ADM-201 dump PMP dumps pdf SSCP exam materials CBAP exam sample questions

我为什么要教别人当黑客? – 译学馆
未登录,请登录后再发表信息
最新评论 (0)
播放视频

我为什么要教别人当黑客?

Why I teach people how to hack | Ýmir Vigfússon | TEDxReykjavík

[鼓掌]
[Clapping]
我长大后成为了一名黑客
I grew up as a hacker.
说到黑客 我指的是那些能侵入电脑的人
And by hacker, I mean somebody who can break into a computer.
我今天的目的就是给大家解释
And my goal today is to explain to you
我为什么要教别人如何侵入电脑
why I teach other people how to hack.
想象一下 在一个充满聪明人的世界上
So, imagine a world filled with intellectually capable people
他们有着共同的热情
who all share a common passion.
并且在这个世界上 唯一交流方法
And in this world, the only way you communicate
是通过聊天界面
is through a chat interface,
所以你根本不知道对方是谁
so you have no idea who the person is on the other end.
有可能是个来自海地的13岁的女孩
It could be a 13 year old girl from Haiti,
也有可能是来自泰国的37岁的执法代理
It could be a 37 year old law enforcement agent from Thailand.
还有可能是人工智能 只是你不知道罢了
It could be artificial intelligence, you just don’t know.
但没关系
But it doesn’t even matter.
你看 你的背景
You see, your background:
你的年龄 你的性别 你的阶级 你的相貌
your age, your sex, your class, your looks,
这些东西在这个世界上没有任何意义
none of that has any bearing in this world that I’m describing.
唯一重要的
The only thing that matters in this world
是你的知识 你的技能
is your knowledge, your skills,
你对这个数字化世界如何运转的好奇心
and your curiosity for understanding how the digital world works.
所以我描述的这个世界
So the world that I’m describing,
是我度过了整个青春的地下黑客
is the Hacker Underground where I spent my teenage years.
那么是什么驱使我 让我来到这个世界?
So what drew me to that place, what drew me to this world?
嗯 我确定在你人生中的某些时候
Um, I’m sure at some point in your life,
你一定尝试过去猜测别人的密码 是吗?
you must have tried to guess someone’s password, right?
对吗?嗯?是的?
Right? Uh? Yes, right?
你还记得那种感觉吗?那种仓促?
Do you remember that feeling? That…that rush?
就是那种你成功时
The kind of euphoric sensation of
成就感和力量带来的兴奋感?不是吗?
accomplishment and power when you succeeded? Right?
你也同样能感受到那种相似的情绪
It’s the same kind of feeling that you would get,
在你解决完一个复杂问题
uh, when you solve a complex puzzle
或在下棋时战胜对方
or when you beat someone in a chess,
抑或证明出一个数学定理的时候
when you prove a mathematical theory.
这感觉就像你们中的一些人认为他们用智慧
It’s…you feel as if some of you outsmarted
战胜了现实或假想的对手 不是吗?
a real or imaginary opponent, right?
黑客们也有同样的感受
So hackers got that same exact of rush.
当他们侵入了别人的程序
When they defeat someone’s program
让程序做本不应该做的事
to make it do something it was not intended to do.
或者通过未授权的路径进入别人的系统
Or when they gain unauthorized access to someone’s system.
其实这联系起来并不难
It’s really not that hard to relate.
想象一下 想象
Imagine this, imagine this. You’re,
呃 你正在使用网上银行
um, you are in your online bank.
你正要转一笔钱给你的朋友
And you are about to transfer money to your friend.
就在你启动程序往里面输入数字时
When this kicks, instead of putting in the amount,
你输入了一个0
you put in the number zero.
只是想看看会发生什么 这只是个例子
Just to see what happens, just for case.
但什么事也没发生
And nothing happens.
然后你继续 你不断增加数字后再尝试
And you persist, you keep add it then you try to,
呃 尝试一些别的
uh, to try something else,
你试着输入一些字母而不是数字
and you try to put in letters instead of numbers.
一遍又一遍 最后网站锁住了
And again, the website blocks it.
你继续尝试
And you persevere,
一遍又一遍 你试着输入一些负数
you try again,you try putting in a negative number.
就是想知道会发生什么 天啊 居然成功了
Just to see what will happen, and Lord, behold it! It goes through.
