly when they arrived at her home.这两名黑客是旧金山初创安全性企业HackerOne公司27岁的安全性总监里德·洛登(Reed Loden)和25岁的牵头创始人米希尔·普林斯(Michiel Prins)。

到沃尔什家时,他们受到了冷淡的青睐。“Welcome Hackers” was scrawled on a heart-shaped chalkboard on the front door, and deviled eggs, tuna sandwiches and fresh iced tea were waiting. Mrs. Walsh said she expected the hackers would wear black, but Mr. Loden and Mr. Prins did not fit that stereotype. Mr. Loden, who hails from Mississippi, ended his sentences with a warm “thank you, ma’am” — his manners intact even while explaining that he had just hacked Mrs. Walsh’s power of attorney form.前门挂着一块心形的黑板,上面写出着“黑客请求入”。还有魔鬼蛋、金枪鱼三明治和爽口的冰茶等着他们。


即便是在说明自己刚入侵了沃尔什的法律授权书时,神情也并没变化。“They’re very polite,” Mrs. Walsh noted. (Later, she invited both to Thanksgiving dinner.)“他们十分有礼貌,”沃尔什说(后来,她还邀两人共计入感恩节晚餐)。

Over an hour and a half, they discovered a way to open the Walshes’ garage door. It was simply a matter of using a “brute force attack” against an older door opener. The process entailed testing thousands of code combinations until hitting the correct one. Earlier this year, the hacker Samy Kamkar demonstrated how to do this in less than 10 seconds using a Mattel toy.在一个半小时的时间里,他们寻找了关上沃尔什家车库门的办法,只必须“用蛮力”反击上了年头的门口器才可。这个过程必须试验数千个密码人组,直到中举出有准确的那个。今年早些时候,一个名为萨米·卡姆卡尔(Samy Kamkar)的黑客展示了如何在将近十秒钟的时间里,用一个美泰(Mattel)玩具已完成这件事。

Mr. Loden and Mr. Prins also found a way to intercept Mrs. Walsh’s television. A service worker had not installed her DirecTV securely, with a password, which meant anyone with knowledge of the device’s I.P. address could control the television remotely.洛登和普林斯还找到了掌控沃尔什家电视的办法。服务人员给她加装DirecTV时的作法并不安全性,没设置密码,这意味著任何人,只要告诉这台设备的IP地址,就能远程控制电视。

In this case, the hackers used their access to purchase a three-hour pass to an array of adult channels — the names of which would not be suitable for print here.在这个案例里,两名黑客利用自己获得的权限,出售了三小时的观赏许可,可以收听一系列成人频道。这些频道的名字不应在此刊登。Still, Mrs. Walsh was not impressed. “What’s so wrong about getting into my TV?” When Mr. Loden pointed out that someone could blast pornography in her living room in the middle of a dinner party, Mrs. Walsh conceded, “I can see how that would be a little shocking to guests.”但沃尔什并没很在乎。

“密码我家的电视有什么大问题吗?”但当洛登认为,有人可以在她举行家宴时,让客厅的电视忽然播出色情作品之后,沃尔什否认,“我能想象客人不会有些愤慨。”From there, the hackers made their way to the back of Mrs. Walsh’s house, where her PC was waiting. With her passwords posted on the nearby router, their task was easy. Within minutes, they had not only broken into Mrs. Walsh’s email account, but also that of her daughter — who at some point had allowed the computer’s browser to auto-fill her password. (As a courtesy, the hackers made sure to send Mrs. Walsh’s daughter an email from her own account with the subject line: “Reminder: Change my password.”)然后,两名黑客回到沃尔什家的后院。她的个人电脑放到那里,正等待黑客入侵。


(两人做到了件好事,用沃尔什女儿自己的账户给她放了一封电子邮件,主题栏上写出着:“警告:改为密码。”)They searched Mrs. Walsh’s email for the term “SSN” and within seconds had access to her Social Security number, her PayPal account, her air miles account and her insurance information. They had even gotten their hands on her power of attorney form.他们在沃尔什的邮件中搜寻“SSN”,几秒钟后之后提供了她的社会安全性号码、PayPal账号、航空里程分数账号和保险信息。

他们甚至还能对她的法律授权书做手脚。What’s worse, they weren’t the only ones with access to all of the above. Mr. Loden and Mr. Prins ran a scan for malicious programs running on Mrs. Walsh’s machine and found roughly 20, including InstallBrain, an installer that can download malicious programs on demand, like one that helps attackers mine for Bitcoin. And others like DefaultTab, FunWebProducts, SearchProtect, SlimCleaner and Supreme Savings that can change a victim’s home page, spy on search and browsing histories, or replace ads on websites like Facebook and Google with intrusive programs.更加差劲的是,他们不是唯一能提供上述所有信息的人。在对沃尔什电脑上运营的程序展开扫瞄后,洛登和普林斯找到了约20个恶意程序,还包括InstallBrain。这是一个安装程序,需要按指令iTunes恶意程序,如一款协助攻击者分解比特币(Bitcoin)的程序。

其他像DefaultTab、FunWebProducts、SearchProtect、SlimCleaner和Supreme Savings这样的程序,变更受害者的主页,并监控用户的搜寻和网页记录,或是将Facebook和谷歌等网站上的广告替换成侵入性的程序。After they were through “pwning” Mrs. Walsh, the two hackers sat down with their victim for a debriefing. Critical points were that Mrs. Walsh needed a new garage door opener, a password for her television and a password manager to help her set unique and far more complicated passwords for each of her accounts.完结对沃尔什的数字生活展开的“pwn”后,两名黑客和受害人跪了下来,非常简单向对方讲解了情况。关键的点是,沃尔什的车库门必须换一个新的门口器;电视机必须设置密码;必须一个密码管理程序,来老大她给每个账户设置独一无二的、复杂度远高于现在的密码。

The hackers advised her to turn on two-step authentication, a service that sends a second, one-time password to users’ phones when they try to log in from an unrecognized machine. They also gave her a quick lesson in phishing attacks and a lecture on the importance of installing software updates.两位黑客建议沃尔什打开两步检验。这项服务不会在用户企图从陌生设备上指定时,向用户的手机再行发送到一个重复使用的验证码。他们还向她详细讲解了钓鱼反击和加装软件改版的重要性。Best to switch on automatic updates, they said, for core services like Apple’s iOS operating system, Google’s Chrome browser and Windows. And, they said, her PC needed to be completely wiped. The good news was they promised to return to do this for her, possibly when they visit for Thanksgiving dinner.他们说道,最差是为苹果的iOS操作系统、谷歌的Chrome浏览器和Windows等核心服务,关上自动更新。




微信二维码 微信二维码

Q Q:704860651

Copyright © 2004-2022 www.jinliyuanstone.com. 开云体育全站app下载科技 版权所有