python公斤转克_1970年代公斤级键盘记录器提供的三项网络安全课程

本文主要是介绍python公斤转克_1970年代公斤级键盘记录器提供的三项网络安全课程,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

python公斤转克

A keylogger is a piece of software or hardware that records what you type, presumably so some bad guy can steal your secret data. You might think the earliest one used a PS/2 connector or installed on an old-fashioned IBM PC. An older computer, maybe? It turns out, what may very well be the first keylogger was built by the Soviet Union and used on IBM Selectric typewriters in the U.S. Embassy way back in the 1970s. What the NSA learned back then can still apply to cybersecurity today.

键盘记录程序是一种记录您键入内容的软件或硬件,大概是一些坏蛋可以窃取您的秘密数据。 您可能会认为最早使用PS / 2连接器或将其安装在老式IBM PC上。 也许是一台旧计算机? 事实证明,很可能第一个键盘记录器是由苏联制造的,并在1970年代美国大使馆的IBM Selectric打字机上使用。 NSA当时所学到的知识仍然可以应用于当今的网络安全。

If you are under a certain age, it is hard to realize just how ubiquitous the IBM Selectric was in the office world before computers. The heavy-duty typewriter didn’t use type bars like an ordinary typewriter. It used a “golf ball” that had the font on it. The machine would spin and pitch the ball before striking it on the paper. You could replace the ball to change fonts.

如果您未满一定年龄,则很难意识到IBM Selectric在计算机领域之前在办公室世界中是多么普遍。 重型打字机不像普通打字机那样使用类型栏。 它使用了上面带有字体的“高尔夫球”。 在将球击到纸上之前,机器会将球旋转并投球。 您可以替换球以更改字体。

The Selectric was a mechanical typewriter. But it also was a kind of digital device, too. How could you hack a typewriter into sending everything typed covertly? Oh. And do it with 1970’s technology, please.

Selectric是一台机械打字机。 但这也是一种数字设备。 您如何才能让打字机发送秘密输入的所有内容? 哦。 请用1970年代的技术来做。

来自俄罗斯的爱 (From Russia with Love)

Apparently, in the early 1970s, office equipment and typewriters were shipped to U.S. embassies in a fairly conventional way. Crypto machines and other classified material received tamper-resistant and tamper-evident cases delivered by special couriers, but typewriters came in as freight. Unknown to the U.S. at the time, Soviets (presumably the KGB) intercepted the typewriters in transit and installed highly sophisticated bugs in the typewriters.

显然,在1970年代初,办公设备和打字机以相当传统的方式运往美国大使馆。 密码机和其他机密材料收到了由特殊快递员提供的防篡改和防篡改案例,但打字机是作为货物运来的。 当时美国还不知道,苏联人(大概是克格勃)在运输途中拦截了打字机,并在打字机中安装了高度复杂的错误。

The device mostly replaced a bar inside the typewriter and was almost impossible to tell from the actual comb bar it replaced. The bug had custom integrated circuits and a small amount of core memory. There were several variants installed over the years. Some had batteries, and some drew power from the typewriter. The bugs transmitted short bursts on either 30, 60, or 90 MHz.

该设备主要替换了打字机内部的一根条,几乎无法从实际的梳条上分辨出它是被替换掉的。 该错误具有定制的集成电路和少量的核心内存。 这些年来,安装了多种变体。 有些装有电池,有些则从打字机取电。 这些错误在30、60或90 MHz上传输了短脉冲。

枪手计划 (Project Gunman)

In 1983, the French alerted the Americans that they had found a bug inside a teleprinter. The National Security Agency (NSA) studied it and found that it was sophisticated enough that it was unlikely to be unique. In 1984, they implemented a secret plan — project Gunman — to remove all suspect equipment from the embassy in Moscow and replace it with new equipment.

1983年,法国人警告美国人,他们在电传打印机内发现了一个小虫。 国家安全局(NSA)对它进行了研究,发现它足够复杂,以至于不可能唯一。 1984年,他们实施了一项秘密计划-Gunman项目-从莫斯科大使馆撤走所有可疑设备,并用新设备替换。

IBM Selectric typewriters that operated on 220V were in short supply, so while the embassy had 250 typewriters, only 50 replacements were available. This led to the NSA replacing only particularly important typewriters.

