【Native Speaker每日综合训练—46系列】【46-10】科技

ROLEDAD

内容：ROLEDAD 编辑：ROLEDAD

Stay tuned to our latest post! Follow us here ---> http://weibo.com/u/3476904471

官方活动帖：长难句讨论帖-每日训练    SC讨论帖    CR讨论帖    RC讨论帖

有关Kim Jong Un的话题似乎一直占大媒体的版面～～ 今天承接周六文史哲的话题，继索尼索尼影视娱乐有限公司(Sony Pictures Entertainment, SPE) 首席执行官迈克尔林顿(Michael Lynton)的电子邮件遭受黑客攻击、电影剧本被泄露到网上，进而引起大家对电子邮箱安全的热议。话题有关cybervandalism，E-mail Safety，文章均选自WSJ，大家enjoy！

Part I: Speaker

Facebook Quietly Created New E-Mail Addresses
June 28, 2012 ｜ Larry Greenemeier

For a company that made its name by building one of the world's most popular social networks, Facebook itself often comes across as, well, antisocial.

Facebook is invaluable as a forum for finding long-lost friends, not to mention sharing links, photos and personal videos. For better and worse, the site has even redefined the word "like."

Of course Facebook manages to use all of this goodwill to its own advantage. And the company often needs to be reminded that there are limits to how much it can exploit user information for profit.

Facebook has settled a class-action lawsuit that forces it to be more clear that clicking on the "Like" button means your name and photo can be used to endorse whatever movie, product or politician you "liked."

Most recently, Facebook surreptitiously modified user profiles to replace their original e-mail addresses with @facebook.com addresses. Mail sent to that address becomes a Facebook message to a user. You’d think that a company with so many loyal followers would have announced this ahead of time. That’s a definite dislike.

—Larry Greenemeier

Source: Scientific American 60-second Tech
http://www.scientificamerican.com/podcast/episode/facebook-quietly-created-new-email-12-06-28/

[Rephrase 1, 1:15]

ROLEDAD

Part II: Speed

Are You Sure You Want to Use Email?
Companies Rethink Policies About Deleting Messages in Wake of Sony Leaks
By DON CLARK, SHIRA OVIDE and ELIZABETH DWOSKIN | Dec. 19, 2014b

[Time 2]
Devastating leaks from Sony Corp. ’s computer systems have dramatized the risks of storing corporate email for extended periods. Some people in Silicon Valley wonder if it is time to rethink that practice.

Electronic mail, despite many attempts to replace it, remains a vital communications tool and an ad-hoc filing cabinet for employees at most companies. Retrieving important information and attachments by searching mail—which can be stored indefinitely—is simple and fast.

But as was highlighted in the Sony hack, this puts a single trove of both potentially embarrassing communication and critical company secrets within easy reach of cybercriminals. (Related Article: Obama Says Sony ’Made a Mistake’ Canceling Film)

Many long-established companies have for some time had email-deletion policies, but for a different reason: Complying with demands for stored communication in legal cases can be expensive.

These policies typically call for automatic deletion of emails after a set period, often after 90 or 120 days. But many companies—especially startups—have no retention policies.

Some experts view the startling success of attackers in breaching Sony’s defenses and distributing sensitive emails—an incident thatU.S. officials have linked to North Korea—as a powerful argument for prompt destruction of nonessential messages.

“My belief is the retention policy should be 30 days,” said Steve Blank, a veteran Silicon Valley entrepreneur and academic. “I think the Sony-North Korea thing just kind of reinforces the fact.”
There are signs that some companies are heeding such calls. Cloud Sherpas, an Atlanta-based firm that helps companies buy Gmail and other workplace technology from Google Inc. and others, said two customers have changed their email retention systems since the Sony hacking.

One of them, a big technology manufacturing firm on the West Coast, asked for a customized software process to purge email of specific users whenever the business deemed it necessary, said David Hoff, Cloud Sherpas’ chief technology officer. The other customer, a midsize manufacturer, added a Google function to automatically delete emails after a year, with a shared “safe” folder in which employees could stow emails that they needed to keep longer.
[346 words]

[Time 3]
Deleting messages isn’t necessarily an absolute defense against theft, since storage systems frequently retain traces of data that can be retrieved under some circumstances.

A Sony spokesman didn't respond to questions about the company’s data-retention policies or details about the breach.

