★★☆☆01 谷歌黑客精英

When Apple launched the iPhone through an exclusive partnership with AT&T in 2007, seventeen-year-old George Hotz wanted to use an iPhone but not with AT&T. He wanted to make calls through his own T-Mobile network, so he cracked AT&T’s lock on the iPhone [1]. Apple scrambled to fix the bug that allowed this, but officially ignored George Hotz.

Later in 2011, Hotz reverse engineered the Playstation 3 and posted a copy of the root keys on his website. Sony sued him but settled after Hotz promised never to hack Sony products again.

Then in early 2014, at Google’s hacking competition, Hotz discovered a security hole in Google’s Chrome OS. The company gave him a $150,000 reward. Two months later, Google’s security engineer Chris Evans offered him a position in a team of elite hackers. George Hotz accepted the offer and now works for Google’s security team Project Zero [2].

Project Zero worked in secret until Google publically revealed the team in July 2014. Its sole mission is tracking down and getting rid of security flaws in the world’s software. These flaws are called zero-day vulnerabilities, which are a common target of cyber criminals.

Project Zero’s hackers aren’t just looking into the products that Google makes. They are free to hack any software are in the world. Why? They want to make a safer Internet for everyone. The team’s policy is simple. The team notifies vendors of vulnerabilities immediately. If fixes are not available within 90 days, bug reports automatically become available to the public. The 90-day disclosure policy appears to be working in most cases. The Adobe Flash team fixed 37 Project Zero vulnerabilities (or 100%) within the 90-day period. The Project Zero blog indicates that 85% of all vulnerabilities are patched before the deadline [3].

However, recently Google’s strict 90-day policy came under fire from Microsoft and Apple. The Project Zero team publicly disclosed bugs which were present in Windows 8.1 and MacOS X before Microsoft and Apple released patches. Microsoft heavily criticized Google since the company was scheduled to release a patch just two days later [4]. Recently Google loosened its 90-day policy with an additional 14-day grace period. Now vendors have an additional 14 days to patch vulnerabilities as long as they inform Google of the release schedule before the deadline.

“People deserve to use the Internet without fear that vulnerabilities out there can ruin their privacy with a single website visit. We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.” says Evans.

出 处

1. Geroge Hotz, Wikipedia, http://goo.gl/V6bl
2. Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers, http://goo.gl/E8rEHy
3. Project Zero, http://goo.gl/dx46YY
4. Windows: Elevation of Privilege in ahcache.sys/NtApphelpCacheControl, Google Security Research, https://goo.gl/c2qgFx

核心语法

熟悉# 句式4〈主语+ 动词+ 间接宾语+ 直接宾语〉,# 句式4的动词可以理解为“给某人~、使某人做某事、让某人~”。鉴于# 句式3 和# 句式4 的动词较易混淆,此处将同时介绍句式3 中的动词。

●●The company gave him a reward. 公司给他奖励。

●●Chris Evans offered him a position. 克里斯·埃文斯提供给他一个职位。

●●The team notifies vendors of vulnerabilities. 团队向厂商通报漏洞。
The team notifies vendors vulnerabilities. (×)

●●They inform Google of the release schedule. 他们向谷歌告知上线日程。
They inform Google the release schedule. (×)

熟悉# 关系代名词that 和which。# 关系代名词连接两个句 子,兼具# 连词和# 代名词的作用。根据# 先行词种类和# 格的不 同,# 关系代名词也相应发生变化。# 先行词是修饰# 关系代名词 从句的名词。# 格在# 关系代名词从句中发挥作用。# 关系代名词 有一定规律可循,理解原理并参照例句学习将事半功倍。

●● The team disclosed bugs. + They were present in Windows 8.1. 团队公布了Bug。+ 它们存在于Windows 8.1中。

= The team disclosed bugs (that were present in Windows 8.1). 团队公布了Bug/存在于Windows 8.1中的。

= The team disclosed bugs (which were present in Windows 8.1).
▲先行词bugs指物,主语是they,此时用主格关系代名词that或which。

●● The hackers are looking into the products. + Google makes them. 黑客们调查产品。+ 谷歌制造了它们。

= The hackers are looking into the products (that Google makes). 黑客们调查产品/谷歌制造的。

= The hackers are looking into the products (which Google makes).
▲先行词the products指物,宾语为them,此时用宾格关系代名词that或 which。