你都做了些什么?
And what have you done?
你不仅没有把钱转到你朋友的账户
Now instead of you transferring money from your account to you friend,
反而把朋友账户里的钱成功的转到了你的账户
you’ve effectively taking money from your friend’s account to put it into yours.
对吗?神不知鬼不觉的
Right? Without any notification.
你能想象当你发现这个漏洞的时候
Can you imagine what you would feel like
你的心情会怎样呢?
if you had just discovered this?
[大笑]
[Laughing]
对吗?我知道你会很惊讶
Right? I’m sure you will feel surprised.
我敢肯定这让你有点兴奋
I’m sure it feels slightly elated.
你感觉自己就像是侵入了这个程序所有的防御
I’m sure you will feel like as if you outflanked an entire army of programmers,
而它的目的就是为了将你这种黑客拒之门外
whose only purpose it was to try to keep out people like yourself.
我也知道你会感觉到一些不安
And I’m sure you will feel a bit uneasy that it was this easy
侵入你所信任的防御系统是很容易的 对吗?
to defeat the security of the side to which you were trusting your money. Right?
我知道大多数人都会在发现这种漏洞时候
Most people I know would get a huge kick
获得巨大的乐趣
out of finding this type of vulnerability,
但他们不会滥用它
but they wouldn’t abuse it.
他们只是享受发现这个漏洞的过程
They’ll just enjoy the process of finding this bug
并会反馈这个漏洞
and then they would report it,
不幸的是 这种做法变得越来越可接受的
unfortunately that is becoming more and more acceptance.
事实上 这个漏洞是真实存在的
As it turns out, this particular bug that I’m describing to was real,
我的朋友发现了它
was actually found by my friend.
那时候他就这样给我打电话说:
Well, at some point just call me up like:
“嘿 埃米尔 这个歇斯底里的人 快看看你的账户
“Hey Emil,this is hysterical man,hey, look at your account.
[大笑]
[Laughing]
不不不 再仔细看看 是不是很有趣?”
No,no, no, look at that again. Isn’t that funny? “
那时他正在对互联网安全银行进行审查
So he’s doing this audit of us on internet security banks.
是的 这的确很有趣
Yeah, it was really funny.
哈哈哈 不管怎样
Ha ha ha. Anyway, so, um,
我相信要是你们还年少我们就会产生共鸣
I’m sure somebody we can relate but during your teenage years,
因为那时候我们并没有什么道德标准
you don’t really have much of a moral compass.
但是我希望我可以理解这一点
So but I can relate to that I hope.
是吗?那时我正坐在房间里
Right? So I was sitting at one point in my room
入侵一台网络服务器
and I was hacking the server
那台服务器是由冰岛提供服务的
at an Icelandic Internet service provider.
突然我的一个家人
And so a member of my family
拿起电话说
picked up the phone with that,
“喂 埃米尔 你在接电话吗?”
“Wow, Emil, are you on the phone?”
这使我与网络服务器断开 在那个年代
which disconnected me from the Internet, this is from the time
每个人都有一个调制解调器
when everybody had modems right.
但更惨的是
But more over,
我与正在入侵的网络服务器断开了
it disconnect me from the server that I was hacking,
然后那台服务器完全崩溃了
and left that server completely unusable.
我突然间坠入了一种混沌的状态 无法逃离
And in such a state of disarray that I couldn’t even get back into it.
我只记得我坐在那儿 看着我的屏幕
And just remember sitting there, looking at my screen,
对刚刚发生的事感到非常震惊
feeling utterly devastated over what had happened.
我不知道该做什么 我就像得了癌症一样
I had no idea what to do, I was just, I had this
感受到了自己内心的愧疚
cancerous feeling of guilt in my gut,
我真的不知道我还能向谁求助
just I…I really had no idea what recourse I had.
我依然记得我花了一个晚上
And I remember spending the entire night
和我的朋友讨论该做什么
with my friends just discussing what to do.
最后我还是决定到第二天早上
And it was decided that the following morning,
我得去这家公司告诉他们我做了什么
I would go to this company and tell them what I had done.
到了第二天早上 我和朋友坐上了公交
And so in the morning, I go with a friend, we catch a bus
我们到那儿以后 和秘书长谈了话
