英語聽力網(wǎng)站:XP退休可能危及ATM安全

字號:

★英語聽力頻道為大家整理的英語聽力網(wǎng)站:XP退休可能危及ATM安全,供大家參考。更多閱讀請查看本站英語聽力頻道。
    微軟將從4月8日起終止支持Windows XP系統(tǒng)。因為升級到Win7代價高昂,很多金融機構(gòu)依然猶豫不決,特別是大量的獨立ATM運營商和小型的金融機構(gòu)。同時,黑客們也在摩拳擦掌,準備一顯身手。屆時,這些機構(gòu)可能會面臨巨大的黑客襲擊風險。
    After April 8th, 2014, Microsoft (MSFT) will end support, including automatic security patches, for its 13-year-old Windows XP operating system. This may sound like an inconvenience primarily for government agencies and aging uncles, but another major set of Windows XP users are the automated teller machines and credit card sales systems that handle billions of dollars of transactions daily.
    2014年4月8日以后,微軟(Microsoft)將終止支持擁有13歷史的Windows XP操作系統(tǒng),同時也不會再提供自動安全補丁。大家或許覺得感到不便的應(yīng)該是那些政府機構(gòu)和大叔大爺們,但事實上另一批使用Windows XP系統(tǒng)的大戶則是銀行的自動柜員機以及信用卡銷售系統(tǒng),它們每天都處理著幾十億美元的交易。
    While major retailers and banks are likely to be well-prepared for the end of XP, financial systems based on the software are also in the hands of a far-reaching hodgepodge of independent ATM operators and small businesses. Despite ample warning, industry analysts and insiders agree that high cost and inconvenience will keep plenty of these smaller players running outdated software for many months to come -- with serious implications for the security of their systems.
    盡管不少大型零售商和大型銀行很可能已經(jīng)準備好迎接XP時代的終結(jié)了,但是別忘了依托于XP的金融系統(tǒng)還包含著大量獨立的ATM運營商和小型金融機構(gòu)。除了發(fā)布空洞的警告之外,行業(yè)分析師和內(nèi)幕人士們也認為,更換操作系統(tǒng)的高成本和它帶來的不便將導致這些小企業(yè)在未來很多個月里繼續(xù)使用已經(jīng)過時的XP系統(tǒng),而這也將給他們的系統(tǒng)帶來嚴重的隱患。
    Jerry Nevins, co-owner of the Kansas City cocktail bar Snow & Co., is close to the dilemma. Snow & Co. bought a point of sale system less than a year ago from the payments servicer Micros -- only to be told within a few months of the need for an upgrade to Windows 7, at a cost of $1,700 for the single-store system. Luckily, Snow & Co. was still under a service agreement, so its upgrade was free. But as Nevins puts it, "If you're a small business, an unexpected $1,700 might be like, eh, I'll go ahead and take my chances." Moreover, Nevins describes a "huge line" of Micros customers waiting for an upgrade. He's crossing his fingers that Snow & Co. will be upgraded before the April 8 deadline.
    杰瑞•內(nèi)文斯是堪薩斯城一家名叫Snow & Co的雞尾酒吧的老板,他現(xiàn)在就面臨著這樣的兩難局面。他的酒吧不到一年前從支付服務(wù)提供商Micros公司處購買了一臺銷售點系統(tǒng),才用了幾個月就被告知需要升級至Windows 7系統(tǒng),升級費用為1700美元。幸運的是他的酒吧根據(jù)合同還在服務(wù)期內(nèi),所以這次升級是免費的。但是內(nèi)文斯說:“如果你是一家小企業(yè),這意料之外的1700美元的費用讓你不禁會想,還是碰碰運氣,湊合著接著用吧?!绷硗鈨?nèi)文斯還表示,等待系統(tǒng)升級的客戶排了一條“超級長”的隊,現(xiàn)在他正在祈禱他的系統(tǒng)能趕在4月8號的期限前完成升級。
    Costs to retail credit card processors will vary widely, says John Berkeley of Mercury Payment Systems. "If you have the right hardware you can just upgrade the OS, but for some merchants upgrading from XP to Windows 7 can mean all new hardware," likely costing much more than that $1,700.
    水星支付系統(tǒng)(Mercury Payments Systems)的約翰•伯克利指出,不同的零售信用卡處理機的價格相差很遠。“如果你有合格的硬件,只需要直接升級操作系統(tǒng)就可以了。但是對于有些商家來說,要從XP升級到Windows 7,就必須更換全新的硬件?!倍@個價格就遠遠不是1700美元能搞定的了。
    The challenges of upgrading become even bigger in the case of ATMs. ATM manufacturers are offering software upgrades for machines still based on XP -- though some of those have been available for less than a month. But the cost to upgrade can be staggering.