使用220V电压的IBM Selectric打字机供不应求,因此使馆有250台打字机,但只有50台可以更换。 这导致国家安全局仅更换了特别重要的打字机。

The replacement gear was guarded and had tamper seals on them. Very few people knew the real reason for the replacements, and the embassy staff was delighted to get new equipment without having to spend their own budget money.

替换齿轮受到保护,并带有防拆密封。 很少有人知道更换的真正原因,使馆工作人员很高兴在无需花费自己预算的情况下购买新设备。

The NSA removed about 11 tons of equipment from the embassy, and about 10 tons were shipped in covertly. The Russians had shut down the elevator for preventive maintenance (remember, this is during the cold war when both sides would do things to annoy the other), so most of the gear was moved through the building by stairs.

国家安全局从大使馆撤走了约11吨的设备,并秘密秘密运送了约10吨的设备。 俄国人已经关闭了电梯以进行预防性维护(请记住,这是在冷战期间,双方都会做些使对方烦恼的事情),因此大部分装备是通过楼梯移动穿过建筑物的。

分析 (Analysis)

The 11 tons of material was sent back to the United States under high security. No one thought the Soviets could bug the crypto machines, but then again, no one expected the typewriters, either. They examined the crypto machines by X-ray and found nothing. A second team looked at the non-secure items at a lower priority. The agency offered a reward of $5,000 to anyone who could identify the spy device in the equipment.

这11吨物料在高度安全的情况下被运回美国。 没有人认为苏联人会打扰加密机,但又一次,也没有人期望打字机。 他们用X射线检查了加密机,却一无所获。 第二个小组以较低的优先级查看了非安全物品。 该机构向任何能够识别设备中间谍设备的人提供5,000美元的奖励。

In July 1984, Mike Arenson saw something strange in an X-ray of a Selectric’s power switch. He decided to X-ray the whole machine and made a find worth $5,000. Once they knew what to look for, they would discover 16 bugs in Moscow and the consulate in Leningrad.

1984年7月,迈克·阿伦森(Mike Arenson)在Selectric的电源开关的X光片中看到了奇怪的东西。 他决定对整个机器进行X射线检查,发现价值5,000美元。 一旦他们知道该寻找什么,他们就会在莫斯科和列宁格勒的领事馆中发现16个虫子。

Arenson reportedly said:

据报道,阿伦森说:

When I saw those x-rays, my response was ‘holy f***’. They really were bugging our equipment. I was very excited, but no one was around to tell the news. My wife was an NSA employee, but I could not even tell her because of the level of classification of the project. I could hardly wait for morning when my colleagues would return.

当我看到那些X射线时,我的回答是“神圣的***”。 他们确实在窃听我们的设备。 我感到非常兴奋,但是没有人在告诉这个消息。 我的妻子是一名NSA雇员,但由于项目的分类级别,我什至无法告诉她。 我迫不及待地要等我的同事回来的早晨。

You can see a photo of a Selectric with the bugging device exposed below:

您可以在下面看到暴露设备的Selectric的照片:

Image for post
Public Domain 公共领域

运作方式(How it Worked)

The Selectric contains a mechanical digital to analog converter called a wiffle tree. The keys create movement on some metal arms that position the ball by rotating and tilting it. The KGB replaced the arms — latch interposers — with arms that looked the same but made of non-ferrous metal. They also had a strong magnet on the tip. The bug in the comb bar had six magnetometers that detected the motion of the arms.

Selectric包含一个机械的数模转换器,称为wiffle树。 按键在一些金属臂上产生运动,这些金属臂通过旋转和倾斜球来定位球。 克格勃(KGB)用看起来相同但由有色金属制成的臂代替了臂(闩锁插入器)。 他们的头上还有一块强磁铁。 梳子中的虫子有六个磁力计,可以检测手臂的运动。

Image for post
CC-BY-SA-3.0 CC-BY-SA-3.0)

The six bits generated were encoded into 4 bits and stored in an 8-word core memory. When full, the bug would transmit the data in a high-speed burst. For technical reasons, the bug couldn’t tell uppercase from lowercase and didn’t read things like shift, space, tab, carriage return, and similar keys. Still, that was plenty of information to reconstruct nearly everything typed. The reduction to 4 bits probably means some letters shared codes, but knowing letter frequencies, it would be easy enough to rebuild the plain text.

