Ask at this point hackers know everything there is to know about every one of us.

問在這一點上，黑客知道關於我們每個人的一切。

Why do we need passwords now?

為什麼我們現在需要密碼？

Why I keep going to the gym if you're gonna die Anyways, passwords are kind of a necessary evil and hackers really don't know everything about you.

如果你會死，我為什麼要繼續去健身房呢 總之，密碼是一種必要的邪惡，黑客真的不知道你的一切。

It all depends if you put that information out there on the internet.

這完全取決於你是否將這些資訊放在互聯網上。

Congrats, I know what a white hat is, I know what a black hat is.

恭喜你，我知道什麼是白帽子，我知道什麼是黑帽子。

What is the red hat angry hacker.

什麼是紅帽憤怒的黑客。

I don't think I've heard the term red hat hacker before when you were a white hat hacker you hack for good.

我想我以前沒有聽說過紅帽黑客這個詞，當你是一個白帽黑客的時候，你黑得很好。

Um, a lot of people in the security industry are white hat hackers and then for the cyber criminals that we call them black hats, there's also this other term called gray hat where they could be a IIttie admin during the day, while moonlight as a black hat during the night hacker for life.

嗯，安全行業的很多人都是白帽黑客，然後對於我們稱之為黑帽的網絡罪犯，還有另外一個術語叫做灰帽，他們白天可能是一個IIttie管理員，而在晚上則兼職做黑帽的終身黑客。

Ask my unicorn.

問我的獨角獸。

How do you even begin learning and exceeding in this field?

你甚至如何開始在這個領域學習和超越？

I'm trying to become a penetration tester, need inspiration.

我正在努力成為一名滲透測試員，需要靈感。

So pen tester is kind of like an attacker that goes and checks all of the external ports, any openings within someone's network.

是以，筆試者有點像一個攻擊者，去檢查所有的外部端口，在某人的網絡中的任何開口。

But if you really want to be a penetration tester, there's a lot of content out on the web right now, courses, workshops, They even have events or conferences where you can meet other people in the field.

但是，如果你真的想成為一名滲透測試員，現在網絡上有很多內容，課程，研討會，他們甚至有活動或會議，你可以在那裡認識該領域的其他人。

You can find a mentor learn from them, they would point you in the right direction.

你可以找一個導師向他們學習，他們會給你指出正確的方向。

I feel like the hacker culture is pretty open and and diverse.

我覺得黑客文化是相當開放和和多樣化的。

Um, so there's a lot of content out there.

嗯，所以有很多內容在那裡。

Malware is the worst.

惡意軟件是最糟糕的。

What is this purpose other than wasting my time?

除了浪費我的時間之外，這個目的是什麼呢？

Usually malware is going after money and if anything, you're considered collateral damage when malware is delivered, they're usually just spraying all the malware to many people as possible.

通常情況下，惡意軟件都是衝著錢去的，如果有的話，你被認為是惡意軟件傳遞時的附帶損害，他們通常只是把所有的惡意軟件儘可能地噴給很多人。

So it may not be intended for you.

所以它可能不是為你準備的。

I think of malware as like a fashion trend.

我認為惡意軟件就像一種時尚潮流。

You know, there's different malware every season every quarter and you have to stay in fashion and on trend all the time.

你知道，每個季節每個季度都有不同的惡意軟件，你必須一直保持在時尚和潮流中。

When you think about older malware that used to occur a couple of years ago.

當你想到幾年前曾經發生過的老式惡意軟件。

Sometimes it comes back in fashion.

有時，它又開始流行了。

This twitter user name a ask, Jessica Alba is an interesting choice for hacking.

這個微博用戶的名字一問，傑西卡-阿爾巴是一個有趣的黑客選擇。

How do hackers decide who they're going to target?

黑客們如何決定他們的目標是誰？

Jessica Alba is a beautiful woman and she's also a celebrity.

傑西卡-阿爾巴是一個美麗的女人，她也是一個名人。

So she sounds like a great shiny object for cybercriminals to go after.

