update README-cn #2

DeadLion · 2016-12-07T04:34:52Z

No description provided.

lovelyCiTY · 2016-12-07T09:51:31Z

linhe0x0 · 2016-12-07T09:52:37Z

lovelyCiTY · 2016-12-07T10:09:00Z

README-cn.md


-Some malware comes bundled with both legitimate software, such as the [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/), and some with illegitimate software, such as [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) bundled with pirated programs. [Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) is an excellent program for ridding oneself of "garden-variety" malware and other "crapware".
+一些恶意软件捆绑在正常软件上，比如将 [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/)，和 [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) 这种非法软件通过重新打包，捆绑到一块。[Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) 是一款超棒的应用，它可以帮你扫除各种各样的恶意软件和其它垃圾软件。


前一句的意思是捆绑到一起销售的盗版软件吧。所以最后翻成捆绑到一起后的盗版软件。第二句它可以帮你摆脱种类繁多的垃圾软件和其他恶意程序的困扰。

lovelyCiTY · 2016-12-07T10:23:44Z

README-cn.md


-You could periodically run a tool like [Knock Knock](https://github.com/synack/knockknock) to examine persistent applications (e.g. scripts, binaries). But by then, it is probably too late. Maybe applications such as [Block Block](https://objective-see.com/products/blockblock.html) and [Ostiarius](https://objective-see.com/products/ostiarius.html) will help. See warnings and caveats in [issue #90](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/90) first, however.  Using an application such as [Little Flocker](https://www.littleflocker.com/) can also protect parts of the filesystem from unauthorized writes similar to how Little Snitch protects the network (note, however, the software is still in beta and should be [used with caution](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/pull/128)).
+你可以定期运行 [Knock Knock](https://github.com/synack/knockknock) 这样的工具来检查持续在运行的应用(比如脚本，二进制)。但那可能已经为时过晚。[Block Block](https://objective-see.com/products/blockblock.html) 和 [Ostiarius](https://objective-see.com/products/ostiarius.html) 这样的应用可能还有些帮助。先看看 [issue #90](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/90) 中的警告。不过使用 [Little Flocker](https://www.littleflocker.com/) 也能保护部分文件系统免遭非法写入，类似 Little Snitch 保护网络 (注意，该软件目前是 beat 版本，[谨慎使用](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/pull/128))。


为时已晚改成但可能现在这样的方法已经过时了。

可以在[issue drduh#90]中查看相关的警告。和一句连起来读有点怪。。。

不过使用...改成尽管如此使用...吧

lovelyCiTY · 2016-12-07T10:41:17Z

README-cn.md


-Therefore, the best anti-virus is **Common Sense 2016**. See more discussion in [issue #44](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/44).
+因此，最好的防病毒是 Common Sense 2016。看看 [issue #44](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/44)中更多的讨论。


最好的防病毒是 Common Sense 2016 感觉这么翻好奇怪但是我也不知道怎么对... 我在有道词典上找到这个翻译本身翻译成常识。
例：
Use your common sense.
用用你的直觉决断力。
She always had a lot of common sense.
她总有很好的直觉决断力。

所以是不是可以翻成最好的防毒方式我们日常地防范。这里我确实不会翻...

我同意的你的观点，但是我看到它两个单词都用了大写而且加粗了，而且还有数字 2016？所以我觉得是不是某个专有名词、文章之类的，但是也没有参考链接，那还是采取你的建议吧。

lovelyCiTY · 2016-12-07T10:54:12Z

README-cn.md


-> A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.
+> 一项新的安全政策，应用于每个正在运行的进程，包括特权代码和从沙盒中运行的代码。该策略对磁盘上和运行时的组件增加了额外的保护，只允许系统安装程序和软件更新修改系统二进制文件。不再允许代码注入和运行时附加系统二进制文件。


非沙盒中运行的代码

lovelyCiTY · 2016-12-07T11:02:14Z

README-cn.md


-**XProtect** prevents the execution of known bad files and outdated plugin versions, but does nothing to cleanup or stop existing malware.
+**XProtect** 防止已知的坏文件和执行过时的插件版本，但并不能清除或停止现有的恶意软件。


防止执行已知的坏文件和过时了的版本插件。

lovelyCiTY · 2016-12-07T12:37:53Z

README-cn.md


-In addition to passwords, ensure eligible online accounts, such as GitHub, Google accounts, banking, have [two factor authentication](https://en.wikipedia.org/wiki/Two-factor_authentication) enabled.
+除密码外，确保像 GitHub、 Google accounts、 银行，开启[两步验证](https://en.wikipedia.org/wiki/Two-factor_authentication)。