生成的6位被编码为4位,并存储在8字核心存储器中。 该漏洞填满后,将以高速突发方式传输数据。 由于技术原因,该错误无法区分大小写,并且无法读取诸如shift,空格,制表符,回车键和类似键之类的信息。 尽管如此,仍然有大量信息可以重建几乎所有键入的内容。 减少到4位可能意味着某些字母共享代码,但是知道字母频率,就很容易重建纯文本。

There were five different versions of the bug. Three used batteries (8–10 mercury cells). The remaining types drew power from the typewriter itself.

该错误有五个不同的版本。 三个废旧电池(8-10个汞电池)。 其余的类型则依靠打字机本身的力量。

检测(或缺乏) (Detection (or Lack Thereof))

It wasn’t like the embassy didn’t search for bugs. However, the short duration of transmission prevented the old spectrum analyzers from seeing the bugs. The bug contained special circuitry to thwart a nonlinear junction detector (NLJD).

这不像使馆没有寻找臭虫。 但是,由于传输时间短,所以旧的频谱分析仪无法看到这些错误。 该错误包含阻止非线性结检测器(NLJD)的特殊电路。

Another complication was the frequency involved. The Soviets selected frequencies very close to a strong local TV station to help mask the signals.

另一个并发症是涉及的频率。 苏联人选择了非常靠近强大的本地电视台的频率来帮助掩盖信号。

It turns out that there had been some passive antennas that probably were part of the Selectric bug system found in 1978, but no one understood their significance at the time. Also, a technician examined embassy typewriters in 1978 but only looked at the power supplies of the machines since the assumption was that it would be where a bug would operate. Since, at the time, the KGB devices were battery-powered, they found nothing. Incidentally, reports indicate that the Russians only use manual typewriters for classified information.

事实证明,有一些无源天线可能是1978年发现的Selectric bug系统的一部分,但当时没人知道它们的重要性。 另外,一名技术人员在1978年检查了使馆打字机,但只查看了机器的电源,因为这种假设是可能会发生错误。 由于当时KGB设备由电池供电,因此他们什么也没找到。 偶然地,报告表明俄国人仅使用手动打字机获取机密信息。

Image for post
Public Domain 公共领域的Daderot的设备特写视图

后果(Aftermath)

The Soviets had bugged typewriters in the embassy from around 1976 until 1984. The discovery of the bugs led to many changes in how the State Department shipped equipment overseas. The FBI attempted to determine what information had leaked through the Selectric bugs, but was unable to reach any conclusions.

从1976年左右到1984年,苏联人在使馆里打字机被窃听。窃听器的发现导致国务院将设备运往海外的方式发生了许多变化。 联邦调查局试图确定哪些信息是通过Selectric漏洞泄漏的,但无法得出任何结论。

We will probably never know the Soviet engineer who designed these bugs. Maybe it was a team. But ideology aside, I know a hacker when I see one. These bugs were ingenious and highly advanced for their time. You can only wonder what is possible today that we won’t know about for years to come.

我们可能永远不会认识设计这些错误的苏联工程师。 也许是一个团队。 除了意识形态,当我看到一个黑客时,我就认识一个黑客。 这些错误在他们的时代独具匠心,并且非常先进。 您只能想知道今天可能发生的事情,这些都是我们未来几年所不知道的。

今天的课程和进一步阅读 (Lessons for Today and Further Reading)

The NSA has a great declassified document about Gunman. There’s a lot of details there, although for technical details, you might want to cruise over to the Crypto Museum’s page about these devices.

国家安全局有一份关于机枪手的绝密文件。 那里有很多细节,尽管有关技术细节,您可能想浏览有关这些设备的Crypto Museum页面。

What lessons can we learn from this for today’s cybersecurity posture?

从今天的网络安全态势中,我们可以从中学到什么教训?

  • Even a low-level target like a typewriter or a thermostat may offer an easy way for an attacker to get information.

