I was trapped on a beastly 14-hour flight to China — complete with a jet-lagged newborn on my lap. Fortunately, the in-flight entertainment included a new cybercrime drama called Mr. Robot.
我被困在一次长达14小时的飞往中国的可怕飞行中-腿上有一架喷气飞机滞后的新生儿。 幸运的是,机上娱乐节目包括一部名为《机器人先生》的网络犯罪新剧。
This show takes technical realism to levels unprecedented for Hollywood. It succeeded in distracting me from the awkwardness of being “that guy” with the crying baby. And I even learned a few things about information security.
该节目将技术真实感提升到好莱坞前所未有的水平。 它成功地使我摆脱了哭泣的婴儿成为“那个家伙”的尴尬。 我什至学到了一些有关信息安全的知识。
Out of respect for readers who haven’t yet watched this Golden Globe-winning series, I’ve purged this article of any reference to characters or plots in the story. Read on with confidence — this is a spoiler-free article.
出于对尚未观看过这个金球奖获奖系列的读者的尊重,我清除了本文中对故事中人物或情节的任何引用。 请放心阅读-这是一篇没有剧透的文章。
Without further ado, here are five information security lessons from season 1 of Mr. Robot.
事不宜迟,这是从机器人先生第1季开始的五次信息安全课程。
Hackers don’t need to steal your phone — that would be too obvious, and would only give them access to your data from the past.
黑客无需窃取您的电话-这太明显了,只会让他们访问过去的数据。
Instead, they can gain control of your phone using spyware. They can do this in minutes, and you’ll never even know.
相反,他们可以使用间谍软件来控制您的手机。 他们可以在几分钟内完成此操作,而您甚至都不会知道。
In Mr. Robot, one of the characters installs a root kit on someone’s phone in less time than it takes to shower. Using Flexispy — a widely-used Android spyware tool — the character “roots” the phone — putting it in superuser mode — and then hides the normal superuser icon to obscure the fact that the phone has been tampered with.
在《 Robot先生》中,其中一个角色在一个人的电话上安装根套件的时间少于淋浴时间。 使用Flexispy(一种广泛使用的Android间谍软件工具),该角色将手机“扎根”,使其进入超级用户模式,然后隐藏普通的超级用户图标,以掩盖手机已被篡改的事实。
From now on, the character is able to monitor all of that phone’s digital and audio communications.
从现在开始,角色可以监视该电话的所有数字和音频通信。
Word to the wise — using your phone’s thumbprint scanner or setting a lock screen password will make it much harder for a hacker to do this to you.
明智的选择-使用手机的指纹扫描仪或设置锁定屏幕密码会使黑客更难对您执行此操作。
Emerging from the subway, a boombox-blasting rapper offers you a free copy of his newest album.
从地铁里出来的,一个爆炸式说唱手为您提供了他最新专辑的免费副本。
Now, you wouldn’t take candy from some guy in bellbottom jeans and stick it in your mouth. Don’t take a CD from some guy in a flat-bill cap and stick it in your computer!
现在,您不会再从某个穿着喇叭裤牛仔裤的家伙那里拿走糖果,然后再贴在嘴里。 不要从一个家伙身上拿出一张CD的唱片,然后将其粘贴到计算机中!
To be fair, you would still need to execute a file. In Mr. Robot, hackers use an alluring filename like “Free iTunes Gift Card.exe” to dupe the victim into double-clicking it. This installs a Remote Access Trojan (RAT), effectively giving the attacker access to files and even webcams. Creepy.
公平地说,您仍然需要执行一个文件。 在Robot先生中,黑客使用诱人的文件名(例如“ Free iTunes Gift Card.exe”)欺骗受害者,使其双击。 这将安装一个远程访问木马(RAT),有效地使攻击者可以访问文件甚至网络摄像头。 爬行。
Sometimes the best place to hide things is right out in the open. Who would think twice about that binder of old rock albums on your floor?
有时候,隐藏事物的最佳场所就是露天的。 谁会对您地板上的旧摇滚专辑的活页夹三思而后行?
What looks like a normal CD — that even plays their album scrawled on it with a sharpie—actually contains an extra layer of data stashed within.
看起来像普通CD的CD甚至可以播放带有神器的草皮唱片,实际上包含了额外的一层数据。
Removed from any network access, the only way to read the data on these CDs would be to physically enter the premise and get a hold of them. You’d then for at least long enough to spin up an optical drive and dump their contents.
从任何网络访问中删除,读取这些CD上的数据的唯一方法是物理进入场所并获得它们。 然后,您至少需要足够长的时间来旋转光盘驱动器并转储其内容。
If an attacker discovers an open bluetooth connection on your device, they could connect their own keyboard to it and start inputing commands.
如果攻击者在您的设备上发现了打开的蓝牙连接,则他们可以将自己的键盘连接到该键盘并开始输入命令。
Yes, it is possible to open up a terminal with a series of hotkeys in both Windows and OSX, and from there type in malicious commands.
是的,可以在Windows和OSX中打开带有一系列热键的终端,然后从那里键入恶意命令。
As a bonus, turning off bluetooth when you’re out and about will reduce your battery consumption, giving you more time to read Medium articles like this one (and follow Medium writers like me).
另外,当您出门在外时关闭蓝牙功能可以减少电池消耗,从而使您有更多时间阅读此类中型文章(并关注像我这样的中型作者)。
Throughout Mr. Robot, the most common exploit is good old social engineering — manipulating people into doing what you want.
在整个Robot先生中,最常见的剥削是良好的旧社会工程学-操纵人们去做自己想做的事情。
Here are some red flags to look out for when interacting with strangers:
与陌生人互动时,请注意以下一些危险信号:
If you enjoyed this article, you’ll probably enjoy Mr. Robot. You can watch the entire first season here.
如果您喜欢这篇文章,您可能会喜欢机器人先生。 您可以在这里观看整个第一季 。
You can also learn more about InfoSec from the most famous black hat hacker himself.
您还可以从最著名的黑帽黑客本人那里了解有关InfoSec的更多信息。
Be safe!
注意安全!
I only write about programming and technology. If you follow me on Twitter I won’t waste your time. ?
我只写关于编程和技术的文章。 如果您在Twitter上关注我,我不会浪费您的时间。 ?
翻译自: https://www.freecodecamp.org/news/all-i-really-need-to-know-about-infosec-i-learned-from-mr-robot-7902cca6d729/
版权声明:本站所有资料均为网友推荐收集整理而来,仅供学习和研究交流使用。
工作时间:8:00-18:00
客服电话
电子邮件
admin@qq.com
扫码二维码
获取最新动态