and, uh, we go to the place, we talked to the secretary.
秘书长给系统管理员打电话
Secretary phones to the system administrator,
接着我们就在那等
and then we waited.
等啊等
And we waited.
这对于一个十五岁孩子来说
And it was the most agonizing wait that
最艰难的等待
a fifteen-year-old could ever ask for it.
这也是我一生难忘的经历
It was an experience that I will never forget.
我记得我想过解决这个问题有两种情况
I remember thinking that there were two ways this could play out,
一种是系统管理员会原谅我们
the system administrator could be forgiving,
只是简单地说“嘿 不要再入侵我的系统 走开”
could scroll the simple like,”Hey, don’t hack my servers again, get out.”
另一种是他可能会非常生气
Or he could be a lot more angry than that.
他会作出反应 你可以起诉我们
He could react and you could practically sue us,
他可能会把我们控制住
he could just steer us,
给我们贴上罪犯的标签
he could label us as criminal,
然后把我们带到很暗的小路上
steer us on the path of something very dark.
到那时就差不多了
Just, pretty much will be over by then.
结果是
As it turned out,
系统管理员是个业余黑客爱好者
the system administrator was an amateur hacker,
他很高兴见到我们
was delighted to see us,
说“哇 这真酷”
was like,”Wow, that’s really cool”,
我们演示了如何修复系统 然后他说“这真酷”
and like we showed him how to fix his servers and he’s like,”That’s really cool.”
他并没有发怒
And then instead of reacting with rage,
反而在几天之后打电话给商店
he called the shop a few days later
并给我们在这家公司找了份兼职
and offered this a part-time job at the company
我们一做就是好几年 非常有趣
which we kept for several years and, uh, yeah, it was fun.
无论如何 我想说
Anyhow, um, I say,
随着年龄的增长 我的道德观念也逐步增强
grew older my moral compass developed fortunately.
最后我不做黑客了
And I moved away from hacking.
我开始在大学里面学习数学
And I studied mathematics at the university,
并且还在美国获得了计算机科学的博士学位
and, uh, did went to the U.S into the PhD in computer science.
当我回去的时候
And when I came back,
我意识到冰岛的网络安全状态
I realized the state of security in Iceland
和我离开的时候几乎没什么变化
was pretty much the same as when I have left.
一团糟
An utter mess.
但是不知怎么的 冰岛人民坚信
And so, it was somehow as if Iceland is believed that
由于冰岛地理位置偏僻
this geographic remoteness
我们在这里就像一个天然庇护
that has sheltered us throughout millennia
可以有效的保护我们远离网络的影响力
was somehow an effective protection against the forces of the internet,
没有比这更糟糕的了
which couldn’t be more false.
于是我开始思考:
So, I started thinking to myself:
“我该怎么提高我们国家的网络安全呢?”
“what can I do to improve the cyber security of my home country?”
在我寻找这个问题的答案时
And as I was searching for an answer to this question,
我意识到有许多的系统管理员
I realized there were lots of system administrators
他们对网络安全有最根本的责任
who were ultimately responsible for a lot of the security,
而他们对网络攻击感到相当安全
who felt reasonably safe against cyberattacks.
这种自信通常由某种信任感支撑
And this belief was usually sustained by some sort of faith.
一种反病毒解决方案
An anti-virus solution
或是精心制作的防火墙
or an elaborate firewall
或是一些花大价钱买的安全措施
or some security solution that they had just purchased for a lot of money.
这肯定好 毕竟价钱摆在那儿
Must be good, it was really expensive.
但是我还是很吃惊 我是说
And I was just flabbergasted. I mean,
你能想象别人这样子告诉你说
can you imagine somebody telling you like,
“嘿 我的房子非常安全 真的
“Hey, my house is really secure, yes, yes,
我买了这个巨大的坚固的门
I bought this really big steel door
它是用“难得素”加固的
and it’s reinforceed with unobtainium.
没有人能够进来”
Nobody can get inside.”
然后某一天你开车路过他家
And when you drive past his home,
你虽然看见了这个钢制的门 但他家的窗户却全部开着
you see this really big steel door and the windows are all open.