    而對于ATM機來說,軟件升級帶來的挑戰(zhàn)更大。許多ATM廠商正在為基于XP系統(tǒng)的ATM機提供軟件升級,有些還是最近一個月內(nèi)才開始的。但是升級成本卻高得另人咂舌。
    According to Jay Weber, vice president in charge of North American debit and ATM systems for FIS Global, "An ATM machine purchased in the last five years ... would only need a software upgrade of $4,000 to 5,000 per machine." That software cost is so high in part because much specialized software written for Windows XP can't be easily ported to a new operating system. But ATMs 10 years old or more would need to be completely replaced, and Weber says that new high-end ATMs can cost at least $50,000 to $60,000 per device.
    FIS Global公司北美借記卡和ATM系統(tǒng)副總裁杰伊•韋伯說:“一臺購買不到五年的ATM機……升級一次軟件的費用是4000到5000美元?!避浖杀局赃@樣高,有一部分原因是由于ATM機的許多專門軟件是基于Windows XP系統(tǒng)編寫的,很難輕易嫁接到一個新的操作系統(tǒng)上。另外使用10年以上的ATM機則需要完全更換。韋伯表示,新的高端ATM機的價格至少都在每臺5萬到6萬美元。
    ATM operators and business owners are largely being left to decide on their own whether to upgrade or not, says Weber. "Organizations are trying to look at the investment of the upgrade and weight it against their perceived risk" -- and many seem to be ready to take their chances. "[April 9th] is going to come and go, and there are going to be some merchants who haven't done it yet," says Berkeley. Weber speculates that "it's going to be a trickle approach, a slower ramp-up," with many systems going without an upgrade -- and remaining officially insecure -- through the end of 2014.
    韋伯表示:究竟是否更新系統(tǒng),選擇權(quán)被拋給了ATM運營商和企業(yè)主?!昂芏嗥髽I(yè)都在研究升級軟件的投資額,同時把它與潛在的風險進行權(quán)衡”,而且許多公司已經(jīng)做好了賭一把的準備。伯克利說:“4月9號馬上就要來了,等到這一天過了,還會有一些商家沒有升級系統(tǒng)?!表f伯稱這將是“一個細水長流的過程,一個較緩慢的更新過程”。許多系統(tǒng)都會選擇不更新,而且將維持這種不安全的狀態(tài)度過2014年年底。
    This hesitancy may be worsened because operators are getting mixed messages about their risk. The Payments Card Industry Security Standards Council has issued public warnings about the need for retailers to upgrade their point of sale systems, but their current set of standards, which are used to determine eligibility to operate on credit card networks, do not require it. And Weber himself seems sanguine: "The risk is hard to quantify. There's a lot of technology in place in the marketplace to help mitigate the risk," such as the "fairly closed telecom environment" that most payment systems operate on.
    另外,運營商們得到的一些錯綜復雜的消息可能會進一步強化這種猶豫心態(tài)。美國支付卡行業(yè)安全標準委員會(the Payments Card Industry Security Standards Council)已經(jīng)向零售商們發(fā)布了建議對銷售點系統(tǒng)進行升級的警告,但是以他們現(xiàn)行的信用卡網(wǎng)絡(luò)操作安全標準來看又不需要升級。韋伯本人對這個問題的態(tài)度比較樂觀,他說:“這個風險很難量化,市場上有很多現(xiàn)成的技術(shù)能夠有助于減輕這種風險?!北热绗F(xiàn)在大多數(shù)支付系統(tǒng)都在一個“相當封閉的電信環(huán)境”里運營。
    But Bogdan Botezatu, senior e-threat analyst for the anti-malware software company Bitdefender, couldn't disagree more. He talks about the issue with the barely suppressed terror of a father watching his teenage son drive solo for the first time. "They're not panicky," he says, "and actually that makes me panicky."
    不過,防惡意軟件公司比特凡德(Bitdefender)的電子威脅高級分析師伯格丹•博泰扎圖卻非常不認同這個觀點。他把這個問題比作一個父親看著他十幾歲的孩子第一次獨自開車上路時的那種擔心。“他們沒慌,而就是這一點讓我非常恐慌?!?BR>    Botezatu, who haunts underground hacking forums to keep an eye on looming security threats, claims that hackers are gearing up to raid suddenly insecure XP machines the minute Microsoft support ends. "When an operating system is announced as reaching its end of life, [hackers] are frantically looking for exploits, because then they can use it indefinitely," he says. "It's the holy grail of malware."
