湖边的英文角

当今，人们已经习惯于用卡购物，很少人会怀揣大数额的现金出入商场。这种新的购物付款方式，一方面给我们的生活带来了方便，另一方面也给我们的生活带来了新的烦恼。最麻烦的是安全问题。比如，我自己就有信用卡三个半月连续被盗用多次的经历。又比如，近日爆出美国一家大零售店Target有4000万顾客卡的信息被盗，且在黑市被卖。无可置疑，偷盗变卖卡的信息，已经成了困扰百姓日常生活的一个新的犯罪行为；而不幸的是，有关部门尚且没有有效的防御措施来保护顾客的利益。更不幸的是，这一批利用网络和高科技的技术来作案的歹徒频频得手后，依然能美滋滋地挥霍他人的钱，逍遥法外地享受着。读读下面这篇文章，我们大家都应该加强防范意识，把自己的卡看护更紧些。

（Steve Johnson San Jose Mercury News - ‎Friday‎, ‎December‎ ‎20‎, ‎2013）

Amid reports Friday that credit and de**-card information stolen from up to 40 million Target customers already is being sold on the black market, security experts warned that such attacks not only will continue but could worsen.

While businesses are experimenting with new ways to deter cyber-thefts, the experts noted, the crooks are getting smarter about exploiting vulnerabilities in the growing ranks of companies whose operations are linked across the world's vast computerized networks. "The reality is that these incidents are only going to increase," said Paul Lipman, CEO of Redwood City security firm Total Defense. "It's a result of the increasing connectivity of everything we touch."

Target, meanwhile, scrambled Friday to reassure customers by offering free credit monitoring, and encouraged them to keep shopping during the holiday season by announcing a 10 percent discount this weekend. That may do little to calm the popular discount retailer's angry customers, who said they couldn't reach anyone Friday at Target's toll-free hotline, 866-852-8680.

"I'm furious and I'm frustrated," said Mia Siegel of Danville, who said she was among those who shopped at a local Target store during the Nov. 27 to Dec. 18 data breach and who hasn't been able to get through on the hotline. Each time she called, she said, "you have to go through the whole phone tree and they tell you, 'Just a minute, we'll have someone help you,'" and then "it just hangs up on you."

Other people lodged similar complaints on Target's Facebook page, and San Francisco resident Jennifer Kirk on Friday sued the chain in federal court, claiming it "failed to implement and maintain reasonable security procedures."

Target spokeswoman Molly Snyder acknowledged in an emailed statement that "we are experiencing significantly higher volume than normal to our call centers," and added, "we are working hard to resolve this issue by adding team member support and system capacity as quickly as possible. We apologize for the inconvenience."

The company, which said it is "hearing very few reports of actual fraud," still hasn't disclosed details about how the attack occurred. But on Friday, Brian Krebs — a well-respected cyber security blogger who first disclosed the breach — reported that credit and de**-card data stolen in the attack "has been flooding underground black markets in recent weeks." He added that the purloined information has been "selling in batches of one million" for $20 to more than $100 per card.

Experts said retailers are experimenting with a number of technologies to minimize the impact of such incidents.

Some are designed to spot attacks minutes after they begin instead of taking days, which is often the case now, said Hugh Thompson of Sunnyvale security company Blue Coat. While that might not stop crooks from stealing information, he added, "it's a way to vastly reduce the impact of it" by letting firms react more quickly.

Another method is to encrypt more parts of the business's operations, so that even if some data is stolen, it will be harder for the thieves to decode, said Terence Spies of Cupertino-based Voltage Security.

Marc Maiffret of Phoenix security company BeyondTrust added that many retailers will likely be prompted by Target's breach to hire consultants to identify their vulnerabilities and suggest improvements.

But he characterized the on-going battle with cyber crooks as a "cat and mouse game," noting that every time businesses make their systems safer, the bad guys figure out new ways to exploit them.

Eric Chiu, president of Mountain View security company HyTrust, agreed. "As thieves get more savvy," he concluded, "we should absolutely expect that we will see more breaches of greater magnitude."

In a report detailing the problems it expects in 2014, Japanese security firm Trend Micro predicted "we're going to have one or more events like this every month," said J.D. Sherry, the company's vice president of technology and solutions. He noted that one reason for the grim assessment was that many retailers still use Windows XP as their operating system, Because the software is a dozen years old and will no longer be fortified with security updates from Microsoft after April, he added, "this is a big problem."

But for Target, its immediate focus was the fallout from the attack. In a statement, Target CEO Gregg Steinhafel noted that just because someone shopped at Target during the attack "doesn't mean they are victims of fraud" and emphasized that none of those customers "will not be held financially responsible for any credit and de** card fraud."