网络安全与黑客攻防宝典
Have you ever been the victim of identity theft? Ever been hacked? Here’s the first in a series of critical information to help you arm yourself against the surprisingly frightening world of hackers, phishers, and cybercriminals.
您曾经是身份盗用的受害者吗? 曾经被黑客入侵吗? 这是一系列重要信息中的第一篇,这些信息可以帮助您应对骇客,骇客,骇客和令人震惊的恐怖世界。
Some of our geekier readers will already be familiar with a lot of this material—but maybe you have a grandfather or other relative that could benefit from having this passed on. And if you have your own methods for protecting yourself from hackers and phishers, feel free to share them with other readers in the comments. Otherwise, keep reading—and stay safe.
我们的一些比较怪异的读者已经对其中的很多内容很熟悉了-但是也许您有一位祖父或其他亲戚可以从中受益。 并且,如果您有自己的保护自己免受黑客和网络钓鱼者攻击的方法,请随时在评论中与其他读者分享。 否则,请继续阅读并保持安全。
为什么有人要针对我? (Why Would Anyone Want to Target Me?)
This is a common attitude; it just doesn’t occur to most people that a hacker or cybercriminal would think to target them. Because of this, most ordinary users don’t even think of security. It sounds strange and fanciful…like something in a movie! The reality is quite terrifying—most criminals want to target you because they can, and they can probably get away with it. You don’t have to have millions (or even thousands) of dollars to be a target. Some cybercriminals will target you because you’re vulnerable, and the ones that want your money don’t particularly need a lot of it (although some will take every cent if they can manage).
这是一种普遍的态度。 对于大多数人来说,黑客或网络犯罪分子不会想到将其作为攻击目标。 因此,大多数普通用户甚至都不考虑安全性。 听起来像是一部电影中的某件事! 现实是非常可怕的-大多数犯罪分子都希望将您作为目标,因为他们可以,而且很可能会逃脱它。 您不必拥有数百万(甚至数千美元)的目标。 一些网络罪犯会因为您的脆弱性而将您作为目标,而那些想要您的钱的人尤其不需要很多(尽管有些人只要能够管理就可以拿走每一分钱)。
这些坏家伙是谁? (Who Are these Bad Guys?)
Before we take a look at specifics, it’s important to understand who it is that’s looking to take advantage of you. Some of the online threats can come from “script kiddies;” hackers with have no real skill, writing viruses using directions found from Google searches, or using downloadable hacker tools for rudimentary results. They’re more often than not teens or college kids, writing malicious code for kicks. While these people can take advantage of you, they’re not the biggest threat online. There are career criminals out there looking to rob you—and these are the ones you really have to be aware of.
在我们研究细节之前,重要的是要了解谁在利用您。 一些在线威胁可能来自“脚本小子”; 没有真正技能的黑客会使用从Google搜索中找到的指导来编写病毒,或者使用可下载的黑客工具来获得基本结果。 他们经常是十几岁的孩子或大学生,他们会编写恶意代码来踢人。 尽管这些人可以利用您,但它们并不是在线上最大的威胁。 那里有职业犯罪分子想要抢劫您,而这些正是您真正需要注意的。
It may sound like hyperbole, but you can quite accurately think of cybercriminals as an internet version of Mafia crime families. Many make their entire living preying on stealing information, credit card numbers, and money from unsuspecting victims. Many are experts, not only at stealing this information, but also from getting caught taking it. Some operations could be small—one or two guys and a few cheap machines for sending phishing emails or spreading keylogging software. Others can be surprisingly large businesses based around black market sales of illegally obtained credit card numbers.
这听起来像夸张,但您可以准确地将网络犯罪分子视为黑手党犯罪家庭的互联网版本。 许多人一生都在偷盗信息,信用卡号和毫无戒心的受害者的钱。 许多人都是专家,不仅在窃取此信息方面,而且在获取信息方面也被捕获。 有些操作可能很小—一个或两个家伙和一些便宜的机器,用于发送网络钓鱼电子邮件或传播键盘记录软件。 其他人则可能是大型企业,这些企业都是围绕黑市销售非法获得的信用卡号码而成立的 。
什么是黑客? (What Is A Hacker?)
If you were skeptical before, hopefully now you’re convinced that it’s worth your while to protect yourself from the myriad of people hoping to steal from you online. But that brings us to our next question—just what is a hacker? If you’ve seen any movie since the popularization of the internet… well, you might think you know, but, if you’re like most people, you’re more wrong than you know.
