This is a lot of ones and zeros. It's what we call binary information. This is how computers talk. It's how they store information. It's how computers think. It's how computers do everything it is that computers do. I'm a cybersecurity researcher, which means my job is to sit down with this information and try to make sense of it, to try to understand what all the ones and zeroes mean. Unfortunately for me, we're not just talking about the ones and zeros I have on the screen here. We're not just talking about a few pages of ones and zeros. We're talking about billions and billions of ones and zeros, more than anyone could possibly comprehend.
这儿有许多1和许多0。 这就是我们所说的二进制信息。 这是计算机所使用的语言。 这是计算机存储信息的方式。 这是计算机的思考方式, 计算机通过这些0和1来做所有它们能做的事情。 我是一名网络安全的研究人员, 这意味着,我的工作就是坐下跟这种信息打交道, 试着让这些0和1变得有意义, 试着去理解这些0和1的意思。 对我来说,不幸的是,我们并不只是说 屏幕上的这些0和1。 我们并不是说几页的0和1。 我们会讨论多达数十亿的0和1, 多到任何人都无法理解的程度。 现在,就像听起来得这么令人兴奋,
Now, as exciting as that sounds, when I first started doing cyber — (Laughter) — when I first started doing cyber, I wasn't sure that sifting through ones and zeros was what I wanted to do with the rest of my life, because in my mind, cyber was keeping viruses off of my grandma's computer, it was keeping people's Myspace pages from being hacked, and maybe, maybe on my most glorious day, it was keeping someone's credit card information from being stolen. Those are important things, but that's not how I wanted to spend my life.
当我开始做网络的工作时—— (笑声)—— 当我开始做网络的时候, 我不确定探索0和1是我余生想做的事, 因为在我的脑海里, “信息技术”就是不让病毒感染我奶奶的电脑, 让"My Space"(聚友,社交网站)主页不被入侵, 也许,也许在我最光荣的那一天, 防止人们的信用卡信息遭到窃取, 那些确实是重要的事情, 但那并不是我打算尽我一生来做的事情。
But after 30 minutes of work as a defense contractor, I soon found out that my idea of cyber was a little bit off. In fact, in terms of national security, keeping viruses off of my grandma's computer was surprisingly low on their priority list. And the reason for that is cyber is so much bigger than any one of those things. Cyber is an integral part of all of our lives, because computers are an integral part of all of our lives, even if you don't own a computer. Computers control everything in your car, from your GPS to your airbags. They control your phone. They're the reason you can call 911 and get someone on the other line. They control our nation's entire infrastructure. They're the reason you have electricity, heat, clean water, food. Computers control our military equipment, everything from missile silos to satellites to nuclear defense networks. All of these things are made possible because of computers, and therefore because of cyber, and when something goes wrong, cyber can make all of these things impossible.
但是作为一个网络防卫服务者,工作了30分钟后, 我就发现我对于网络的看法有失偏颇。 事实上,在国家安全的意义上说, 使我奶奶的电脑远离病毒的工作优先级是非常低的。 网络的意义远远大于任何像这样的事情。 网络遍布于生活的每个角落, 因为电脑融入了生活的方方面面, 即使你没有电脑。 计算机控制着你车里所有的东西, 从你的GPS到你的安全气囊。 它们控制你的手机。 正因为有它们,你才能拨打911和其它人连线。 它们控制着我们国家的全部基础设施。 是它们让你能用电,暖气,清洁的水,食物。 计算机也控制着我们的军事设备, 从导弹筒仓到卫星, 到核防御网络。 这些东西都因为电脑的存在而变得可能。 因此,因为网络的存在, 当某些事情出故障时, 网络会让所有的这些故障不复存在。
But that's where I step in. A big part of my job is defending all of these things, keeping them working, but once in a while, part of my job is to break one of these things, because cyber isn't just about defense, it's also about offense. We're entering an age where we talk about cyberweapons. In fact, so great is the potential for cyber offense that cyber is considered a new domain of warfare. Warfare. It's not necessarily a bad thing. On the one hand, it means we have whole new front on which we need to defend ourselves, but on the other hand, it means we have a whole new way to attack, a whole new way to stop evil people from doing evil things.
