billwanhua
本站元老
- 注册
- 2005-07-07
- 消息
- 15,237
- 荣誉分数
- 4,733
- 声望点数
- 373
The US has suffered a massive cyberbreach. It's hard to overstate how bad it is | Bruce Schneier
This is a security failure of enormous proportions – and a wake-up call. The US must rethink its cybersecurity protocols
1. Affect all important department: all five branches of the US military, the state department, the White House, the NSA, 425 of the Fortune 500 companies, all five of the top five accounting firms, and hundreds of universities and colleges.
2.Not only usa: The great majority of those were in the US, but networks in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE were also targeted.
3.Recovering from this attack isn’t easy, almost impossible. Because any SVR hackers would establish persistent access, the only way to ensure that your network isn’t compromised is to burn it to the ground and rebuild it, similar to reinstalling your computer’s operating system to recover from a bad hack.
4.Can't blame Russian: The reason is that, by international norms, Russia did nothing wrong. This is the normal state of affairs. Countries spy on each other all the time. There are no rules or even norms, and it’s basically “buyer beware”.
5.Us does it more: The US has by far the most extensive and aggressive intelligence operation in the world.
6.Found by a company, not us agency: the security company FireEye discovered that it had been hacked. During its own audit of its network, it uncovered the Orion vulnerability and alerted the US government.
7. Us deliberately allows weak system and backdoors: In the interests of surveillance, the NSA has pushed for an insecure cellphone encryption standard and a backdoor in random number generators (important for secure encryption). The DoJ has never relented in its insistence that the world’s popular encryption systems be made insecure through back doors – another hot point where attack and defense are in conflict. In other words, we allow for insecure standards and systems, because we can use them to spy on others.
从5,7就能看出来美国为什么不信任华为,为什么不准华为。
