1 00:00:00,000 --> 00:00:11,300 2 00:00:11,300 --> 00:00:15,490 >> DAVID J. Malan: Dan huwa CS50, u dan huwa l-bidu tal-ġimgħa 10. 3 00:00:15,490 --> 00:00:19,460 Inti tista 'tfakkar li konna murija fuq l-iskrin printer 3D, li 4 00:00:19,460 --> 00:00:21,610 huwa dan il-mezz li jieħu irkiekel tal-plastik 5 00:00:21,610 --> 00:00:24,840 u mbagħad extrudes dan billi ssaħħnu up u tidwib hekk li nistgħu mbagħad 6 00:00:24,840 --> 00:00:27,310 jiffurmaw armata Chang ta ' iljunfanti, per eżempju. 7 00:00:27,310 --> 00:00:29,184 >> Allura fil Leverett House, għalkemm, reċentement, I 8 00:00:29,184 --> 00:00:31,850 kien chat ma 'wieħed mill tiegħek klassi u ħabib ta 'l Chang 9 00:00:31,850 --> 00:00:35,720 jismu Michelle, li fil-fatt internati fil din il-kumpanija l-oħra din is-sena passat li 10 00:00:35,720 --> 00:00:40,010 għandha teknika differenti għall-fatt ħolqien oġġetti tridimensjonali, 11 00:00:40,010 --> 00:00:41,890 bħal dan iljunfant ftit żgħira hawn. 12 00:00:41,890 --> 00:00:45,550 B'mod partikolari, il-mod kif dan xogħlijiet hija li huwa eżempju ta 'xi ħaġa 13 00:00:45,550 --> 00:00:49,740 imsejħa stereolithography, fejn hemm dan baċin ta 'raża jew likwidu, 14 00:00:49,740 --> 00:00:53,340 u mbagħad laser strajkijiet li likwidu, u gradwalment, l-apparat 15 00:00:53,340 --> 00:00:56,990 liftijiet u liftijiet u liftijiet l-ħaġa li int istampar, bħal iljunfant, 16 00:00:56,990 --> 00:00:58,676 bħal dik likwidu jitlef solidu. 17 00:00:58,676 --> 00:01:00,550 U r-riżultat, fil-fatt, hija xi ħaġa li l- 18 00:01:00,550 --> 00:01:04,194 ħafna aktar b'saħħtu minn uħud mill il-plastik jingħataw b'xejn xi wħud minnkom 19 00:01:04,194 --> 00:01:04,819 setgħu kellhom. 20 00:01:04,819 --> 00:01:06,860 >> U dak Chang ġentilment għamlet għalina hawn kien 21 00:01:06,860 --> 00:01:12,210 għamilt żmien jiskadu jużaw ritratti matul il-kors ta 'siegħa jew aktar, 22 00:01:12,210 --> 00:01:14,580 probabbilment, li tipproduċi dan Guy hawn. 23 00:01:14,580 --> 00:01:19,060 Would xi ħadd li qatt toħroġ qabel simili li jaqgħu hit Bidu fuq dan il-video? 24 00:01:19,060 --> 00:01:21,250 Let me go ma ', kif madwar hemmhekk. 25 00:01:21,250 --> 00:01:21,790 Come fuq up. 26 00:01:21,790 --> 00:01:24,960 27 00:01:24,960 --> 00:01:25,460 Kull dritt. 28 00:01:25,460 --> 00:01:29,250 29 00:01:29,250 --> 00:01:29,896 U inti? 30 00:01:29,896 --> 00:01:31,270 LUKE: Luqa Jisimni [inaudible]. 31 00:01:31,270 --> 00:01:31,700 DAVID J. Malan: Hi, Luqa. 32 00:01:31,700 --> 00:01:32,695 Nizza li jissodisfaw inti. 33 00:01:32,695 --> 00:01:33,653 >> LUKE: Nizza biex jissodisfaw inti. 34 00:01:33,653 --> 00:01:35,120 UDJENZA: HES għaddej għal UC. 35 00:01:35,120 --> 00:01:38,640 >> DAVID J. Malan: Naf, aħna qed jippruvaw li ma jippromwovu. 36 00:01:38,640 --> 00:01:41,240 Kull dritt, hekk Luqa, kollha għandek tagħmel hawn fil CS50 37 00:01:41,240 --> 00:01:45,829 huwa laqat il-bar-ispazju biex tipprintja din iljunfant. 