Amid the uncertainty, some tech companies say they are reviewing their security precautions, in part because customers in government and other sectors are demanding to know their data will be safe.

“They have a lot more questions for us as we sell into those accounts,” said Douglas Murray, chief executive of Big Switch Networks Inc., a Silicon Valley startup that is using a security firm to evaluate its safeguards. “People are concerned.”

Executives at some startups say the very idea of regularly deleting emails is a foreign concept, and may be too drastic a solution.

“Destroying email that has become a repository for employees to go back and do research will be a significant culture change,” said Justin Somaini, chief technology officer at Box Inc., which offers online data storage and related services. “A better approach than deleting email is the application of healthy security practices on the content itself.”

Another familiar option is encrypting mails to make them unintelligible in the event they are stolen. Few companies encrypt all of their email, though, in part because many employees correspond with others outside their organizations who aren’t using the technology.
[231 words]

[Time 4]
Some startups, meanwhile, have been pushing alternatives to email that they believe improve collaboration. They include Slack Technologies Inc. and HipChat.

Matt Mullenweg, chief executive of the startup Automaticc, said it mainly leans on tools such as Slack and hardly uses email anymore. But those services also generate data that could tempt attackers.

“Search is one of the big features of these tools, so deleting old stuff would be counterproductive,” Mr. Mullenweg said, who said his company has no plans to start deleting emails.

Many startups also rely on services like Google’s Gmail, rather than storing and managing email on their own servers as established companies tend to do.

“We expect our email to stick around forever,” said Jonathan Gray, chief executive of the big data startup Cask, which uses Gmail. “I think most would be best served thinking that way.”

Mr. Gray said his company has strict policies around handling sensitive data from its enterprise customers, but had no internal policy governing how email data would be deleted.

John Schroeder, chief executive of big data startup MapR, said the company takes a similar stance. “We haven’t implemented a deletion policy of any kind,” he said, adding that the company has strict policies for handling customer data.

At the opposite extreme are companies like Intel Corp. , which grappled with email retention issues in a private antitrust suit by rival Advanced Micro Devices Inc. that was settled in 2009.

Some Intel employees failed to take the proper measures to stop relevant emails from being destroyed by the company’s auto-delete system.

Now the company automatically deletes emails after 90 days, unless employees individually take action to store them in folders, said Chuck Mulloy, an Intel spokesman.

These days, Silicon Valley companies seem more interested in reducing the risks with additional technology. Some entrepreneurs have advocated messaging systems, along the lines of the consumer service Snapchat, that are designed to delete messages soon after they are viewed.

Others believe that companies should develop technology that gives individuals or corporate owners of that data the ability to destroy it remotely if it falls into the wrong hands, though the feasibility of the approach remains unclear.

“The sender should have the right to delete the email,” said Muddu Sudhakar, chief executive of Caspida, a Silicon Valley security startup. “These systems need to evolve to support that capability.”
[396 words]
Source: Wall Street Journal
http://www.wsj.com/articles/are-you-sure-you-want-to-use-email-1419030075

Fears Spread of Sony-Style Hack
Damaging Revelations Prompt Executives to Review Security and Counsel on Email Etiquette
By RACHEL FEINTZEIG, CLINT BOULTON and JOANN S. LUBLIN | Dec. 17, 2014

[Time 5]
Damaging revelations emerging from the computer assault on Sony Corp. are playing like a horror movie in America’s executive suites, prompting companies to review security measures and reconsider what is said in an email.

Corporations long have dealt with hackers who went after their trade secrets and customers’ financial data. But the attack on film studio Sony Pictures Entertainment Inc. that on Wednesday led it to cancel a film debut took the possible consequences to a new level by leaking financial data, secret details about coming films, complaints about business partners and racially insensitive comments about President Barack Obama .

The scale is causing executives who thought they had computer security under control to sit up and take notice.

“Sony is Snowden, right?” said Bruce Schneier, chief technology officer of cybersecurity firm Co3 Systems Inc., referring to the former National Security Agency contractor who exposed reams of embarrassing information about America’s electronic spying efforts. “It’s someone getting in and getting everything.”

Larry Pimentel, chief executive of Azamara Club Cruises, a luxury cruise line owned by Royal Caribbean Cruises Ltd. , said he is more likely to pick up the phone or walk down the hall to meet in person after hearing about the Sony breach.

