节目资讯
刊物:科技前沿
日期:2009-06-09
难易度:Low
关键字:sl…
节目资讯
刊物:科技前沿
日期:2009-06-09
难易度:Low
关键字:slim, lax, masquerade as
(Music).
Help!
”In the old days, you would have to go from trash can to trash can looking for
information.
Today you can write a program that does all the work for you,” said Tod Feinman,
CEO of a firm that specializes in safeguarding personal info.
Feinman suggests the use of password vaults - secure computer programs that keep
track of all of your passwords.
All you have to do is remember the password to the vault.
Hackers also target websites with lax security, looking for lists of user names
and passwords.
They have no desire to masquerade as you on your favorite scrapbooking website.
Instead, they hope you use the same user name and password combination for sites
like eBay and Paypal.
The trick to keeping yourself secure is all about making your passwords
complicated.
A combination of letters, numbers and symbols can work wonders against those who
would do you harm.
But there also is a school of thought among tech folks that writing a password
down isn’t the end of the world - as long as you keep it somewhere safe.
Greg Muschong is a computer tech for an organization that requires employees to
pick a new password every 90 days.
”If they aren’t allowed to write it down, they’ll forget it,” Muschong said.
”That’s just the way it is.”.
Well, help!
We all need help, don’t we, Pam?
We all need help, but I’m thinking I really need help in this area.
Well, when they talk... when you talk about the old days, you’d have to go from
trash can to trash can, and people used to do that.
In fact, they still have what call shredders in many offices.
When you have letters or something confidential, or bank statements, you... you
have to cut it up.
Well, you can’t use sissors, it takes too long.
They have a little machine that cuts up all the paper.
They call that a paper shredder.
And otherwise, people will go in the garbage can and try to find out people’s
bank accounts and numbers and passwords and everything.
So it’s good to shred things in the office.
That’s the old days, right?
That’s right.
But how can you shred things on the web?
I don’t know.
Well, I don’t know about the shredding.
We can be careful, uh, but now the bad guys don’t go through our trash cans,
Doris.
Today, uh, it says you can write a program that does all the work for you.
And what the spokesperson here’s saying is today the hackers can write a program
that does all the work for them.
So, and this is from Tod Feinman, CEO of a firm that is in security.
Now what does he mean there?
They actually can just write a program that will just kind of like scroll
through millions of possibilities.
Right, OK.
Mmhm.
So if you put 12345 or go up to 10, they’ll try all the numbers.
Right.
And one might work.
Right, right.
So they don’t have to do it manually, but the computer does it.
That’s scary.
Right, yeah.
It is scary.
Well, what are we supposed to do about that?
It says hackers also target websites with what we call lax, which means not very
tight security.
When something is lax, it’s loose, isn’t it?
That’s right.
So he says what they do is they’ll target these websites that somehow they know
has this loose or lax security, and they’re looking for lists of names and
passwords.
Well, I just wanna go back there, Doris.
He, uh, had suggested to fight this, uh, lax security that we use a password
vaults, and that’s a place where...
it’s a program where we can actually keep track of all of our passwords.
So this is saving us from writing everything down on a piece of paper.
Uh, but the thing is we just have to remember what is the password to the vault.
Mmhm.
But it’s only one password, we don’t have to remember ten or twenty.
So... so you can keep all of your passwords one place.
But you have to know that one.
But if you...
Right.
What if somebody finds out what that is and they get all your password?
So it’s not that safe.
You’re in trouble.
Right.
You’re still in trouble, yeah.
OK, so you have to be very careful and they... they have no desire to pretend...
What does it mean to masquerade?
Masquerade means just what you said.
Right?
That’s right.
Wear a mask?
To pretend to be something or be someone you’re not.
And the writer says that that’s not what they want to do.
They don’t want to masquerade as you.
Rather, they hope to get your information so that they can get into sites like
eBay, Paypal, and use your information, your financial information.
Makes you almost afraid to use some of those sites, doesn’t it, Bill?
Well, you know, in today’s Internet age, unfortunately, it’s really difficult,
uh, especially with us.
Like we people, we travel.
We live in different states and countries, and we need to do some of this
e-commerce.
It’s... it’s almost impossible to avoid this, so...
But, yeah, they don’t want to masquerade.
Usually that... as... the hackers, they... they want to come in and go out quick
before you even know it.
Oh, boy, the trick of keeping yourself secured then is all about making your
passwords very complicated.
I kind of like mine simple so I can remember, right?
Well, if we can’t write them down, for me then the simpler is the better.
But he says a combination of letters, numbers and symbols can work wonders
against those who would do you harm.
But if as Bill has just said, they write these programs that run millions of
combinations...
Yeah.
I think the odds might be in their favor.
Well, uh, it is now.
There’s two things that they might write a program that will scroll through
numbers,
and they also will write a program that, uh, might scroll through words in a
dictionary.
And one other things that will help that is, as we mentioned, a combination of
letters, numbers and symbols.
