英語(yǔ)聽力網(wǎng)站：XP退休可能危及ATM安全

★英語(yǔ)聽力頻道為大家整理的英語(yǔ)聽力網(wǎng)站：XP退休可能危及ATM安全，供大家參考。更多閱讀請(qǐng)查看本站英語(yǔ)聽力頻道。
    微軟將從4月8日起終止支持Windows XP系統(tǒng)。因?yàn)樯?jí)到Win7代價(jià)高昂，很多金融機(jī)構(gòu)依然猶豫不決，特別是大量的獨(dú)立ATM運(yùn)營(yíng)商和小型的金融機(jī)構(gòu)。同時(shí)，黑客們也在摩拳擦掌，準(zhǔn)備一顯身手。屆時(shí)，這些機(jī)構(gòu)可能會(huì)面臨巨大的黑客襲擊風(fēng)險(xiǎn)。
    After April 8th, 2014, Microsoft (MSFT) will end support, including automatic security patches, for its 13-year-old Windows XP operating system. This may sound like an inconvenience primarily for government agencies and aging uncles, but another major set of Windows XP users are the automated teller machines and credit card sales systems that handle billions of dollars of transactions daily.
    2014年4月8日以后，微軟（Microsoft）將終止支持擁有13歷史的Windows XP操作系統(tǒng)，同時(shí)也不會(huì)再提供自動(dòng)安全補(bǔ)丁。大家或許覺得感到不便的應(yīng)該是那些政府機(jī)構(gòu)和大叔大爺們，但事實(shí)上另一批使用Windows XP系統(tǒng)的大戶則是銀行的自動(dòng)柜員機(jī)以及信用卡銷售系統(tǒng)，它們每天都處理著幾十億美元的交易。
    While major retailers and banks are likely to be well-prepared for the end of XP, financial systems based on the software are also in the hands of a far-reaching hodgepodge of independent ATM operators and small businesses. Despite ample warning, industry analysts and insiders agree that high cost and inconvenience will keep plenty of these smaller players running outdated software for many months to come -- with serious implications for the security of their systems.
    盡管不少大型零售商和大型銀行很可能已經(jīng)準(zhǔn)備好迎接XP時(shí)代的終結(jié)了，但是別忘了依托于XP的金融系統(tǒng)還包含著大量獨(dú)立的ATM運(yùn)營(yíng)商和小型金融機(jī)構(gòu)。除了發(fā)布空洞的警告之外，行業(yè)分析師和內(nèi)幕人士們也認(rèn)為，更換操作系統(tǒng)的高成本和它帶來(lái)的不便將導(dǎo)致這些小企業(yè)在未來(lái)很多個(gè)月里繼續(xù)使用已經(jīng)過時(shí)的XP系統(tǒng)，而這也將給他們的系統(tǒng)帶來(lái)嚴(yán)重的隱患。
    Jerry Nevins, co-owner of the Kansas City cocktail bar Snow & Co., is close to the dilemma. Snow & Co. bought a point of sale system less than a year ago from the payments servicer Micros -- only to be told within a few months of the need for an upgrade to Windows 7, at a cost of $1,700 for the single-store system. Luckily, Snow & Co. was still under a service agreement, so its upgrade was free. But as Nevins puts it, "If you're a small business, an unexpected $1,700 might be like, eh, I'll go ahead and take my chances." Moreover, Nevins describes a "huge line" of Micros customers waiting for an upgrade. He's crossing his fingers that Snow & Co. will be upgraded before the April 8 deadline.
    杰瑞•內(nèi)文斯是堪薩斯城一家名叫Snow & Co的雞尾酒吧的老板，他現(xiàn)在就面臨著這樣的兩難局面。他的酒吧不到一年前從支付服務(wù)提供商Micros公司處購(gòu)買了一臺(tái)銷售點(diǎn)系統(tǒng)，才用了幾個(gè)月就被告知需要升級(jí)至Windows 7系統(tǒng)，升級(jí)費(fèi)用為1700美元。幸運(yùn)的是他的酒吧根據(jù)合同還在服務(wù)期內(nèi)，所以這次升級(jí)是免費(fèi)的。但是內(nèi)文斯說(shuō)：“如果你是一家小企業(yè)，這意料之外的1700美元的費(fèi)用讓你不禁會(huì)想，還是碰碰運(yùn)氣，湊合著接著用吧?！绷硗鈨?nèi)文斯還表示，等待系統(tǒng)升級(jí)的客戶排了一條“超級(jí)長(zhǎng)”的隊(duì)，現(xiàn)在他正在祈禱他的系統(tǒng)能趕在4月8號(hào)的期限前完成升級(jí)。
    Costs to retail credit card processors will vary widely, says John Berkeley of Mercury Payment Systems. "If you have the right hardware you can just upgrade the OS, but for some merchants upgrading from XP to Windows 7 can mean all new hardware," likely costing much more than that $1,700.
