whatsapp怎么发音-whatsapp的读法

telegeram

  

  COMPUTER security is a contradiction in terms. Consider the past year alone: cyberthieves stole $81m from the central bank of Bangladesh; the $4.8bn takeover of Yahoo, an internet firm, by Verizon, a telecoms firm, was nearly derailed by two enormous data breaches; and Russian hackers interfered in the American presidential election.

  “计算机安全”一词本身就自相矛盾。仅仅看去年一年,网络窃贼从孟加拉国央行盗走8100万美元;威瑞森电信以48亿美元收购的互联网企业雅虎两次大规模数据泄露,几近成大灾难;俄罗斯黑客干涉美国总统大选。

  Away from the headlines, a black market in computerised extortion, hacking-for-hire and stolen digital goods is booming. The problem is about to get worse. Computers increasingly deal not just with abstract data like credit-card details and databases, but also with the real world of physical objects and vulnerable human bodies. A modern car is a computer on wheels; an aeroplane is a computer with wings. The arrival of the “Internet of Things” will see computers baked into everything from road signs and MRI scanners to prosthetics and insulin pumps. There is little evidence that these gadgets will be any more trustworthy than their desktop counterparts. Hackers have already proved that they can take remote control of connected cars and pacemakers.

  除了出现在新闻中的事件,涉及计算机敲诈、雇佣黑客和偷窃电子商品的黑市正在兴盛,问题愈发严重。除了信用卡信息和数据库等抽象数据之外,计算机逐渐涉及实物和脆弱的人体。一辆现代化汽车是轮子上的电脑;飞机是有机翼的电脑。“物联网”时代的到来意味着从道路标志、核磁共振扫描仪到义肢、胰岛素注射器等全部物品都将于互联网紧密相连。很难证明这些小装置会比个人计算机更加可靠。黑客们却早已证明他们能远程控制与电脑连接的汽车和心脏起搏器。

  It is tempting to believe that the security problem can be solved with yet more technical wizardry and a call for heightened vigilance. And it is certainly true that many firms still fail to take security seriously enough. That requires a kind of cultivated paranoia which does not come naturally to non-tech firms. Companies of all stripes should embrace initiatives like “bug bounty” programmes, whereby firms reward ethical hackers for discovering flaws so that they can be fixed before they are taken advantage of.

  人们不禁相信,采用更多技术手段以及呼吁增强警觉性就可以解决计算机安全问题。然而,实际上,很多企业仍没有足够重视安全问题。这需要一种后天培养的偏执,而对于非科技企业来说,这却不是与生俱来的。各类企业都应该倡导类似“漏洞奖金”的活动。通过这些活动,企业可以奖励那些发现漏洞的正义黑客。这样一来,漏洞在不法分子利用之前就能得到修复。

  But there is no way to make computers completely safe. Software is hugely complex. Across its products, Google must manage around 2bn lines of source code—errors are inevitable. The average program has 14 separate vulnerabilities, each of them a potential point of illicit entry. Such weaknesses are compounded by the history of the internet, in which security was an afterthought (see article).

  但是,计算机永远不可能做到完全安全。软件是相当复杂。对于所有的产品,谷歌要管理的原代码约有20亿行——出错是不可避免的。通常,一个普通项目会出现14个不同的漏洞,每个漏洞都有非法进入的潜在点。此外,互联网的历史让这种弱点更为复杂,因为互联网行业里的安全只是事后弥补性的。

  Leaving the windows open

whatsapp怎么发音-whatsapp的读法

  正视安全问题

  This is not a counsel of despair. The risk from fraud, car accidents and the weather can never be eliminated completely either. But societies have developed ways of managing such risk—from government regulation to the use of legal liability and insurance to create incentives for safer behaviour.

  这不是一条绝望的忠告。欺诈、车祸以及天气的风险也难以完全避免。可是,人类社会总结出无数种方法来应对这些风险——从政府条例到法律责任和保险,用以促使人们的行为更加安全。

  Start with regulation. Governments’ first priority is to refrain from making the situation worse. Terrorist attacks, like the recent ones in St Petersburg and London, often spark calls for encryption to be weakened so that the security services can better monitor what individuals are up to. But it is impossible to weaken encryption for terrorists alone. The same protection that guards messaging programs like WhatsApp also guards bank transactions and online identities. Computer security is best served by encryption that is strong for everyone.

  首先是建章立制。各国政府的首要任务就是避免现状恶化。例如,近期发生的圣彼得堡和伦敦的恐怖袭击常常激起人们要求削弱加密要求,这样安全部门就可以更好地监控每个人的情况。但是,不可能仅仅因为恐怖分子就削弱加密要求。如WhatsApp之类的聊天应用软件采用的保护措施同样确保了银行交易和网上身份安全。计算机安全最好通过对每个人信息的强加密来实现。

  The next priority is setting basic product regulations. A lack of expertise will always hamper the ability of users of computers to protect themselves. So governments should promote “public health” for computing. They could insist that internet-connected gizmos be updated with fixes when flaws are found. They could force users to change default usernames and passwords. Reporting laws, already in force in some American states, can oblige companies to disclose when they or their products are hacked. That encourages them to fix a problem instead of burying it.