这恰恰是我所踏入的领域。 我工作中很重要的一部分就是保护这些东西, 让它们正常工作。 但某些时候,破坏这些东西也是我工作的一部分。 因为网络并不仅仅是防御, 网络也意味着进攻。 我们正在进入我们所说的 网络武器时代。 实际上,网络进攻的潜力是如此巨大, 以至于网络被认为是一个新的战场。 战场。 这不一定是坏事。 一方面,这意味着,我们要在一个全新的领域保护自己, 但另一方面, 这意味着,我们有新的途径去进攻, 去阻止恶人作恶。
So let's consider an example of this that's completely theoretical. Suppose a terrorist wants to blow up a building, and he wants to do this again and again in the future. So he doesn't want to be in that building when it explodes. He's going to use a cell phone as a remote detonator. Now, it used to be the only way we had to stop this terrorist was with a hail of bullets and a car chase, but that's not necessarily true anymore. We're entering an age where we can stop him with the press of a button from 1,000 miles away, because whether he knew it or not, as soon as he decided to use his cell phone, he stepped into the realm of cyber. A well-crafted cyber attack could break into his phone, disable the overvoltage protections on his battery, drastically overload the circuit, cause the battery to overheat, and explode. No more phone, no more detonator, maybe no more terrorist, all with the press of a button from a thousand miles away.
那么,我来举一个完全假想的例子。 假定一名恐怖分子想炸毁一栋建筑, 而且他还想在将来反复地进行这样的恐怖袭击。 因此,他可不想在那个建筑爆炸时还呆里面。 他打算用一个手机来 做远程导火线。 在过去,阻止这名恐怖分子的唯一办法是枪战和飙车。 但如今再也不必这样了。 我们正在进入一个新时代, 1000英里以外的一个按钮就能阻止他。 因为无论他知道与否, 只要他决定用他的手机, 他就已踏入了网络控制区。 一个精心策划的网络袭击可以侵入他的手机, 破坏他的电池的过压保护, 让电路超负荷, 从而引起电池过热而爆炸。 没有了手机,也就没有了导火线, 也许再也不会有恐怖分子, 这一切都来自于1000英里外的一下按钮。
So how does this work? It all comes back to those ones and zeros. Binary information makes your phone work, and used correctly, it can make your phone explode. So when you start to look at cyber from this perspective, spending your life sifting through binary information starts to seem kind of exciting.
那么这到底是怎么做到的呢? 一切又回到了那些0和1上。 二进制信息让你的手机工作, 如果正确操纵,它可以引爆你的手机。 所以,当你开始从这个角度看信息技术时, 穷尽一生跟二进制信息打交道就开始变得让人兴奋了。
But here's the catch: This is hard, really, really hard, and here's why. Think about everything you have on your cell phone. You've got the pictures you've taken. You've got the music you listen to. You've got your contacts list, your email, and probably 500 apps you've never used in your entire life, and behind all of this is the software, the code, that controls your phone, and somewhere, buried inside of that code, is a tiny piece that controls your battery, and that's what I'm really after, but all of this, just a bunch of ones and zeros, and it's all just mixed together. In cyber, we call this finding a needle in a stack of needles, because everything pretty much looks alike. I'm looking for one key piece, but it just blends in with everything else.