如果您以前对此表示怀疑,现在希望您已经确信,保护自己免受无数希望从网上窃取您的人们的侵扰是值得的。 但这使我们想到下一个问题- 到底是什么黑客? 如果您自互联网普及以来看过任何电影……好吧,您可能会认为自己知道,但是,如果您像大多数人一样,那就比您知道的要错误得多。
The original meaning of “hacker” applied to the clever computer users, and may have been first coined by MIT engineers like Richard Stallman. These hackers were known for their curiosity and programming skills, testing the limits of the systems of their day. “Hacker” has gradually developed a darker meaning, generally associated with the so-called “Black Hat” hackers known for cracking security for profit or stealing sensitive information. “White hat” hackers could ***** the same systems, and steal the same data, although their aims are what make them different. These “white hats” can be thought of as security experts, searching for flaws in security software in order to attempt to improve it, or to simply point out the flaws.
“黑客”的原始含义适用于聪明的计算机用户,可能最早是由MIT工程师(如Richard Stallman)创造的。 这些黑客以好奇心和编程技巧而闻名,他们测试了当今系统的局限性。 “黑客”逐渐发展出一种较暗的含义,通常与所谓的“黑帽”黑客有关,这些黑客以**安全性牟利或窃取敏感信息而闻名。 “白帽”黑客可以**相同的系统并窃取相同的数据,尽管其目的是使它们与众不同。 可以将这些“白帽子”视为安全专家,他们在安全软件中搜索缺陷以试图对其进行改进或仅指出缺陷。
As most people use the word today, “hackers” are thieves and criminals. It may not be worth your time to read up on the intricacies of cyberwarfare or the ins and outs of security cracking. Most hackers pose a threat to the everyman by stealing sensitive accounts like email, or those that contain information like credit card or bank account numbers. And almost all of that particular kind of account theft comes from cracking or guessing passwords.
当今大多数人都使用 “黑客” 一词 ,是小偷和罪犯。 可能不值得花时间阅读复杂的网络战或安全漏洞的来龙去脉。 大多数黑客通过窃取电子邮件等敏感帐户或包含信用卡或银行帐号等信息的帐户,对所有人构成威胁。 几乎所有这种特定类型的帐户盗窃都来自**或猜测密码。
密码强度和安全性**:为什么要害怕 (Password Strength and Security Cracking: Why You Should Be Afraid)
At some point, you should do a search for the most common account passwords (link contains NSFW language), or read the amazing security article “How I’d Hack Your Weak Passwords” by John Pozadzides. If you look at cracking passwords from the hacker perspective, the unwashed masses are basically a sea of vulnerability and ignorance, ripe for the thievery of information. Weak passwords account for the majority of problems ordinary computer users encounter, simply because hackers are going to look for the weakness and attack there—no sense wasting time cracking secure passwords when there are so many that use insecure passwords.
在某个时候,您应该搜索最常用的帐户密码 (链接包含NSFW语言),或者阅读John Pozadzides撰写的惊人的安全文章“ 我将如何**您的弱密码 ”。 如果您从黑客的角度看待**密码,那么未受洗的群众基本上就是一堆脆弱和无知的人,已经为各种各样的信息做好了准备。 弱密码是普通计算机用户遇到的大多数问题,仅是因为黑客会在其中寻找弱点并进行攻击-当有太多使用不安全密码的人**安全密码时,没有任何浪费时间。
Although there is considerable debate on best practices for passwords, pass phrases, etc, there are some general principals on how to keep yourself safe with secure passwords. Hackers use “brute force” programs to ***** passwords. These programs simply try one potential password after another until they get the correct one—although there is a catch that makes them more likely to succeed. These programs try common passwords first, and also use dictionary words or names, which are much more common to be included in passwords than random strings of characters. And once any one password is cracked, the first thing hackers do is check and see if you used the same password on any other services.
尽管关于密码,密码短语等最佳做法的争论很多,但是对于如何使用安全密码保护自己的安全性存在一些一般性原则。 黑客使用“暴力**”程序来**密码 。 这些程序只是一个接一个地尝试一个可能的密码,直到获得正确的密码为止,尽管存在一些使他们更可能成功的陷阱。 这些程序首先尝试使用通用密码,还使用字典中的单词或名称,与随机字符串相比,包含在密码中的词典单词或名称更为常见。 一旦**了任何密码,黑客要做的第一件事就是检查并查看您是否在其他任何服务上使用了相同的密码 。
If you want to stay safe, the current best practice is to use secure passwords, create unique passwords for all your accounts, and use a password safe like KeePass or LastPass. Both are encrypted, password protected safes for complex passwords, and will generate random strings of alphanumeric text nearly impossible to ***** by brute force methods.
