【文章內(nèi)容簡(jiǎn)介】 isbuiltintowebbrowsersoftware.Ifasitedisplaysacertificateissuedbyaproperauthority,thebrowserwillloadthepagewithnoobjection.Itshouldallworkfineintheory.Butinpracticetheguardiansofinternetsecurityseembadlytoneedguardingthemselves.盡管因特網(wǎng)自詡分權(quán)化管理，當(dāng)遇到安全問(wèn)題時(shí)他儼然一個(gè)管理嚴(yán)密的組織。數(shù)字證書告知用戶哪些網(wǎng)站可以放心瀏覽，通過(guò)網(wǎng)頁(yè)顯現(xiàn)出“鎖形”以及網(wǎng)頁(yè)鏈接以://開(kāi)頭的方式。這些證書是數(shù)以百計(jì)的在安全方面以安全和名譽(yù)方權(quán)威著稱的公司頒發(fā)給網(wǎng)站的。一系列認(rèn)證證書被嵌入到瀏覽器中。如果網(wǎng)頁(yè)顯示了特定公司頒發(fā)的證書，瀏覽器將會(huì)加載頁(yè)面。這在理論上行得通，但是實(shí)際上網(wǎng)絡(luò)保護(hù)者似乎更需要保護(hù)他們自己。OnSeptember6thoneoftheworld’sbiggestcertificateauthorities,GlobalSign,temporarilystoppedissuingthemfollowingnewclaimsbyanassailantunderthename“ComodoHacker”.Claimingtobeactingalone,hehasalreadybrokenintoaDutchissuer,DigiNotar,hijackingitssystemandissuinghundredsofboguscertificatesfordomainsincludingFacebook,TwitterandGoogle,aswellasforAmerican,British,Israeliandothergovernmentagencies.9月6日，網(wǎng)絡(luò)安全與數(shù)字認(rèn)證機(jī)構(gòu)GlobalSign在自稱“Comodo黑客”發(fā)出新聲明以后，已暫時(shí)停止數(shù)字認(rèn)證的發(fā)放。黑客聲稱單獨(dú)行動(dòng)，他已經(jīng)成功的入侵了荷蘭數(shù)字認(rèn)證機(jī)構(gòu)DigiNotar，劫持系統(tǒng)并頒發(fā)了數(shù)百個(gè)用于攻擊Facebook,Twitter和Google以及美國(guó)英國(guó)以色列以及其他政府部門的虛假數(shù)字認(rèn)證。Thesedodgydocumentscouldallowmischiefmakerstoimpersonatesupposedlysecurewebsites.ManysecurityanalystsfretthatthefakecertificateshavebeenusedtosnooponIranianusersofGmail,Google’sservice.這些危險(xiǎn)文件能夠讓始作俑者假做出看起來(lái)安全的網(wǎng)站。許多安全分析員為假冒認(rèn)證已被用來(lái)以監(jiān)控伊朗公民的Gmail帳戶活動(dòng)（google的郵件服務(wù)）而感到惴惴不安TheDutchgovernmentreliedonDigiNotartoauthenticatemanyofitswebsites.Itsinteriorminister,PietHeinDonner,saidthatsitesforthecountry’ssocialsecurity,policeandtaxauthoritiesmightbepromised.Heurgedcitizenswhowantedtobeonthesafesidetousepenandpaperindealingswiththestate.荷蘭依賴DigiNotar認(rèn)證許多政府網(wǎng)站。該國(guó)內(nèi)務(wù)部長(zhǎng)PietHeinDonnersay稱國(guó)內(nèi)社會(huì)保障、警察以及稅務(wù)當(dāng)局的網(wǎng)站可能已經(jīng)被波及，他敦促國(guó)民為了以防萬(wàn)一在涉及到與國(guó)家的交易中使用紙筆的原始方法。Securitypunditshavelongbeenringingalarmbellsaboutthepossibilityofsuchanattack—thedigitalequivalentofburglarsbreakingintoalocksmith’sshop.AnewreportonDigiNotarisscathingaboutitssecurity.Manyfeelthisimbroglio,plusanapparentlyrelatedoneinMarchinvolvinganItalianauthorityaffiliatedwithComodo,abigAmericanissuer,showsthatthesystemurgentlyneedsanoverhaul.“ComodoHacker”claimsalsotohavecrackedsecurityatthreeother(sofarunnamed)issuers.長(zhǎng)期以來(lái)安全專家一直都在為此類攻擊敲警鐘—這種攻擊好比竊賊入侵鎖店。一篇關(guān)于DigiNotar的新報(bào)告對(duì)其安全情況毫不留情的批評(píng)。很多人都覺(jué)察到了這個(gè)錯(cuò)綜復(fù)雜的局面 以及表面上的關(guān)聯(lián)事件：牽扯到三月份意大利隸屬于Comodo（美國(guó)大型認(rèn)證商）的認(rèn)證中心。事件表明系統(tǒng)亟待徹底改進(jìn)。Comodo黑客也宣稱沖擊了其他三個(gè)認(rèn)證商（迄今為止還未透漏其名字）Oneproposalistocreatenewdigitalnotariesthatwouldperformregularscansofallsecureserversontheinternet.Ratherthanrelyingonabuiltinlistofcertificateissuers,asatpresent,browserswouldinsteadmatchthecertificatesthatasitepresentedtothoseinthenotaries’repository.GoogleistestingasimilarideacalledCertificateCatalog.ThepanyhopestoincludeitinitsChromebrowser,whicheveninitsexistingformwouldhavespottedthefakecertificateissuedforGooglebyDigiNotar.