确保像 Github、 Google 等账号，银行账户这些网上的账户，开启....

lovelyCiTY · 2016-12-07T12:49:02Z

README-cn.md


    $ gpg -o ~/Desktop/decrypted-backup.tar.gz -d ~/Desktop/backup-2015-01-01-0000.tar.gz.gpg && \
      tar zxvf ~/Desktop/decrypted-backup.tar.gz

-You may also create encrypted volumes using **Disk Utility** or `hdiutil`:
+你也可以用 **Disk Utility** 或 `hdiutil` 创建加密卷：


可以使用这些工具进行批量的加密

这里应该没有问题，volumes 这里是卷的意思。

恩，这个是我当时理解错了，校对完那一篇，我想起来这个错误了...

lovelyCiTY · 2016-12-07T12:51:25Z

README-cn.md


    $ tar zcvf - ~/Downloads | gpg -c > ~/Desktop/backup-$(date +%F-%H%M).tar.gz.gpg

-To decrypt an archive:
+加密一个文档:


文档解密

lovelyCiTY · 2016-12-07T12:54:51Z

README-cn.md


 ## Wi-Fi

-macOS remembers access points it has connected to. Like all wireless devices, the Mac will broadcast all access point names it remembers (e.g., *MyHomeNetwork*) each time it looks for a network, such as when waking from sleep.
+macOS 会记住它连接过的接入点。比如所有无线设备，每次搜寻网络的时候，Mac 将会显示所有它记住的接入点名称(如，*MyHomeNetwork*) ，比如从休眠中唤醒的时候就会。


比如每次唤起设备的时候。

lovelyCiTY · 2016-12-07T13:04:26Z

README-cn.md


-Here are several recommended [options](https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5) to add to  `~/.ssh/config`:
+这有些推荐的[配置项](https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5)加到 `~/.ssh/config`:


将这几个配置项加到

lovelyCiTY · 2016-12-07T13:17:48Z

README-cn.md


-List open network files:
+列出开放的网络文件:


公开的网络文件

lovelyCiTY · 2016-12-07T13:26:50Z

README-cn.md


-Manage default file handlers with [duti](http://duti.org/), which can be installed with `brew install duti`. One reason to manage extensions is to prevent auto-mounting of remote filesystems in Finder (see [Protecting Yourself From Sparklegate](https://www.taoeffect.com/blog/2016/02/apologies-sky-kinda-falling-protecting-yourself-from-sparklegate/)). Here are several recommended handlers to manage:
+用 [duti](http://duti.org/) 管理默认文件处理，可以通过 `brew install duti` 来安装。管理扩展的原因之一是为了防止远程文件系统在 Finder 中自动挂载。 ([保护自己免受 Sparkle 后门影响](https://www.taoeffect.com/blog/2016/02/apologies-sky-kinda-falling-protecting-yourself-from-sparklegate/))。这里有几个处理程序的建议：


这里有几个推荐的管理指令：

lovelyCiTY · 2016-12-07T13:27:06Z

README-cn.md


-See `man -k dtrace` for more information.
+看看 `man -k dtrace` 了解更多信息。


调用这个指令去了解更多信息。

lovelyCiTY · 2016-12-07T13:27:22Z

README-cn.md


-You can also use ssh to create an [encrypted tunnel](http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html) to send your traffic through, which is similar to a VPN.
+你也可以用 ssh 创建一个[加密隧道](http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html) 来发送流量，这有点类似于 VPN。


发送数据

lovelyCiTY · 2016-12-07T13:35:06Z

README-cn.md


-Set your screen to lock as soon as the screensaver starts:
+设置屏幕保护程序启动尽快锁定屏幕：


设置mac进入休眠状态时马上启动屏幕保护程序

lovelyCiTY · 2016-12-07T13:41:01Z

README-cn.md


-[Santa](https://github.com/google/santa/) - A binary whitelisting/blacklisting system for Mac OS X.
+[Santa](https://github.com/google/santa/) - Mac OS X 上一个二进制白名单/黑名单系统。


...上一个带二进制白名单/黑名单系统的软件

lovelyCiTY · 2016-12-07T13:44:28Z

README-cn.md


-[Santa](https://github.com/google/santa/) - A binary whitelisting/blacklisting system for Mac OS X.
+[Santa](https://github.com/google/santa/) - Mac OS X 上一个二进制白名单/黑名单系统。


...上一个带二进制白名单/黑名单系统的软件

lovelyCiTY

校对完成

lovelyCiTY · 2016-12-07T13:49:38Z

@sqrthree

This reverts commit 51a1e10.

