正文
科技公司竞相修复有风险的互联网软件
Computer security experts around the world are trying to fix one of the worst software weaknesses found in years.
The vulnerability is in an open-source program widely used by government and industry. It has become a major threat to organizations around the world.
"The internet's on fire right now," said Adam Meyers. He is the vice president at the cybersecurity company Crowdstrike.
The problem is found in an open-source Apache utility called log4j. It is used to run websites and other web services. The vulnerability is known as "Log4Shell."
The software problem's severity was rated 10 on a scale from one to 10 by the Apache Software Foundation, which oversees development of the software.
The vulnerability was reported on November 24 by the Chinese technology company Alibaba. It took two weeks to develop a patch.
Last week, Meyers said that within 12 hours of discovering the problem it had been "fully weaponized." He said criminals have already developed and distributed tools to exploit it.
Experts say the bug, another word for a software problem, may be the worst computer weakness discovered in years. The Apache software is used in almost all cloud computing servers, across industry and government.
Unless it is fixed, the bug gives criminals the ability to easily access internal networks. There, they could steal important data, put malware in place, and do much more damage.
Joe Sullivan is the head of security for Cloudflare, a company that protects websites from security threats.
"I'd be hard-pressed to think of a company that's not at risk," he said. Millions of servers have the software, and experts said the impact would not be known for several days.
Amit Yoran is the head the cybersecurity company Tenable. He called it "the single biggest, most critical vulnerability of the last decade," and maybe the history of modern computing.
Experts said the vulnerability makes it easy for an attacker to access a web server, and makes it very dangerous. There is no password required to access a server.
Patching the bug could be a difficult job. Most organizations and cloud providers like Amazon should be able to update their web servers easily. But the same Apache software is also used by many third-party programs, which often can only be updated by their owners.
Yoran, of Tenable, said organizations need to act as if they have been affected and fix the problem.
The first clear signs of the bug's exploitation appeared in Minecraft, an online game popular with children. Attackers were able to take over one of the world-building game's servers before Microsoft, which owns Minecraft, patched the problem.
Microsoft said it had completed a software update for Minecraft users. "Customers who apply the fix are protected," the company said.
Researchers say the vulnerability could also be exploited in servers run by companies like Apple, Amazon, Twitter and Cloudflare.
I'm Dan Novak.
The Associated Press reported this story. Dan Novak adapted for VOA Learning English. Susan Shand was the editor.
_______________________________________
Words in This Storyvulnerability — n. something open to attack, harm, or damage
utility — n. a computer program that does a specific task
patch — n. a program that corrects or updates an existing program
exploit — v. to use in a way that helps you unfairly
malware — n. a computer program that is designed to damage or break into a computer
相关文章
- Adele Teaches You English Grammar
- Shortages Make Housing Harder to Find, Especially for Young Adults
- VOA慢速英语:国际足联和欧洲足联反对12家具乐部组建欧洲超级联赛
- VOA慢速英语:NASA火星直升机Ingenuity成功实现历史性首飞
- VOA慢速英语:科学家计算出地球上共有过25亿只霸王龙
- VOA慢速英语:特殊的治疗给脑瘤患儿带来了希望
- VOA慢速英语:拉斯维加斯计划禁止铺设纯装饰草坪
- VOA慢速英语:科学家们对潜在新的自然力量感到激动
- VOA慢速英语:古巴厨师在Facebook上火了
- VOA慢速英语:科学家研究海洋海草如何对抗气候变化