38 00:01:45,829 --> 00:01:46,495 [Daqq ta 'video] 39 00:01:46,495 --> 00:01:49,988 - [Whirring MAGNA] 40 00:01:49,988 --> 00:02:00,467 41 00:02:00,467 --> 00:02:01,964 - [Crash] 42 00:02:01,964 --> 00:02:04,459 - [BOOM] 43 00:02:04,459 --> 00:02:06,147 - [Crash] 44 00:02:06,147 --> 00:02:06,980 [END daqq ta 'video] 45 00:02:06,980 --> 00:02:09,370 DAVID J. Malan: Allura dan huwa eżattament dak li huwa simili għall 3D istampar. 46 00:02:09,370 --> 00:02:10,453 U hawn huwa iljunfant tiegħek. 47 00:02:10,453 --> 00:02:12,100 Grazzi għall-volontarjat. 48 00:02:12,100 --> 00:02:12,830 Kull dritt. 49 00:02:12,830 --> 00:02:16,580 Għalhekk għal darb'oħra, kull l-ispeċifikazzjoni għall- il-proġett finali, dan hardware li l- 50 00:02:16,580 --> 00:02:18,890 disponibbli għall inti guys hija, għal xi raġuni, 51 00:02:18,890 --> 00:02:21,870 proġett tiegħek għandha xi intersezzjoni ta 'software u hardware, 52 00:02:21,870 --> 00:02:24,650 jirrealizzaw li dawn issa huma riżorsi. 53 00:02:24,650 --> 00:02:27,750 >> I riedu jieħdu mument wieħed tmissx fuq artikolu Crimson li ħareġ 54 00:02:27,750 --> 00:02:30,541 aħħar lejl tard, li kien li jħabbar li dan sħabi hawn, David 55 00:02:30,541 --> 00:02:33,920 Johnson, li kien l-anzjan preceptor għall Ec 10 għal żmien pjuttost twil, 56 00:02:33,920 --> 00:02:36,210 qed tħalli Harvard fl- aħħar tas-sena akkademika. 57 00:02:36,210 --> 00:02:38,390 U I biss riedu tieħu mument, onestament, 58 00:02:38,390 --> 00:02:41,620 nirringrazzja David quddiem ta 'CS50. 59 00:02:41,620 --> 00:02:44,360 Hu kien kunsillier ta ' xorta lilna matul is-snin. 60 00:02:44,360 --> 00:02:46,980 >> U inħoss bħal aħna, CS50, ikollhom pjuttost kibru ma Ec 10 61 00:02:46,980 --> 00:02:48,870 fil hawn, peress li huma dritt qabel magħna. 62 00:02:48,870 --> 00:02:52,040 U hu u t-tim kollu fil Ec 10 għandha Kien wonderfully gracious, franchement, 63 00:02:52,040 --> 00:02:55,410 kif aħna lug fil kollha ta 'tagħmir tagħna kull ġimgħa, u s-snin ilu, 64 00:02:55,410 --> 00:02:57,320 sakemm ħafna ta 'avukat kif konna 65 00:02:57,320 --> 00:02:59,520 kurjużi dwar kif joperaw Ec 10. 66 00:02:59,520 --> 00:03:02,640 Allura grazzi tagħna u ammirazzjoni lil David Johnson. 67 00:03:02,640 --> 00:03:06,560 >> [Applause] 68 00:03:06,560 --> 00:03:08,030 69 00:03:08,030 --> 00:03:12,180 >> Issa, unrelatedly, hekk l-aħħar huwa tabilħaqq qrib. 70 00:03:12,180 --> 00:03:13,630 Aħna qegħdin hawn fil-ġimgħa 10. 71 00:03:13,630 --> 00:03:15,920 U aħna biss ikollhom biss ftit ġimgħat formali 72 00:03:15,920 --> 00:03:18,320 hawn fil-klassi xellug, segwiti minn koppja ta 'avvenimenti. 73 00:03:18,320 --> 00:03:21,860 Allura biex jagħtuk sens ta 'x'hemm fuq l-orizzont, aħna qegħdin hawn illum. 74 00:03:21,860 --> 00:03:24,480 >> Dan l-Erbgħa, recall, aħna ser ikollhom lecture mistieden 75 00:03:24,480 --> 00:03:27,040 minn xejn għajr Stess Steve Ballmer Microsoft. 76 00:03:27,040 --> 00:03:31,740 Jekk inti ħadthom għadhom ma ġewx marret biex cs50.harvard.edu/register, 77 00:03:31,740 --> 00:03:33,360 tagħmel hekk, peress li l-ispazju se tkun limitata. 78 00:03:33,360 --> 00:03:36,447 U dawn se jiġi verifikat IDs fil-bieb dan kuljum. 79 00:03:36,447 --> 00:03:38,280 Jekk inti ma kinux hawn aħħar ġimgħa, ħsibt I d 80 00:03:38,280 --> 00:03:41,850 tease inti ma ħarsa differenti fil Steve u l-eċitament li 81 00:03:41,850 --> 00:03:44,215 jistenna us nhar l-Erbgħa. 82 00:03:44,215 --> 00:03:45,205 >> [Daqq ta 'video] 83 00:03:45,205 --> 00:03:46,195 >> -Passion. 84 00:03:46,195 --> 00:03:50,650 >> -We're Se tkun iebsa hardcore--. 85 00:03:50,650 --> 00:03:51,640 >> -Innovator. 86 00:03:51,640 --> 00:03:53,339 >> -Bill Qal, inti ma ġġibu. 87 00:03:53,339 --> 00:03:55,130 Aħna qed tmur biex tpoġġi kompjuter fuq kull skrivanija 88 00:03:55,130 --> 00:03:58,690 u f'kull dar, li sar il-motto għall-kumpanija. 89 00:03:58,690 --> 00:04:01,850 Jiena naħlef, Bill ivvintat dan li bil-lejl biex verament tagħti me 90 00:04:01,850 --> 00:04:04,370 xi wħud mill-viżjoni ta ' għaliex I għandha tgħid iva. 91 00:04:04,370 --> 00:04:07,280 Stajt qatt ma ħares lura, verament, wara dik. 92 00:04:07,280 --> 00:04:10,010 >> -Frisk minn kulleġġ, huwa ssieħbu istartjar f'diffikultà 93 00:04:10,010 --> 00:04:14,450 u għenha jikbru f'waħda mill-Amerika ta negozji aktar suċċess qatt. 94 00:04:14,450 --> 00:04:16,920 Il-ħajja ta 'u n-negozju lezzjonijiet meħuda matul it-triq 95 00:04:16,920 --> 00:04:19,925 let lura lilu tiegħu passjoni tfulija u l-imħabba. 96 00:04:19,925 --> 00:04:24,650 U dawk l-esperjenzi ħejjew lilu għall-isfida li jmiss tiegħu fil-ħajja. 97 00:04:24,650 --> 00:04:27,150 >> -Nothing Gets fil boom way-- tagħna! 98 00:04:27,150 --> 00:04:29,330 Żomm hardcore ġejjin! 99 00:04:29,330 --> 00:04:31,150 Mur jaqtgħu! 100 00:04:31,150 --> 00:04:38,627 >> -Dan Huwa Steve Ballmer, "Fil Kliem tiegħi stess." 101 00:04:38,627 --> 00:04:39,460 [END daqq ta 'video] 102 00:04:39,460 --> 00:04:41,240 DAVID J. Malan: --this Erbgħa sal-CS50. 103 00:04:41,240 --> 00:04:43,080 Ras għal darb'oħra biex dan il-URL hawn. 104 00:04:43,080 --> 00:04:46,500 Fir x'iktar huwa fuq l-orizzont, ġimgħa d-dieħla, l-ebda taħdita nhar it-Tnejn. 105 00:04:46,500 --> 00:04:50,020 Imma se nkunu wara dak billi kwizz wieħed nhar l-Erbgħa. 106 00:04:50,020 --> 00:04:54,390 Go to homepage CS50 għall dettalji fuq in-nies, postijiet, u l-ħinijiet 107 00:04:54,390 --> 00:04:57,640 għall kollha tal-proctoring varji loġistika u simili, 108 00:04:57,640 --> 00:05:00,190 kif ukoll dwar ir-reviżjoni sessjonijiet li huma li jmiss. 