    水星支付系統(tǒng)（Mercury Payments Systems）的約翰•伯克利指出，不同的零售信用卡處理機(jī)的價(jià)格相差很遠(yuǎn)?！叭绻阌泻细竦挠布?，只需要直接升級(jí)操作系統(tǒng)就可以了。但是對(duì)于有些商家來(lái)說(shuō)，要從XP升級(jí)到Windows 7，就必須更換全新的硬件?！倍@個(gè)價(jià)格就遠(yuǎn)遠(yuǎn)不是1700美元能搞定的了。
    The challenges of upgrading become even bigger in the case of ATMs. ATM manufacturers are offering software upgrades for machines still based on XP -- though some of those have been available for less than a month. But the cost to upgrade can be staggering.
    而對(duì)于ATM機(jī)來(lái)說(shuō)，軟件升級(jí)帶來(lái)的挑戰(zhàn)更大。許多ATM廠商正在為基于XP系統(tǒng)的ATM機(jī)提供軟件升級(jí)，有些還是最近一個(gè)月內(nèi)才開始的。但是升級(jí)成本卻高得另人咂舌。
    According to Jay Weber, vice president in charge of North American debit and ATM systems for FIS Global, "An ATM machine purchased in the last five years ... would only need a software upgrade of $4,000 to 5,000 per machine." That software cost is so high in part because much specialized software written for Windows XP can't be easily ported to a new operating system. But ATMs 10 years old or more would need to be completely replaced, and Weber says that new high-end ATMs can cost at least $50,000 to $60,000 per device.
    FIS Global公司北美借記卡和ATM系統(tǒng)副總裁杰伊•韋伯說(shuō)：“一臺(tái)購(gòu)買不到五年的ATM機(jī)……升級(jí)一次軟件的費(fèi)用是4000到5000美元?！避浖杀局赃@樣高，有一部分原因是由于ATM機(jī)的許多專門軟件是基于Windows XP系統(tǒng)編寫的，很難輕易嫁接到一個(gè)新的操作系統(tǒng)上。另外使用10年以上的ATM機(jī)則需要完全更換。韋伯表示，新的高端ATM機(jī)的價(jià)格至少都在每臺(tái)5萬(wàn)到6萬(wàn)美元。
    ATM operators and business owners are largely being left to decide on their own whether to upgrade or not, says Weber. "Organizations are trying to look at the investment of the upgrade and weight it against their perceived risk" -- and many seem to be ready to take their chances. "[April 9th] is going to come and go, and there are going to be some merchants who haven't done it yet," says Berkeley. Weber speculates that "it's going to be a trickle approach, a slower ramp-up," with many systems going without an upgrade -- and remaining officially insecure -- through the end of 2014.
    韋伯表示：究竟是否更新系統(tǒng)，選擇權(quán)被拋給了ATM運(yùn)營(yíng)商和企業(yè)主?！昂芏嗥髽I(yè)都在研究升級(jí)軟件的投資額，同時(shí)把它與潛在的風(fēng)險(xiǎn)進(jìn)行權(quán)衡”，而且許多公司已經(jīng)做好了賭一把的準(zhǔn)備。伯克利說(shuō)：“4月9號(hào)馬上就要來(lái)了，等到這一天過了，還會(huì)有一些商家沒有升級(jí)系統(tǒng)?！表f伯稱這將是“一個(gè)細(xì)水長(zhǎng)流的過程，一個(gè)較緩慢的更新過程”。許多系統(tǒng)都會(huì)選擇不更新，而且將維持這種不安全的狀態(tài)度過2014年年底。
    This hesitancy may be worsened because operators are getting mixed messages about their risk. The Payments Card Industry Security Standards Council has issued public warnings about the need for retailers to upgrade their point of sale systems, but their current set of standards, which are used to determine eligibility to operate on credit card networks, do not require it. And Weber himself seems sanguine: "The risk is hard to quantify. There's a lot of technology in place in the marketplace to help mitigate the risk," such as the "fairly closed telecom environment" that most payment systems operate on.
