slack财报

Slack is resetting some user passwords after it became apparent hackers stole them in a previous breach. The hackers compromised Slack’s systems in 2015, copied encrypted passwords, and installed code to record plaintext passwords as users entered them.

Slack正在重置一些用户密码，因为很明显，黑客在先前的漏洞中偷走了它们。 黑客在2015年入侵了Slack的系统，复制了加密密码，并安装了代码，以在用户输入密码时记录明文密码。

In 2015, Slack discovered that hackers had . The hackers managed to make their way into Slack’s infrastructure and breach a database that stored usernames and passwords.

在2015年，Slack发现黑客 。 黑客设法进入Slack的基础架构，并破坏了存储用户名和密码的数据库。

Thankfully, Slack properly hashed the passwords, which means they are encrypted and far less useful. Unfortunately, the hackers also installed code that would record plaintext passwords as users typed them in. When Slack discovered the problem, it tightened its security, removed the bad code, and reset passwords for anyone it thought had been affected by the breach.

值得庆幸的是，Slack正确地对密码进行了哈希处理，这意味着密码已被加密，并且远没有那么有用。 不幸的是，黑客还安装了在用户键入密码时会记录明文密码的代码。当Slack发现问题时，它加强了安全性，删除了错误的代码，并为认为受到该漏洞影响的任何人重置了密码。

Recently, someone contacted Slack through its bug bounty program with a list of compromised username and password combinations. The list was accurate, and when Slack investigated, it realized these passwords were in use . While the company thought it had discovered all compromised passwords at the time and reset them, that wasn’t the case.

最近，有人通过其漏洞赏金计划与Slack联系，并提供了一系列受损的用户名和密码组合。 该列表是准确的，当Slack调查时，它意识到使用这些密码。 尽管该公司认为自己当时已经发现了所有被泄露的密码并进行了重置，但事实并非如此。

Now, as a precaution, Slack is resetting all user passwords created at or before the 2015 breach. Slack says the reset affects about 1% of users and will contact them directly with instructions for the reset.

现在，为预防起见，Slack会重置在2015年违规之前或之前创建的所有用户密码。 Slack表示，重置会影响大约1％的用户，并将直接与他们联系以提供重置说明。

If Slack does contact you, you should also change your login details everywhere else if you reuse your passwords. If you do reuse passwords, you should stop. Breaches are now a common occurrence, and the safest thing to do is use a unique randomly generated password for every site. We recommend using a for that purpose. []

如果Slack确实与您联系，则如果您重复使用密码，还应该在其他任何地方更改登录详细信息。 如果您确实重复使用密码，则应该停止。 违反规则现在很普遍，最安全的做法是为每个站点使用唯一的随机生成的密码。 我们建议为此使用 。 [ ]

在其他新闻中： (In Other News:)

• Firefox will alert users of breached passwords: Speaking of breached passwords, Firefox wants to make you aware of when your passwords are compromised. If you save your passwords to the browser they will be checked against . If Firefox finds any matches, it will notify you. []

  Firefox会警告用户密码泄露：说到密码泄露，Firefox希望让您知道密码被盗的时间。 如果将密码保存到浏览器中，将检查对进行了密码检查。 如果Firefox找到任何匹配项，它将通知您。 [ ]

• A vulnerability in Bluetooth could reveal your location: Your Bluetooth devices are supposed to make secure connections, so only you have access to them. Unfortunately, the way many Bluetooth devices generate random connection information doesn’t prevent bad actors from tracking devices. Someone could place a series of beacons in a location, like in a mall, and track your movements. Android isn’t affected, but iOS and Windows is, and Fitbit is the easiest of all to follow. []

  蓝牙中的漏洞可能会显示您的位置：蓝牙设备应该建立安全连接，因此只有您可以访问它们。 不幸的是，许多蓝牙设备生成随机连接信息的方式并不能阻止不良行为者跟踪设备。 有人可以将一系列信标放置在某个位置(例如在购物中心中)并跟踪您的移动。 Android不受影响，但iOS和Windows受此影响，Fitbit是最容易遵循的。 [ ]