109 00:05:00,190 --> 00:05:06,479 U mbagħad, fl-aħħarnett, nhar it-Tnejn, il-jum qabel il-ġimgħa ta 'waqfa Thanksgiving, 110 00:05:06,479 --> 00:05:08,020 tirrealizza dan se jkun lecture finali tagħna. 111 00:05:08,020 --> 00:05:11,490 Aħna se jservu kejk u kbir jittrattaw ta 'eċċitament, nittamaw. 112 00:05:11,490 --> 00:05:13,976 >> Issa, koppja ta 'aġġornamenti oħra. 113 00:05:13,976 --> 00:05:16,350 Wieħed iżomm f'moħħu li l-istatus rapport, li huwa verament ftit 114 00:05:16,350 --> 00:05:20,430 intenzjonat li jkun interazzjoni każwali bil TF tiegħek biex kburi jiddikjara biss 115 00:05:20,430 --> 00:05:23,106 kemm tul mal tiegħek proġett finali int, 116 00:05:23,106 --> 00:05:24,980 jew għall-inqas bħala sanità iċċekkja li inti għandek 117 00:05:24,980 --> 00:05:27,250 jkun viċin ta 'dik punt ftit wara. 118 00:05:27,250 --> 00:05:28,660 L-Hackathon mbagħad isegwi li. 119 00:05:28,660 --> 00:05:30,800 Tirrealizza l-Hackathon mhix opportunità 120 00:05:30,800 --> 00:05:33,690 biex tibda proġett finali tiegħek, iżda huwa maħsub li jkun l-opportunità 121 00:05:33,690 --> 00:05:37,040 li jiġu fin-nofs ta 'fuq jew lejn it-tmiem tal-proġett finali tiegħek, 122 00:05:37,040 --> 00:05:41,030 bl-implimentazzjoni dovuta ftit jiem wara, segwita mill-CS50 ġust. 123 00:05:41,030 --> 00:05:43,330 >> Issa, il-produzzjoni CS50 ta tim, ftit snin ilu, 124 00:05:43,330 --> 00:05:46,127 jitqiegħdu flimkien teaser għall-CS50 ġust li aħna 125 00:05:46,127 --> 00:05:48,710 ħsibt aħna'd nuruk illum, minħabba li ħadthom kien iebes fuq ix-xogħol 126 00:05:48,710 --> 00:05:51,930 fuq prequel għal dan, video ġdida li aħna ser jikkonkludi llum ma. 127 00:05:51,930 --> 00:05:57,694 Imma hawn hu dak jistenna inti għal CS50 ġust din is-sena. 128 00:05:57,694 --> 00:05:58,360 [Daqq ta 'video] 129 00:05:58,360 --> 00:06:00,680 - [CELL PHONE tisfir] 130 00:06:00,680 --> 00:06:07,624 131 00:06:07,624 --> 00:06:11,117 [MUSIC "TEMA MINN MISSJONI: IMPOSSIBBLI"] 132 00:06:11,117 --> 00:08:47,065 133 00:08:47,065 --> 00:08:52,820 [END daqq ta 'video] 134 00:08:52,820 --> 00:08:56,840 DAVID J. Malan: Allura dan huwa eżattament kif aħna qrib sottomissjonijiet finali tal-proġett. 135 00:08:56,840 --> 00:08:59,220 Koppja ta 'issa teasers-- jekk inti tixtieq li jissieħbu Nick hawn 136 00:08:59,220 --> 00:09:02,740 għall-ikel, bħas-soltu, dan Ġimgħa, ras għal dan il-URL hawn. 137 00:09:02,740 --> 00:09:05,530 Barra minn hekk, jekk inti tixtieq biex jissieħbu Nick jew dan Nick 138 00:09:05,530 --> 00:09:08,770 jew dan Allison jew kwalunkwe membri tat-tim CS50, l 139 00:09:08,770 --> 00:09:11,110 do jirrealizzaw li, ftit wara t-tmiem tul ta ', 140 00:09:11,110 --> 00:09:13,780 CS50 se jkun diġà reklutaġġ għat-tim sena d-dieħla, 141 00:09:13,780 --> 00:09:18,130 għall CAs, TFS, disinjaturi, il-produtturi, riċerkaturi, u pożizzjonijiet oħra 142 00:09:18,130 --> 00:09:21,790 li hawn joperaw CS50 kemm fil quddiem u wara l-kwinti. 