ADM-201 dump PMP dumps pdf SSCP exam materials CBAP exam sample questions

什么是“白帽黑客” – 译学馆
未登陆,请登陆后再发表信息
最新评论 (0)
播放视频

什么是“白帽黑客”

White Hat Hacking Explained

到目前为止 我们的黑客系列
So far in our hacker series of shows,
主要集中在恶意的黑客行为上
we’ve concentrated mostly on the more nefarious type of hacking,
即由黑帽黑客组成的黑客圈
a milieu consisting of what’s known as black hat hackers.
他们中有男有女 磨练黑客技术
These are the guys and girls that have honed their skills
通过后门 非法窃取信息
to get through backdoors and steal information
他们或将信息出售 或向用户勒索钱财
that they might sell on, hold ransom,
亦或直接盗用信用卡消费
or simply use to buy something on your credit card.
他们还可能想要制造混乱 仅仅因为他们有这个能力
They might also want to cause mayhem just because they can.
然后是灰帽黑客
Then we have the grey hats,
他们往往会利用系统的安全漏洞
and those guys often exploit a vulnerability in a system
来警示公司或组织 他们的系统
and then tell a company or organization that they have a problem,
存在致命的缺陷
a digital Achilles heel,
你可以给他们钱或者雇佣他们为你修复漏洞
and you can pay them or hire them to fix it for you.
但现在让我们来看看黑客中的无名英雄
But now let’s have a look at the unsung heroes of hacking,
二进制世界的守护者——白帽黑客
the protectors of the binary realm, the white hats.
那么 这些白帽黑客
So, who are these guys, the white hats,
这些发现系统漏洞并进行修补的道德专家们
the ethical specialists of finding faults in systems
究竟是什么人呢?
and patching up holes?
Techopedia解释为
According to Techopedia,
他们是受雇于公司或其他组织的电脑专家
they are experts that are hired by companies or other entities
(通过)攻击客户系统(来测试网络安全)
to break into systems.
雇主或许会告诉他们:“随你攻击 尽力攻击”
“Here you go, do your best,” an employee might tell them.
他们有时候会被雇佣做坏事
They have in some cases been hired from the darkside
——通常不是十分严重的犯罪
– usually not the hyper-criminally darkside –
也是最适合的
and so are the perfect fit.
毕竟 如果你想雇人
After all, if you wanted to hire someone
保护银行不被抢
to ensure no one robs your bank
为什么不雇个银行劫匪呢?
why not hire a bank robber?
他们能确保网络不受他们的对手
They are there to make sure their nemeses, the black hats,
黑帽黑客的攻击
can’t do damage.
他们的黑客手段
Their methods of hacking of course
可能和黑帽黑客非常相似
might be very similar to the black hats,
他们也许在同一个培训基地训练过
they might have trained on the same training ground,
但是他们需要尽量始终领先于
but their job is to try and keep one step
他们的敌人 或者公司的敌人
ahead of their foes, or the company’s foes.
他们是不可或缺的
They are indispensable,
不仅仅保护公司或政府的信息
and they are not just protecting company or government information
也保护着你
but protecting you.
所有人都有不想被人看到
You all have information online
不想被窃取的在线信息
that you don’t want to be seen, don’t want stolen,
一定程度上多亏了这些人
and in part it’s thanks to these people
保护你的网络数据
that you can sleep at night with the assurance
让你可以在晚上安心入睡
that the data you put online remains protected.
你可以称他们为信息守卫者
You could call them gatekeepers of information,
不过他们也是技艺高超的窃贼
except they are also highly skilled burglars.
最厉害的一些我们一会儿就会介绍到
The best ones we’ll talk about soon.
如果你看过我们其他跟黑客有关的节目
If you’ve seen our other shows on hackers
你就知道那些组织都热衷于雇佣这类人
you’ll know that organizations are keen to hire these people,
他们中的一些人过去对黑客行为的道德标准较低
some of whom have been less ethical about hacking in the past.
你或许看到过有政府部门
You might have governmental departments
参加黑客会议 物色有特定技能的人才
showing up to hacker conferences and headhunting individuals with a certain skillset.
正如《滚石杂志》报道的那样 问题是
One problem there, as Rolling Stone reported,
他们中的一些人或许有一技之长
is that some of those guys might have the skills,
但是他们并不是政府机关的人才
but they are not exactly office material
甚至一些人有过犯罪记录
and some of them have criminal records,
这让他们面试美国联邦调查局的简历不太好看
not really good on a resume for an FBI interview.
通常组织机构都想要把他们引入正途
Oftentimes organizations want to tempt the bad guys to the good side,
但是某种程度的不良因素
but we could say there is a certain level of badness
或许会阻碍这种转变的发生
which might preclude that transition ever being made.
不过 我们接下来将向你介绍几位
Still, we are about to tell you
之前搞过不少破坏的
about some former black hats that did do a fair bit of damage
之后改邪归正 成为白帽黑客的前黑帽黑客
before they hooked-up with the good guys and donned an office-regulation tie.
凯文·米特尼克
Kevin Mitnick
我们以前谈过这个人
We have talked about this man before,
但是我们要介绍白帽黑客
but we can’t do a show on white hats
必须要谈到那些
without including someone who is often called
世界上最著名的黑客
the world’s most famous hacker.
我们先说 米特尼克因罪入狱
Let’s first say that Mitnick was imprisoned for his crimes,
但是他经常说警方夸大他的罪行
but he’s often said his “blackness” was overstated
将他作为杀鸡儆猴的例子
as he was made an example of.
他是黑客的典型代表
He is somewhat the poster boy of hacking,
是一些黑客电影的灵感来源
having been the inspiration for some of those hacking movies
这些黑客电影描述了一群80年代的孩子搞得政府寝食难安的故事
which depicted 80s kids giving the government a hard time from their bedrooms.
米特尼克曾说过
Mitnick has said
他的早期黑客经历不是真的技术入侵 而是人类的探索
that his early hacking wasn’t really techno-hacking but human exploitation,
有时候被称为社会工程
sometimes called social engineering.
如果你看过《黑客军团》系列
If you’ve seen the series Mr. Robot
你就会知道 黑客通常很少
you’ll know that hackers often get information
通过窃听电话获取情报
merely by deceit on the telephone.
那部系列剧部分是由熟悉黑客技术
That series was partly written by people who know hacking,
和社会工程工作的人写的
and social engineering works.
但是米特尼克是计算机专业毕业的
But Mitnick graduated to computers
最终非法入侵了诺基亚 太平洋贝尔等电话公司
and ended up hacking companies such as Nokia and Pacific Bell.
他之后成为一名逃犯
He went on the run after that
但是最终被抓到
but he was eventually found
因他犯下的罪行被判长期监禁
and sentenced to a long jail sentence for the crime he committed.
在他被监禁的五年里
During his five years behind bars
他说自己被虐待
he has said he was treated badly
并且被单独监禁了很长一段时间
and did quite a bit of time in solitary confinement.
他并不是真正爱好偷窃本身
His real love wasn’t stealing per se,
他只是喜欢测试自己的技能
but he just enjoyed testing his skills.
比如 在他16岁的时候
At 16-years old for instance,
他创建了一个程序来模拟学校里的电脑
he created a program that simulated the computers at school,
所以当老师登录的时候 米特尼克就能够获取信息
and so when a teacher logged in Mitnick could get the information.
他在2018年接受采访时说
“ I took his password, logged in,
我拿到他的登陆密码 登录进去
and just had a huge smile on my face that it worked, ”
然后脸上露出灿烂的笑容 因为程序奏效了
he said in an interview in 2018.
但是好奇心占了上风 他的世界变得灰暗起来
But his curiosity got the better of him and his world turned darker.
在出狱后
After prison, though,
他创办了自己的网络安全公司 并且致力于
he started his own security company and concentrated his efforts
帮助别人抵御黑帽黑客
on helping others to stave off black hats.
在一次采访中 他将自己的转变解释得很清楚
In an interview he explained this switch quite clearly,
这是一个恶性循环
“It was a vicious cycle.
我因为入侵系统被捕 再入侵系统 再被捕 再入侵
I got busted, I did it again, I got busted, I did it again.
在某种程度上 我今天还在做一样的事
In a way, I still do it today…
但现在我得到了客户的许可还有他们的报酬
But now I just get permission from my clients and get paid.”
阿德里安·拉莫
Adrian Lamo
不幸的是 这个黑客已经不在了
Unfortunately this hacker is no longer with us,
他于2018年逝世
having passed away in 2018.
他因为非法入侵纽约时报以及科技巨头微软公司和雅虎公司
He gained his notoriety for hacking The New York Times
而恶名昭彰
as well as tech behemoths Microsoft and Yahoo.
事实他的世界在2013年就开始崩溃了
But his world came crashing down in 2003
那时他因为自己的黑客行为被拘捕
when he was arrested for those hacks as well as others.
不过 他还是忍着痛苦 在法庭上说
He took it on the chin, though, saying in court,
我要对我所做的一切负责
“ I want to answer for what I have done
要让我的生活变得更好
and do better with my life.”
他后来还说
He also later said,
我们要全权负责自己的行为
“ We all own our actions in fullness,
不仅仅是其中令人愉快的方面
not just the pleasant aspects of them.”
在2009年 拉莫被卷入一桩有争议的案件
In 2009, Lamo was involved in a controversial case
案件牵涉到美国告密者布拉德利(现改名为切尔西)· 曼宁
involving US whistleblower Bradley ( now Chelsea) Manning.
后者泄密给了错误的人
The latter had confided to the wrong man,
因为拉莫当时在执法机关工作
as Lamo was working for law enforcement
他告发了告密者
and he blew the whistle on the whistleblower.
随后 全世界很多人都批评拉莫
Subsequently many people around the world criticized Lamo,
很多声讨他的人就是黑客
and many of his detractors were in the hacking community.
他成了一名流浪黑客
He became an outcast.
拉莫后来向《卫报》解释了他的行为 他说
Lamo later explained his actions to The Guardian, saying,
曼宁窃取了成千上万份文件
“ There were hundreds of thousands of documents,
——为了保守起见 我们把这个数字降低到25万
let’s drop the number to 250,000 to be conservative,
如果我那时什么都不做 就是在赌
and doing nothing meant gambling that each and every one
安全警报没有提示 每一份文件都不会造成危害
would do no harm if no warning was given. ”
后来他站到了正义的一面 成为了一名安全顾问
He later went to the light side and became a security consultant,
但在曼宁事件之后 他的生活从未轻松过
but his life was never easy after the Manning controversy.
他经常收到死亡威胁
He received death threats regularly
他还滥用药物
and he was also known to abuse substances.
当他2018年去世时 他的尸检还没出结果
When he died in 2018 his autopsy was inconclusive.
这里我们从黑暗到光明的未知世界
Here we have dark to light to the great unknown.
罗伯特·塔潘·莫里斯
Robert Tappan Morris
《纽约时报》1989年的头条报道
A New York Times headline from 1989 reads,
“康奈尔大学暂停计算机专业学生资格”
“CORNELL SUSPENDS COMPUTER STUDENT.”
这是一个23岁的学生
The story tells of a 23-year old student
导致全国范围内的计算机网络阻塞的故事
who had “ jammed a nationwide computer network. ”
莫里斯当时做了什么?
What had Morris been up to?
他现在因创造了第一例病毒而闻名
Well, he is now known as the man that created the first worm-like virus,
这种病毒被称为“莫里斯蠕虫病毒”
known as the Morris Internet Worm.
所有计算机运行变慢 瘫痪
All over the place computers were slowing and crashing
没有人知道发生了什么
and no one knew what had happened.
莫里斯编写蠕虫不是想造成大破坏
This worm that Morris had created he intended not to wreak havoc,
据说他只是编写来
and it’s said he only created it
看看它能蔓延到多远的范围
to see how far it would spread
以此判断互联网的规模
and so be able to judge the size of the internet.
只是病毒一直不停地复制 很快他就阻止不了了
Except it just kept replicating and soon he couldn’t stop it.
我们得知 一切结束时
We are told that when it was done
病毒已经感染了全球百分之十的互联网用户
the worm had infected 10 percent of the world’s Internet servers,
也称得上某种“成就”了
which is some accomplishment.
根据莫里斯当时的一个朋友所说
According to one of Morris’s friends back then,
这个学生知道他已经犯下了大错
the student knew he had made a “colossal” mistake.
他后来被逮捕
He was later arrested and charged
根据当时新的计算机欺诈和滥用法案被起诉
under the then new computer fraud and abuse act,
只被处以10000美元的罚款
getting off lightly with just a fine of $ 10,000
和几百小时的社区服务
and a few hundred hours of community service.
如果现在这么做的话 你的麻烦会远远超过这些
If you did that now you’d get yourself into way more trouble.
自从致网络瘫痪以来
Since breaking the Internet,
莫里斯就致力于研究工作
Morris has dedicated his time towards research
他还和别人共同创办了孵化器公司Y-Combinator
and he also co-founded the incubator company Y-Combinator.
他获得麻省理工学院终身教职 并担任多家公司的顾问
He has tenure at MIT and has served as an advisor to various companies.
凯文·普尔森
Kevin Poulsen
又以“黑暗但丁”闻名
Also known as Dark Dante in another life.
普尔森在做了一件
Mr. Poulsen rose to notoriety
我们都很想去做的事后 落得声名狼藉
after doing something we’d all likely love to do.
他赢了一辆保时捷
He won himself a Porsche,
但是他没有正当地玩游戏
but he didn’t exactly play the game fairly.
为确保能获奖 他入侵了一家广播电台的电话线
To ensure that won he hacked a radio station’s phone lines.
从而确保自己能成为获奖者
he made it so he was guaranteed to be the winner.
之后他更进一步
But then he graduated
从电话线入侵到联邦系统
from phone lines to hacking into federal systems
窃取FBI的窃听信息
and getting his hands on FBI wiretap information.
最终他被逮捕
He was eventually caught and ended up
并被处以56000美元的罚款和监禁
with a $ 56,000 fine and also a prison sentence.
在Gizmodo2015年的一次访谈中
In an interview with Gizmodo in 2015,
普尔森说他正忙着为一部好莱坞黑客电影做技术顾问
Poulsen said that he was busy consulting for a Hollywood hacker movie.
他还成了一名记者
He also became a journalist and
并多次帮助执法部门追查
at times has helped law enforcement track down darker characters
荼毒互联网的坏人
that plague the Internet.
他在一次采访中说 黑客非法入侵
As for hacking, he said in an interview
常始于网络钓鱼
that it often starts with phishing.
他说一名黑客常会给
He said a hacker will often send a phishing email
在如NSA等大型组织工作的人发送
to a person working in a big organization
一封钓鱼邮件
such as the NSA.
因为黑客了解代理人通常收到的邮件类型
The email looks legitimate because the hacker has learned
邮件往往看起来是合法的
what kind of email the agent might get.
在另一场《名利场》的采访中 他也提到了这一点:
He also said this in another interview, this time with Vanity Fair,
你目前看到的肯定都是黑客攻击别人的个人电脑
“You certainly are seeing that these days attacking somebody’s P.C.,
而非他们的服务器
instead of attacking their server,
然后记录下他们的击键 窃取到所有数据
and logging their key strokers and all of that.
这正是黑客现在所做的事情
This is exactly what the hackers are doing right now.”
所以 要保持谨慎 提防被黑
So, beware folks.
马克·阿贝尼
Mark Abene
这名黑客曾是黑客组织
This hacker was once a member of the hacking conglomerates
末日军团和骗局大师的一员
Legion of Doom and Masters ofDeception.
他年少成名
He started young,
并在1990年被当局逮捕之后
and became one of the world’s most famous hackers
成为世界上最著名的黑客之一
after he was arrested by authorities in 1990.
他因多项罪名被指控
He was accused of various things,
包括攻击AT & T的网络系统
including crashing the network of AT & T.
那时他还没有成年
He was a minor when he did that,
但仍被判入狱一年
but still served a year in prison
及履行600小时社区服务
and was handed 600 hours of community service.
很多人认为他罪不至此
Many thought he didn’t deserve this,
还以另一个人作为例子
and yet again they said another person had been made an example of.
这看来时常发生
This seems to happen often,
因为没有什么比有人可以在他们的网络中来去自如
because there’s nothing more authorities fear
更令当权者害怕的了
than someone sneaking around in their networks.
阿贝尼多次在电视上露面
Abene went on to do lots of TV appearances
谈论关于一些世界著名出版物的安全问题
and speaking about security to some of the world’s leading publications.
他还创办了自己的咨询公司
He also started his own consultancy firm,
但是成绩不太理想
but that didn’t do too well.
“21世纪初 网络泡沫破灭之后
“ After my own consulting firm folded
我自己的公司倒闭了 在此之后
after the dot-com bust in the early 2000s,
我继续为许多大公司
I continued doing independent security consulting
提供独立的安全咨询”
for a lot of large companies, ”
阿贝尼在接受科技资讯网采访时表示
Abene told CNET in an interview.
“我最近有份很有趣的工作
“ A fun job I had recently was writing the encryption routines
是为职业棒球大联盟的在线媒体服务器编写加密例程”
for the online streaming service for Major League Baseball.”
无名之辈与知名黑客
Anon and famous
我们谈到的这些人
The people we have talked about
只是你在媒体上看到的一些
are just some names you see in the media,
但是那些已经变成白帽黑客的黑帽黑客们
but black hat hackers that have turned into white hat hackers
通常是不怎么出名的
are usually nameless.
他们刚刚脱离黑帽黑客
They are guys that have just been taken out of the wild
然后为正规组织工作
and brought into the office.
我们知道联邦调查局雇佣了一些人
We know that the FBI has employed some of these people,
但是报告显示
but reports tell us
像谷歌 优步甚至连星巴克
the likes of Google, Uber and even Starbucks
都雇佣过转型后的黑帽黑客
have been putting reformed black hats on their payroll.
我们或许还记得
We might also remember
诸如脸书创始人马克·扎克伯格和推特的杰克·多西
that the likes of Facebook’s Mark Zuckerberg and Twitter’s Jack Dorsey
也黑过别人的电子邮件(扎克伯格)和潜在雇主的网络(多西)
also hacked into emails (Zuckerberg) and a network of a potential employer (Dorsey),
很多像他们这种杰出的人士无疑都做过类似的事情
and no doubt many others have done similar things.
黑客威胁到我们每一个人
Hackers are threaten to everyone,
不仅仅是那些大公司 像你我这样的普通人都有可能受到黑客攻击
not just be companies but everyday people like you and me.
事实上 你可能比有专业保障的公司更易受到黑客攻击
In fact, you might be a bigger target than a company with professional security.
这就是为什么你需要dashlane的原因
That why you need dashlane.
把dashlane看作你在危险网络世界中的
Think of them as your own personal cyber body guard
个人网络安全卫士
in the dangerous cyberworld
也是您安全上网唯一需要的工具
and the one and the only tool you need to keep safe online.
Dashlane现在通过VPN密码生成器
We now make sure our whole team is secured by dashlane
保障我们在线账户的密码安全
with the VPN password generator.
而且当您登录遭到拦截或黑客攻击时
And breach alerts to let you know
会闪警报提醒您
when your login suffer breaches or hacks.
Dashlane自动跨平台保护您所有设备的安全
Dashlane actively works to protect your cross all of you devices
让您高枕无忧
so you can rest easy
访问www.dashlane.com/infographics 获得30天免费试用期
需要使用折扣码intographics 今天可以享受九折的优惠哦!
对于黑帽黑客和白帽黑客 你有什么看法?
What do you think about Black and White hat hackers?
欢迎在评论区评论!
Let us know in the comments!
一定要去看看我们的另一个视频
Also, be sure to check out our other show
《朝鲜真的因为一部电影黑了索尼影业吗?》
Did North Korea Really Hack Sony Pictures Because Of a Movie?.
感谢您的观看 一如既往
Thanks for watching, and as always,
记得点赞分享加关注哦
don’t forget to like, share and subscribe.
下期视频再见
See you next time.

发表评论

译制信息
视频概述

提起黑客,人们脑子浮现的多是类似于病毒之类的不好的东西,其实你真正了解黑客吗?其实黑客是IT技术人群和计算科学家的统称,让我们一起了解一下黑客,例如“白帽黑客”与“黑帽黑客”

听录译者

收集自网络

翻译译者

HiyaTay

审核员

审核员XY

视频来源

https://www.youtube.com/watch?v=JKOIRnVTjNM

相关推荐