是以，她聽起來像是網絡犯罪分子要追捕的一個偉大的閃亮對象。

But a lot of them have different motivations that could include money is probably the biggest one.

但他們中的很多人都有不同的動機，可能包括金錢可能是最大的動機。

Another one would be reputation would be like ha ha, I hacked this person.

另一個是聲譽會像哈哈，我黑了這個人。

It could be information kind of like corporate espionage and then we have destruction, which is kind of rare, basically what it is.

它可能是資訊，有點像企業間諜活動，然後我們有破壞，這是一種罕見的，基本上它是什麼。

They try to destroy all the systems to put that company out of business.

他們試圖破壞所有的系統，使該公司倒閉。

Kylie Minaj, ask why do they make the login process for your student loan aids, so difficult and tedious.

凱莉-米娜，請問為什麼他們讓你的學生貸款輔助工具的登錄過程，如此困難和繁瑣。

If some hackers want to break into my account and pay off all my student loans, please don't make it difficult for them.

如果一些黑客想闖入我的賬戶並付清我所有的學生貸款，請不要讓他們為難。

You all are going to ruin this for me.

你們都會毀了我的工作。

Let them run wild in there.

讓他們在裡面狂奔。

Kylie, these hackers are not going to go and pay off your debt.

凱莉，這些黑客不會去為你還債。

If anything, they were going to go into the system to pay off their tuition.

如果有的話，他們是要進入系統來償還學費的。

So a lot of these controls are in place to hinder hackers like that to get into your account.

是以，這些控制措施有很多是為了阻礙像這樣的黑客進入你的賬戶。

It's an unfortunate thing to do, but you know, it's necessary, axel Blazin asked, speaking of what is even the point of these body counts that follow you?

這是一個不幸的事情，但你知道，這是必要的，axel Blazin問道，說到這些跟隨你的身體計數，甚至有什麼意義？

But well that's it.

但好在就這樣了。

No messaging or anything, no spam just follow like sake, it's dumb.

沒有消息或任何東西，沒有垃圾郵件，只是像清酒一樣跟隨，這是很愚蠢的。

Well these accounts are doing something that may not pertain to you, what we call account aging.

那麼這些賬戶正在做一些可能與你無關的事情，我們稱之為賬戶老化。

So what that means is they're trying to bypass a lot of automated detections from social media that they have in place to look for fake accounts and so by tweeting or messaging or making any type of action, they're trying to bypass detection to look more like a legitimate account.

是以，這意味著他們試圖繞過社交媒體的很多自動檢測，他們有地方尋找假賬戶，所以通過發推特、發資訊或採取任何類型的行動，他們試圖繞過檢測，看起來更像一個合法賬戶。

This twitter is there?

這個微博有嗎？

Andrew cheeky at what would they think of next?

安德魯厚著臉皮說，他們接下來會想到什麼？

Is there anything that has been courted in the last decade that hackers haven't found a vulnerability to do some damage.

在過去的十年中，有什麼東西是黑客沒有找到漏洞來進行一些破壞的呢。

If you think about your fridge at home being able to connect to the wifi or your pressure cooker, being able to connect to an app on your phone.

如果你想想你家裡的冰箱能夠連接到wifi，或者你的快鍋，壓力鍋，能夠連接到你手機上的一個應用程序。

A lot of these devices are developed in a way where they're looking for the lowest possible cost of manufacturing, so when they get to the security part, it's kind of like an after thought.

很多這些設備的開發方式是，他們正在尋找儘可能低的製造成本，所以當他們進入安全部分時，這有點像事後的想法。

So until things change, we're gonna still have these problems with IOT devices, twitter users, sift, basque, mauer, unicorn.

是以，在事情發生變化之前，我們仍然會有這些問題，如物聯網設備、Twitter用戶、Sift、Basque、Mauer、Unicorn。

What should my first step be in the bugging?

我的第一步應該是什麼竊聽？

Should I just get a file and a book and start doing the best way is to just jump right in think about it as riding a bike, it takes time, it takes practice, but eventually you'll get it.