Like I mentioned yesterday, maybe using, uh, the letter l for a 1, 2 for a Z,
maybe a 3 has to represent a backwards E.
So you might want to and mix in some numbers, and actually that’s one way of
beating these programs that scroll through things.
Sounds like it’s going to take a long time just to figure that out.
But there is what they call a school of thought, means people are thinking this
way.
It’s not like a school, we have a school of thought.
But a school of thought, there is this idea out there that people are talking
about.
Especially these tech folks that do this.
And they say well, writing a password down isn’t the end of the world.
I like that expression.
Thank goodness.
As long as we keep it somewhere safe.
That’s what we have to do - keep it safe.
That’s right.
And that just simply means, Doris, the end of the world would be something
that’s disastrous.
Mmhm.
Well, you know that is... I like that there because, and again, we’re talking
about passwords, but too often we’re just...
We end up giving up information without really knowing what we’re doing.
Especially if you’re on Facebook or something, people give all kinds of
information on there.
Right, there’s all kinds of unnecessary information and, uh, we download
attachments, and maybe we go to a website for, uh, fishing and farming’s games,
or the ones when we click on a site and then we end up giving out information
that people who are soliciting us for our information.
That’s really frightening.
Well, this Greg, who is a computer technician for an organization, he said that
company requires you to pick new passwords every 90 days... passwords every 90
days.
I think, uh, our company does it too, probably every 60 days or something to
change your password.
Well, it’s a good thing to change that password because if you just keep the
same password for years and years, eventually somebody would figure it out.
Well, and you know, when I’ve tried to use a password I used maybe a time
before, they’ll say, ”Nope, you can’t use one.”.
Mmhm.
Right.
They won’t let you use it; you have to, you know, keep getting some new ones in
there.
And that’s just the way it is.
That’s right.
But Doris, it sounds like this... this man Greg, uh, is one of those who
believes it’s not the end of the world if you write your password down, as long
as you keep it somewhere safe,
and then they follow up by requiring them to be changed every 90 days.
What he’s... Yeah, what he’s saying here is it’s... it’s... it’s not likely that
somebody is going to break into your office or...
Actually what more is possible... more possible is a coworker accessing your
desk.
Now that exists... that possibility exists that somebody might go into your desk
and somehow find your piece of paper with passwords.
But it’s much more possible that we actually will make our own mistake and
voluntarily submit our information.
Much more likely that we’ll do that.
Right.
Mmhm.
OK, well, one thing that is talking about here is that the... the way they get
your password and... and one they do it here, it says, is: How do they attack?
And can you read that part at the top there on... on page 21, Pam?
It says: How do computers attack?
The simplest are the brute force and dictionary attacks - computer programs that
try over and over to guess your password.
These attacks are the reasons experts caution against using words found in the
dictionary for your password and why employers make you change passwords every
90 days.
Another favored method is the use of Trojan horse programs to sneak into
someone’s computer to look for passwords, credit card numbers and other data
that could be used for identity theft.
OK, now, this Trojan horse... I’ve heard about this a lot that they... there’s
one - they call it the Trojan horse.
And why would they call something a Trogan horse?
Isn’t that an ancient story from fighting long and going Greece or something?
Right, there were two warring tribes, two warring factions.
And I think maybe one... one tribe was being defeated but they came up with a
very clever idea.
Uh, they were having trouble getting beyond this huge wall.
And so they delivered a gift - a beautiful wooden horse that was then wheeled
inside the city through the wall.
But little did the other tribe know there were soldiers inside.
Yeah, as soon as they got inside the wall, they broke out of that horse and then
started, you know, fighting and it was...
So they called that the Trojan horse.
And how... how does it have anything to do with computers, Bill?
Well, Doris, that’s a good question.
Uh, for our listeners, a great example of Trojan horse is the movie ”Troy”.
They will see that in the movie there, the Trojan horse.
But we’re talking about a much smaller item.
In fact, we’re talking about something you can’t even see.
Now a Trojan horse in a computer program.
Here’s what happens... is you click on an attachment from somebody that you
don’t know, you don’t recognize, or even somebody that you think you recognize.
When you open up that attachment, maybe a picture appears, something cute on
your computer.
But within that attachment, there is a couple of lines of code that is
programmed to do a couple of different things.
One, gather your information; or two, what they now do is send out programs that
actually will track your keystrokes.
And these programs can track your keystrokes and then also feedback information
to the hackers that have sent this out.
So they will identify your computer and they can identify names and numbers and
things like that.
So it’s a sneak attack from this attachment.
That’s why we call it a Trojan horse.
So they often say if you get an attachment from somebody and you don’t know who
it is, sometimes you’ll get one and say: I don’t know that person.
Right.
They say, don’t open it.
Well, that’s one thing, Doris.
Definitely don’t open e-mails from people that you do not recognize, and, or
things that you might even suspect, the strange.
And here’s another thing.
This is one of my pet peeve... is that we get all these attachments forwarded on
to us from different people, right?
And then, then it says: Forward this on to twelve people and then you’ll win a
million dollars tomorrow.