这就是我在听别人说这些话时的感受
That is how I felt when people said this to me.
另外一件事 听听这个
It was something else, listen to this,
我非常的震惊
so, and then it really hit me that
自己认为的网络安全
the way I was thinking about security
和他们认为的网络安全
was actually fundamentally different
完全不是一回事
from the way they were thinking about security.
你知道 作为一名黑客
You see, as a hacker,
我常训练自己去问“我该如何侵入
I’m trained to ask:”How would I get in?
你会如何突破防御?
How would you defeat the defenses?
防御合适吗?
Are there protections in place?
这些防御 甚至是激活的
All these protections, even enabled,
我能够避开它们吗?”
can I get around them?”
我尝试着去问这些问题
I’m trying to ask all these questions.
我是说 问一下你自己 你会怎样闯进自己的家
I mean, ask yourself, how would you break into your own home?
你是否想过这些问题?
Have you ever, ever you thought about that?
不是吗?你会怎么做?或者问一下朋友
Right? How would you do it? Like, or you can ask a friend.
结果证明 如果你不断问这些问题
It turns out that if you ask this question periodically,
问那些你信任的人
you ask people that you trust
然后采取适当措施
and then you do something about it.
你才可能有一个更安全的家
Probably you’re going to be having a safer home
这比你盲目相信那些
than if you just blindly believe in some security solution,
在框框里购买的安全措施强多了
that you could just buy security in a box.
所以 我决定要做的就是
So, what I decided to do, was that, I wanted to
用某种方式传递我的这种黑客思维
somehow transfer this mindset that I had, this hacker mindset,
让他们也能看到我对事物的看法
on to people, so that they could also see my perspective on things.
接着我就开始教如何做一名黑客
And,what I decided to do was just to start teaching hacking.
我要教他们如何侵入软件
That I would teach how software breaks.
如何打破防御
How defenses get, uh, thwarted.
如何避开这些即将出现的新保护
And how people bypass all these new protections that are coming about.
以及这些保护是如何进行防御的
And how new protection has come in their place.
这个猫捉老鼠游戏是如何玩的
How this cat-and-mouse game is played out.
因为你知道 做安全防御真的很难
Because you see, security is actually really hard.
作为一个防御者
Because as a defender,
你需要预见别人会侵入的
you need to anticipate every possible way,
每一种可能的方式
somebody might try to break in.
但作为一名黑客 你只要找到一种方式 不是吗?
But the hacker only needs to find one way in, right?
那么我都做了什么呢?
So what did I do?
我做了三件事 我有三种方式
Well, I did three things, I had three approaches to try to
试图通过黑客的教学改善现状
uh, improve the state of affairs through teaching hacking.
第一件事是
The first one is that
我在雷克雅维克大学开始教授大学课程
I started teaching a university course at Reykjavik University,
在那里每年都有20到30名毕业生
where every year we have 20 to 30 graduates
他们对黑客有最的了解
who understand the very low level details of
什么叫侵入电脑 如何被入侵和如何去入侵
what it is to hack, and how things break and how to break them.
他们知道如何在安全产业上
They understand this cat-and-mouse game
玩猫捉老鼠的游戏
that’s being played in the security industry.
这些人
And these are the people
在冰岛公司里面
that are gonna be in critical roles
将来会起到关键作用
at the Icelandic companies from time to come.
因为他们知道:
They’re gonna understand that like:
“嘿 呃 防火墙并不是那么高效
“Hey,uh, firewalls are not actually very effective anymore.
这是远远不够的” 对吗?
It’s not gonna be sufficient.” Right?
而这些人就是那些能做决定的人
These are the people that are going to be in the ski rolls making decisions,
在网络攻击频繁的今天
which now in this time of so many cyber attacks
有些甚至从未听说过他们
we don’t even hear about all of them.
而且在这个工业间谍猖狂
And in this time where we have industrial espionage raging
