好消息!整个参议院只接受网络加密

Anyone now visiting their senator’s website will see something new: a little green lock in their browser’s address bar.
任何人现在访问他们的参议员的网站会看到一些新的:一个绿色的小锁在他们的浏览器的地址栏。
Last week the US Senate quietly began serving its entire domain — including each of the 100 elected senators’ websites — over an encrypted HTTPS channel by default.
上周,美国参议院悄悄地开始服务其整个领域-包括个当选参议员的网站-在一个加密的HTTPS通道默认。
national security
国家安全

Leaked document reveals UK plans for wider internet surveillance
泄露文件显示英国计划更广泛的互联网监控
UK government is holding the consultation in private away from the tech industry.
英国政府正在私下里与高科技产业进行磋商。
Read More
阅读更多
HTTPS isn’t just reserved for banks and login pages anymore, and hasn’t been for a long time. It’s nowadays seen as a measure for sites taking their own security and the privacy of their visitors seriously.
HTTPS不只是保留为银行和登录页面了,并没有很长一段时间。它现在被看作是一个衡量网站采取自己的安全和他们的游客的隐私严重。
The government has been on its own encryption binge for the past few years, trying to secure every page on every domain it has to ensure a standard level of security across the government domain space.
政府一直在自己的加密狂欢在过去的几年里,试图确保每个网页上的每一个领域,它必须确保一个标准的安全水平在政府域空间。
The logic is simple enough: Serving up each page through a secure and private connection ensures that every Senate page hasn’t been intercepted or impersonated (which is easy to do) and modified by hackers — or even intelligence agencies. It also protects the web address past the domain, in most cases preventing internet providers from knowing which individual pages a person visited.
逻辑很简单:提供每个页面通过一个安全的和私人的联系,确保每一个参议院的网页并没有被截获或扮演(这是很容易做的)和修改的黑客,甚至情报机构。它还保护网络地址过去的域,在大多数情况下,防止互联网供应商知道个人网页访问的人。
You might wonder why everyone hasn’t embraced it sooner. Encrypting web traffic used to be expensive, but the rise of free certificate services like Let’s Encrypt has made it significantly cheaper to encrypt web pages.
你可能想知道为什么每个人都没有拥抱它更快。加密Web流量曾经是昂贵的,但像我们这样加密的免费证书服务的崛起使得它大大便宜的加密网页。
Thats’s the easy bit, because make no mistake — switching from HTTP, where every byte travels the web without any encryption, to HTTPS is no small feat.
这是很容易的一点,因为没有错误-从HTTP转换,其中每个字节没有任何加密的网络传输到HTTPS是不小的壮举。
The project has taken over a year to complete, and has been a slow, tedious process of switching over each of the senator’s sites incrementally to HTTPS by default. (A spokesperson for the Senate Sergeant at Arms, which headed the project, confirmed the timing but wouldn’t comment further on the project.)
该项目已经花了一年多的时间完成,一直是一个缓慢的,繁琐的过程中切换到参议员的每一个网站增量HTTPS默认。(一位负责该项目的参议院警长的发言人证实了时机,但不会对该项目进一步置评。)
In order to switch over an entire site to HTTPS, every site element and component has to be served over the secure pipe. Given that the Senate domain has over a hundred individual senator’s domains and committee sites, and many more for other sites and projects, amounting to millions of pages over many years, including some that are decades old — it’s not an overnight job.
为了将整个站点切换到HTTPS,每个站点元素和组件必须被服务于安全管道。鉴于参议院领域拥有超过一百个个人参议员的域名和委员会的网站,以及更多的其他网站和项目,数以百万计的网页多年,包括一些几十年前-这不是一夜之间的工作。
防泄密在线课程
But unlike the executive branch, which has all the help from the federal government to switch over to HTTPS, the legislative branch has been left mostly to its own devices.
但与联邦政府的所有帮助转移到HTTPS的行政部门不同的是,立法部门主要留给自己的设备。
安全意识的提升,首先要让所有员工认识到安全是每个人的责任,并不仅是安全部门或IT管理员的职责。
The General Services Administration said it had no involvement in the Senate’s switch. “In general, GSA supports increased use of HTTPS across public services, and actively supports the executive branch’s efforts in this area,” said a spokesperson.