Well...
You might use a million dollars.
No, in that attachment, in this great message might be some Trojan horse or some
special code,
and then this is the hacker’s way of spreading this thing around.
I’m gonna send out an e-mail that says people would get rich if they forward
this on to twelve people.
And the next thing you know, this thing’s spreading out around the world.
So don’t do that.
Don’t send them and don’t forward them on.
OK, that’s the safest thing to do.
You might get this Trojan horse.
That’s exactly right.
Well, it’s kind of a serious thing and we do have to be careful, and they do say
you could write them down as long as you keep it somewhere safe.
And it’s probably better not to take it out of your office or your house.
And if it’s in your office, you leave it in a drawer at night, maybe it’s not
safe.
You have to be careful.
Well, I think that’s one of the key points this writer has made, Doris,
that if it’s in your office, you may not know all of your coworkers well enough
to know whether someone in your building...
What about the janitor...
Exactly.
... that comes at night to clean?
And someone else in the building.
Sell it to somebody.
Who knows?
That’s a good point.
I said it’s unlikely that somebody would break into our desk, but...
At night.
But at night, that’s right.
And a couple of things could happen.
An employee could access this, a coworker could access this, and maybe even
somebody...
That’s why we need to be really careful because somebody that we’ve known for
years,
all of a sudden, because the economy... they’re hitting a rough economic time,
they’re having problems financially.
Hey, Bill, keep out of my office, Bill.
That person might get desperate.
You never know.
So that’s why you shouldn’t leave it in your desk.
I do trust Bill, though, but you know.
Thank you.
But I don’t want you open any drawers in my office.
I might do it for chocolate.
Yeah... Candy, right?
But you know, this is an interesting subject, and I think... think we do have a
little skit on it right now.
Yes, we do.
Honey, do you know the password for our online bank account?
I’ve tried entering a password two times already, and if I miss again, they’ll
freeze the account.
Hold on a sec.
Mmm... let me finish this bowl of ice cream.
Honey, the ice cream can wait.
Sorry, you’re right.
Oh, I changed the password last week.
Forgot to tell you, sorry.
Well, good thing I asked you before someone at the bank thought we were trying
to victimize ourselves.
I tell you, this whole password business is mind-boggling.
We have to change the password on that account every 90 days, and each password
has to be eight letters, containing numbers, capital letters, etc.
I just can’t keep up with all the different passwords.
But it’s simply a sign of the times that we need to keep changing the password.
The bank is trying to keep our online money safe.
It’s still frustrating.
And the chances of someone actually getting into our account are quite slim.
Well, maybe we can think of some kind of pattern for remembering our passwords.
Good idea.
Maybe we could combine our address - 233 - with a flavor of ice cream and change
the flavor every month.
I knew you’d think of something having to do with ice cream.
Let’s start out with your favorite flavor - mint.
OK, 233mint, that’ll be our new password, and there’s no way I’ll forget that.
Now our passwords will always be safe.
Oh, wait, I’m not sure.
Is that a microphone?
Oh, no, there’s two of them.
I... I think someone’s recording us.
Wait, I think we’re on a radio show!
Our password’s been leaked.
Ooh... our system for protecting our password seems to be a bit on the lax side.
Well, I think I could put a lock on that drawer in my office.
Maybe that might work.
But you know, we do have to be careful, and it’s...
We kind of joke about it a little bit, but it’s not a funny thing, it’s a very
serious thing, isn’t it?
It’s very serious, Doris.
And when you hear people who have had their identities stolen or who have had
information stolen,
it takes many months, sometimes many years to take care of the situation and
make it right again.
And uh, I talked about how we make mistakes giving information out, Doris.
And there’s a basic principle: don’t give out information to folks that are
asking you.
The only time you really want to give out credit card information or bank
information is when you have started that process, and you are searching for a
specific service or product.
And you have to be very careful.
Sometimes a letter will pretend like it came from your bank,
but if they start asking you a lot of questions they shouldn’t ask, then you
think maybe that is what we call phishing - P-H-I-S-I-N-G.
It’s not really the real thing, so be very, very careful about giving out
information on the web.
I’ve gotten e-mails from eBay and some other sites saying that I need to verify
my password number or else my account’s going to close and stuff like that.
It’s all just... it’s all bogus.
Right, don’t do... don’t even answer that.
And as you said earlier, Doris, the hackers are so clever now, they’re coming up
with, uh, pages that look alike the eBay page and your bank page.
But Bill has just warned us, and it’s good to know: Never, never respond online
to that kind of request.
Better to be safe than sorry.
That’s right.
Right.
OK, remember that: better safe than sorry.
Keep those passwords safe, and keep using your computer but be careful.
And thanks for being with us today.
Pam, you’re going to join us in some more lessons this week, too.
Yes, I will.
I’m looking forward to it.
So thank you - all of you - for being here.
It’s nice to have you every day all around the world as we study English
together.
So have a good safe day today.
Goodbye now.
Goodbye.
