HONG KONG — For Apple in China, trouble seems to be the new normal.香港——在中国，遭遇困难或许出了苹果公司(Apple)的新常态。Cybersecurity monitoring groups and security experts said on Monday that people trying to use Apple’s online data storage service, known as iCloud, were the target of a new attack that sought to steal users’ passwords and then spy on their activities.网络安全监控团体和安全性专家周一回应，尝试用于苹果在线数据存储服务iCloud的人，沦为了一轮新的反击的目标。

攻击者企图盗取用户的密码，然后监控他们的活动。Starting over the weekend, when many users across China tried to sign into their iCloud accounts, they may have been giving away login information to a third party, in what is called a man-in-the-middle attack.从上周末开始，中国各地的许多用户在尝试指定iCloud账户时，有可能正在把指定信息泄漏给第三方。这被称作中间人反击。“You think you are getting information directly from Apple, but in fact the authorities are passing information between you and Apple, and snooping on it the whole way,” said a spokesman for an independent censorship-monitoring website, GreatFire, who declined to be named because of fear of reprisal.“你以为是必要从苹果获取信息，但实质上，当局正在你和苹果之间传递信息，并仍然在窥视，”监测网络审查情况的独立国家网站GreatFire的发言人说道。

因为惧怕遭背叛，这名发言人拒绝接受公开发表姓名。News of the vulnerability came just as the new iPhone 6 arrived in Chinese stores after a monthlong regulatory delay tied, in part, to concerns about the phone’s security.有关这一问题的消息爆出之际，正值苹果新的发售的iPhone 6登岸中国市场。此前，因为监管方面的原因，iPhone 6在中国的发售被延期了一个月，其中的部分原因是对iPhone安全性的忧虑。Activists and security experts say they believe the attacks are backed by the Chinese government because they are hosted from servers to which only the government and state-run telecommunications companies have access, according to GreatFire. They are also similar to recent attacks on Google, Yahoo and Microsoft aimed at monitoring what information users were retrieving on the sites.GreatFire称之为，活动人士和安全性专家回应，他们指出这次的攻击获得了中国政府的反对，因为它们是由政府和国有电信公司才有权限的服务器上发动的。

此外，它们和谷歌(Google)、雅虎(Yahoo)以及微软公司(Microsoft)最近遭遇的反击类似于，而那些反击意图监控用户从这些网站上加载了什么信息。“All signs point to the Chinese government’s involvement,” said Michael Sutton, vice president for threat research at Zscaler, a San Jose, Calif., security company. “Evidence suggests this attack originated in the core backbone of the Chinese Internet and would be hard to pull off if it was not done by a central authority like the Chinese government.”“所有迹象都指向中国政府与此事有关，”在加利福尼亚州圣何塞的安全性公司Zscaler负责管理威胁研究的副总裁迈克尔·苏顿(Michael Sutton)说道。

“证据指出，这轮反击发端于中国互联网的核心中枢，而且假如不是像中国政府这样的中央当局腊的，这种反击将很难构建。”The targeting of Yahoo, Google and Apple also potentially reveals a new Chinese government effort to adapt to initiatives by Internet companies — most notably new encryption techniques — to protect user data from government spying.把雅虎、谷歌和苹果作为目标也潜在地说明了出有，为了适应环境互联网公司为维护用户数据免遭政府监控而采行的措施，特别是在是新的加密技术，中国政府作出了新的希望。

“The Chinese government could no longer sniff traffic, so they intercepted that traffic between the browser and the iCloud server,” Mr. Sutton said.“中国政府无法再行窥视流量，所以他们就撷取了浏览器和iCloud服务器之间的流量，”苏顿说道。Many web browsers, like Apple’s Safari, Google’s Chrome and Mozilla’s Firefox, flashed a warning to users that a so-called encryption certificate that is supposed to identify who is on the other end of a web session should not be trusted. That indicated that users were inadvertently communicating with the attackers, rather than iCloud. In effect, the hackers stepped into the middle of the online conversation.许多网页浏览器，如苹果的Safari、谷歌的Chrome和Mozilla的Firefox，会弹出有一条警告，警告用户不不应信任本不应辨识出有网络会话的另一端是谁的“加密证书”。这种警告指出，用户正在疏忽大意地与攻击者而非iCloud交流。

实质上，黑客是放入到了网络对话的中间。Mr. Sutton noted that Qihoo, a browser offered by the Qihoo 360 Technology Company that is popular with Chinese Internet users, did not flash a warning to users.苏顿认为，奇虎360科技有限公司发售的奇虎浏览器在中国网民中颇受欢迎，它就会向用户插入这类警告。“As more sites move to encryption by default — which prevents the censorship authorities from selectively blocking access to content — the Chinese authorities will grow increasingly frustrated with their ability to censor that content,” said the GreatFire spokesman.“随着更加多网站改以配置文件加密——可以避免审查机构有选择地屏蔽内容——中国当局对自己审查内容的能力不会更加沮丧，”前述GreatFire发言人说道。“In some ways their hands are being forced. They can attempt these man-in-the-middle attacks or choose to outright block access to these sites. The more sites they block, the more they cut off the Chinese populace from the global Internet,” he added.他还说道，“他们只不过别无选择。