  接下来的首要任务就是设立基本产品监管。缺乏专业知识会一直阻碍计算机用户保护自己的能力。因此,各国政府应该推行计算机的“公共卫生”。政府可以要求,当出现缺陷时,使用互联网连接的小配件更新修复程序。政府可以迫使用户更改默认用户名和密码。美国的一些州开始实施《报告法》,要求计算机公司公布何时自己公司或者软件遭到黑客攻击。这一举措可以激励计算机企业解决问题而非掩盖问题。

  Go a bit slower and fix things

  放慢脚步,修补漏洞

  But setting minimum standards still gets you only so far. Users’ failure to protect themselves is just one instance of the general problem with computer security—that the incentives to take it seriously are too weak. Often, the harm from hackers is not to the owner of a compromised device. Think of botnets, networks of computers, from desktops to routers to “smart” light bulbs, that are infected with malware and attack other targets.

  不过,设立最低标准仍然只是前进了一小步。用户难以保护自己只是计算机安全全部问题的一个例子而已——促使人们重视计算机安全问题的激励措施还远远不够。通常,黑客带来的危害并不是针对一个易受攻击的计算机的拥有者。想想僵尸网络和计算机网络:从台式机到路由器再到“智能”电灯泡,全部感染恶意软体,同时攻击其他目标。

  Most important, the software industry has for decades disclaimed liability for the harm when its products go wrong. Such an approach has its benefits. Silicon Valley’s fruitful “go fast and break things” style of innovation is possible only if firms have relatively free rein to put out new products while they still need perfecting. But this point will soon be moot. As computers spread to products covered by established liability arrangements, such as cars or domestic goods, the industry’s disclaimers will increasingly butt up against existing laws.

  最重要的是,几十年来,软件行业一直拒绝对自身软件故障造成的损害承担责任。这种做法有益处。只有企业能够相对自由地推出仍待改进的新产品,才可能实现硅谷卓有成效的“加快脚步,打破常规”创新风格。但是,这一益处不久将毫无意义。随着计算机将推广到如汽车或者国内产品等已有责任承担方的产品中,计算机行业拒绝承担责任的声明将愈发违背现行的法律。

  Firms should recognise that, if the courts do not force the liability issue, public opinion will. Many computer-security experts draw comparisons to the American car industry in the 1960s, which had ignored safety for decades. In 1965 Ralph Nader published “Unsafe at Any Speed”, a bestselling book that exposed and excoriated the industry’s lax attitude. The following year the government came down hard with rules on seat belts, headrests and the like. Now imagine the clamour for legislation after the first child fatality involving self-driving cars.

  计算机企业应当意识到,如果法庭不采取断然行动解决计算机安全的责任问题,舆论也会迫使他们承担责任。许多计算机安全专家与把计算机行业和20世纪60年代美国的汽车行业进行比较。因为汽车行业几十年来也一直忽视安全问题。1965年,拉尔夫·纳德(Ralph Nader)出版了《任何速度都不安全》一书。这本畅销书揭露并痛斥了汽车行业的马虎态度。1966年,政府就安全带、汽车座椅的头垫以及其他汽车装置制定了严格的规章制度。现在想象一下一旦发生第一例自动驾驶汽车中的儿童死亡事件,人们要求立法的强烈呼声。

  Fortunately, the small but growing market in cyber-security insurance offers a way to protect consumers while preserving the computing industry’s ability to innovate. A firm whose products do not work properly, or are repeatedly hacked, will find its premiums rising, prodding it to solve the problem. A firm that takes reasonable steps to make things safe, but which is compromised nevertheless, will have recourse to an insurance payout that will stop it from going bankrupt. It is here that some carve-outs from liability could perhaps be negotiated. Once again, there are precedents: when excessive claims against American light-aircraft firms threatened to bankrupt the industry in the 1980s, the government changed the law, limiting their liability for old products.

  幸而,网络安全保险这个小规模但不断发展的市场提供了一种保护消费者的方法,同时也保持了计算机行业的创新能力。如果一家公司的产品不能够正常使用或者常常遭到黑客袭击,那么这家公司的保险费就会上涨,以此敦促公司及时解决问题。一家公司如果采取合理方法确保自己产品的安全,但要做出妥协,那么可以借助于保险赔偿避免自己走向破产。正是在这一方面,计算机公司也许可以通过谈判减少自己需要承担的责任。这类情况也是有先例的:在20世纪80年代,许多美国轻型飞机公司遭遇过多索赔,濒临破产边缘,美国政府就修改了法律,限定了他们对过时产品的应承担的责任。

  One reason computer security is so bad today is that few people were taking it seriously yesterday. When the internet was new, that was forgivable. Now that the consequences are known, and the risks posed by bugs and hacking are large and growing, there is no excuse for repeating the mistake. But changing attitudes and behaviour will require economic tools, not just technical ones.

  如今计算机安全如此糟糕的一个原因是过去很少有人严肃对待计算机安全问题。互联网刚刚兴起时,忽视安全问题还可以谅解。既然我们已经知晓了这种行为的不良后果,而且漏洞和黑客袭击带来的风险是巨大且不断增长的,那么我们没有任何理由重蹈覆辙。不过,态度和行为的转变不仅要借助技术手段,还需要经济帮助。

  编译:王雅文

  审核:于佳惠

  编辑:翻吧君

  来源:经济学人

  阅读·经济学人

硅谷“钢铁侠”大力推动能量存储技术革新

亚洲人的手机瘾

中国的直播热潮:生活不过是一场直播

亚马逊首家实体书店西雅图开业

阿里巴巴入股百盛,麦当劳谁来接盘?

whatsapp怎么发音-whatsapp的读法

YouTube的音乐版权之争

  翻吧·与你一起学翻译

  微信号:translationtips

文章版权声明:除非注明,否则均为telegeram安卓下载原创文章,转载或复制请以超链接形式并注明出处。

取消
微信二维码
微信二维码
支付宝二维码