    另外，運(yùn)營(yíng)商們得到的一些錯(cuò)綜復(fù)雜的消息可能會(huì)進(jìn)一步強(qiáng)化這種猶豫心態(tài)。美國(guó)支付卡行業(yè)安全標(biāo)準(zhǔn)委員會(huì)（the Payments Card Industry Security Standards Council）已經(jīng)向零售商們發(fā)布了建議對(duì)銷售點(diǎn)系統(tǒng)進(jìn)行升級(jí)的警告，但是以他們現(xiàn)行的信用卡網(wǎng)絡(luò)操作安全標(biāo)準(zhǔn)來(lái)看又不需要升級(jí)。韋伯本人對(duì)這個(gè)問題的態(tài)度比較樂觀，他說(shuō)：“這個(gè)風(fēng)險(xiǎn)很難量化，市場(chǎng)上有很多現(xiàn)成的技術(shù)能夠有助于減輕這種風(fēng)險(xiǎn)。”比如現(xiàn)在大多數(shù)支付系統(tǒng)都在一個(gè)“相當(dāng)封閉的電信環(huán)境”里運(yùn)營(yíng)。
    But Bogdan Botezatu, senior e-threat analyst for the anti-malware software company Bitdefender, couldn't disagree more. He talks about the issue with the barely suppressed terror of a father watching his teenage son drive solo for the first time. "They're not panicky," he says, "and actually that makes me panicky."
    不過，防惡意軟件公司比特凡德（Bitdefender）的電子威脅高級(jí)分析師伯格丹•博泰扎圖卻非常不認(rèn)同這個(gè)觀點(diǎn)。他把這個(gè)問題比作一個(gè)父親看著他十幾歲的孩子第一次獨(dú)自開車上路時(shí)的那種擔(dān)心?！八麄儧]慌，而就是這一點(diǎn)讓我非?？只拧！?BR>    Botezatu, who haunts underground hacking forums to keep an eye on looming security threats, claims that hackers are gearing up to raid suddenly insecure XP machines the minute Microsoft support ends. "When an operating system is announced as reaching its end of life, [hackers] are frantically looking for exploits, because then they can use it indefinitely," he says. "It's the holy grail of malware."
    為了考察可能的安全性風(fēng)險(xiǎn)，博泰扎圖經(jīng)常出沒于地下的黑客論壇。他聲稱，等到微軟正式終止支持Windows XP那一分鐘一過，黑客們就會(huì)對(duì)不安全的XP機(jī)器發(fā)動(dòng)突襲。他說(shuō)：“當(dāng)一個(gè)操作系統(tǒng)被宣布?jí)劢K正寢時(shí)，黑客們就會(huì)瘋狂地開發(fā)它，因?yàn)楝F(xiàn)在他們可以無(wú)限利用它，這就像惡意軟件的圣杯?！?BR>    To take fullest advantage of the situation, black-market vendors selling new XP exploits have been stockpiling them, waiting to release them until after Microsoft is no longer monitoring and repairing security flaws. Though third-party security firms will continue to update anti-malware programs for XP, users not running or updating such software could be permanently vulnerable to an ever-growing set of exploits. Mercury Payment Systems' John Berkeley confirms that "If a hacker discovers [a vulnerability] a month or two after the end of [XP support], they have more time to exploit that."