…aster

yifili09

@lovelyCiTY @DeadLion
我就建立在最新的修改上增加建议啦。

校对完毕。
@sqrthree

yifili09 · 2016-12-08T09:13:19Z

README-cn.md


-Some malware comes bundled with both legitimate software, such as the [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/), and some with illegitimate software, such as [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) bundled with pirated programs. [Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) is an excellent program for ridding oneself of "garden-variety" malware and other "crapware".
+一些恶意软件捆绑在正常软件上，比如 [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/)，还有 [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) 这种和盗版软件捆绑到一块的。[Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) 是一款超棒的应用，它可以帮你摆脱种类繁多的垃圾软件和其他恶意程序的困扰。


legitimate software - 正版软件？我翻译的那块也有这个词

恩，用正版吧。

yifili09 · 2016-12-08T09:17:40Z

README-cn.md


-**Gatekeeper** and the **quarantine** system try to prevent unsigned or "bad" programs and files from running and opening.
+**Gatekeeper** 和 **quarantine** 系统试图阻止运行（打开）未签名或“坏”程序及文件。


"bad" programs

『有害』/『恶意』程序

yifili09 · 2016-12-08T09:25:14Z

README-cn.md


-This is a privacy risk, so remove networks from the list in **System Preferences** > **Network** > **Advanced** when they're no longer needed.
+这就有泄漏隐私的风险，所有当不再需要的时候最好从列表中移除， 在 **System Preferences** > **Network** > **Advanced** 。


所有当不再需要的时候最好从列表中移除

所有当不再需要的时候最好从列表中移除 这些连接过的网络

yifili09 · 2016-12-08T09:30:50Z

README-cn.md


-You may wish to [spoof the MAC address](https://en.wikipedia.org/wiki/MAC_spoofing) of your network card before connecting to new and untrusted wireless networks to mitigate passive fingerprinting:
+你可能希望在连接到新的和不可信的无线网络之前[伪造网卡 MAC 地址](https://en.wikipedia.org/wiki/MAC_spoofing)，以减少被动痕迹:


以减少被动痕迹 / mitigate passive fingerprinting:

以减少 被动特征探测

Passive Fingerprinting

DeadLion · 2016-12-12T06:03:06Z

@sqrthree 已修改完。

linhe0x0

还有一些需要调整下哈

linhe0x0 · 2016-12-12T15:05:41Z

README-cn.md


-In addition to passwords, ensure eligible online accounts, such as GitHub, Google accounts, banking, have [two factor authentication](https://en.wikipedia.org/wiki/Two-factor_authentication) enabled.
+除密码外，确保像 Github、 Google 账号、银行账户这些网上的账户，开启[两步验证](https://en.wikipedia.org/wiki/Two-factor_authentication)。


『Github』=>『GitHub』

linhe0x0 · 2016-12-12T15:06:35Z

README-cn.md


-Look to [Yubikey](https://www.yubico.com/products/yubikey-hardware/yubikey-neo/) for a two factor and private key (e.g., ssh, gpg) hardware token. See [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) and [trmm.net/Yubikey](https://trmm.net/Yubikey). One of two Yubikey's slots can also be programmed to emit a long, static password (which can be used in combination with a short, memorized password, for example).
+看看 [Yubikey](https://www.yubico.com/products/yubikey-hardware/yubikey-neo/) 的两因素和私钥(如：ssh、gpg)硬件令牌。 阅读 [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) 和 [trmm.net/Yubikey](https://trmm.net/Yubikey)。两个 Yubikey 的插槽之一可以通过编程来生成一个长的，静态密码（例如可以与短的，记住的密码结合使用）。


『长的』后面的逗号不需要了吧。

linhe0x0 · 2016-12-12T15:08:38Z

README-cn.md


    $ ssh -NCD 3000 [email protected]

-By default, macOS does **not** have sshd or *Remote Login* enabled.
+默认情况下， macOS **没有** sshd ，也不允许*远程登陆*。


linhe0x0 · 2016-12-12T15:09:09Z

README-cn.md


-A helpful tool is [usbkill](https://github.com/hephaest0s/usbkill), which is *"an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer"*.
+有个工具 [usbkill](https://github.com/hephaest0s/usbkill) 可以帮助你，这是*"一个反监视断路开关，一旦发现 USB 端口发生改变就会关闭你的计算机"*。


update from remote repository

DeadLion added 2 commits December 6, 2016 18:16

modified: README-cn.md

c7cf27f

Update README-cn.md

1c59dea

lovelyCiTY reviewed Dec 7, 2016

View reviewed changes

README-cn.md

List open network files:

列出开放的网络文件:

Copy link

lovelyCiTY Dec 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

公开的网络文件

lovelyCiTY reviewed Dec 7, 2016

View reviewed changes

DeadLion added 4 commits December 8, 2016 14:52

Update README-cn.md

51a1e10

Revert "Update README-cn.md"

f9caac1

This reverts commit 51a1e10.

