taitan black_在Black Hat 2020会发生什么

taitan black

At Black Hat, security researchers, hackers, and members of the press get together to exchange the latest discoveries in the security field. This year, there’s no getting together, though—just virtual sessions. Will it still fly?

在Black Hat，安全研究人员，黑客和新闻界人士齐聚一堂，交流安全领域的最新发现。 但是，今年没有聚会，只是虚拟会议。 它还会飞吗？

By Neil J. Rubenking & Max Eddy

由 尼尔J. Rubenking 和 最大埃迪

Security researchers can be a lonely crew. They sit in their labs or basements thinking deep thoughts, probing devices and networks, and coming up with new insights into ways the bad guys could compromise security. Once a year, they come out of their lairs, blink a few times, and hop a plane to the Black Hat conference in Las Vegas. Here, they may briefly become celebrities, expounding their discoveries to a room full of kindred spirits.

安全研究人员可能是一个孤独的工作人员。 他们坐在自己的实验室或地下室中，他们在思考深刻的思想，探测设备和网络，并提出了新的见解，以了解坏人如何危害安全。 每年一次，他们走出巢穴，眨了眨眼，然后跳上飞机去参加拉斯维加斯的黑帽会议。 在这里，他们可能会短暂地成为名人，将他们的发现扩展到充满同种精神的房间。

Hardcore hackers stay on for DEF CON, one of the world’s largest and oldest hacker conventions. DEF CON badges are typically puzzle-oriented, and require multiple attendees to get together for a solution. One year, badges consisted of several kinds of circuit boards that had to be combined and activated to reveal the next clue.

铁杆黑客继续关注DEF CON，DEF CON是世界上最大，最古老的黑客惯例之一。 DEF CON徽章通常以拼图为导向，需要多个参与者聚集在一起才能寻求解决方案。 一年，徽章由几种电路板组成，这些电路板必须组合并激活才能揭示下一条线索。

Everything is different this year. DEF CON attendees still get a puzzle-oriented badge, but there won’t be any in-person hooking up of circuit-board badges. Security luminaries will still present brilliant work, but remotely. Some of us will even miss the experience of surfing the convention center hallways to get to the next session, which is always as far away as possible. Without that in-person camaraderie, it’s hard to say what Black Hat will be like. But as always, we expect to be amazed and horrified by some of the revelations that come out this week.

今年一切都不同了。 DEF CON与会者仍然会获得一个面向拼图的徽章，但是不会亲自挂上电路板徽章。 安全专家仍将展示出色的作品，但远非如此。 我们中有些人甚至会错过在会议中心走廊上冲浪以达到下一场会议的经验，而下一次会议总是尽可能地远。 没有这种亲密的友情，很难说黑帽会是什么样。 但是，与往常一样，我们希望本周的一些启示会令他们感到惊讶和震惊。

选举不安全 (Election Insecurity)

While Black Hat lasts a week, most of that time is devoted to training sessions that help researchers hone their skills. The two days of Black Hat briefings, open to the press and others, are where the latest revelations come to light. Each day has a keynote, and both keynotes relate to election security.

黑帽会持续一周，但大部分时间都用于培训课程，以帮助研究人员提高技能。 为期两天的Black Hat简报会(向媒体和其他人士开放)是最新的启示。 每天都有一个主题演讲，两个主题演讲都与选举安全有关。

That’s completely understandable with a momentous election coming up, and a global pandemic pushing districts toward alternatives to in-person voting. The Wednesday keynote seeks to explore and clarify what we can do to protect the technology that manages our voting.

即将举行的大选和全球大流行将各地区推向面对面投票的替代方式，这完全可以理解。 周三的主题演讲旨在探索和阐明我们可以采取哪些措施来保护管理投票的技术。

Even if every vote cast gets recorded correctly, technology can interfere with the process by aiding and abetting providers of disinformation. If hundreds of bots repeat the same lie, some people will believe it. And those believers just amplify the propaganda. What can be done? The Thursday keynote promises to clarify the way manipulators hack public opinion, and to call on Black Hat attendees as defenders of democracy.

即使正确地记录了每张选票，技术也会通过帮助和教tting虚假信息提供者来干扰该过程。 如果成百上千的机器人重复了同样的谎言，那么有些人会相信。 这些信徒只是在扩大宣传。 该怎么办？ 星期四的主题演讲承诺澄清操纵者破坏公众舆论的方式，并呼吁黑帽大会的参加者作为民主的捍卫者。

There are other sessions focused on the election. One specifically turns the microscope on what we’ve learned from a decade of Russian hacking. Another focuses on the use of machine learning to generate believable synthetic media (aka fake news). And a third aims to organize disclosure of bugs in voting machines, so we at least know when there’s a problem.

