您现在的位置: Linux教程網 >> UnixLinux >  >> Linux綜合 >> Linux資訊 >> Linux文化


Linux expert warns of open source's growing appeal to hackers


purple endurer注:1、warn of:警告(發出);2、appeal to:對...有吸引力;對...產生吸引力》

by John McCormick

作者:John McCormick 翻譯;Purple Endurer


Tags: Linux | Open source | Hacking | Security threats | Patches

標簽: Linux | 開源 | Hacking | 安全威脅 | 補丁

Takeaway: Alan Cox, a well-respected Linux developer, warned attendees of London's LinuxWorld that open source software is becoming more attractive to commercial hackers. In this edition of the IT Locksmith, John McCormick fills you in on Cox's statement and tells you about a new organization aiming to stop zero-day exploits.

導讀:很受尊敬的Linux開發人員Alan Cox,警告參加倫敦Linux世界會議的人員,開源軟件對商業黑客正越來越有吸引力。在本期IT鎖匠裡,John McCormick向你傳輸Cox的聲明,並告訴你一個新組織旨在停止零日攻擊。

purple endurer注:1、attractive to:對…具有吸引力的;2、fill in:填寫

A Linux guru cautions that open source's growing popularity is attracting the unwanted attention of more hackers. Meanwhile, a new organization aims to stop zero-day exploits by making patches available sooner.




Linux expert Alan Cox warned attendees of London's LinuxWorld conference last week that hackers were putting a lot of money and effort into cracking Linux and other open source projects. Cox, who works for Red Hat, was especially critical of uninformed media statements about how open source software is more secure and reliable. While some well-known open source projects are e secure, the same doesn't hold true for lesser known projects.

Linux開發人員Alan Cox警告參加上周倫敦Linux世界會議的人員,黑客正投入更多的資金和努力破解Linux和其它開源項目。為紅帽子工作的Cox,特別批判了聲稱開源軟件如何更安全理工可靠的不知情媒體。盡管一些眾所周知的開源項目確實安全,但對一些不太為人所知的項目則未必如此。

purple endurer注:1、critical of:對…挑剔的

2、 It is universal truth that holds true for the whole world.這是一條放之四海而皆准的普遍真理。

The veteran developer also took a shot at the European Commission's Software Quality Observatory for Open Source Software (SQO-OSS). The newly launched project aims to monitor the quality of open source development. It will release the core code under the BSD license.


purple endurer注:1、take a shot:開槍,照相,投球;2、European Commission:歐盟委員會3、Software Quality Observatory for Open Source Software(SQO-OSS)該聯盟是由研究機構、從事開放源代碼項目的機構組成的,它一半的資金來自成員機構,另一半資金則來自歐盟委員會。 SQO-OSS的目標之一是提供源代碼質量標准,幫助證明開放源代碼適合在企業部署。它還將根據自己的檢測發布報告,為開放源代碼軟件打分.

Several observers say that SQO-OSS, which boasts a 2.47 million Euro budget, focuses on the wrong metrics of quality and security, particularly by counting all bugs as equal. The overall goal of SQO-OSS is to improve the acceptance and competitiveness of EU software development projects by demonstrating their security. For a list of the project's goals, check out this fact sheet.


purple endurer注:1、check out:離開(登記,檢驗,合格,計算總價並收錢,開支票付款,死);2、fact sheet:情況說明書.

Less than zero?


Becoming increasingly more concerned about businesses that are ignoring cyberattacks until they reach the point of wide exploitation, security experts have coined a new term—the "less than zero-day" attack. Zero-day attacks are ones that take place between the time of an exploit's publication and the release of the initial patch or antivirus/malware signature.


purple endurer注:1、concern about:對…的關心/憂慮

But rather than waiting until "official" vendor patches become available, a new online organization—the Zeroday Emergency Response Team (ZERT)—aims to respond to release reliable non-vendor "emergency" patches for exploits as soon as they appear to pose a serious risk of exploitation. Of special interest to many users may be the ZProtector framework for patching zero-day vulnerabilities for Windows—beginning with Windows 95! As you probably know, this range includes a number of platforms no longer supported by Microsoft.

但不必等到官方補丁可用,一個新的在線組織—零日緊急響應小組(ZERT)—致力於針於可能產生嚴重風險的漏洞發布可靠的非官方緊急補丁。對一些用戶特別有趣的可能是針對Windows零日漏洞打補丁的 ZProtector framework——從Windows 95開始。你也許知道,這個范圍包括許多微軟不再支持的平台。

purple endurer注:1、rather than:寧可...也不願(與其...倒不如,而不是);2、appear to:看來像是(看來似乎)

Although ZERT works with a number of security tool vendors, the organization has no direct affiliation with any particular vendor. To see how ZERT approaches emergency patching of zero-day threats as compared to the official Microsoft patches, check out this ZERT analysis PDF document of the recently patched CVE-2006-4868 vulnerability.

ZERT盡管與許多安全工具提供商協作,這個組織不直接與特定提供商打交道。想看看與微軟件官方補丁相比,ZERT如何處理零日威脅緊急補丁,就找近期ZERT對CVE-2006-4868 vulnerability漏洞補丁的分析PDF文檔罷。

purple endurer注:1、affiliate with:交往;2、as compared to:相比(同...比較起來)

Final word


It should be obvious that the growing adoption of Linux by many businesses and government organizations means a lot of serious commercial hackers will be turning their attention to exploiting any flaws they can locate. However, it will likely take a number of public statements from respected Linux developers to really draw attention to this fact.


purple endurer注:1、draw attention to:促使...注意(引起對...的注意)

And speaking of obvious, it should go without saying that cyberthreats are most dangerous before an official patch is available. Unfortunately, many network managers aren't paying enough attention to this reality—even though their networks are the ones most at risk. I like the idea behind ZERT, but the project is in its infancy. Only time will tell if ZERT really has the solution.


purple endurer注:1、speaking of:說到,談到,至於....

Copyright © Linux教程網 All Rights Reserved