他们可以尝试这种中间人反击，或自由选择必要屏蔽这些网站。他们屏蔽的网站就越多，中国人孤立无援于国际网络的程度就就越相当严重。”The timing of the attack, aligned with the release of the new iPhone in China, is a potential indicator that the government is trying to harvest sign-in data from a large number of users who are switching over to the iPhone 6. The new phone comes with better encryption to protect against government snooping.反击的时机刚好是新款iPhone在中国市场发售之时。

这也许意味著，政府正试图从替换到iPhone 6的大量用户手中提供指定数据。为了避免政府的窥视，新款iPhone用于了更佳的加密技术。In September, Apple, based in Cupertino, Calif., said its latest operating system, iOS 8, included protections that made it impossible for the company to comply with government warrants asking for customer information like photos, emails and call history.今年9月，总部坐落于加利福尼亚州库比提诺的苹果回应，公司近期的操作系统iOS 8备有的保护措施，将使其无法遵照政府命令，泄漏图片、电子邮件和通话记录等客户信息。The change prompted the Federal Bureau of Investigation director, James B. Comey, to say in a recent speech that new encryption by Apple and others “will have very serious consequences for law enforcement and national security agencies at all levels.”基于这个变化，联邦调查局(FBI)局长詹姆斯·B·科米(James B. Comey)在近期的一次演说中称之为，苹果等公司的新型加密技术“将给各个层级的执法人员和国家安全性机构导致严重影响”。

“Sophisticated criminals will come to count on these means of evading detection,” Mr. Comey said.科米说道，“经验丰富的罪犯将倚赖这些途径来躲避侦察。”In August, Apple began storing data for iCloud on servers in China in a move it said was intended to enhance performance of the service there. The company said the state-owned service provider China Telecom, which owns the servers where the data is stored, did not have access to the content.今年8月，苹果开始在中国境内的服务器上储存iCloud数据。苹果回应，这样做到是为了提升iCloud在当地的服务质量。公司称之为，储存数据的服务器归属于中国的国有服务提供商中国电信，但其无法提供储存内容。

But security experts say it appears that Beijing has found a workaround, by coordinating man-in-the-middle attacks on a mass scale.不过安全性专家回应，中国政府或许寻找了一种变通方案，即的组织大规模的中间人反击。Apple on Tuesday acknowledged a network attack, but clarified that its iCloud servers were not breached. On a security webpage, it implied that man-in-the-middle attacks were being used to direct people to fake connections of iCloud.com, making their user names and passwords vulnerable to theft.周二，苹果否认受到网络攻击，但具体回应其iCloud服务器并未被攻陷。

在公司的一个有关安全性问题的网页上，苹果似乎，有人于是以通过中间人反击把用户推向iCloud.com的欺诈链接，从而使他们的用户名和密码更容易泄漏。On the webpage, Apple explained how people could distinguish an authentic iCloud.com website from a fake one. Basically, users will receive warnings when the web browser detects a fake certificate or an untrusted connection. Apple advised people to heed those warnings when they appear and avoid signing in.苹果在该网页上对如何分辨真假iCloud.com网站展开了说明。

一般来说，当浏览器找到假造的证书或不有一点信赖的链接时，用户就不会接到警告。苹果建议人们留意这类警告，不要指定。

“Apple is deeply committed to protecting our customers’ privacy and security,” said Trudy Muller, an Apple spokeswoman. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”“苹果忠诚地致力于维护用户的隐私与安全性，”苹果的女发言人特鲁迪·穆勒(Trudy Muller)说道。“我们告诉，有人为了提供用户信息，在通过不安全性的证书不时发动有的组织的网络攻击，我们回应非常重视。”Ms. Muller declined to comment on whether Apple had identified the Chinese government as the source of the attacks.对于苹果否早已证实中国政府为反击来源，穆勒拒绝接受置评。

Security experts said users should not visit websites if they receive a browser warning. Mr. Sutton also advised users to turn on two-factor authentication whenever possible, a procedure in which a user is prompted to enter a second one-time password that has been texted to the user’s phone. That way, he said, even if an attacker intercepts a password, they cannot use it to log into a site without the second password.安全性专家称之为，如果接到浏览器收到的警告，用户应当暂停采访适当网站。苏顿还建议用户尽量地打开双因素证书。在展开双因素证书时，用户必须输出另一个重复使用密码，而该密码不会通过短信发送到用户的手机上。

他说道，通过这种方式，即便攻击者求救了某个密码，他们也无法在没第二个密码的情况下用其指定网站。“Users should treat this seriously,” Mr. Sutton said.苏顿说道，“用户应当坦率对待这个问题。

本文来源：9659澳门新葡萄娱乐场app-www.kssy-th.com