Merge remote-tracking branch 'refs/remotes/origin/master' into xitu/m…

657e09a

…aster

modified: README-cn.md

ac5fcd5

yifili09 reviewed Dec 8, 2016

View reviewed changes

Update README-cn.md

d3d3497

linhe0x0 reviewed Dec 12, 2016

View reviewed changes

Update README-cn.md

fb43d98

linhe0x0 merged commit 287181b into xitu:master Dec 12, 2016

linhe0x0 pushed a commit that referenced this pull request Dec 15, 2016

Merge pull request #2 from xitu/master

e42054d

update from remote repository


		Some malware comes bundled with both legitimate software, such as the [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/), and some with illegitimate software, such as [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) bundled with pirated programs. [Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) is an excellent program for ridding oneself of "garden-variety" malware and other "crapware".
		一些恶意软件捆绑在正常软件上，比如将 [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/)，和 [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) 这种非法软件通过重新打包，捆绑到一块。[Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) 是一款超棒的应用，它可以帮你扫除各种各样的恶意软件和其它垃圾软件。


		You could periodically run a tool like [Knock Knock](https://github.com/synack/knockknock) to examine persistent applications (e.g. scripts, binaries). But by then, it is probably too late. Maybe applications such as [Block Block](https://objective-see.com/products/blockblock.html) and [Ostiarius](https://objective-see.com/products/ostiarius.html) will help. See warnings and caveats in [issue #90](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/90) first, however. Using an application such as [Little Flocker](https://www.littleflocker.com/) can also protect parts of the filesystem from unauthorized writes similar to how Little Snitch protects the network (note, however, the software is still in beta and should be [used with caution](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/pull/128)).
		你可以定期运行 [Knock Knock](https://github.com/synack/knockknock) 这样的工具来检查持续在运行的应用(比如脚本，二进制)。但那可能已经为时过晚。[Block Block](https://objective-see.com/products/blockblock.html) 和 [Ostiarius](https://objective-see.com/products/ostiarius.html) 这样的应用可能还有些帮助。先看看 [issue #90](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/90) 中的警告。不过使用 [Little Flocker](https://www.littleflocker.com/) 也能保护部分文件系统免遭非法写入，类似 Little Snitch 保护网络 (注意，该软件目前是 beat 版本，[谨慎使用](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/pull/128))。


		Therefore, the best anti-virus is Common Sense 2016. See more discussion in [issue #44](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/44).
		因此，最好的防病毒是 Common Sense 2016。看看 [issue #44](https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/44)中更多的讨论。


		> A new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.
		> 一项新的安全政策，应用于每个正在运行的进程，包括特权代码和从沙盒中运行的代码。该策略对磁盘上和运行时的组件增加了额外的保护，只允许系统安装程序和软件更新修改系统二进制文件。不再允许代码注入和运行时附加系统二进制文件。


		XProtect prevents the execution of known bad files and outdated plugin versions, but does nothing to cleanup or stop existing malware.
		XProtect 防止已知的坏文件和执行过时的插件版本，但并不能清除或停止现有的恶意软件。


		In addition to passwords, ensure eligible online accounts, such as GitHub, Google accounts, banking, have [two factor authentication](https://en.wikipedia.org/wiki/Two-factor_authentication) enabled.
		除密码外，确保像 GitHub、 Google accounts、银行，开启[两步验证](https://en.wikipedia.org/wiki/Two-factor_authentication)。


		Here are several recommended [options](https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5) to add to `~/.ssh/config`:
		这有些推荐的[配置项](https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5)加到 `~/.ssh/config`:


		Manage default file handlers with [duti](http://duti.org/), which can be installed with `brew install duti`. One reason to manage extensions is to prevent auto-mounting of remote filesystems in Finder (see [Protecting Yourself From Sparklegate](https://www.taoeffect.com/blog/2016/02/apologies-sky-kinda-falling-protecting-yourself-from-sparklegate/)). Here are several recommended handlers to manage:
		用 [duti](http://duti.org/) 管理默认文件处理，可以通过 `brew install duti` 来安装。管理扩展的原因之一是为了防止远程文件系统在 Finder 中自动挂载。 ([保护自己免受 Sparkle 后门影响](https://www.taoeffect.com/blog/2016/02/apologies-sky-kinda-falling-protecting-yourself-from-sparklegate/))。这里有几个处理程序的建议：


		See `man -k dtrace` for more information.
		看看 `man -k dtrace` 了解更多信息。


		You can also use ssh to create an [encrypted tunnel](http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html) to send your traffic through, which is similar to a VPN.
		你也可以用 ssh 创建一个[加密隧道](http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html) 来发送流量，这有点类似于 VPN。


		Set your screen to lock as soon as the screensaver starts:
		设置屏幕保护程序启动尽快锁定屏幕：


		[Santa](https://github.com/google/santa/) - A binary whitelisting/blacklisting system for Mac OS X.
		[Santa](https://github.com/google/santa/) - Mac OS X 上一个二进制白名单/黑名单系统。


		Some malware comes bundled with both legitimate software, such as the [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/), and some with illegitimate software, such as [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) bundled with pirated programs. [Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) is an excellent program for ridding oneself of "garden-variety" malware and other "crapware".
		一些恶意软件捆绑在正常软件上，比如 [Java bundling Ask Toolbar](http://www.zdnet.com/article/oracle-extends-its-adware-bundling-to-include-java-for-macs/)，还有 [Mac.BackDoor.iWorm](https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit?pli=1) 这种和盗版软件捆绑到一块的。[Malwarebytes Anti-Malware for Mac](https://www.malwarebytes.com/antimalware/mac/) 是一款超棒的应用，它可以帮你摆脱种类繁多的垃圾软件和其他恶意程序的困扰。


		Gatekeeper and the quarantine system try to prevent unsigned or "bad" programs and files from running and opening.
		Gatekeeper 和 quarantine 系统试图阻止运行（打开）未签名或“坏”程序及文件。


		This is a privacy risk, so remove networks from the list in System Preferences > Network > Advanced when they're no longer needed.
		这就有泄漏隐私的风险，所有当不再需要的时候最好从列表中移除，在 System Preferences > Network > Advanced 。


		You may wish to [spoof the MAC address](https://en.wikipedia.org/wiki/MAC_spoofing) of your network card before connecting to new and untrusted wireless networks to mitigate passive fingerprinting:
		你可能希望在连接到新的和不可信的无线网络之前[伪造网卡 MAC 地址](https://en.wikipedia.org/wiki/MAC_spoofing)，以减少被动痕迹:


		In addition to passwords, ensure eligible online accounts, such as GitHub, Google accounts, banking, have [two factor authentication](https://en.wikipedia.org/wiki/Two-factor_authentication) enabled.
		除密码外，确保像 Github、 Google 账号、银行账户这些网上的账户，开启[两步验证](https://en.wikipedia.org/wiki/Two-factor_authentication)。


		Look to [Yubikey](https://www.yubico.com/products/yubikey-hardware/yubikey-neo/) for a two factor and private key (e.g., ssh, gpg) hardware token. See [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) and [trmm.net/Yubikey](https://trmm.net/Yubikey). One of two Yubikey's slots can also be programmed to emit a long, static password (which can be used in combination with a short, memorized password, for example).
		看看 [Yubikey](https://www.yubico.com/products/yubikey-hardware/yubikey-neo/) 的两因素和私钥(如：ssh、gpg)硬件令牌。阅读 [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) 和 [trmm.net/Yubikey](https://trmm.net/Yubikey)。两个 Yubikey 的插槽之一可以通过编程来生成一个长的，静态密码（例如可以与短的，记住的密码结合使用）。


		A helpful tool is [usbkill](https://github.com/hephaest0s/usbkill), which is "an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer".
		有个工具 [usbkill](https://github.com/hephaest0s/usbkill) 可以帮助你，这是"一个反监视断路开关，一旦发现 USB 端口发生改变就会关闭你的计算机"。

update README-cn #2

update README-cn #2

Conversation

DeadLion commented Dec 7, 2016

lovelyCiTY commented Dec 7, 2016

linhe0x0 commented Dec 7, 2016

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

lovelyCiTY left a comment

Choose a reason for hiding this comment

lovelyCiTY commented Dec 7, 2016

yifili09 left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

DeadLion commented Dec 12, 2016

linhe0x0 left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment