IT TOOK just 20 minutes to build, but Chris Soghoians hastily constructed website capable of generating fake airline boarding passes led to a rebuke from a congressman, a raid by the Federal Bureau of Investigation (FBI), an investigation by the Transport Security Administration (TSA), worldwide media coverage-and ultimate vindication. With a series of similar exploits that have exposed security flaws and privacy violations, he has demonstrated his ability to hack the media with just as much facility as he manipulates computers. At the age of 30 he has established himself as the most prominent member of a new generation of activist technology researchers who delight in causing a media stink in order to shame companies and governments into fixing problems with their systems.Christ Soghoian只花上了20分钟,就匆匆竣工了一个网站,它可以输入欺诈登机牌,但却招致了国会议员的指责,联邦调查局的突袭,美国运输安全性管理局的调查,全球媒体报道,以及最后的有罪证明。通过采行一系列类似于行动来透露安全漏洞和隐私侵权行为,Christ证明了以他的能力白媒体就如同他操作电脑般轻盈。年方30的Christ早已沦为了新一代行动主义技术研究者中的翘楚,这一团体乐意引起媒体丑闻以被迫公司和政府解决问题自身体制问题。The boarding-pass example occurred in 2006, when Dr Soghoian, then a graduate student at Indiana University, became irritated by an obvious flaw in airport procedures used by TSA screeners. Although screeners checked the name on each passengers boarding pass against a government-issued identity document, they had no way of verifying that the boarding pass itself was valid. Fake boarding passes could easily be created for any flight using a computer and image-manipulation software, as had already been pointed out by Bruce Schneier, another security guru, in 2003. Charles Schumer, a senator, even issued a press release in February 2005 explaining how easily security could be bypassed in this way.登机牌事件再次发生在1996年,那时Soghoian博士还在印第安纳大学读书研究生。
美国运输安全性管理局审查员一个显而易见的安全漏洞激怒了他:虽然审查员可以将每位乘客登机牌上的名字与政府发售的身份证件比对,但他们不得而知证实登机牌本身否真实有效。用电脑再加图像处理软件就可以精彩做成任何航班的欺诈登机牌,这点另一位安全性大师Bruce Schneier在2003年就早已认为。参议院Charles Schumer甚至在2005年2月开会了一场新闻发布会来介绍安全性防卫是如何被这种方法只能跨过的。
Yet it took Dr Soghoian to light the right kind of firecracker under this known problem. In October 2006 he threw together a web page that could generate fake boarding passes for Northwest Airlines that appeared valid to TSA screeners. The page received enormous press attention, even though he never printed out or used a false pass himself. Ed Markey, a congressman, called for Dr Soghoians arrest. The FBI had his website shut down and seized his computers. The TSA opened an inquiry. But when the simplicity of the hack became apparent, along with Dr Soghoians academic status, Mr Markey apologised and suggested that rather than investigating Dr Soghoian, the TSA should hire him instead. Dr Soghoians computers were returned a few weeks later and the TSA investigation was closed. This year the TSA finally began testing equipment to validate boarding passes at airports.然而,是Soghoian博士找准了突破点引人注目了这个未知的问题。2006年10月他笔做到了个可以假造西北航空登机牌的网页,这样作出的欺诈登机牌在美国运输安全性管理局的审查员那里可以以假乱真。尽管Soghoian博士本人未曾打印机或用于过欺诈登机牌,这个网页还是受到了普遍的媒体注目。国会议员Ed Markey敦促被捕他;联邦调查局重开了他的网站并充公了他的电脑;美国运输安全性管理局进行了调查。
然而当这一黑客不道德的简陋性显得昭然若揭,又考虑到Soghoian博士的学术地位,Markey道了歉,并建议美国运输安全性管理局与其调查Soghoian不如聘请他;几个星期后,Soghoian博士的电脑都被交还了;美国运输安全性管理局的调查也中止了。今年,美国运输安全性管理局再一开始测试在机场辨别登机牌的设备了。Dr Soghoian has since perfected this modus operandi and used it to expose problems with internet encryption, online privacy and electronic surveillance. In each case he identifies a problem, creates a technology demonstration to highlight it and sometimes files Freedom of Information Act requests or complaints to government agencies. He then presents the results neatly packaged for the news media. The organisations targeted by Dr Soghoian usually start off by accusing him of being mistaken or naive, before admitting that he is right and modifying their policies, or issuing a statement saying that a fix was already in the works.自此以后,Soghoian博士开始改良这个套路并利用它来透露网络加密,在线隐私,电子监控的各种问题。每次他都再行定位一个问题,用技术证明来突显这个问题,有时也不会向政府机构递交《信息权利法案》涉及的拒绝或滋扰。