如果您想保持安全,当前的最佳做法是使用安全密码,为所有帐户创建唯一的密码,并使用诸如KeePass或LastPass之类的安全密码。 两者都是经过加密的,受密码保护的,用于复杂密码的保险箱,并且会生成几乎无法通过蛮力**的字母数字文本字符串。
What’s the bottom line here? Don’t use passwords like “password1234” or “letmein” or “screen” or “monkey.” Your passwords should look more like “stUWajex62ev” in order to keep hackers out of your accounts. Generate your own secure passwords using this website, or by downloading LastPass or KeePass.
这里的底线是什么? 请勿使用“ password1234”或“ letmein”或“ screen”或“ monkey”之类的密码。 您的密码应更像“ stUWajex62ev” ,以防止黑客进入您的帐户。 使用本网站或下载LastPass或KeePass 生成您自己的安全密码 。
-
List of most common (weak) passwords (NSFW language)
最常用(弱)密码列表 (NSFW语言)
我应该害怕新闻中的黑客吗? (Should I Be Afraid of Hackers In the News?)
There’s been a lot of hullabaloo about hackers in the news this past year, and by and large, these groups are not interested in you or yours. While their accomplishments might seem sort of scary, many of the high profile hacking cases of 2011 were done to damage the reputation of large companies that the hackers were irritated with. These hackers make a lot of noise, and have done damage to companies and governments careless enough not to properly protect themselves—and it’s just because they’re so high-profile that you have little to fear from them. The quiet, clever criminal hackers are always the ones to keep an eye out for—while the world might closely watch LulzSec or Anonymous, lots of cybercriminals quietly make off with armloads of cash.
过去一年的新闻中有很多关于黑客的喧嚣,总的来说,这些组织对您或您的组织不感兴趣。 尽管他们的成就似乎有些吓人,但2011年的许多骇人听闻的骇客案例都是为了损害骇客所为的大公司的声誉而设计的。 这些黑客大声喧,,对公司和政府造成的伤害非常粗心,无法适当保护自己,这仅仅是因为它们的知名度很高,您几乎不必担心。 安静,机灵的犯罪黑客永远是关注的对象,尽管全世界可能会密切关注LulzSec或Anonymous,但许多网络犯罪分子却悄悄地从大量现金中赚钱。
什么是网络钓鱼? (What is Phishing?)
One of the most potent tools available to these worldwide cybercriminals, “Phishing” is a kind of social engineering, and can be thought of as a kind of con or grift. It doesn’t take elaborate software, viruses, or hacking to get information if users can easily be tricked in to giving it away. Many use a tool readily available to nearly everyone with an internet connection—email. It’s surprisingly easy to get a few hundred email accounts and trick people into giving away money or information.
对于这些全球网络犯罪分子而言,最有效的工具之一是“网络钓鱼”,它是一种社会工程学 ,可以被认为是一种骗局。 如果可以很容易地诱使用户泄露信息,则无需精心设计的软件,病毒或黑客手段即可获取信息。 许多人使用几乎可以通过Internet连接的每个人使用的工具-电子邮件。 拥有数百个电子邮件帐户并诱使人们赠送金钱或信息非常容易。
Phishers usually pretend to be someone they’re not, and often prey on older people. Many pretend they’re a bank or website like Facebook or PayPal, and ask for you to input passwords or other info to solve a potential problem. Others may pretend to be people you know (sometimes through hijacked email addresses) or try and prey on your family using information about you publicly viewable on social networks, like LinkedIn, Facebook, or Google+.
网络钓鱼者通常假装自己不是别人,并且经常捕食老年人。 许多人假装他们是像Facebook或PayPal这样的银行或网站,并要求您输入密码或其他信息以解决潜在的问题。 其他人可能假装是您认识的人(有时是通过被劫持的电子邮件地址),或者使用在LinkedIn,Facebook或Google+等社交网络上公开可见的有关您的信息来试图欺骗您的家人。
There’s no software cure for phishing. You simply have to stay sharp, and carefully read emails before clicking links or giving out information. Here’s a few brief tips to keep yourself safe from phishers.
没有网络钓鱼的软件解决方案。 您只需要保持敏锐,并在单击链接或提供信息之前仔细阅读电子邮件。 这里有一些简短的提示,可保护您免受网络钓鱼者的侵害。
- Don’t open emails from suspicious addresses or people you don’t know. Email isn’t really a safe place to meet new people! 不要打开来自可疑地址或您不认识的人的电子邮件。 电子邮件并不是结识新朋友的安全场所!