143 00:09:21,790 --> 00:09:25,482 Hekk jekk dan jista 'jkun ta' interess lilek, ras għal dan il-URL hawn. 144 00:09:25,482 --> 00:09:28,190 U l-istudenti aktar komda, inqas komdi, u x'imkien 145 00:09:28,190 --> 00:09:31,710 bejn simili huma kollha milqugħa u mħeġġa biex japplikaw. 146 00:09:31,710 --> 00:09:34,920 >> Allura kien timing perfett li, mhux Joke, dalgħodu, meta I woke up, 147 00:09:34,920 --> 00:09:37,220 I kellha din hawn spam fl-inbox tiegħi. 148 00:09:37,220 --> 00:09:39,420 Hija fil-fatt żelqet permezz spam filter Gmail tal 149 00:09:39,420 --> 00:09:41,659 b'xi u spiċċa fl-inbox tiegħi attwali. 150 00:09:41,659 --> 00:09:43,700 U jgħid, "Għażiż mailbox utent, int bħalissa 151 00:09:43,700 --> 00:09:45,240 imtejba għall 4 gigabytes ta 'spazju. 152 00:09:45,240 --> 00:09:50,750 Jekk jogħġbok log fil-kont tiegħek sabiex jivvalidaw E-ispazju. " 153 00:09:50,750 --> 00:09:54,100 >> U allura hemm dan blu sabiħ link enticing hemm biex ikklikkja fuq 154 00:09:54,100 --> 00:09:59,480 għall fakultà u l-istaff, li mbagħad wasslitni għal paġna wonderfully leġittimu, li 155 00:09:59,480 --> 00:10:02,300 talabni biex jagħtuhom l-isem tiegħi u l-indirizz email u, naturalment, 156 00:10:02,300 --> 00:10:05,090 password biex jivvalidaw li jiena u ibqa 'sejjer hekk. 157 00:10:05,090 --> 00:10:09,330 Iżda naturalment, kif huwa dejjem il-każ, inti jaslu din il-paġna inżul, 158 00:10:09,330 --> 00:10:11,370 u naturalment, hemm typo inqas wieħed, 159 00:10:11,370 --> 00:10:14,840 li jidher li jkun l-dwiefer fl l-tebut ta 'kwalunkwe minn dawn scams. 160 00:10:14,840 --> 00:10:17,890 U aħna ser post, forsi, xi oħrajn links għal dawn it-tipi ta 'screen shots 161 00:10:17,890 --> 00:10:18,473 fil-futur. 162 00:10:18,473 --> 00:10:22,535 Iżda wieħed jittama, ħafna nies fil- din il-kamra ma clicked-- 163 00:10:22,535 --> 00:10:24,410 jew anke jekk inti stajt għafast dawn ir-rabtiet bħal dan, 164 00:10:24,410 --> 00:10:28,040 int ma marret safejn biex jimlew dawk il-forom u ibqa 'sejjer hekk. 165 00:10:28,040 --> 00:10:30,210 Fil-fatt, huwa OK jekk għandek. 166 00:10:30,210 --> 00:10:33,410 Aħna ser tipprova li jiffissaw li llum, għaliex, tabilħaqq, konverżazzjoni lum hija 167 00:10:33,410 --> 00:10:34,450 dwar is-sigurtà. 168 00:10:34,450 --> 00:10:36,500 >> U fil-fatt, wieħed mill- għanijiet ta 'CS50 mhuwiex 169 00:10:36,500 --> 00:10:38,980 tant li jgħallmu CE jew PHP jew JavaScript jew SQL 170 00:10:38,980 --> 00:10:41,610 jew xi wieħed minn dawn sottostanti dettalji tal-implimentazzjoni. 