    甚至像打字机或恒温器这样的低级目标也可能为攻击者提供一种获取信息的简便方法。
  • Don’t underestimate your opponent’s technology. The hackers tend to have some pretty good technology.

    不要低估对手的技术。 黑客往往拥有一些相当好的技术。
  • Don’t trust your detection tools. If your detection technology has a blind spot, your attacker may very well be hiding right there.

    不要相信您的检测工具。 如果您的检测技术有一个盲点,那么您的攻击者很可能就隐藏在那里。

Granted, most of us don’t have to deal with high tech secret agent gadgets like these, but the principles remain the same, even today.

诚然,我们大多数人不必处理此类高科技秘密特工,但即使在今天,其原理仍然相同。

The Soviets were pretty ingenious about bugging places. The Theremin bug was quite impressive and also went undetected for a very long time. Of course, there have always been fears of reading data from electronic devices through their emissions.

苏联人擅长窃听地方。 Theremin的错误非常令人印象深刻,并且很长一段时间都未被发现。 当然,一直以来人们一直担心会通过电子设备的发射来读取数据。

翻译自: https://medium.com/illumination/three-cybersecurity-lessons-from-a-1970s-kgb-key-logger-895fdc96b9f6

python公斤转克


http://www.taodudu.cc/news/show-8490489.html

相关文章:

  • 【POJ】2165.Gunman
  • geek_Ask How-To Geek:在仿真中还原XBMC FTP,重命名电视节目和Android Market
  • ip地址怎么转化为域名访问_良好的转化率吸引了大量访问者!
  • 计算机趣事 英语作文,写暑假趣事的英语作文(精选10篇)
  • 人生中最重要的三位老师
  • PyTorch的简介和安装
  • 树莓派改软件源
  • Task2:PyTorch基础知识(张量常用运算,自动求导,使用GPU)
  • PyTorch基础(二)-- 张量与梯度
  • 阿里云生态合作伙伴优秀案例:从失业妇女到家中顶梁柱,在线教育给我改变机会...
  • Pytorch笔记搬运:张量
  • 基础模块及算例#pytorch学习
  • PyTorch学习笔记01
  • PyTorch基础知识学习
  • pytorch 02-基础知识
  • pytorch学习笔记(一)pytorch基础知识
  • 【PyTorch】PyTorch基础知识——张量
  • PyTorch 张量(笔记)
  • PyTorch 深度学习 || 1. 基础 | Ch1.4 PyTorch 深度学习基本语法
  • pip国内镜像源
  • 利用深度学习解决生活中实际问题——卷积网络实现花卉分类识别(附带数据集,完整代码在最后)
  • 【时间序列】时间序列的线性、趋势和动量预测
  • (四)流体动力学(动量守恒和能量守恒)
  • 深度模型中的优化(四)、动量(momentum)和Nesterov动量
  • tcpdump / wireshark 抓包及分析
  • 来聊聊分库分表
  • CV之STN:《Spatial Transformer Networks空间变换网络》的翻译与解读
  • C++异步操作三种方式的区别
  • FPGA - 7系列 FPGA内部结构之Clocking -04- 多区域时钟
  • 序列模型(2)—— 快速串联 RNN / LSTM / Attention / transformer / BERT / GPT
  • 这篇关于python公斤转克_1970年代公斤级键盘记录器提供的三项网络安全课程的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



    http://www.chinasem.cn/article/803016

    相关文章

    python: 多模块(.py)中全局变量的导入

    文章目录 global关键字可变类型和不可变类型数据的内存地址单模块(单个py文件)的全局变量示例总结 多模块(多个py文件)的全局变量from x import x导入全局变量示例 import x导入全局变量示例 总结 global关键字 global 的作用范围是模块(.py)级别: 当你在一个模块(文件)中使用 global 声明变量时,这个变量只在该模块的全局命名空

    【Python编程】Linux创建虚拟环境并配置与notebook相连接

    1.创建 使用 venv 创建虚拟环境。例如,在当前目录下创建一个名为 myenv 的虚拟环境: python3 -m venv myenv 2.激活 激活虚拟环境使其成为当前终端会话的活动环境。运行: source myenv/bin/activate 3.与notebook连接 在虚拟环境中,使用 pip 安装 Jupyter 和 ipykernel: pip instal