- You may have friends that have email addresses that are compromised, and you may get phishing emails from them. If they send you anything weird, or aren’t acting like themselves, you may want to ask them (in person) if they’ve been hacked. 您可能有一些朋友的电子邮件地址被泄露,并且可能从他们那里收到网络钓鱼电子邮件。 如果他们发送给您任何奇怪的信息,或者行为不像他们自己,您可能想问问他们(当面)他们是否遭到了黑客攻击。
- Don’t click links in emails if you’re suspicious. Ever. 如果您怀疑可疑,请不要单击电子邮件中的链接。 曾经
- If you end up on a website, you can generally tell who it is by checking the certificate or looking at the URL. (Paypal, above, is genuine. The IRS, at the lead of this section, is fraudulent.) 如果您最终访问的是网站,则通常可以通过检查证书或查看URL来确定其身份。 (上面的Paypal是真实的。在本节的开头,IRS是欺诈的。)
- Look at this URL. It seems unlikely that the IRS would be parking a website on an URL like this. 看这个URL。 国税局似乎不太可能在这样的URL上存放网站。
- An authentic website may provide a security certificate, like PayPal.com does. The IRS does not, but US government websites almost always have a .GOV top level domain instead of .COM or .ORG. It’s very unlikely that phishers will be able to buy a .GOV domain. 真实的网站可能会提供安全证书,就像PayPal.com一样。 国税局没有,但是美国政府网站几乎总是拥有.GOV顶级域名,而不是.COM或.ORG。 网络钓鱼者不太可能能够购买.GOV域。
- If you think your bank or other secure service may need information from you, or you need to update your account, do not click the links in your emails. Instead, type in the URL and visit the site in question normally. This guarantees you wont be redirected to a dangerous, fraudulent website, and you can check to see if you have the same notice when you log in. 如果您认为您的银行或其他安全服务可能需要您提供信息,或者需要更新帐户,请不要单击电子邮件中的链接。 而是输入URL并正常访问相关站点。 这样可以确保您不会被重定向到危险的欺诈网站,并且可以在登录时检查是否有相同的通知。
- Never, ever give out personal information like credit card or debit card numbers, email addresses, phone numbers, names, addresses or social security numbers unless you’re absolutely sure you trust that person enough to share that information. 永远不要泄露个人信息,例如信用卡号或借记卡号,电子邮件地址,电话号码,姓名,地址或社会保险号,除非您完全确定自己足够信任该人以共享该信息。
This is, of course, only the beginning. We’ll cover much more Online Safety, security, and tips to stay safe, in this series in the future. Leave us your thoughts in the comments, or talk about your experience in dealing with hackers or phishers, hijacked accounts, or stolen identities.
当然,这仅仅是开始。 将来,在本系列中,我们将介绍更多在线安全性,安全性和保持安全性的提示。 在评论中留下您的想法,或谈论您在处理黑客或网络钓鱼者,被劫持的帐户或身份被盗时的经验。
Image Credits: Broken Locks by Bc. Jan Kaláb, available under Creative Commons. Scary Norma by Norma Desmond, available under Creative Commons. Untitled by DavidR, available under Creative Commons. Phishing the IRS by Matt Haughey, available under Creative Commons. A Password Key? by Dev.Arka, available under Creative Commons. RMS at pitt by Victor Powell, available under Creative Commons. XKCD strip used without persmission, assumed fair use. Sopranos image copyright HBO, assumed fair use. “Hackers” image copyright United Artists, assumed fair use.
图片来源:Bc的《断锁》。 JanKaláb,可在“知识共享”下找到。 诺玛·戴斯蒙德(Norma Desmond)创作的《恐怖的诺玛》(Scary Norma),可在“知识共享”下找到。 DavidR无标题,可在Creative Commons下找到。 由Matt Haughey仿冒IRS,可在Creative Commons下获得。 密码键? 由Dev.Arka提供,可在“知识共享”下找到。 Victor Powell在pitt上的RMS,可在“知识共享”下找到。 XKCD条带未经许可使用,假定为合理使用。 女高音的图像版权为HBO,假定合理使用。 “骇客”图片版权归美国联合艺术家所有,并应视为合理使用。
翻译自: https://www.howtogeek.com/75584/online-safety-understanding-hackers-phishers-and-cybercriminals/
网络安全与黑客攻防宝典