171 00:10:41,610 --> 00:10:45,612 Iżda huwa li inti s-setgħa bħala bnedmin biex biss tagħmel deċiżjonijiet aktar intelliġenti kif dan 172 00:10:45,612 --> 00:10:48,070 tirrigwarda teknoloġija l- fit-toroq sabiex, jekk int 173 00:10:48,070 --> 00:10:51,370 inġinier jew umanista jew xjentist jew ebda rwol ieħor, 174 00:10:51,370 --> 00:10:54,970 inti qed jagħmlu deċiżjonijiet infurmati dwar l-użu tiegħek computing stess, 175 00:10:54,970 --> 00:10:56,980 jew jekk int fil- pożizzjoni tat-teħid tad-deċiżjonijiet, 176 00:10:56,980 --> 00:10:59,250 fil-politika, b'mod partikolari, int tagħmel ħafna, 177 00:10:59,250 --> 00:11:02,770 deċiżjonijiet ferm aħjar minn lott ta 'bnedmin illum kienu. 178 00:11:02,770 --> 00:11:04,830 U aħna ser tagħmel dan billi mod ta 'ftit eżempji. 179 00:11:04,830 --> 00:11:09,030 >> L-ewwel, I kien pjuttost sorpriż riċentement biex jiskopru dan li ġej. 180 00:11:09,030 --> 00:11:11,120 Allura passwords, naturalment, huma dak li ħafna minna 181 00:11:11,120 --> 00:11:18,030 tuża biex jipproteġu email data-- tagħna, chat, u kull tip ta 'riżorsi bħal dik. 182 00:11:18,030 --> 00:11:23,020 U biss minn awkward-- ma juru ta ' idejn, iżda jistenna embarrassed ta mistħija, 183 00:11:23,020 --> 00:11:26,600 Kemm inti tuża l-password istess fil-lott ta 'websajts differenti? 184 00:11:26,600 --> 00:11:28,020 >> Oh, OK, hekk aħna ser nagħmlu l-idejn. 185 00:11:28,020 --> 00:11:30,950 OK, hekk ħafna minnkom do. 186 00:11:30,950 --> 00:11:33,770 Xi ħadd li ma dan, biss għaliex? 187 00:11:33,770 --> 00:11:35,078 U dak? 188 00:11:35,078 --> 00:11:36,537 Yeah? 189 00:11:36,537 --> 00:11:39,870 UDJENZA: Huwa faċli biex tiftakar, għaliex inti ma għandekx tiftakar [inaudible]. 190 00:11:39,870 --> 00:11:41,703 DAVID J. Malan: Yeah, huwa faċli biex tiftakar. 191 00:11:41,703 --> 00:11:44,560 Huwa perfettament raġonevoli, imġieba razzjonali, 192 00:11:44,560 --> 00:11:46,920 anki jekk ir-riskju int tqegħid lilek innifsek 193 00:11:46,920 --> 00:11:50,540 fil f'dawn il-każijiet huwa biss wieħed jew aktar minn dawn il-websajts 194 00:11:50,540 --> 00:11:54,510 hija vulnerabbli għall hacking jew prekarju jew il-password tiegħek biss 195 00:11:54,510 --> 00:11:57,130 hekk darn guessable, kulħadd jista figura hija out. 196 00:11:57,130 --> 00:11:59,850 Mhux biss huwa kont wieħed kompromessa, iżda fit-teorija, kull 197 00:11:59,850 --> 00:12:01,280 kontijiet għandek fuq l-internet. 198 00:12:01,280 --> 00:12:04,550 So I know I jista 'jgħid illum, ma jużaw l-istess password kullimkien, 199 00:12:04,550 --> 00:12:06,450 iżda li ħafna aktar faċli minn qal jsir. 200 00:12:06,450 --> 00:12:10,850 Iżda hemm tekniki għall mitigazzjoni li tħassib partikolari. 201 00:12:10,850 --> 00:12:14,030 >> Issa, I jiġri, per eżempju, biex tuża programm imsejjaħ 1Password. 202 00:12:14,030 --> 00:12:16,010 Ieħor wieħed popolari huwa msejjaħ LastPass. 203 00:12:16,010 --> 00:12:19,030 U mazz ta 'użu staff CS50 wieħed jew aktar ta 'dawn it-tipi ta' għodod. 