“I was always thinking about hacking in terms of financial stuff,” he said. But the Sony incident made him realize that his relationships and social interactions could be invaded too, creating a new kind of discomfort and embarrassment.

Soon after learning of the studio breach, he reached out to Royal Caribbean’s information chief to learn more about the company’s cybersecurity profile, including details on passwords and filters and access controls. He was satisfied with the answers and took the executive’s advice to keep employees up-to-date on security protocols and concerns. At a quarterly meeting with his top executives on Tuesday, he urged they take a lighter approach to email.

“Say the facts, but be more gentle,” he said he told them.
[329 words]

[Time 6]
Faisal Husain, CEO of technology firm Synechron Inc., says he has always been careful about communicating over email. But after news of the Sony breach began emerging, he brought up the topic on a weekly management call with his executive team. He urged the group, the company’s top 50 employees, to use the phone or schedule in-person meetings if they need to address a conflict between employees, tackle a tricky client situation or “speak very openly.”

The attack on Sony came at the end of a year marked by a succession of data thefts at retailers. A long running intrusion at Target Corp. last year exposed around 40 million credit and debit cards. A similar attack at Home Depot Inc. this summer compromised 56 million cards. Shoppers have become inured to the breaches, which also hit luxury retailer Neiman Marcus Group, crafts chain Michaels Cos . and grocer Supervalu Inc.

The breach at Target helped topple the company’s CEO and served as a wake-up call for many companies. Still, the attack on Sony appears more serious because sensitive, private information was made public to discredit and damage the company and its executives, Mr. Schneier said.

Stuart Kippelman, information chief at Covanta Energy Corp., said until the Sony incident, he had never been in a security meeting and raised the question: Who is out to cause us harm?

“Whereas CIOs have traditionally thought generically about security, going forward they will have to assess who their enemies are,” he said. “I think this changes the way every company should think about security.”

U.S. officials have concluded North Korea is behind the attack on Sony, people familiar with the investigation said on Wednesday. North Korea, which called the Sony comedy portraying the assassination of leader Kim Jong Un an “act of war,” has denied any connection.

The bad news, said Charles Elson , a board member at HealthSouth Corp. and Bob Evans Farms Inc., is there is little companies can do to stop sophisticated, government-backed motivated attackers.
[335 words]

[End up]
The weakest links in any corporation are the employees, said Tim Arthur, chief information officer of Alltech Inc., an animal health and nutrition science company based in Kentucky. That won’t change regardless of how many policies and procedures are put in place. He wonders whether executives and other employees might start going “anti-digital,” reverting to conducting more conversations via the phone than email.

Bonnie Hill, a director of Yum Brands Inc. and California Water Service Group , echoed that point, saying the attack on Sony got everyone’s attention and is a reminder “that you don’t use your email for general, chatty conversations.’’ She said she expects boards to start asking more questions about what kind of information is being kept and how safe it is.

“A sufficiently skilled, motivated and funded attacker will get in, period,” Co3’s Mr. Schneier said. Companies must continually improve security with layers of defense that include intrusion prevention, detection and incident response, he said.

“This is going to take years to unwrap,” Mr. Schneier added. “Now every company is thinking, ‘What would it be like if everything in our company was made public?’ ”
[191words]
Source: Wall Street Jounal
http://www.wsj.com/articles/fears-spread-of-sony-style-hack-1418863212?KEYWORDS=email

ROLEDAD

Part III: Obstacle

Sony Made It Easy, but Any of Us Could Get Hacked
A focused, skillful cyber attacker will always get in, warns a security expert
By BRUCE SCHNEIER ｜ Dec. 19, 2014

[Paraphrase 7]
Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment’s computer systems and began revealing many of the Hollywood studio’s best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama’s presumed movie-watching preferences) to the personnel data of employees, including salaries and performance reviews. The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned release of “The Interview,” a satire targeting that country’s dictator, after the hackers made some ridiculous threats about terrorist violence.

Your reaction to the massive hacking of such a prominent company will depend on whether you’re fluent in information-technology security. If you’re not, you’re probably wondering how in the world this could happen. If you are, you’re aware that this could happen to any company (though it is still amazing that Sony made it so easy).

To understand any given episode of hacking, you need to understand who your adversary is. I’ve spent decades dealing with Internet hackers (as I do now at my current firm), and I’ve learned to separate opportunistic attacks from targeted

You can characterize attackers along two axes: skill and focus. Most attacks are low-skill and low-focus—people using common hacking tools against thousands of networks world-wide. These low-end attacks include sending spam out to millions of email addresses, hoping that someone will fall for it and click on a poisoned link. I think of them as the background radiation of the Internet.

High-skill, low-focus attacks are more serious. These include the more sophisticated attacks using newly discovered “zero-day” vulnerabilities in software, systems and
networks. This is the sort of attack that affected Target, J.P. Morgan Chase and most of the other commercial networks that you’ve heard about in the past year or so.

But even scarier are the high-skill, high-focus attacks—the type that hit Sony. This includes sophisticated attacks seemingly run by national intelligence agencies, using such spying tools as Regin and Flame, which many in the IT world suspect were created by the U.S.; Turla, a piece of malware that many blame on the Russian government; and a huge snooping effort called GhostNet, which spied on the Dalai Lama and Asian governments, leading many of my colleagues to blame China. (We’re mostly guessing about the origins of these attacks; governments refuse to comment on such issues.) China has also been accused of trying to hack into the New York Times in 2010, and in May, Attorney General Eric Holder announced the indictment of five Chinese military officials for cyberattacks against U.S. corporations.

This category also includes private actors, including the hacker group known as Anonymous, which mounted a Sony-style attack against the Internet-security firm HBGary Federal, and the unknown hackers who stole racy celebrity photos from Apple’s iCloud and posted them. If you’ve heard the IT-security buzz phrase “advanced persistent threat,” this is it.

There is a key difference among these kinds of hacking. In the first two categories, the attacker is an opportunist. The hackers who penetrated Home Depot’s networks didn’t seem to care much about Home Depot; they just wanted a large database of credit-card numbers. Any large retailer would do.

But a skilled, determined attacker wants to attack a specific victim. The reasons may be political: to hurt a government or leader enmeshed in a geopolitical battle. Or ethical: to punish an industry that the hacker abhors, like big oil or big pharma. Or maybe the victim is just a company that hackers love to hate. (Sony falls into this category: It has been infuriating hackers since 2005, when the company put malicious software on its CDs in a failed attempt to prevent copying.)

Low-focus attacks are easier to defend against: If Home Depot’s systems had been better protected, the hackers would have just moved on to an easier target. With attackers who are highly skilled and highly focused, however, what matters is whether a targeted company’s security is superior to the attacker’s skills, not just to the security measures of other companies. Often, it isn’t. We’re much better at such relative security than we are at absolute security.

That is why security experts aren’t surprised by the Sony story. We know people who do penetration testing for a living—real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker—and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable. But good security makes many kinds of attack harder, costlier and riskier. Against attackers who aren’t sufficiently skilled, good security may protect you completely.

It is hard to put a dollar value on security that is strong enough to assure you that your embarrassing emails and personnel information won’t end up posted online somewhere, but Sony clearly failed here. Its security turned out to be subpar. They didn’t have to leave so much information exposed. And they didn’t have to be so slow detecting the breach, giving the attackers free rein to wander about and take so much stuff.

For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.

The time to start is before the attack hits: Sony would have fared much better if its executives simply hadn’t made racist jokes about Mr. Obama or insulted its stars—or if their response systems had been agile enough to kick the hackers out before they grabbed everything.

My second piece of advice is for individuals. The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now.

This could be any of us. We have no choice but to entrust companies with our intimate conversations: on email, on Facebook , by text and so on. We have no choice but to entrust the retailers that we use with our financial details. And we have little choice but to use cloud services such as iCloud and Google Docs.

So be smart: Understand the risks. Know that your data are vulnerable. Opt out when you can. And agitate for government intervention to ensure that organizations protect your data as well as you would. Like many areas of our hyper-technical world, this isn’t something markets can fix.
[10274words]

Source: Wall Street Journal
http://www.wsj.com/articles/sony-made-it-easy-but-any-of-us-could-get-hacked-1419002701

smallchange306

speed
2'34
1'48
2'28
2'25
2'15
obstacle
7'43
attacker can be divided by skill and focus
   1)low skill, low focus. sending mass email to people. if one click the button it can attack.
   2)low skill, high focus. they can be helped by software
   3)high skill, high focus. this is the tough one.
for the first 2 kinds, it can be pretect by some software, but for the last one it denpend on the attacker' s skill. Sony falls into this one.

for this i have 2 advice
     for Co. , set good precausion.
     for individuals, nothing.but trust

rita-schumi

Speed
01:32
01:10
01:30
01:38
01:41

Obstacle  
06:03
Topic: Cyberattack
2 characteristics of attackers: Skill & Focus
low sk,low focus
high sk, low focus
high sk, high focus

2 advice
for the organization
for individual
Be cautious to use email

赤木2

Speed
01:56
01:16
01:39
01:33
01:49
Obstacle
05:56

arovane

speed
掌管 6        00:01:18.34        
掌管 5        00:02:14.14        
掌管 4        00:02:30.19        
掌管 3        00:02:49.38        
掌管 2        00:01:33.25        
掌管 1        00:02:29.78        
The recent case about sony has raised cautions about the safety of the e-mail use. A large part of the companies  had continued using e-mail for the reason that the secure process is too expensive.
It is claimed that only deleting the email can hardly solve the problemY, and thus many consumers are concerining about the safety of their email. J pointed about that methode other than deletion should be employed such as encrytpting.
Other companies have taken diverse mesures: using other communicaiton tool such as shark or gmail. There are also extreme example of deleting the e-mail during a period of time. A suggestion is proposed to give the sender the right to delete the mail, though the tech in detial is still unclare.
the case has arosed the concern among the firms in usa.the patrons were worrying about not only the security of the companies' financial issue, but also the connection with his employees.
The similar attacks have happened thoughout the year, and what worsen the problem that most of the companies haven't known who is their enemy. The failure of the connection with the relative department in North Korea has raised the alert to the governement-backed attacks.
the breach also alerted the employees of every company to take care of what they commute in their email and reduce the conversation by email.
obstacle：
掌管 7        00:08:28.97        
The case of the breach of Sony haved stunned the world. There are many opinions on the speculaiton of the hacker in different countries. The attack can be classified though skill and target. The breach of Sony falls on the the high-skilled, high-targeted attack relating to the spite intention to the company. To protect ourselves of the attack, the author gave two advice: first, to take the breach seriously, second, as we cannot live without involving commuting online, to rely on the country inversion to protect us.

傻西瓜

there are increasing concerns about new email deletion policy through the Sony-North korea thing.
two options are concerned as feasible ways to solve the safty problem.
But some of excutives do not like the deletion policy and prefer evolve a better system or technology to protect email.
computer assault on SONY lead many executives of big companies in America reconsider security of financial data.
掌管 5        00:02:20.24        00:12:58.32
掌管 4        00:02:23.13        00:10:38.08
掌管 3        00:02:57.56        00:08:14.94
掌管 2        00:01:49.74        00:05:17.37
掌管 1        00:03:27.63        00:03:27.63
obstacle 09'07
the author has classified the hackers into three different types: 1.low-skilled and low-focused 2.high-skilled but low-focused3. high-skilled and high-focused.
the author claims that all datas on the internet are vulnerable to high-skilled experts if they have aimed to you and gives two advices to organizations and individuals, respectively.

KaterinaTse

Speaker
As a tool which people always use it to contact with others, Facebook quitely change the email adress and the users don't like it.

Time 2
2'34'34 Sony pretends to add a function of google to protect their email costomers.

Time 3
1'40'39 Costomers request for deleting the data but the chief technology officer points out that to offer better application of security is better.

Time 4
2'42'53 About the hacker event,many company strongly suggest that there should be a function that can delete emails automatically and the sender should have the right to delete the emial which goole still is unable to do them now.

Time 5
The hacker fears people about their email's safety.Then an chief executive of a famous company let the staff send email more gently just in case.

Time 6
2'09'70 Both companies and retailors are worried about the hackers and one company uses its approach to avoid using email now.

End up
1'19'28 Every company wonder whether everything of every company will be made public or not.They really worry about the safety.

Obstacle
7'6'40 Some events happened before about hacker to U.S.Ther are many posssibilities.And there are two advices for Sony.People should understand risk because there not really something markets can fix the problem.

wensd1111

1 A 02:01
2 A 01:11
3 A 02:09
4 A 01:33
5 A 01:45
6 A 00:49
7 A 05:37