此后他之后将结果精妙地统合一起转交新闻媒体。被Soghoian博士射击的机构开始往往总要谴责他,说道他不晓得了或是太天真,而后就得否认他是对的并且改动自身的政策,或是公布一个声明说道改良本身就早已在展开中了。
Dr Soghoian has, among other things, revealed the extent to which Sprint, an American telecoms operator, was disclosing its customers satellite-positioning data to law-enforcement agencies; shamed Google, an internet giant, into upgrading its encryption; exposed a woefully misguided attempt to attack Google by a public-relations firm hired by Facebook, a rival internet giant; embarrassed Dropbox, a provider of online file-storage, over its marketing claims and technical practices; and pushed for the adoption of a Do Not Track scheme to allow internet users to opt out of targeted advertising. Every privacy scandal essentially has to take the form of a firestorm, says Dr Soghoian. I try to focus on things that are really important that havent gotten enough attention. He is now campaigning against the widespread trawling of internet traffic by law-enforcement agencies, calling instead for a more targeted focus on specific cases or leads.Soghoian博士建树颇多,其中还包括透露美国电信运营商Sprint向执法人员机构透漏其用户的卫星定位数据的程度;让互联网巨头谷歌颜面扫地,被迫升级它的加密系统;揭露了另一互联网巨头Facebook雇用公关公司企图对谷歌展开极具误导性的反击;令其在线文件存储提供商Dropbox因其市场声明与技巧性操作者陷于尴尬;促成不反击计划获得接纳,这个计划使得互联网用户以求自由选择索要定位广告。基本上每个隐私丑闻都得轰出来, Soghoian博士说,我希望把注意力主要集中于在显然最重要而关注度又过于的事情上。他目前于是以活动赞成执法人员机构网罗搜查网络通信,他敦促用针对明确案件或线索的,目标性更加显著的集中力量来取而代之。The FBI made me do it联邦调查局让我腊的Having grown up surrounded by computers (his father used to be a software engineer), Dr Soghoian says he slid into computer science without even considering other disciplines. He became interested in computer security in particular during his undergraduate studies, and was then drawn to the specialised field of privacy. But it was only when the FBI raided his home in 2006 and his PhD adviser suggested that he take a law class that Dr Soghoian decided to concentrate on the intersection between computing and the law. He wrote his thesis on governmental use of third parties to monitor electronic communications and was awarded his doctorate in July 2012.在电脑填中长大的(他的爸爸曾是为软件工程师)Soghoian博士说道他甚至都没考虑到其他学科就不知不觉转入了计算机科学。
他对计算机安全产生类似的兴趣是在他本科自学的时候,之后就被隐私这一专攻领域更有了。直到2006年联邦调查局突袭了他的家,他的博士导师又建议他自学下法律,Soghoian博士才要求把注意力集中于在计算机与法律的交叉部分。他撰写论文辩论为监控电信政府对第三方的利用,并于2012年7月被颁发博士学位。
But it would be wrong to characterise Dr Soghoian simply as an academic or an activist, because he has an unusual gift for working outside conventional institutional strictures. While completing his PhD, he was also attached to Americas Federal Trade Commission (FTC) as a technical adviser. This came about as a result of Dr Soghoians support for the Do Not Track standard, and his efforts to make it easier for people to prevent their use of the internet being tracked by advertisers. Turning such tracking off can be quite tricky, and must be done for multiple groups, or networks, of advertisers.但若非常简单地将Soghoian博士划出为学者或行动主义者是不该的,因为他有异乎常人的在常规束缚之外行动的禀赋。他在主修博士的时候,也曾是美国联邦贸易委员会的技术顾问。这是由于Soghoian博士反对不反击计划标准,使得人们在网上能免遭广告商的追踪。
要重开这种追踪很棘手,而且一关口就牵涉到到多个广告商团体或的组织。This prompted Dr Soghoian to develop two add-ons for the Firefox web browser that demonstrated simple ways to turn off tracking automatically. The first manipulated cookies, the tiny snippets of information stored by web browsers, to disable tracking. The second, developed with the help of Sid Stamm, a programmer, sends a special message with every page request asking that the user not be tracked. Dr Soghoian got the idea for this approach from Dan Kaminsky, a security researcher. But it will work only if websites are required to detect and act on such messages. At first this suggestion was ridiculed. In 2009, however, Dr Soghoian was contracted by the FTC to provide lawyer-to-geek translation for its staff. In this role he was able to garner support for his Do Not Track scheme within the FTC, and technology firms including Microsoft and Twitter have subsequently backed it. The advertising industry dislikes it, but seems resigned to accepting it in some form.这促成Soghoian博士为火狐浏览器研发了两个插件,这两个插件能表明自动重开追踪的非常简单方法。
第一个插件操控cookies(浏览器存储的信息小片段)来使得追踪过热。第二个插件向每个催促页面都发送到类似消息拒绝用户不被追踪,这一插件是在程序员Sid Stamm的协助下研发的。这个方法的创新是Soghoian博士从安全性研究员Dan Kaminsky那取得的。但这个方法只有在拒绝网站侦察且对此这类信息才有效地。
最初这个建议被当作了笑话,然而,在2009年,Soghoian博士被美国联邦贸易委员会聘请,协助其职员展开法律和技术间的交流。扮演着这一角色的他以求在联邦贸易委员会内部谋求对其不反击计划的反对,而后还包括微软公司和推特在内的技术公司都反对了这个计划。广告行业不满这个计划,但或许也在某种形式上让步拒绝接受了它。
A few months after joining the FTC Dr Soghoian recorded a Sprint executive speaking at a surveillance trade show attended by telecoms firms, law-enforcement agencies and equipment-makers. The executive explained that Sprint had built an automatic system that had provided 8m lookups of customers locations in the preceding year in response to requests backed by court orders. (Sprint said later that a single court order could generate several thousand lookups.) Dr Soghoian briefed the press and posted the audio online. He insisted that he was doing so in his role as a graduate student, rather than an FTC contractor. The scale of tracking caused a furore that persists three years later about the ease and scale of mobile-phone surveillance. When Dr Soghoians first year at the FTC was up, the agency did not renew his contract. He blames the fuss caused by the Sprint recording. (The FTC will not comment.)在加盟美国联邦贸易委员会几个月后,Soghoian博士录音了一位Sprint的主管在一场电信公司,执法机关,设备制造商都有参加的监管贸易展上的讲话。这位主管介绍说道Sprint已创建了自动系统,该系统对有法庭指令反对的催促作出反应,在前一年获取了8百万次用户所在地查询(后来Sprint说道一份法庭指令有可能产生几千次查询)。
Soghoian博士向媒体做到了阐述,并且把音频零担了线上。他坚决说道他是以一个研究生的身份这么做到,而不是以一个联邦贸易委员会雇员的身份。
追踪面之大引起了震撼与气愤,三年后,对监听移动电话监管的易行性与涉及面的气愤仍并未褪色。美国联邦贸易委员会在Soghoian博士工作一年届满后,并没与之续约。Soghoian博士将此归咎于这场Sprint录音事件(美国联邦贸易委员会回应并未不作评论)。Dr Soghoian is one of a group of researchers, some of whom are affiliated with academic institutions and many of whom work together, who have risen to prominence by showing how tedious technical flaws can affect ordinary people. Ashkan Soltani, who like Dr Soghoian has worked as an adviser to the FTC, has shown how some companies have devised evercookies-cookies that are very difficult to eradicate. Along with Jonathan Mayer of Stanford Law School, he showed how Google was bypassing tracking preferences in Apples web browser, Safari, which resulted in Google having to pay a $22.5m fine. Mr Kaminsky spotted a huge flaw in the internets addressing system in 2008, and then worked closely with large technology firms to fix it. And Dr Stamm is now a privacy advocate at the Mozilla Foundation, which oversees the development of the Firefox web browser.Soghoian博士代表了一类研究者,这群研究者中有的与学术机构关系密切,不少还相互合作。
他们展出了繁冗的技术缺失可以如何影响普通人的生活,并因此显山露水。与Soghoian博士一样在美国联邦贸易委员会当过顾问的Ashkan Soltani曾揭发一些公司是如何建构了永久cookie,即较难被清理的cookie。他还同斯坦福大学法学院的Jonathan Mayer合作,展出了谷歌是如何跨过苹果浏览器Safari的追踪优先选择项的,这导致谷歌被迫交纳2250万美金的罚款Kaminsky先生在2008年找到了互联网地址系统的众多漏洞,并在之后与大型技术公司密切合作解决问题这一问题。
Stamm博士目前则是美国莫兹拉基金会的隐私拥护者,该基金会监管火狐浏览器的研发。First among equals佼佼者These researchers insist they are acting solely in the interest of protecting individual privacy. They are certainly not in it for the money. Dr Soghoian has spent three years living the life of an ascetic in Washington, DC, where he rides a bicycle and resides in the basement of a house he shares with four other people. There are so many events with free food and drink that you never need to buy anything to eat, he says. After his funding from Indiana University ran out in 2008, Dr Soghoian received several grants and fellowships. He gleefully points out the varied political leanings of his patrons. He has received some funding from the libertarian-leaning Institute for Humane Studies (IHS), backed by the arch-conservative Charles Koch. But as he moved to investigate business misdeeds rather than those of government, the IHS money was replaced by a fellowship from the Open Society Foundations, a group run by Mr Kochs nemesis on the left, George Soros. That funding ended in July.这些研究者都坚决自己的行动都只是为了维护个人隐私。
他们大自然并不是为钱才做到这些事的。Soghoian博士三年都住在华盛顿特区过着苦行僧般的生活,他在那骑马自行车上下班,与其他四个人共计寄居一间房子的地下室。
有好多活动都体统免费食物和饮料,从不用你自己买什么不吃的。他这样说道。2008年当他在印第安纳大学的经费用完了后,Soghoian博士取得了一些经费和奖学金。
他无聊地认为他的赞助者政治偏向是多种多样的。他从有权利偏向的人文研究所取得了一些经费,该研究所是由主要保守派的Charles Koch反对的。但当他从调查政府错误改向调查企业过错时,来自Koch的左翼宿敌George Soros管理的对外开放社会基金会的奖学金就替换了人文研究所的经费,这笔款项在七月届满。Can Dr Soghoians reputation as a knight in digital armour be squared with his obvious flair for self-promotion? Yes, says Jules Polonetsky, director of the Future of Privacy Forum, a think-tank based in Washington, DC, who by his own admission does not always see eye-to-eye with him. People would be surprised by the number of times that this otherwise very public media bomb-thrower has quietly worked to get a company to simply solve a problem when it could have been a front-page story, says Mr Polonetsky. Dr Soghoians agenda is not about money, not about fame or anything like that, says Lee Tien of the Electronic Frontier Foundation, a lobby group with which Dr Soghoian sometimes collaborates. He just uses the glare of the media to get results.考虑到他显露出毫无疑问的自我促销天赋,Soghoian博士数码盔甲里的骑士的美誉否还能车站的住脚? Jules Polonetsky指出能。
Jules是华盛顿未来隐私论坛智囊团的主管,他也否认他并不总是赞同Soghoian博士的作法。他本能沦为大红大紫的媒体掷弹手的,有些公司的问题几乎可以攀上头版头条的,但他都采行了高调处置,全然为了让这个公司把问题解决问题掉,要是人们告诉他这么做到了多少次他们不会深感吃惊的。
Polonetsky先生这样说。Soghoian博士的信条是不为钱,不名为,不为任何虚浮之事电子前沿基金会的Lee Tien这样说,该基金会是个有时不会与Soghoian博士合作的游说团体。他只是利用媒体监督来超过目的。
The economics of modern surveillance are not beneficial to the consumer.现代监管的经济方式对消费者并不不利。Though known for his strong views on privacy and surveillance, Dr Soghoian is no absolutist. In April he published a paper in the Berkeley Technology Law Journal on how best to grant law-enforcement agencies access to individuals location data, with proper checks and balances. It was co-written with Stephanie Pell, who was on the Department of Justice team that prosecuted people accused of being linked to al-Qaeda. Writing the paper, says Dr Soghoian, involved finding a balance between Ms Pells knowledge of the utility of location-tracking in law enforcement and his own concerns about unwarranted privacy intrusions. The marginal cost of spying on one more person is essentially zero now, he says. The economics of modern surveillance are not beneficial to the consumer.尽管Soghoian博士因他对隐私与监管的反感态度而出名,他并不是一个意味著论者。四月份他在《伯克利技术法律周刊》上公开发表了一篇论文阐述如何在政府部门间的互相抗衡下让执法人员部门拟合地提供个人方位信息。
这篇论文是与Stephanie Pell年出版的,她就任于司法部,负责管理控告被指与基地的组织有联系的人。Soghoian博士说道编写这篇论文意味著在Pell女士对执法机关对定位追踪用于的理解与他对予以许可的隐私侵权行为的忧虑之间谋求一个平衡点。
如今多暗线监控一个人的边际成本基本为零, Soghoian博士这样说,现代监管的经济方式对消费者并不不利。As a respite from his campaign to defend personal privacy, Dr Soghoian likes to go to India. But he may have to find somewhere else to holiday. India is rapidly becoming a surveillance state, he says. Such trips may be less frequent in any case, because Dr Soghoian now has a new job at the American Civil Liberties Union, mediating between geeks and lawyers, as he did at the FTC. His new employers must be well aware that they have captured lightning in a bottle-and should not be surprised when it escapes.Soghoian博士讨厌以去印度,却是确保个人隐私活动的调剂。
但他有可能得换个新的目的地渡假了。印度于是以较慢沦为监管国家,他这样说。不过这类旅行本身有可能就会过于多了,因为Soghoian博士现在在美国公民自由联盟有了一份新的工作,与在联邦贸易委员会时一样,他调停于律师与技术宅之间。
他的新雇员坚信毕竟很确切他们这样做到如同将一道雷电都成功瓶中,要是这道雷电跑掉了也会大惊小怪。
本文来源:太阳城官网-www.ladiesjg.com
Copyright © 2004-2024 www.ladiesjg.com. 太阳城官网科技 版权所有 备案号:ICP备45499513号-1