还有其他针对选举的会议。 一个人专门用显微镜观察了我们从俄国黑客入侵十年中学到的知识。 另一个重点是使用机器学习来生成可信的合成媒体(又称假新闻 )。 第三个目标是组织公开投票机中的错误，因此我们至少知道什么时候有问题。

人为因素 (The Human Factor)

There’s an old saying that the most dangerous component of an automobile is the nut behind the wheel. The very best security technologies in the world can’t help if a slick hacker tricks an innocent employee into opening the locks. Over the last few years, more and more Black Hat sessions have taken aim at human problems, to the point where it now has its own track.

有句老话说，汽车最危险的部件是方向盘后面的螺母。 如果狡猾的黑客欺骗无辜的员工打开锁，世界上最好的安全技术将无济于事。 在过去的几年中，越来越多的Black Hat会议针对人的问题，以至于现在它已经有了自己的发展轨道。

Sessions include a cautionary tale the presenter says was inspired by an episode of Black Mirror. Nothing supernatural here, but he did create a virtual clone that could successfully impersonate him in video conversations. The session promises to teach attendees how to do the same. We can’t wait!

会议内容包括一个演讲者所说的警示故事，故事的灵感来自“ 黑色镜子”的一集。 这里没有什么超自然的东西，但是他确实创建了一个虚拟克隆，可以成功地在视频对话中模拟他。 该会议有望教与会者如何做相同的事情。 我们等不及了！

You’ve probably experienced workplace training designed to help everyone spot phishing frauds in email. And you’ve probably seen that it just doesn’t work. Attendees will hear from researchers who attempt to look at the problem differently, to avoid assuming that giving employees information is sufficient to change their behavior. In effect, they’re hacking social behaviors to protect us all.

您可能已经经历了工作场所培训，旨在帮助所有人发现电子邮件中的网络钓鱼欺诈 。 您可能已经看到它不起作用。 与会者会听到研究人员的声音，他们试图以不同的方式看待这个问题，以避免假设向员工提供信息足以改变他们的行为。 实际上，他们是在利用社交行为来保护我们所有人。

从内纳德到外层空间 (From Innards to Outer Space)

As always, the information presented at Black Hat can cover just about any topic from a security viewpoint. One session explores the possibility of compromising a secure facility using an implanted device such as a pacemaker. Another reveals ways hackers could eavesdrop on sensitive communications sent to satellites. There’s even a session that suggests ethical hacking can get you arrested. The abstract suggests that the authors were hired to do a “red team” test (meaning they should attempt to break security) and wound up arrested for a felony.

与往常一样，从安全角度来看，Black Hat上提供的信息几乎可以涵盖任何主题。 一个环节探讨了使用诸如起搏器之类的植入式设备破坏安全设施的可能性。 另一个揭示了黑客如何窃听发送给卫星的敏感通信。 甚至有一个会议建议道德黑客可以将您逮捕。 摘要表明，聘用提交人进行“红色团队”测试(意味着他们应尝试破坏安全性)，并因重罪而被捕。

It’s tough to guess how Black Hat will go down this year. We’ve never experienced it except as an exciting place to meet and interact with all elements of the security industry. The after-hours receptions and parties have been great places to pick up information that a source might not mention in an official meeting. And all that in-person excitement is gone, leaving just the sessions. We’ll see if they’re enough to carry the Black Hat torch this year.

很难猜测黑帽今年将如何发展。 除了作为与安全行业的所有成员进行会面和互动的令人兴奋的场所外，我们从未经历过它。 下班后的招待会和聚会是收集消息人士在正式会议上可能未提及的信息的好地方。 所有的现场激动都消失了，只剩下会议了。 我们将看看它们是否足以承受今年的黑帽火炬。

如何观看Black Hat 2020会议 (How to Watch Black Hat 2020 Sessions)

Black Hat sessions won’t be live-streamed. Full-week attendees spend a goodly sum for their trainings, and get to relax a bit when the briefings come around. Press and others who come just for the briefings still have to register. Just because there isn’t a security guard checking your badge doesn’t mean you can virtually walk right in.

黑帽会议不会实时流式传输。 全周的参加者在培训上花了很多钱，并在情况通报会来临时放松一下。 媒体和其他仅作简报的人仍需注册。 仅仅因为没有安全检查员检查您的徽章，并不意味着您几乎可以走进去。

However, once the conference concludes, the Black Hat team make the presentations available for viewing on the Black Hat YouTube Channel.

但是，一旦会议结束，Black Hat团队便可以在Black Hat YouTube Channel上观看演示文稿 。

Originally published at https://www.pcmag.com.

最初发布在 https://www.pcmag.com 。

翻译自: https://medium.com/pcmag-access/what-to-expect-at-black-hat-2020-92eedc47e6ff

taitan black