单词&短语

launch 发行

exclusive partnership 独家合作伙伴

crack a code 破译密码

scramble to V 争先恐后做某事

fix a bug 修复Bug

officially 官方地

ignore 忽视

reverse-engineer 逆向工程

sue 控诉

settle 达成协议,定居

hacking competition 黑客攻击大赛

security hole 安全漏洞

security engineer 安全工程师

accept an offer 接受提案

in secret 秘密地

publically 公开地

reveal 揭露

sole 唯一的

track down 追踪

get rid of 消除、摆脱

security flaw 安全漏洞

look into 调查~

be free to V 自由地做某事

policy 政策

notify A of B 向A 告知B

automatically 自动地

losure policy 公布政策

appear to V 看起来像~

deadline 截止日期

patch 补丁,修补

strict policy 严苛的政策

come under fire 遭到攻击,受到谴责

present 目前的、现在的

release 发布、发行

as long as 只要~

inform A of B 向A 通告B

deserve to V 值得做~,有资格做~

ruin 摧毁、破坏

focus on 专注于

supply 提供

根据提示完成句子

Project Zero worked / __ /

Project Zero运作      / 秘密地/

until Google _ _ the team / in July 2014. /

直到谷歌对外公布这个团队        / 在2014年 7月。

Its is _ __ /

它唯一的工作就是追踪/

and _ _ _ _ / in the world’s software. /

和解除安全漏洞/在全球软件中。

These _ are called - ___, /

这些漏洞被称为“零日漏洞”,

which are a __ / of _ ___. /

它们是常攻击的目标     /网络罪犯。

Project Zero’s hackers aren’t just _ __ the products /

Project Zero的黑客并不只调查产品/

that Google makes. /

谷歌制造的。/

They are __ any software / in the world. / Why? /

他们自由入侵任何软件/世界上的。     /为什么?/

They want to make a safer Internet /

他们想构建一个更安全的网络/

for everyone. / The team’s __ is simple. /

为所有人。    /这个团队的策略很简单。

The team notifies vendors / of vulnerabilities / immediately. /

他们通知厂商     /漏洞    /立即。

思考题

解答题

1 (理解)以下内容中,哪一项与Project Zero无关?

a 减少“零日漏洞”危害的项目

b 在政府援助下进行

c 若90 天内不修改Bug 将自动公之于众

d 谷歌构建并运营

2 (论述)谷歌入侵自家公司软件及其他公司软件的原因何在?

讨论

1 若开发软件的团队或者个人不配合,Project Zero 可能转变为具有攻击性的“零日漏洞”,使软件陷入危险。针对这种可能性展开讨论。

课堂总结

1 学习易与#句式4动词混淆的#句式3动词。

2 学习#关系代名词的概念和种类。

3 学习#限定性定语从句和#非限定性定语从句。

答案

1 b. 2 谷歌目的在于安全运行网络(业务基础)

翻译

Google’s Elite Security Team, Project Zero

谷歌黑客精英

When Apple launched the iPhone / through an exclusive partnership / with AT&T / in 2007, /

苹果发行iPhone/ 通过独家合作伙伴的方式/ 和AT&T/ 在2007 年,/

seventeen-year-old George Hotz wanted to use an iPhone /

17 岁的乔治•霍兹想用iPhone/

but not with AT&T. / He wanted to make calls /

但不通过AT&T。/ 他想实现通话/

through his own T-Mobile network, / so he cracked AT&T’s lock / on the iPhone [1]. /

用他自己的T-mobile 网络。/ 于是他破解了AT&T 的锁/ 在iPhone 里的。/

Apple scrambled to fix the bug / that allowed this, / but officially ignored George Hotz. /

苹果迅速修复了Bug/ 引发上述状况的,/ 但官方无视了乔治•霍兹。/

Later in 2011, / Hotz reverse engineered the Playstation 3 / and posted a copy of the root keys /

2011 年下半年,/ 霍兹逆向破解了PS 3/ 并将根密钥副本上传/

on his website. / Sony sued him / but settled / after Hotz promised /

到他的网站。/ 索尼起诉了霍兹/ 但最后双方和解/ 在霍兹保证/

never to hack Sony products again. /

不再入侵索尼产品后。/

Then in early 2014, / at Google’s hacking competition, / Hotz discovered a security hole /

之后,到2014 年初,/ 在谷歌的黑客攻击大赛上/ 霍兹发现了安全漏洞/

in Google’s Chrome OS. / The company gave him a $150,000 reward. / Two months later, /

在谷歌Chrome OS 中。/ 公司给了霍兹15 万美元奖励。/ 两个月后,/

Google’s security engineer Chris Evans offered him / a position / in a team of elite hackers. /

谷歌的安全工程师克里斯•埃文斯提供给他/ 一个职位/ 在精英黑客团队。/

George Hotz accepted the offer / and now works / for Google’s security team Project Zero [2]. /

霍兹接受了这个职位/ 现在工作/ 为谷歌的安全团队Project Zero。/

Project Zero worked / in secret / until Google publically revealed the team / in July 2014. /

Project Zero 运作/ 秘密地/ 直到谷歌对外公布这个团队/ 在2014 年7 月。/

Its sole mission is tracking down / and getting rid of security flaws / in the world’s software. /

它唯一的工作就是追踪/ 并解除安全漏洞/ 在全球软件中。/

These flaws are called zero-day vulnerabilities, / which are a common target / of cyber criminals. /

这些漏洞被称为“零日漏洞”,/ 它们是常攻击的目标/ 网络罪犯。/

Project Zero’s hackers aren’t just looking into the products / that Google makes. /

Project Zero 的黑客并不仅调查产品/ 谷歌制造的。/

They are free to hack any software / in the world. / Why? / They want to make a safer Internet /

他们自由入侵任何软件/ 世界上的。/ 为什么? / 他们想构建一个更安全的网络/

for everyone. / The team’s policy is simple. / The team notifies vendors / of vulnerabilities / immediately. /

为所有人。/ 这个团队的策略很简单。/ 他们通知厂商/ 漏洞/ 立即。/

If fixes are not available / within 90 days, / bug reports automatically become available / to the public. /

如果没有修复/ 在90 天内,/ 漏洞报告自动公布/ 给大众。/

The 90-day disclosure policy appears to be working / in most cases. /

90 日自动公布政策似乎很有效果/ 在多数情况下。/

The Adobe Flash team fixed 37 Project Zero vulnerabilities (or 100%) / within the 90-day period. /

Adobe Flash 团队修复了37 个 Project Zero 漏洞(100%)/ 在90 天内。/

The Project Zero blog indicates / that 85% of all vulnerabilities are patched / before the deadline [3]. /

Project Zero 的博客显示/85% 的漏洞得到修补/ 在截止日期前。/

However, / recently / Google’s strict 90-day policy came under fire / from Microsoft and Apple. /

但是,/ 最近/ 谷歌严苛的90 日规定备受非议/ 被微软和苹果。/

The Project Zero team publicly disclosed bugs / which were present in Windows 8.1 and MacOS X /

Project Zero 团队将漏洞公之于众/ 它们存在于Windows 8.1 和Mac OS X 中/

before Microsoft and Apple released patches. / Microsoft heavily criticized Google /

在微软和苹果发布补丁之前。/ 微软强烈谴责了谷歌/

since the company was scheduled / to release a patch / just two days later [4]. / Recently /

因为微软已经计划/ 发布补丁/ 仅在2 天后。/ 最近/

Google loosened its 90-day policy / with an additional 14-day grace period. /

谷歌放宽了90 日规定政策/ 另行宽限14 天。/

Now vendors have an additional 14 days / to patch vulnerabilities / as long as they inform Google /

现在企业额外有14 天/ 修复漏洞/ 只要它们通知谷歌/

of the release schedule / before the deadline. /

发布日程/ 在截止日期前。/

“People deserve to use the Internet / without fear / that vulnerabilities out there / can ruin their privacy /

“人们有权使用互联网/ 不用害怕/ 网站中的漏洞/ 会毁掉他们的隐私/

with a single website visit. /

因为浏览了一次网站。/

We’re going to try to focus on the supply of these high value vulnerabilities /

我们将尽力锁定这些高价值漏洞/

and eliminate them.” / says Evans. /

然后排除。”/ 埃文斯说。/

目录

  • 前言
  • 本书用法
  • 第一部分 安全/黑客攻击
  • ★★☆☆01 谷歌黑客精英
  • ★☆☆☆ 02 你的系统安全吗?
  • ★★☆☆ 03 我的联想笔记本也不安全吗?
  • ★☆☆☆ 04 需要立即变更4种Facebook 设置
  • ★★★☆ 05 病毒与恶意软件区别何在?
  • ★☆☆☆ 06 预装的众多计算机程序
  • 第二部分 无人机 / 机器人
  • ★★☆☆ 07 谷歌与Facebook 的空中争霸战
  • ★☆☆☆ 08 无人机的五种特色用途
  • ★★☆☆ 09 机器人记者的崛起
  • ★☆☆☆ 10 机器人比人类工作更出色!
  • ★★★☆ 11 五大知名人士的忧虑
  • ★★★☆ 12 经典语录之机器人篇
  • 第三部分 大数据
  • ★★★☆ 13 大数据,高收益
  • ★★★☆ 14 研发人员的招聘秘诀:以实力取胜
  • ★☆☆☆ 15 大数据之大
  • ★☆☆☆ 16 IBM 让城市更智慧
  • ★★☆☆ 17 天气预报公司跻身广告界翘楚
  • ★★☆☆ 18 经典语录之大数据篇
  • 第四部分 物联网
  • ★★★☆ 19 日益智能的路灯
  • ★★☆☆ 20 物联网时代的一天(上)
  • ★★☆☆ 21 物联网时代的一天(下)
  • ★☆☆☆ 22 互联汽车
  • ★☆☆☆ 23 衬衫预警心脏麻痹
  • ★★★☆ 24 经典语录之物联网篇
  • 第五部分 云
  • ★☆☆☆ 25 一切尽在云端!
  • ★★☆☆ 26 向非技术圈朋友解释云
  • ★★☆☆ 27 数值中反映的未来
  • ★★★☆ 28 警惕云计算风险
  • ★★☆☆ 29 常用云计算术语集锦
  • ★★★☆ 30 经典语录之云计算篇
  • 第六部分 实战
  • ★★★★ 31 维基百科上的相关叙述
  • ★★★★ 32 技术段子摘选
  • ★★★★ 33 白宫眼中的网络安全