专栏名称: 英文杂志
EnglishMags delivers the most important and interesting stories from around the Internet every morning.
目录
相关文章推荐
英文悦读  ·  英文写作应该怎么练才有效? ·  2 天前  
清晨朗读会  ·  渊源直播 ·  4 天前  
清晨朗读会  ·  渊源直播 ·  5 天前  
清晨朗读会  ·  渊源直播 ·  1 周前  
清晨朗读会  ·  渊源直播 ·  1 周前  
51好读  ›  专栏  ›  英文杂志

【Economist】The WannaCry attack: The worm that turned

英文杂志  · 公众号  · 英语  · 2017-05-20 06:03

正文

中文导读

上周一款名为“想哭”的病毒利用微软操作系统的漏洞,攻击了全球数万台电脑。这一事件暴露了计算机世界的两大隐患:一是信息包括病毒的极易传播性,二是更多类似事件发生的可能性。值得注意的是,上述安全漏洞最早是由美国国家安全局(NSA)发现并用于监视用户的,此次攻击也显示了间谍机构像囤积武器一样“囤积”这些漏洞的危险性。这让人不禁思考未来网络安全健康发展的重要意义。

Companies, individuals and governments need to wake up to the dangers of a computerised world



IT SOUNDS like a Hollywood disaster film. A group of hackers use a stolen cyber-weapon to try to extort money from people worldwide. The attack cripples hospitals, causing ambulances to be diverted and operations to be cancelled. Then a lone security researcher stumbles across a way to halt the bug in its tracks. Yet that is exactly what happened last week when a piece of ransomware called WannaCry, which infects computers running outdated versions of Microsoft’s Windows operating system, hit not just Britain’s National Health Service (NHS) but Russia’s interior ministry, Chinese universities, Germany’s state railways and plenty more besides.


It could have been much worse. WannaCry does not seem to have been a deliberate attack on hospitals, but a criminal money-making scheme in which the NHS was collateral damage. Indeed, as malicious programs go, WannaCry is not even in the premier league: although it has a nasty payload, it had compromised only about 300,000 computers and raised an estimated $80,000 as The Economist went to press. Earlier nasties, such as Conficker and SoBig, infected millions of machines. Even so, the incident rammed home two unpleasant truths about the computerised world.


The first is that the speed, scalability and efficiency of computers are a curse as well as a blessing. Digital data are weightless, easy to replicate, and can be sent around the world in milliseconds. That is welcome if those data are useful, but not if they are malicious. Modern software can contain millions of lines of code. Ensuring that no bugs slip through is almost impossible. A single vulnerability can affect thousands or millions of machines, and the internet gives a single individual the power to compromise them all at once. By comparison, paper files are heavy, cumbersome and awkward to work with. But at least a couple of crooks thousands of miles away cannot cause them all to vanish simultaneously. If WannaCry can cause so much random damage, imagine what might be done if hospitals were targeted deliberately.


The second unpleasant truth is that opportunities for mischief will only grow. More things will become vulnerable as computers find their way into everything from cars and pacemakers to fridges and electricity grids. The ransomware of tomorrow might lock you out of your car rather than your files. Cyber-attacks like WannaCry may seem like low-probability, high-impact risks. But the parlous state of computer security and the computerisation of the world risk turning such attacks into high-probability, high-impact events.


Fortunately, there are ways to minimise the danger. Product regulation can force the makers of internet-connected gizmos to include simple security features, such as the ability to update their programs with patches if a vulnerability turns up. Software-makers routinely disclaim liability for defects in their products. Changing that would not eliminate bugs entirely, but it would encourage software firms to try harder. It would also encourage them to provide better support for their customers (although there will come a point at which it is unreasonable to expect Microsoft and others to keep maintaining old programs). The insurance industry can also put pressure on computer users: just as home-insurance policies will not pay out if a burglar gets in through an open door, so individuals should be held liable if they do not follow basic digital hygiene, such as keeping their software up to date.


WannaCry or WannaSpy?


Governments face tough questions, too. The method WannaCry uses to spread was discovered years ago by the National Security Agency (NSA), America’s electronic-spying outfit. Along with several other cyber-weapons, the technique was stolen, then leaked onto the internet in March. Only after the theft did the NSA inform Microsoft of the flaw, leading the firm to rush out a fix. Microsoft has accused the NSA of losing control of the digital equivalent of a cruise missile, and demanded that, in future, spies disclose any bugs as they find them, so that software firms can fix them and keep everybody safe.


This is another example of the double-edged nature of computing. Given the rising costs of insecure computers, there is a strong case for spooks to share vulnerabilities with software firms when they find them. Some argue that fixing flaws in programs will make it harder for the intelligence services to spy on organised criminals and terrorists. But they have other means to infiltrate hostile networks and monitor devices besides exploiting flaws in widely used software. When computers are ubiquitous, security is too important not to fix.


——

May 20th 2017 | Leaders | 757 words


推荐文章
英文悦读  ·  英文写作应该怎么练才有效?
2 天前
清晨朗读会  ·  渊源直播
4 天前
清晨朗读会  ·  渊源直播
5 天前
清晨朗读会  ·  渊源直播
1 周前
清晨朗读会  ·  渊源直播
1 周前
快公司FastCompany  ·  70美元为你开启职场大门
7 年前