我是否應該拿著文件和書開始做，最好的方法是直接跳進去，把它想成騎自行車，這需要時間，需要練習，但最終你會得到它。

There's a different bugger for every operating system, but they're not easy to learn unless you start, you know, just doing it, you're self and training yourself and practicing like I don't remember every single command in the burger, I have to use a cheat sheet, twitter user storm wolf, my awesome boss says that I can request to change my job title to whatever I want it to be in our company profile.

每個作業系統都有不同的竊聽器，但它們並不容易學習，除非你開始，你知道，只是做它，你是自我和訓練自己和練習，如我不記得漢堡的每一個命令，我必須使用小抄，微博用戶風暴狼，我真棒老闆說，我可以要求改變我的工作頭銜，在我們公司的個人資料，我希望它是什麼。

Obviously safe for work.

顯然對工作來說是安全的。

Could anything random like Pokemon hacker or cybersecurity wizard.

可以是任何隨機的東西，如寵物小精靈黑客或網絡安全向導。

What do you guys think it should be?

你們認為應該是什麼？

Well I can see you just said obviously safe for work.

好吧，我可以看到你剛才說顯然對工作安全。

So I think you should just name yourself safe for work, this twitter user sub eight, you ask your smart tv and your video streaming apps are collecting and sharing tons of data just because it can how long before we can start having embedded cameras that malware triggers.

是以，我認為你應該只為自己的工作安全命名，這個微博用戶分八，你問你的智能電視和你的視頻流應用程序正在收集和共享噸的數據，只是因為它可以多久我們可以開始有嵌入式攝像頭，惡意軟件觸發。

Surreptitiously I have unfortunate news for you.

偷偷告訴你，我有一個不幸的消息。

This has been happening minus six years and it's gonna continue to happen so too late for you.

這種情況已經發生了6年，而且會繼續發生，所以對你來說太晚了。

Allison 82718685.

艾莉森82718685。

That's a mouthful.

那是一個口號。

Why do you hate C.

你為什麼討厭C。

Sharp?

夏普？

And his handle looks like a bot.

而且他的手柄看起來像一個機器人。

I don't hate C.

我不討厭C。

Sharp.

銳利。

C Sharp hates me.

C夏普恨我。

The only one of you asked why can't hackers do anything useful like leak Taylor's recordings of Babe and better man grow up hackers.

你們中只有一個人問，為什麼黑客不能做一些有用的事情，比如洩露泰勒對貝貝的錄音，更好的人長大了黑客。

If you don't already know.

如果你還不知道。

Taylor Swift has an alter ego that we call swift on security and she's considered a security pro in the cybersecurity industry so no one actually wants to hack her.

泰勒-斯威夫特有一個另一個自我，我們稱之為安全上的斯威夫特，她被認為是網絡安全行業的安全專家，所以實際上沒有人想黑她。

But if you're in the know and you know who that is then you know who it is.

但如果你是知情者，你知道那是誰，那麼你就知道那是誰。

This twitter user zero pone asked, can we stop calling people who did hackers journals?

這位微博用戶零朋問，我們能不能不把做黑客的人稱為期刊？

Why the hell do you even call them hackers?

為什麼你甚至叫他們黑客？

To begin with looking for legitimate answers as I'm confused as hell.

首先要尋找合法的答案，因為我困惑得要命。

Let me set the record straight.

讓我把話說清楚。

There's a difference between hacker and a cyber criminal.

黑客和網絡罪犯之間是有區別的。

So if we were to refer to the bad guys, I would rather prefer to call them a cyber criminal.

是以，如果我們要提到壞人，我更願意稱他們為網絡罪犯。

There's a lot of people in the security industry that consider themselves hackers.

在安全行業有很多人認為自己是黑客。

There's a lot of people that hack for good.

有很多人是為了做好事而黑客。

W.

W.

M.

M.

Ramadan asked Maori Unicorn.

拉馬丹問毛利獨角獸。

I have a simple yet daunting question.

我有一個簡單而又艱鉅的問題。

Why do you use a Mac for your security work?