总务管理局说,它没有参与参议院的转变。”总的来说,GSA支持HTTPS在公共服务的使用增加,并积极支持该地区的行政部门的努力,”一位发言人说。
In pushing ahead with its HTTPS project, the Senate leapfrogged the House with its own effort to encrypt its web pages. At the time of writing, every House lawmaker’s website supports HTTPS, but only a little over half support HTTPS by default. (We asked the House’s chief administrative officer for comment, and we’ll update when we hear back.)
在推进项目的HTTPS,参议院超过房子有自己的努力来加密网页。在写作的时候,每个众议院立法者的网站支持HTTPS,但只有一半以上的支持HTTPS默认。(我们要求众议院首席行政官发表评论,我们将更新时,我们听到了。)
security
安全
Congress is so bad at cybersecurity, two lawmakers sent advice to colleagues
国会是如此糟糕的网络安全,两位立法者发送意见给同事
The bipartisan duo sent out the advice in the wake of recent cyberattacks.
两党铎发出建议,在最近的网络攻击之后。
Read More
阅读更多
HTTPS by default is a good start, but there’s more work to be done.
默认情况下HTTPS是一个良好的开端,但还有更多的工作要做。
In January, the government announced it would not only strictly enforce HTTPS on each new government website but it would also preload its domains and subdomains directly into web browsers — so that all browsers will always and by-default make a secure connection to a government website.
在一月,政府宣布它不仅严格执行HTTPS在每个新的政府网站,但它也将其域和子域名直接转发到Web浏览器-使所有浏览器将始终默认地与政府网站安全连接。
So far, plans have been made to preload executive branch websites, but it hasn’t been ruled out as a possibility for Congress in the future.
到目前为止,已经计划对行政分支网站进行预判,但它并没有排除将来国会的可能性。
Encryption remains a hot topic in Congress. It seems half of all lawmakers are for it, and half see it as a way for criminals and terrorists to get away with literal murder. In the past couple of years, we’ve seen several attempts by lawmakers to undermine the security protections that encryption offers, such as pushing for backdoors in existing encryption standards to make surveillance easier. Last year, in the wake of the San Bernardino terrorist attack, two senators pushed for their own anti-encryption bill that eventually failed.
加密仍然是国会的热门话题。似乎有一半的立法者赞成,一半认为这是罪犯和恐怖分子逃脱字面谋杀的一种方式。在过去的几年里,我们已经看到一些议员试图破坏安全保护,加密提供了,如推动现有的加密标准的后门使监视变得更容易。去年,在圣贝纳迪诺遭受恐怖袭击后,两位参议员推动本国的反加密的法案,最终失败。
That bill may be on deck to be reintroduced in the current session, sparking yet another protracted chapter in the ongoing crypto war.
该法案可能会在甲板上被重新在目前的会议,引发了另一个旷日持久的章节正在进行的加密战争。
Now that every senator’s website offers encryption, remember that next time they bring out the pitchforks.
现在,每一个参议员的网站提供加密,记住,下一次他们把干草叉。
ZDNET INVESTIGATIONS
ZDNet的调查
US government pushed tech firms to hand over source code
美国政府推动科技公司交出源代码
At the US border, expect discrimination, detention, searches, and interrogation
在美国边境,期待歧视、拘留、搜查和审讯
Leaked: TSA documents reveal New York airport’s wave of security lapses
泄露:TSA文件揭示纽约机场的安全漏洞浪潮
Meet the shadowy tech brokers that deliver your data to the NSA
满足的影子技术经纪人,提供您的数据到国家安全局
Trump aides’ use of encrypted messaging may violate records law
特朗普助手使用加密消息可能违反记录法
An unsecured database leaves off-the-grid energy customers exposed
一个无担保的数据库离开了网格能源客户暴露
Inside the global terror watchlist that secretly shadows millions
那暗暗的阴影在全球反恐监视名单上百万
Security flaws in Pentagon servers “likely” under attack by hackers
安全漏洞在五角大厦服务器“可能”受到黑客攻击
Revealed: How one Amazon Kindle scam made millions of dollars
透露:亚马逊如何点燃一个骗局数百万美元
US government subcontractor leaks confidential military personnel data
美国政府转包商泄露机密军事人员数据
保障业务信息安全和业务持续运作是组织中所有人的职责,要让每位员工了解和切实履行自己的安全职责,需要信息安全管理层和员工之间进行有效的沟通,而且这种沟通还需要持续不断地进行,这可不是一项轻松的工作。

猜您喜欢

中国日报社信息安全外包服务项目公开招标公告
“毁灭世界的力量”基于云计算的僵尸网络
针对一线员工的职业卫生安全管理体系培训教程
网络信息安全小曲
LIVIGNOSKITRANSFERS SOUTHPLAINFIELDNJ
信息安全第一课——丢弃毁坏的U盘