    為了考察可能的安全性風險,博泰扎圖經(jīng)常出沒于地下的黑客論壇。他聲稱,等到微軟正式終止支持Windows XP那一分鐘一過,黑客們就會對不安全的XP機器發(fā)動突襲。他說:“當一個操作系統(tǒng)被宣布壽終正寢時,黑客們就會瘋狂地開發(fā)它,因為現(xiàn)在他們可以無限利用它,這就像惡意軟件的圣杯?!?BR>    To take fullest advantage of the situation, black-market vendors selling new XP exploits have been stockpiling them, waiting to release them until after Microsoft is no longer monitoring and repairing security flaws. Though third-party security firms will continue to update anti-malware programs for XP, users not running or updating such software could be permanently vulnerable to an ever-growing set of exploits. Mercury Payment Systems' John Berkeley confirms that "If a hacker discovers [a vulnerability] a month or two after the end of [XP support], they have more time to exploit that."
    為了利用這種情況獲得利益,那些銷售XP攻擊程序的黑市廠商已經(jīng)開始囤積這些程序,只等微軟不再監(jiān)控和修補安全漏洞就開始發(fā)布它們。雖然第三方安全機構(gòu)仍會繼續(xù)升級XP的防惡意軟件程序,但是沒有安裝這些軟件的用戶可能將持續(xù)存在越來越大的安全風險。水星支付系統(tǒng)公司的伯克利也說:“如果一個黑客在XP終止支持的一兩個月后發(fā)現(xiàn)了一個弱點,他們就會有更多的時間開發(fā)利用這個漏洞?!?BR>    These exploits could range from stealing credit card information from small vendors to even more dramatic forms of theft, many of them easily circumventing external security measures such as the semi-closed payments network. Botezatu says there have been reports of an ATM exploit through a mobile phone connected through an ATM's card reader. He also cites a legendary stunt by the security expert Barnaby Jack at the Black Hat security conference in 2010, where he demonstrated a "Jackpotting" hack that easily emptied an XP-based ATM machine. According to Botezatu, Jack, who died in 2013, never revealed the nature of this exploit, meaning that it could remain an unpatched vulnerability in XP-based machines.
    這些攻擊可能包括從小廠商那里竊取信用卡信息,甚至還包括更嚴重的盜竊方式。許多攻擊手法可以輕易地繞開諸如半封閉式的支付網(wǎng)絡(luò)等外部安全措施。博泰扎圖表示,已經(jīng)有報告顯示黑客可以通過連接到ATM讀卡器的手機來攻擊ATM機。另外他還提到了2010年安全專家巴納比•杰克在黑帽安全大會上展示的一項“特技”,當時他輕而易舉地偷光了一個基于XP系統(tǒng)的ATM機里的所有現(xiàn)金。博泰扎圖表示,杰克(死于2013年)生前從來沒有透露這項攻擊手法的性質(zhì),這也就意味著這個漏洞可能仍然存在基于XP的ATM機里。
    Most troubling of all, Botezatu predicts that unsecured XP machines of all kinds will be compromised by hackers to form new botnets. This kind of system, in which hacked systems' processors are put to new tasks unbeknownst to their owners, can be used for everything from massive Denial of Service attacks to mining cryptocurrency, and would add substantially to the insecurity of the Internet as a whole. "I see a lot of trouble," Botezatu warns.
    博泰扎圖認為,最令人擔憂的是,各種不安全的XP電腦可能會被黑客改造成新的僵尸網(wǎng)絡(luò)。在這種情況下,被攻擊的系統(tǒng)的處理器會被種下連電腦的所有人都不知道的任務(wù),從發(fā)動大規(guī)模的阻斷攻擊,到竊取像比特幣這樣的數(shù)字貨幣,幾乎沒有什么不能做的事情,而且最終會大大加深對整個互聯(lián)網(wǎng)的風險。博泰扎圖警告道:“我看到很多麻煩。”
    Whether April 9th brings a plague of cash-spewing ATMs, zombie PCs, and thieving credit-card readers remains to be seen. But Botezatu sounds exasperated that he even has to consider these scenarios. "It's an operating system that was released 13 years ago. Everyone should have started migrating two or three years ago" to avoid the mad rush and risks that come with the end of support. He hopes, at least, that this episode will motivate today's users to think about the future.
    4月9日到底會不會迎來一場ATM機的吐錢瘟疫,把許多電腦變成僵尸,或是竊取信用卡讀卡器,現(xiàn)在還不得而知。博泰扎圖似乎光是想想這些可能的情形就很惱火,他說:“這個操作系統(tǒng)是13年前發(fā)布的,大家應(yīng)該從兩三年前起就開始升級了”,以避免現(xiàn)在微軟終止服務(wù)帶來的一窩蜂的升級。他希望今天的這一幕至少能讓用戶長遠地考慮一下未來。
    "This is going to happen soon with other operating systems," Botezatu says. "You should start upgrading from Windows 7 now."
    博泰扎圖說:“這個問題很快也會在其它操作系統(tǒng)上發(fā)生,現(xiàn)在應(yīng)該開始從Windows 7升級到其它系統(tǒng)了。”(財富中文網(wǎng))