你為什麼用Mac做安全工作？

I mean a lot of people argue the fact that Linux is the way to go in terms of security.

我的意思是，很多人爭論的事實是，在安全方面，Linux是要走的路。

Mac is similar to think about two different brands of cars.

Mac是類似於思考兩個不同品牌的汽車。

They look different on the outside, but they could be sharing the same chassis underneath.

它們在外觀上看起來不同，但它們可能在下面共享相同的底盤。

There's not a lot of Mao out there for Mac and Linux, I mean it's there, but you know, currently most of them hours on Windows, the bishop or josh Harris 25 what is the point of spam emails?

沒有太多的毛澤東在Mac和Linux上，我的意思是它的存在，但你知道，目前他們中的大多數小時在Windows上，主教或Josh Harris 25垃圾郵件的意義是什麼？

Are they profiting from it?

他們是否從中獲利？

What do they gain from spending random unnecessary emails When people send out spam emails, they're sending it to thousands and thousands of targets.

他們從花費隨機的不必要的電子郵件中獲得了什麼 當人們發送垃圾郵件時，他們是在向成千上萬的目標發送。

Say you had a million emails sent out and they're requesting $1.

假設你有一百萬封郵件發出去了，他們要求的是1美元。

These cybercriminals are expecting that 1% will actually bite a lot of these cybercriminals will treat this as a business.

這些網絡犯罪分子預計，1%的人實際上會咬住很多這些網絡犯罪分子會把這當作一項業務。

So it becomes very lucrative for them, cyber tooth, Maori unicorn if you would create a timeline for an incident.

是以，對他們來說，網絡之牙、毛利獨角獸變得非常有利可圖，如果你會為一個事件創建一個時間線。

What would it look like?

會是什麼樣子呢？

Just curious because your design skills are cray cray, well a lot of people don't know this, but before I got into computer science, I was actually pursuing a degree in graphic design.

我只是好奇，因為你的設計能力很強，很多人都不知道，但在我進入計算機科學領域之前，我實際上是在攻讀平面設計學位。

So a lot of it from my time doing that carries over into my work back when I used to work at the Department of Defense, I used to create these three D videos to describe different type of network layouts.

是以，當我在國防部工作時，我的很多工作都延續到了我的工作中，我曾經創造了這些三個D的視頻來描述不同類型的網絡佈局。

I didn't know three D design at the time.

當時我還不知道三D設計。

So I spent the weekend taught myself and the next day started you know, making content if you can make things look nice and be able to come communicate the actual abstract content.

所以我花了週末時間自學，第二天就開始你知道的，製作內容，如果你能讓事情看起來很好，並能來溝通實際的抽象內容。

It helps.

它有助於。

Don't look asked.

不要看問。

Yeah, but bad pickup lines and fishing really.

是的，但糟糕的搭訕和釣魚真的。

Any different low effort, easy reuse and really do get a success.

任何不同的低努力，容易重複使用，確實得到了成功。

I really think fishing is more effective than saying a pick up line.

我真的認為釣魚比說搭訕更有效。

I've lad dal v I studied wanna cry case an NHS hospital.

我在NHS醫院學習了想哭的案例，我已經拉了Dal v。

A disaster seemed totally preventable.

一場災難似乎完全可以預防。

Why didn't they patch were they lazy?

他們為什麼不打補丁是他們懶惰嗎？

Stupid in the case of this incident.

在這一事件中是愚蠢的。

Huh?

嗯？

Hospital in the UK was under a ransomware attack.

英國的醫院受到了勒索軟件的攻擊。

It happened because they didn't upgrade their servers or their computers.

它的發生是因為他們沒有升級他們的服務器或電腦。

This is the whole reason why upgrading is really important.

這就是為什麼升級真的很重要的全部原因。

But when you think about it, some of these infrastructures like a hospital or a power plant, a lot of them cannot experience any downtime.

但是，當你考慮到，其中一些基礎設施，如醫院或發電廠，很多都不能經歷任何停機時間。

So when you do do an upgrade, you have to shut down the systems for a little while.