且变得越来越普遍的时代
and becoming more more prevalent,
这些人将会做出改变
These other people are going to make a difference.
我所做的第二件事
The second thing that it did,
就是和一些朋友合作
was that I co-founded a company
开了一家安全专家公司
with some of my friends, great, the security experts.
就叫做辛迪公司
That is called Cyndi’s and they specialized in, uh,
由专业的团队模拟复杂的网络攻击
simulating sophisticated cyber attacks
应对大的国际性的 大的伊斯兰组织
against large international large Islamic corporations.
这只是一部分 我们战略的一部分还包括
It’s a part of what we do, a part of our strategy is that
我们尝试去这些公司挖人
we try to take the people that work at these companies
教他们我们正在做的事
and teach them the things that we do.
教他们我们是如何打败他们的防御系统
Teach them how we defeat their, uh, defeat their defenses.
用我们的黑客思维去教他们
So try to educate them with this hacker mindset that we have.
这样他们也能更好的理解安全的来龙去脉
So that they too, can understand the context of security a lot better.
很明显我们满足了那些需求
Clearly where we’re filling some sort of needs because
因为我们在这个公司最大的问题
the biggest problem we’ve had at this company
就是去解决这些项目工作量
is to manage project workload.
我做的第三件事
Now, the third thing that I did,
就是组织了黑客竞赛
was that I started running hacking competitions.
是的 你们中有些人可能听说过
Sure, maybe some of you heard of any of them,
我已经组织了三年
been running out for three years.
每一年 我都会在网上提供服务器
So every year, I put like a server on the internet
然后叫人去入侵它
and I asked people to hack it.
那些成功的人
And the people who succeed,
我们会挑选一部分决赛选手 他们来到这个舞台
we pick a few finalists and they come on stage
面对500多名观众
and in front of up to 500 people,
他们可以在现场互相入侵
they are hacking each other,
这其实非常有趣
live, it’s really fun actually.
还会有一块实时的计分板 有点像DJ
There’s like a live scoreboard, there’s like a DJ
而他们都是评审
and they’re commentators
其中会有一个外行艺术家只能看着这奇怪的事
and they do have a lay artist just looking at this really strange thing, right.
呃 呃
And, uh, and ,uh,
但这提供了一些机会
it’s, it provides that get several opportunities.
这么做也起到些附带的作用
There’s some side effects from doing it this way.
首先 它看起来有教育意义
First of all, it’s like really educational.
因为你的听众都是外行
And because you have this lay audience,
你有机会教人们一些关于网络安全的知识
you get this opportunity to teach people a thing or two about cybersecurity.
提高他们的意识
Raising the awareness of
让他们能够注意到最近发生的一些事
some of the latest things they should watch out for,
其中有一些是他们能够保护自己的
some of the things they can do to protect themselves.
我做事的方式的第二个影响就是
And the second side effect of the way I’m doing things is that,
参与者 通常大部分是学生
the participants, which are usually students,
他们在很短时间内能学到很多东西
they learn an incredible amount in a very short period of time.
你看 通常在我教计算机功能结构
You see, normally when I’m teaching
或者计算机操作系统时
computer architecture or I’m teaching operating systems,
我的学生就一脸哀怨 他们就像
I have students that are like mourning, they’re just like,
“呃 我们学过这吗?
“Uh, do we have to learn this?
考试会考吗?”
Would this be on the exam?”
这我知道 对
I know like, yeah, yeah.
但是这场比赛中也会有人过来找我说
But for this competition I have people are coming up to me,
“求您了 你可以教我除计算机以外所有的知识
“Please, you can tell me everything you know but the computers.
我想知道所有 我都想学
I want to know everything, I want to learn it all.
你可以把我带出去吗 教我如何做黑客”
Can you take me out to, you need teach me how to hack.”
哇 这就是意大利的交换生
Oh, that’s some Italian exchange students.
[大笑]
[Laughing]