    為了利用這種情況獲得利益，那些銷售XP攻擊程序的黑市廠商已經(jīng)開始囤積這些程序，只等微軟不再監(jiān)控和修補(bǔ)安全漏洞就開始發(fā)布它們。雖然第三方安全機(jī)構(gòu)仍會(huì)繼續(xù)升級(jí)XP的防惡意軟件程序，但是沒有安裝這些軟件的用戶可能將持續(xù)存在越來(lái)越大的安全風(fēng)險(xiǎn)。水星支付系統(tǒng)公司的伯克利也說(shuō)：“如果一個(gè)黑客在XP終止支持的一兩個(gè)月后發(fā)現(xiàn)了一個(gè)弱點(diǎn)，他們就會(huì)有更多的時(shí)間開發(fā)利用這個(gè)漏洞?！?BR>    These exploits could range from stealing credit card information from small vendors to even more dramatic forms of theft, many of them easily circumventing external security measures such as the semi-closed payments network. Botezatu says there have been reports of an ATM exploit through a mobile phone connected through an ATM's card reader. He also cites a legendary stunt by the security expert Barnaby Jack at the Black Hat security conference in 2010, where he demonstrated a "Jackpotting" hack that easily emptied an XP-based ATM machine. According to Botezatu, Jack, who died in 2013, never revealed the nature of this exploit, meaning that it could remain an unpatched vulnerability in XP-based machines.
    這些攻擊可能包括從小廠商那里竊取信用卡信息，甚至還包括更嚴(yán)重的盜竊方式。許多攻擊手法可以輕易地繞開諸如半封閉式的支付網(wǎng)絡(luò)等外部安全措施。博泰扎圖表示，已經(jīng)有報(bào)告顯示黑客可以通過連接到ATM讀卡器的手機(jī)來(lái)攻擊ATM機(jī)。另外他還提到了2010年安全專家巴納比•杰克在黑帽安全大會(huì)上展示的一項(xiàng)“特技”，當(dāng)時(shí)他輕而易舉地偷光了一個(gè)基于XP系統(tǒng)的ATM機(jī)里的所有現(xiàn)金。博泰扎圖表示，杰克（死于2013年）生前從來(lái)沒有透露這項(xiàng)攻擊手法的性質(zhì)，這也就意味著這個(gè)漏洞可能仍然存在基于XP的ATM機(jī)里。
    Most troubling of all, Botezatu predicts that unsecured XP machines of all kinds will be compromised by hackers to form new botnets. This kind of system, in which hacked systems' processors are put to new tasks unbeknownst to their owners, can be used for everything from massive Denial of Service attacks to mining cryptocurrency, and would add substantially to the insecurity of the Internet as a whole. "I see a lot of trouble," Botezatu warns.
    博泰扎圖認(rèn)為，最令人擔(dān)憂的是，各種不安全的XP電腦可能會(huì)被黑客改造成新的僵尸網(wǎng)絡(luò)。在這種情況下，被攻擊的系統(tǒng)的處理器會(huì)被種下連電腦的所有人都不知道的任務(wù)，從發(fā)動(dòng)大規(guī)模的阻斷攻擊，到竊取像比特幣這樣的數(shù)字貨幣，幾乎沒有什么不能做的事情，而且最終會(huì)大大加深對(duì)整個(gè)互聯(lián)網(wǎng)的風(fēng)險(xiǎn)。博泰扎圖警告道：“我看到很多麻煩?！?BR>    Whether April 9th brings a plague of cash-spewing ATMs, zombie PCs, and thieving credit-card readers remains to be seen. But Botezatu sounds exasperated that he even has to consider these scenarios. "It's an operating system that was released 13 years ago. Everyone should have started migrating two or three years ago" to avoid the mad rush and risks that come with the end of support. He hopes, at least, that this episode will motivate today's users to think about the future.
    4月9日到底會(huì)不會(huì)迎來(lái)一場(chǎng)ATM機(jī)的吐錢瘟疫，把許多電腦變成僵尸，或是竊取信用卡讀卡器，現(xiàn)在還不得而知。博泰扎圖似乎光是想想這些可能的情形就很惱火，他說(shuō)：“這個(gè)操作系統(tǒng)是13年前發(fā)布的，大家應(yīng)該從兩三年前起就開始升級(jí)了”，以避免現(xiàn)在微軟終止服務(wù)帶來(lái)的一窩蜂的升級(jí)。他希望今天的這一幕至少能讓用戶長(zhǎng)遠(yuǎn)地考慮一下未來(lái)。
    "This is going to happen soon with other operating systems," Botezatu says. "You should start upgrading from Windows 7 now."
    博泰扎圖說(shuō)：“這個(gè)問題很快也會(huì)在其它操作系統(tǒng)上發(fā)生，現(xiàn)在應(yīng)該開始從Windows 7升級(jí)到其它系統(tǒng)了。”（財(cái)富中文網(wǎng)）