    【机器学习】高斯过程的基本概念和应用领域以及在python中的实例

    引言 高斯过程(Gaussian Process,简称GP)是一种概率模型,用于描述一组随机变量的联合概率分布,其中任何一个有限维度的子集都具有高斯分布 文章目录 引言一、高斯过程1.1 基本定义1.1.1 随机过程1.1.2 高斯分布 1.2 高斯过程的特性1.2.1 联合高斯性1.2.2 均值函数1.2.3 协方差函数(或核函数) 1.3 核函数1.4 高斯过程回归(Gauss

    【学习笔记】 陈强-机器学习-Python-Ch15 人工神经网络(1)sklearn

    系列文章目录 监督学习:参数方法 【学习笔记】 陈强-机器学习-Python-Ch4 线性回归 【学习笔记】 陈强-机器学习-Python-Ch5 逻辑回归 【课后题练习】 陈强-机器学习-Python-Ch5 逻辑回归(SAheart.csv) 【学习笔记】 陈强-机器学习-Python-Ch6 多项逻辑回归 【学习笔记 及 课后题练习】 陈强-机器学习-Python-Ch7 判别分析 【学

    nudepy,一个有趣的 Python 库!

    更多资料获取 📚 个人网站:ipengtao.com 大家好,今天为大家分享一个有趣的 Python 库 - nudepy。 Github地址:https://github.com/hhatto/nude.py 在图像处理和计算机视觉应用中,检测图像中的不适当内容(例如裸露图像)是一个重要的任务。nudepy 是一个基于 Python 的库,专门用于检测图像中的不适当内容。该

    pip-tools:打造可重复、可控的 Python 开发环境,解决依赖关系,让代码更稳定

    在 Python 开发中,管理依赖关系是一项繁琐且容易出错的任务。手动更新依赖版本、处理冲突、确保一致性等等,都可能让开发者感到头疼。而 pip-tools 为开发者提供了一套稳定可靠的解决方案。 什么是 pip-tools? pip-tools 是一组命令行工具,旨在简化 Python 依赖关系的管理,确保项目环境的稳定性和可重复性。它主要包含两个核心工具:pip-compile 和 pip

    HTML提交表单给python

    python 代码 from flask import Flask, request, render_template, redirect, url_forapp = Flask(__name__)@app.route('/')def form():# 渲染表单页面return render_template('./index.html')@app.route('/submit_form',

    如何做好网络安全

    随着互联网技术的飞速发展,网站已成为企业对外展示、交流和服务的重要窗口。然而,随之而来的网站安全问题也日益凸显,给企业的业务发展和用户数据安全带来了巨大威胁。因此,高度重视网站安全已成为网络安全的首要任务。今天我们就来详细探讨网站安全的重要性、面临的挑战以及有什么应对方案。 一、网站安全的重要性 1. 数据安全与用户隐私 网站是企业存储和传输数据的关键平台,包括用户个人信息、

    Python QT实现A-star寻路算法

    目录 1、界面使用方法 2、注意事项 3、补充说明 用Qt5搭建一个图形化测试寻路算法的测试环境。 1、界面使用方法 设定起点: 鼠标左键双击,设定红色的起点。左键双击设定起点,用红色标记。 设定终点: 鼠标右键双击,设定蓝色的终点。右键双击设定终点,用蓝色标记。 设置障碍点: 鼠标左键或者右键按着不放,拖动可以设置黑色的障碍点。按住左键或右键并拖动,设置一系列黑色障碍点

    Python:豆瓣电影商业数据分析-爬取全数据【附带爬虫豆瓣,数据处理过程,数据分析,可视化,以及完整PPT报告】

    **爬取豆瓣电影信息,分析近年电影行业的发展情况** 本文是完整的数据分析展现,代码有完整版,包含豆瓣电影爬取的具体方式【附带爬虫豆瓣,数据处理过程,数据分析,可视化,以及完整PPT报告】   最近MBA在学习《商业数据分析》,大实训作业给了数据要进行数据分析,所以先拿豆瓣电影练练手,网络上爬取豆瓣电影TOP250较多,但对于豆瓣电影全数据的爬取教程很少,所以我自己做一版。 目