And, uh,
因此在短时间内是非常不可思议的
and so, it’s like incredible in a very short period of time,
他们最后能学到多少
how much they could absorb.
我确实把所有的都教给他了
I pretty much just taught him everything I know.
第三件事
And so, the third thing
来自我是如何运作这种黑客竞赛的
comes from how I running this type of hacking competition,
呃 媒体真的会喜欢这个比赛吗
is that, uh, is that the media really loves it.
我在德雷克大学和媒体联络时
I talked to the media liaison at Drake University, it’s like:
我说“是的 我将举办这场黑客竞赛”
“Yeah, so I’m gonna have this hacking competition.”
她说“好的 我会联系媒体
She’s like,”Yeah, yeah, I contacted the media,
这就好比卖冰激凌和甜品”
and it was like selling icecream and dessert.”
他们只会像群狼一样蜂拥而上
They’ll just flocked onto it like hyenas
就像所有人一样
and like everybody showed up.
我记得 第一场比赛
I remember like, the first competition,
有两个人参赛
I had two people and I was like,
我说“哦 我还期待着会有20个人出现的”
“Ow, yes, I’m gonna expect maybe 20 people to show up or something.
你们会站上舞台 然后彼此互相入侵”
You guys are gonna be on stage, so you’re gonna be hacking each other.”
接着 等他们过来的时候
And then, when they came there, there’s like,
现场到处都架着摄影机 还有新闻播报员
big cameras everywhere and like this newscasters
闪光灯围绕着他们
was like a lot of light around them and so forth.
而这两个人却站在那一动不动
And these two guys were just frozen on stage,
想要做什么 却完全没有准备好
trying to do something, totally unprepared.
当时真是很搞笑
It was really funny.
不管怎样 这也很具有教育意义 令人愉快
Anyway, so it’s been really educational, really entertaining,
呃 我认为已经做的够好了
and uh, I think it really has worked out for the better.
但是我知道你心里一直有疑虑
But I know there is this lingering doubt in the back of your mind.
就是这个问题 有人会问
There’s this question,which is,
“等等 你是不是用数字武器武装了人?”
“Wait a second, aren’t you just arming people with digital weapons?”
对吗?在一定程度上 没错
Right? And to an extent, that’s true.
我确实教会了人们可以滥用的技能
I am indeed teaching people skills that they could abuse,
那么化学家
but so are chemistry professors.
警察学院
So it is a police academy,
社会武术教练
social martial arts teacher.
就像这些人一样
And just like these people,
我对我的学生充满信心
I am putting trust in my students.
我相信他们不会滥用他们的技能
I’m gonna trust them they are not going to abuse their skills.
事实上 他们需要签字
In fact, they have to sign a waiver that
自己会放弃做任何不道德的事
they’re not gonna do it for anything unethical.
我也花了很多时间和他们一块
And I spent a lot of time with them,
通过黑客的能力
trying to understand these ethical dilemmas that get created
尝试理解这些会引发的道德困境
through the power that is hacking
举个例子想像一下 如果你发现了一种能力
Imagine for instance, if you find an exploit that
它可以让你进入到地球上任意一台电脑
could make you walk into any computer on the planet,
你会做什么
what would you do?
如果有人给你50万元你会怎么做
Now what would you do, if somebody offered you $500,000 for it?
一百万美元呢?
Million dollars, right?
这些都是问题
These are real questions,
这也恰恰是地下组织工作的环境
and this is really how the environment works in the underground.
我相信 我影响过一些人
So, I actually believe that I have swayed some people,
一些没有良好的道德标准
some people whose moral compass was not fully developed,
一些正在做着决定的人
some people who are making choices
他们很可能会后悔
that they might later regret.
那些是我年轻时候的影子
Some younger versions of myself,
我很可能会在他们建设社会的道路上
I may have swayed them on the path
影响了他们
where they are becoming constructive members of the society,
我也做了决定去提高我们的安全性
and making choices that are improving the security of us all.
因为曾经就有一个人对我做了这些
And because there was somebody who did that for me about many years ago.
让我一生难忘
And something that I will never forget.
所以我想做出一些回报
And it’s something that I want to pay forward
教会别人如何成为一名黑客
and that is why I teach people how to hack.
[掌声]
[Applause]

发表评论

译制信息
视频概述

我为什么要教别人当黑客?

听录译者

PyroPigeon⁶

翻译译者

Z

审核员

审核员 V

视频来源

https://www.youtube.com/watch?v=KwJyKmCbOws

相关推荐