但问题在于:这个很难。 真的非常非常难。 原因在这。 想想你手机上的所有东西。 有你拍的照片, 你听的歌, 你的联系人列表, 你的邮件, 还有500个你这辈子大概都不会用的应用软件, 所有这些的背后都是软件, 控制你手机的代码。 隐藏在这茫茫代码中的某小一段代码控制着电池, 这就是我真正关心的。 但所有的这些,都只是一长串0和1, 而且所有的都混在一起。 我们称之为网络领域的“海里捞针", 因为任何信息看上去都很像。 我在找一个关键的部分, 但它和所有其他的东西混在一起。
So let's step back from this theoretical situation of making a terrorist's phone explode, and look at something that actually happened to me. Pretty much no matter what I do, my job always starts with sitting down with a whole bunch of binary information, and I'm always looking for one key piece to do something specific. In this case, I was looking for a very advanced, very high-tech piece of code that I knew I could hack, but it was somewhere buried inside of a billion ones and zeroes. Unfortunately for me, I didn't know quite what I was looking for. I didn't know quite what it would look like, which makes finding it really, really hard. When I have to do that, what I have to do is basically look at various pieces of this binary information, try to decipher each piece, and see if it might be what I'm after. So after a while, I thought I had found the piece I was looking for. I thought maybe this was it. It seemed to be about right, but I couldn't quite tell. I couldn't tell what those ones and zeros represented. So I spent some time trying to put this together, but wasn't having a whole lot of luck, and finally I decided, I'm going to get through this, I'm going to come in on a weekend, and I'm not going to leave until I figure out what this represents. So that's what I did. I came in on a Saturday morning, and about 10 hours in, I sort of had all the pieces to the puzzle. I just didn't know how they fit together. I didn't know what these ones and zeros meant. At the 15-hour mark, I started to get a better picture of what was there, but I had a creeping suspicion that what I was looking at was not at all related to what I was looking for. By 20 hours, the pieces started to come together very slowly — (Laughter) — and I was pretty sure I was going down the wrong path at this point, but I wasn't going to give up. After 30 hours in the lab, I figured out exactly what I was looking at, and I was right, it wasn't what I was looking for. I spent 30 hours piecing together the ones and zeros that formed a picture of a kitten. (Laughter) I wasted 30 hours of my life searching for this kitten that had nothing at all to do with what I was trying to accomplish.
因此,我们把注意力从这个假象的 引爆恐怖分子的手机的情景中转移开, 看看真正发生在我身上的事情。 差不多不管我做什么, 往往一坐下来就着手处理一整串二进制信息, 并且,我总是在找一个关键的片段 来做点特别的事情。 在这个案例中,我在寻找一个段非常先进的, 蕴含高科技的代码, 我知道我能侵入这段代码, 但这个片段埋藏在十亿个0和1中的某个地方。 对我来说,不幸的是,我不知道我要找的到底是什么。 我并不完全知道这段代码看上到底会是什么样子, 这使寻找它的工作变得非常非常难。 当我必须做这件事情的时候,我需要做的 基本上就是读取大量二进制片段, 努力解码每一段,看看有没有可能找到我想找的那一段。 这样,一段时间过后, 我以为我找到了我要找的那段代码。 我以为,这大概是吧我要找的吧。 它看上去像是对的,但我还不能断定。 我还不知道这些0和1到底表示什么。 我花了点时间试着一起考虑它们, 但没有那么走运。 最终我决定了, 我一定要去征服它, 我要花掉一个周末的时间, 直到弄清它的含义前我不会离开。 这就是我所做的,我在一个星期六早上开始我的工作, 花了大概10个小时,我获得了这个难题的全部片段。 但我还是不知道它们怎么能相互联系, 也不清楚这些0和1的意义。 在第15十五个小时的时候, 我的头绪开始变得清晰起来, 但还是心存疑虑, 怀疑我看到的跟我想找的没任何联系。 到第20个小时,这些零碎的部分开始汇集, 非常缓慢 ——(笑声)—— 事已至此,我非常肯定我在一条错误的道路上前进。 但是不会放弃。 在实验室的30个小时以后, 我真正搞清了我在看的是什么, 我的猜测是正确的,这并不是我想找的。 我花了30个小时把这些0和1整合到一起, 组成了一个小猫的图像。 (笑声) 在实验室浪费了30个小时光阴, 搜寻了一只没任何用处的小猫, 这跟我想实现的成就完全不相及。
So I was frustrated, I was exhausted. After 30 hours in the lab, I probably smelled horrible. But instead of just going home and calling it quits, I took a step back and asked myself, what went wrong here? How could I make such a stupid mistake? I'm really pretty good at this. I do this for a living. So what happened? Well I thought, when you're looking at information at this level, it's so easy to lose track of what you're doing. It's easy to not see the forest through the trees. It's easy to go down the wrong rabbit hole and waste a tremendous amount of time doing the wrong thing. But I had this epiphany. We were looking at the data completely incorrectly since day one. This is how computers think, ones and zeros. It's not how people think, but we've been trying to adapt our minds to think more like computers so that we can understand this information. Instead of trying to make our minds fit the problem, we should have been making the problem fit our minds, because our brains have a tremendous potential for analyzing huge amounts of information, just not like this. So what if we could unlock that potential just by translating this to the right kind of information? So with these ideas in mind, I sprinted out of my basement lab at work to my basement lab at home, which looked pretty much the same. The main difference is, at work, I'm surrounded by cyber materials, and cyber seemed to be the problem in this situation. At home, I'm surrounded by everything else I've ever learned. So I poured through every book I could find, every idea I'd ever encountered, to see how could we translate a problem from one domain to something completely different?
我十分沮丧,精疲力竭。 在实验室呆了30个小时后, 我很可能都散发难闻的味道了, 但是我并没有选择回家,回家就叫做放弃, 我回过头,问我自己,到底出了什么错? 为什么我会犯这么愚蠢的错误? 我在这方面是做得相当好的。 我以此谋生。 那么到底发生了什么? 我想,当你在这个层次上解码信息时, 很容易偏离正轨。 很容易只见树木不见森林。 很容易走到错误的兔子洞里, 在错误的事情上浪费大量的时间。 但我顿悟了。 我们从一开始就以完全错误的方式来处理这些数据。 这是电脑的思考方式,0 和1。 这不是人类思考的方式。 但我们一直试图让我们的脑子以计算机的方式思考, 以理解这些信息。 不是让我们的思维适应问题, 我们应该让问题适应我们的思维。 因为我们的大脑有巨大的潜力 来分析大量的信息, 而不是像这样。 那么,如果我们把问题转化为正确形式的信息, 来激发大脑的潜力,将会怎样? 带着这个想法, 我从我工作的地下实验室冲出来, 到了我家里的地下实验室, 这两处看起来差不多。 主要的不同是,在工作的地方, 我被网络包围了, 在这种情况下,网络本身似乎就是个问题。 在家里,包围我的一切都是我熟知的。 所以,我倾倒出所有我能找到的书, 所有的想法也从脑海里倾倒而出, 看看如何把问题从一个形式 转换成完全不同的形式。
The biggest question was, what do we want to translate it to? What do our brains do perfectly naturally that we could exploit? My answer was vision. We have a tremendous capability to analyze visual information. We can combine color gradients, depth cues, all sorts of these different signals into one coherent picture of the world around us. That's incredible. So if we could find a way to translate these binary patterns to visual signals, we could really unlock the power of our brains to process this stuff. So I started looking at the binary information, and I asked myself, what do I do when I first encounter something like this? And the very first thing I want to do, the very first question I want to answer, is what is this? I don't care what it does, how it works. All I want to know is, what is this? And the way I can figure that out is by looking at chunks, sequential chunks of binary information, and I look at the relationships between those chunks. When I gather up enough of these sequences, I begin to get an idea of exactly what this information must be. So let's go back to that blow up the terrorist's phone situation. This is what English text looks like at a binary level. This is what your contacts list would look like if I were examining it. It's really hard to analyze this at this level, but if we take those same binary chunks that I would be trying to find, and instead translate that to a visual representation, translate those relationships, this is what we get. This is what English text looks like from a visual abstraction perspective. All of a sudden, it shows us all the same information that was in the ones and zeros, but show us it in an entirely different way, a way that we can immediately comprehend. We can instantly see all of the patterns here. It takes me seconds to pick out patterns here, but hours, days, to pick them out in ones and zeros. It takes minutes for anybody to learn what these patterns represent here, but years of experience in cyber to learn what those same patterns represent in ones and zeros. So this piece is caused by lower case letters followed by lower case letters inside of that contact list. This is upper case by upper case, upper case by lower case, lower case by upper case. This is caused by spaces. This is caused by carriage returns. We can go through every little detail of the binary information in seconds, as opposed to weeks, months, at this level. This is what an image looks like from your cell phone. But this is what it looks like in a visual abstraction. This is what your music looks like, but here's its visual abstraction. Most importantly for me, this is what the code on your cell phone looks like. This is what I'm after in the end, but this is its visual abstraction. If I can find this, I can't make the phone explode. I could spend weeks trying to find this in ones and zeros, but it takes me seconds to pick out a visual abstraction like this.
最大的问题是, 我们想把它们转化成什么? 大脑通常情况下做什么做得最完美? 我们能够利用吗? 我的答案是视觉。 我们具有强大的图像信息分析能力。 我们能够将颜色梯度、层次等各种各样的信号 融合成一幅眼前世界的画卷。 的确难以置信。 如果我们能够找到一个方法 来将这些二进制信息转化为视觉信号的形式, 我们就真的能释放大脑的潜力, 来处理这些信息。 于是我开始看着二进制的信息, 问自己,当我第一次遇到这样的信息,我会做什么? 我想做的第一件事, 我想回答的第一个问题, 是它到底是什么? 我不在乎它有什么作用,它如何发挥作用。 我想知道的就是,它是什么? 为搞清这个问题, 我把目光投向于数据块, 整串二进制数据块, 并且注意观察这些数据块之间的关系。 当我汇集到足够多的序列时, 我想我确切地明白了这些信息是什么。 让我们回到 那个爆破恐怖分子手机的情景。 这是二进制层面上英文字母的样子。 在我检测时,你的联系人信息会呈现为这般模样。 在这个层次上很难进行分析, 但如果将我正在研究的二进制数据块提取出来, 进行转化,并以视觉形式呈现出来, 将它们转化, 这是我们得到的结果。 这是从抽象视觉角度来看的英文文字。 就在这一瞬间, 信息以截然不同的形式展现出来, 新形式的信息跟那些0和1完全一样, 以一种我们立即可以理解的方式呈现出来。 我们立即就能看到所有的图案式样, 只需花费几秒钟就能获取这些图案式样, 但若是从0和1中挖掘出这些信息, 需要花费数小时,甚至数天。 任何人只需学习几分钟, 就可以知道这些图案式样的含义。 但若从0和1中理解其含义需具备数年的网络技术经验。 这一个片段代表联系人名单中 小写字母挨着小写字母。 这是大写字母跟着大写字母, 大写字母跟着小写字母,小写字母跟着大写字母。 这是空格,这是回车。 我们可以在几秒钟里浏览二进制信息的各个细节。 而不是在这个层面上停留数周,甚至数月。 这是你手机上一个图像看起来的样子, 但这是抽象化的视觉图案。 这是你的音乐的样子, 抽象的视觉化图案。 对我来说最重要的是, 这是你手机代码的样子, 正是我最终想找到的, 这是代码的抽象视觉化图案。 即便能发现它,我还不能引爆你的手机。 在0和1中摸索,需要花费数周时间, 但从这样的抽象图案中获取有用信息只需几秒钟。
One of those most remarkable parts about all of this is it gives us an entirely new way to understand new information, stuff that we haven't seen before. So I know what English looks like at a binary level, and I know what its visual abstraction looks like, but I've never seen Russian binary in my entire life. It would take me weeks just to figure out what I was looking at from raw ones and zeros, but because our brains can instantly pick up and recognize these subtle patterns inside of these visual abstractions, we can unconsciously apply those in new situations. So this is what Russian looks like in a visual abstraction. Because I know what one language looks like, I can recognize other languages even when I'm not familiar with them. This is what a photograph looks like, but this is what clip art looks like. This is what the code on your phone looks like, but this is what the code on your computer looks like. Our brains can pick up on these patterns in ways that we never could have from looking at raw ones and zeros. But we've really only scratched the surface of what we can do with this approach. We've only begun to unlock the capabilities of our minds to process visual information. If we take those same concepts and translate them into three dimensions instead, we find entirely new ways of making sense of information. In seconds, we can pick out every pattern here. we can see the cross associated with code. We can see cubes associated with text. We can even pick up the tiniest visual artifacts. Things that would take us weeks, months to find in ones and zeroes, are immediately apparent in some sort of visual abstraction, and as we continue to go through this and throw more and more information at it, what we find is that we're capable of processing billions of ones and zeros in a matter of seconds just by using our brain's built-in ability to analyze patterns.
这一切的一切,最不可思议的地方之一在于 这种思路赋予了我们一种全新的方式, 来理解我们从未看到过的信息和物质。 我知道在二进制层面的英文的样子, 我也知道其抽象视觉化图案的样子, 但我从来没见过俄文的二进制信息。 如果单纯地在0和1的层面来分析, 需要花费我数周的时间来摸索, 但由于我们的大脑可以在瞬间抓取并识别出 这些抽象视觉化信息中的细微图案。 我们就会下意识地在新的环境中应用。 这就是俄文经过视觉抽象化处理后的样子。 因为我了解了一个语言的样子, 我就能够识别出其他语言, 即使我对它们不熟悉。 这是照片的样子, 但这是剪贴画的样子。 这是你手机代码的样子, 但这是你电脑代码的样子。 我们大脑读取这些图案的方式, 跟读取0和1的方式是截然不同的。 但以这种方式来解决问题, 事实上目前我们掌握的只是冰山一角。 我们才刚开始激发大脑处理视觉信息的能力。 如果我们运用同样的理念, 并将其转化为三维信息, 我们就会发现解读信息的全新的方式。 在几秒钟里,我们就能获悉每一个图案。 我们能看见与代码相联的十字交叉, 我们能看见与跟文字相联的立方体, 我们甚至可以获悉最细微的视觉化图像。 在0和1的层面上需花费耗费数周的事情, 在抽象视觉的层面上探究则会瞬间豁然开朗, 我们按照这个思路继续前进, 纳入越来越多的信息, 我们发现,仅仅利用大脑固有的样式分析的能力, 我们有能力在几秒钟内处理无数的0和1。
So this is really nice and helpful, but all this tells me is what I'm looking at. So at this point, based on visual patterns, I can find the code on the phone. But that's not enough to blow up a battery. The next thing I need to find is the code that controls the battery, but we're back to the needle in a stack of needles problem. That code looks pretty much like all the other code on that system.
所以这种方式真的很棒,很有用, 这一切都告诉了我我要寻找的是什么。 至此,根据视觉化图案, 我可以找到手机上的代码。 但那还不足以引爆电池。 我需要做的下一件事就是寻找控制电池的代码, 但我们又遇到了大海捞针的困难。 这段代码跟手机系统上其他所有代码都极为相似。
So I might not be able to find the code that controls the battery, but there's a lot of things that are very similar to that. You have code that controls your screen, that controls your buttons, that controls your microphones, so even if I can't find the code for the battery, I bet I can find one of those things. So the next step in my binary analysis process is to look at pieces of information that are similar to each other. It's really, really hard to do at a binary level, but if we translate those similarities to a visual abstraction instead, I don't even have to sift through the raw data. All I have to do is wait for the image to light up to see when I'm at similar pieces. I follow these strands of similarity like a trail of bread crumbs to find exactly what I'm looking for.
我也许找不到控制电池的代码, 但有很多段代码跟它极其相似。 有控制手机屏幕的代码, 有控制按钮的,有控制耳机的, 因此,即使我发现不了控制电池的代码, 但我肯定能发现这么多相似代码中的一个。 二进制分析的下一步就是 研究这些极为相似的信息, 在二进制的层面分析真的很难, 但如果我们将这些相似的信息转化为抽象视觉化图像, 我甚至不需要筛选原始的数据。 我所要做的只是等待图像显示, 来决定我要看哪一段信息。 我追随这些像极了面包屑的信息图线, 来获取我要寻找的信息。
So at this point in the process, I've located the code responsible for controlling your battery, but that's still not enough to blow up a phone. The last piece of the puzzle is understanding how that code controls your battery. For this, I need to identify very subtle, very detailed relationships within that binary information, another very hard thing to do when looking at ones and zeros. But if we translate that information into a physical representation, we can sit back and let our visual cortex do all the hard work. It can find all the detailed patterns, all the important pieces, for us. It can find out exactly how the pieces of that code work together to control that battery. All of this can be done in a matter of hours, whereas the same process would have taken months in the past.
至此,我已发现了控制电池的代码, 但那还不足以引爆手机。 这个难题的最后一步, 是理解那段代码控制电池的方式。 为解决这个问题, 我需要在二进制数据里辨识信息之间极其细微的关系, 在0和1的层面上,又是一个难题, 但如果将其转化为图像信息, 我们就可以袖手旁观,地让视觉皮质处理这些难题, 它能发现所有具体的图像, 对我们来说所有重要的片段。 它能发现这些代码是如何 一起运作来控制电池。 这一切在数小时之内就可完成, 而相同的程序 在过去要花好几个月。
This is all well and good in a theoretical blow up a terrorist's phone situation. I wanted to find out if this would really work in the work I do every day. So I was playing around with these same concepts with some of the data I've looked at in the past, and yet again, I was trying to find a very detailed, specific piece of code inside of a massive piece of binary information. So I looked at it at this level, thinking I was looking at the right thing, only to see this doesn't have the connectivity I would have expected for the code I was looking for. In fact, I'm not really sure what this is, but when I stepped back a level and looked at the similarities within the code I saw, this doesn't have similarities like any code that exists out there. I can't even be looking at code. In fact, from this perspective, I could tell, this isn't code. This is an image of some sort. And from here, I can see, it's not just an image, this is a photograph. Now that I know it's a photograph, I've got dozens of other binary translation techniques to visualize and understand that information, so in a matter of seconds, we can take this information, shove it through a dozen other visual translation techniques in order to find out exactly what we were looking at. I saw — (Laughter) — it was that darn kitten again. All this is enabled because we were able to find a way to translate a very hard problem to something our brains do very naturally.
这就是理论上引爆恐怖分子手机的思路与方法, 我想弄清楚在日常工作中这种方法是否有效, 于是我运用相同的理念, 来处理我们过去研究过的数据, 而且,我依旧试图从海量的二进制信息中 寻找极其细微的特定的代码。 在这个层面分析时, 我认为我找准了正确的信息, 但结果没达到我的预期, 它与我要寻找的代码直接没有联系。 事实上,我并不确定这到底是什么, 但当我退后一个层次, 寻找这段代码中的相似之处, 却并没有我所熟知的相似之处, 我看到的甚至不是代码。 事实上,从这个角度来看, 我可以说,这不是代码。 这是某种图像。 从这个角度,我能看到, 它不仅仅是一个图像,而是一张照片。 现在我确认这是一张照片了, 我有许多其他的二进制转化工具, 来将其视觉化,以理解其含义, 因此,在几秒钟内, 我们就可以利用视觉化工具处理这些信息, 来找出我们寻找的东西。 我看见了——(笑声)—— 又是那只可恶的猫。 我们找到了一个将难题转化为 一个对大脑而言再自然不过的问题, 正是这个方法让这一切变得可能。
So what does this mean? Well, for kittens, it means no more hiding in ones and zeros. For me, it means no more wasted weekends. For cyber, it means we have a radical new way to tackle the most impossible problems. It means we have a new weapon in the evolving theater of cyber warfare, but for all of us, it means that cyber engineers now have the ability to become first responders in emergency situations. When seconds count, we've unlocked the means to stop the bad guys.
那么这意味着什么呢? 对小猫来说, 藏身于1和0中的游戏不复存在。 而对我来说,这意味着再没有一无所获的周末了。 对网络,这意味着我们有了一个全新方法 来解决看似根本解决不了的问题。 这意味着在日新月异的网络战争里, 我们扛起了新的武器, 但对我们所有人来说, 这意味着网络工程师 能在紧急情况下最先挺身而出, 只需短短几秒, 敌人就被我们制服。
Thank you.
(谢谢)
(Applause)
(掌声)