是以，當你做升級時，你必須關閉系統一小段時間。

Higher.

更高。

Oh 733.

哦，733。

Ask as someone who doesn't work in info sec what are red and blue team?

作為一個不在信息安全領域工作的人，請問什麼是紅隊和藍隊？

I'm assuming red are the pen testers.

我假設紅色是筆試人員。

These terms actually come from the military where they would perform military operations.

這些術語實際上來自軍隊，在那裡他們將執行軍事行動。

They have a team that acts as the red team doing the attacks and the blue team serves as defense team similar to what we have in cybersecurity and that the red team is hacking the blue team's systems.

他們有一個團隊作為紅隊進行攻擊，藍隊作為防禦隊，類似於我們在網絡安全方面的情況，紅隊正在入侵藍隊的系統。

The whole point of what the red team does is to enumerate holes within a network.

紅隊所做的一切是為了列舉網絡中的漏洞。

We want to find the holes before the bad actors.

我們希望在壞演員之前找到漏洞。

Do you think of it?

你想到了嗎？

Like we're sparring partners so we're really not there to antagonize the blue team or anything like that.

就像我們是陪練，所以我們真的不是去和藍隊對立或類似的東西。

We really want to work together with the blue team roots.

我們真的希望與藍隊的根一起工作。

Asylum hacker kid interviewed his mom about what it's like to build a career in info sec.

庇護所黑客的孩子採訪了他的媽媽，講述了在信息安全領域建立事業的感受。

Something def con parents often think about how do we inspire kids to go into space and see it for the fun and challenge that it is.

一些def con父母經常思考，我們如何激勵孩子們進入太空，看到它的樂趣和挑戰。

Well, when I was young I had no idea I was going to be in this job.

好吧，當我年輕的時候，我不知道我將會從事這項工作。

I actually had to know that this job existed in order to actually go into it.

實際上，我必須知道這份工作的存在，才能真正去做。

If there was a chance that at a career fair you would have someone who gets to hack for a living.

如果有一個機會，在職業展覽會上，你會有一個能以黑客為生的人。

I think that would be a really cool thing to have, you have to have the correct mentality to be in this industry.

我認為這將是一個非常酷的事情，你必須有正確的心態來從事這個行業。

The whole hacker mentality is creatively thinking outside the box solving a problem that's out of the standards or norms of how it's supposed to execute.

整個黑客心態是創造性地跳出框框，解決一個不符合標準或規範的問題，它應該如何執行。

If we kind of use that type of mentality in some of the content or workshops or anything that we reach out to these kids with, it will kind of inspire them to want to solve problems in this field, this twitter user, our fitness asks why do stock image hackers exclusively wear ski masks and hoodies?

如果我們在一些內容或研討會或任何我們接觸到這些孩子的東西中使用這種類型的心態，這將有點激發他們想要解決這個領域的問題，這個微博用戶，我們的健身問，為什麼股票影像黑客只戴滑雪面具和連帽衫？

Well, I think the photographer was going for a feel of an actual robber or criminal, but there is a reason to wear something on your face.

好吧，我想攝影師是要追求一種真正的強盜或罪犯的感覺，但在臉上戴東西是有原因的。

They're trying to hide their face from cameras or any type of identify rare that will attribute them to a crime and why they're wearing hoodies.

他們試圖隱藏自己的臉，不讓攝影機或任何類型的識別罕見的將他們歸咎於犯罪，以及為什麼他們穿著連帽衫。

I can imagine that some of these server rooms are super cold, they need to cover their ears if you don't already know.

我可以想象，這些機房有的超級冷，如果你還不知道，他們需要捂住耳朵。

You know, some of us actually dress like this to work and I actually have a ski mask for all of my outfits, Let me put it on for you guys and it's not complete without the glasses.

你知道，我們中的一些人實際上是這樣穿去工作的，我實際上有一個滑雪面具，用於我所有的服裝，讓我為你們戴上它，沒有眼鏡就不完整。

We're good to go.

我們可以出發了。