• Google removed apps designed for stalking from the Play Store: Google removed seven apps from the Play Store for violating its policies on commercial spyware. The apps touted that once installed; they could track location, record contacts, call logs, and the context of text messages (including encrypted services like WhatsApp) of a spouse, employee, or children. The apps came with instructions to install on a victim’s phone, then obfuscate the app so the phone’s owner wouldn’t know. Good riddance. []

  Google从Play商店中删除了专门用于跟踪的应用程序： Google 从Play商店中删除了七个应用程序，原因是它们违反了其商业间谍软件政策。 应用程序吹捧安装后； 他们可以跟踪位置，记录联系人，通话记录以及配偶，雇员或子女的短信(包括类似WhatsApp的加密服务)的上下文。 这些应用程序附带说明，要求在受害者的手机上进行安装，然后对应用程序进行混淆处理，以便手机的所有者不知道。 甩掉包袱。 [ ]

• Microsoft showed off holographic language translation: In a novel HoloLens demonstration, Microsoft showed off a digital translator at the Microsoft Inspire partner conference. The hologram looked remarkably like the presenter and spoke with similar mannerisms as well. But it spoke in Japanese, whereas the presented spoke in English. Microsoft says live translation will be possible with this hologram, although the demo was a staged script. Pretty neat stuff. []

  Microsoft展示了全息语言翻译：在一个新颖的HoloLens演示中，Microsoft在Microsoft Inspire合作伙伴会议上展示了数字翻译器。 全息图看起来非常像演示者，并且讲话方式也相似。 但是它用日语讲，而所介绍的用英语讲。 微软表示，尽管演示是一个分阶段的脚本，但使用此全息图可以进行实时翻译。 很整洁的东西。 [ ]

• Google starting to warn about apps not meant for children: Google previously told developers they would have to specify an intended age range for their apps. Now the company is starting to roll out “not designed for children” warning on apps that report an age range above children. Developers can even choose to apply the label proactively. Good stuff. []

  谷歌开始警告那些不适合儿童使用的应用：谷歌此前曾告诉开发人员，他们必须为他们的应用指定预期的年龄范围。 现在，该公司开始在报告年龄超过儿童的应用中推出“非儿童专用”警告。 开发人员甚至可以选择主动粘贴标签。 好东西。 [ ]

The zombifying ant fungus is even more horrible than we already thought.

僵化的蚂蚁真菌比我们已经想象的还要可怕。

Scientists have been researching a fungus that infects ants and essentially zombifies its body. Once infected, the fungus cells spread through the ant’s body and forces it to climb to the top of the nearest plant. After reaching the top of the plant the ant is compelled to clamp its jaws in the plant and stay there.

科学家一直在研究一种真菌，这种真菌会感染蚂蚁并实质上使其尸体僵化。 一旦被感染，真菌细胞就会在蚂蚁体内扩散，并迫使其爬到最近的植物的顶部。 到达植物的顶部后，蚂蚁被迫钳住植物的颚并留在那里。

The fungus continues to spread through the ant, before finally erupting from its head and releasing more spores in the air to start the cycle anew. If you’ve played , this fungus is the inspiration for the game’s zombies.

真菌继续在蚂蚁中传播，最终从其头部爆发并在空气中释放出更多的孢子，从而重新开始循环。 如果您玩过 ，那么这种真菌就是游戏僵尸的灵感来源。

Scientists have now discovered that the process leaves the brain intact until the very end, taking control of the body solely. Effectively the ant is turned into a marionette, watching its body move with no ability to stop the process. Horrifying. []

现在，科学家发现，该过程可以使大脑完整，直到最后，仅控制身体。 实际上，蚂蚁变成了木偶，看着它的身体移动而无法停止该过程。 太恐怖了 [ ]

翻译自:

slack财报