一項(xiàng)提議是開(kāi)創(chuàng)新數(shù)字認(rèn)證體系，該體系會(huì)定期掃描網(wǎng)絡(luò)安全服務(wù)器。瀏覽器將使網(wǎng)站提供的數(shù)字認(rèn)證證書以及公證信息庫(kù)里的相匹配來(lái)確保安全而不是現(xiàn)行的內(nèi)置認(rèn)證商。Google也在嘗試類似的方法，稱之為證書目錄。公司希望將其嵌入到其發(fā)行的Chrome瀏覽器，能夠使現(xiàn)行版本的瀏覽器都能夠識(shí)別DigiNotar頒發(fā)給google的假證書。Othersarelesssanguine.BruceSchneier,aninternetsecurityexpert,doubtsthatanysuchfixwillwork.Theproblem,hesays,isnottechnological—itisaboutincentives.Thosewhohavestakesintheexistingsystem,betheycertificateauthorities,browsermakers,orgovernments,havenointerestinmendingit.Manyusersarewillingtoforgosecurityforthesakeofconvenience,evenignoringwarningsontheirbrowsersaboutexpiredorunrecognisedcertificates.MrSchneierlikensdiscussingtherelativemeritsoftheproposedfixestodiscussingwhatcolourtopainttankswhileinthemiddleofabattle.其他人就不是這么樂(lè)觀了。網(wǎng)絡(luò)安全專家BruceSchneier懷疑這樣的做法能否有一絲效果。問(wèn)題不出在技術(shù)上而是出在于動(dòng)機(jī)上。那些和現(xiàn)行系統(tǒng)有利害關(guān)系的所有者—認(rèn)證商、瀏覽器公司—無(wú)意修復(fù)。為了圖方便，許多用戶愿意放棄安全措施，甚至忽視瀏覽器上給出的過(guò)期或者無(wú)法識(shí)別證書的警告。Schneier先生將推薦方修復(fù)方法的相關(guān)特性比作討論給戰(zhàn)場(chǎng)中坦克涂什么樣的顏色。Thebroaderproblem,saysSethSchoenoftheElectronicFrontierFoundation,anadvocacygroup,isthatthepeoplemostatriskfrompryinggovernmentsinAfrica,theMiddleEastandAsiaalltoooftenuseantiquatedequipmentandsubstandardsoftwarethatismorevulnerabletohacking.FewIranians,forexample,useChrome.ItbecameavailabletowebusersthereonlyinJanuary,afterAmericaeasedtradesanctionsagainsttheIslamicrepublic.“更廣泛的問(wèn)題在于，來(lái)自于非洲、中東以及亞洲等熱衷窺探的政府的網(wǎng)民處于最危險(xiǎn)的境地，他們經(jīng)常使用陳舊的電腦設(shè)備、不安全的軟件—這都將使他們更容易受攻擊”，來(lái)自電子前沿基金會(huì)—一個(gè)游說(shuō)團(tuán)體—的SethSchoen表示。比如說(shuō)伊朗網(wǎng)民很少使用Chrome瀏覽器，在美國(guó)放松了對(duì)伊朗的貿(mào)易制裁后他僅在一月份可以使用.Onlineprivacy網(wǎng)絡(luò)隱私 及類似的零售商通過(guò)對(duì)零售數(shù)據(jù)的熟練駕馭開(kāi)啟了“大賣場(chǎng)革命”（大型郊區(qū)賣場(chǎng)加上超低價(jià)格）。今日的海量數(shù)據(jù)也將為未來(lái)的變革打下基礎(chǔ)。Internetsecurity網(wǎng)絡(luò)安全Mistrustauthority不信任權(quán)威Ahackingattackexposesdeeperflawsintheinternet’ssecurityinfrastructure一次黑客攻擊暴露了互聯(lián)網(wǎng)安全架構(gòu)的深層隱患Sep10th2011|fromtheprinteditionFORallitsvaunteddecentralisation,theinternetisatopdownaffairwhenitestosecurity.Usersaretoldwhomtotrustbydigitalcertificates,whichallowawebsiteto displayapadlocksymbolandputthe“s”inthe://prefixtowebaddresses.Thesecertificatesareissuedtowebsitesbyseveralhundredpaniesthatpridethemselvesontheirsecurityandreputationforprobity.Alistofsuchcertificateauthoritiesisbuiltintowebbrowsersoftware.Ifasitedisplaysacertificateissuedbyaproperauthority,thebrowserwillloadthepagewithnoobjection.Itshouldallworkfineintheory.Butinpracticetheguardiansofinternetsecurityseembadlytoneedguardingthemselves.盡管因特網(wǎng)自詡分權(quán)化管理，當(dāng)遇到安全問(wèn)題時(shí)他儼然一個(gè)管理嚴(yán)密的組織。數(shù)字證書告知用戶哪些網(wǎng)站可以放心瀏覽，通過(guò)網(wǎng)頁(yè)顯現(xiàn)出“鎖形”以及網(wǎng)頁(yè)鏈接以://開(kāi)頭的方式。這些證書是數(shù)以百計(jì)的在安全方面以安全和名譽(yù)方權(quán)威著稱的公司頒發(fā)給網(wǎng)站的。一系列認(rèn)證證書被嵌入到瀏覽器中。如果網(wǎng)頁(yè)顯示了特定公司頒發(fā)的證書，瀏覽器將會(huì)加載頁(yè)面。這在理論上行得通，但是實(shí)際上網(wǎng)絡(luò)保護(hù)者似乎更需要保護(hù)他們自己。OnSeptember6thoneoftheworld’sbiggestcertificateauthorities,GlobalSign,temporarilystoppedissuingthemfollowingnewclaimsbyan