204 00:12:19,030 --> 00:12:20,940 U l-istorja twila fil-qosor, takeaway wieħed għal-lum 205 00:12:20,940 --> 00:12:25,080 għandu jkun, iva, inti jista 'jkollok l-istess password kullimkien, 206 00:12:25,080 --> 00:12:27,260 imma hija faċli ħafna biex m'għadhomx tagħmel dan. 207 00:12:27,260 --> 00:12:31,260 Per eżempju, dawn il-ġranet, I know forsi wieħed ta 'għexieren jew mijiet tiegħi 208 00:12:31,260 --> 00:12:31,910 ta 'passwords. 209 00:12:31,910 --> 00:12:33,990 Kollha ta 'passwords oħra tiegħi huma psewdo-każwali 210 00:12:33,990 --> 00:12:36,046 iġġenerat minn wieħed minn dawn il-programmi hawn. 211 00:12:36,046 --> 00:12:38,420 U fil-qosor, u anki għalkemm aktar ta 'dawn il-programmi 212 00:12:38,420 --> 00:12:41,487 għandhom tendenza li jiġu mal daqsxejn ta 'spiża, inti jinstallaw programm bħal dan, 213 00:12:41,487 --> 00:12:43,820 inti mbagħad taħżen kollha ta ' usernames u passwords tiegħek 214 00:12:43,820 --> 00:12:46,960 ġewwa ta 'dan il-programm fuq tiegħek Mac jew PC jew whatnot, 215 00:12:46,960 --> 00:12:49,290 u allura jkun encrypted fuq il-kompjuter tiegħek 216 00:12:49,290 --> 00:12:51,599 bil x'hemm nittamaw password partikolarment twal. 217 00:12:51,599 --> 00:12:54,140 So I jkollhom mazz sħiħ ta ' passwords għall-websajts individwali, 218 00:12:54,140 --> 00:12:56,390 u mbagħad I jkollhom verament password twil li I 219 00:12:56,390 --> 00:12:59,059 użu li nisfruttaw kollha ta ' dawk passwords oħra. 220 00:12:59,059 --> 00:13:00,850 U x'hemm sbieħ dwar softwer bħal dan huwa 221 00:13:00,850 --> 00:13:04,016 li, meta inti żżur il-website li l- titlob għall username u password, 222 00:13:04,016 --> 00:13:06,304 dawn il-ġranet, I ma tip fl username tiegħi u password, 223 00:13:06,304 --> 00:13:08,970 għaliex, għal darb'oħra, I do not know anki dak li ħafna ta 'passwords tiegħi huma. 224 00:13:08,970 --> 00:13:12,180 I minflok hit tastiera shortcut, ir-riżultat ta 'liema 225 00:13:12,180 --> 00:13:15,990 huwa biex jiġu xprunati dan is-software biex pront me għal password kaptan tiegħi. 226 00:13:15,990 --> 00:13:18,780 I imbagħad tip li wieħed kbir password, u allura l-browser 227 00:13:18,780 --> 00:13:21,090 awtomatikament timla dak password tiegħi huwa. 228 00:13:21,090 --> 00:13:24,960 Allura verament, jekk inti tieħu xejn bogħod mil-lum f'termini ta 'passwords, 229 00:13:24,960 --> 00:13:28,440 dawn huma softwer li jiswew tniżżil jew jinvestu sa 230 00:13:28,440 --> 00:13:30,750 li inti tista 'mill-inqas break li vizzju partikolari. 231 00:13:30,750 --> 00:13:33,374 U jekk int it-tip li l- jużaw Post-Tinnota jew l like-- 232 00:13:33,374 --> 00:13:37,310 u odds huma mill-inqas wieħed minnkom is-- li vizzju, wisq, huwa biżżejjed li jingħad, 233 00:13:37,310 --> 00:13:38,340 għandu jkun imkisser. 234 00:13:38,340 --> 00:13:42,360 >> Issa, I ġara biex jiskopru, bħala riżultat tal tuża s-software, li ġej. 235 00:13:42,360 --> 00:13:45,690 I kien li tordna Arranġament li jittiekel, dan il-basket ta 'frott, reċentement. 236 00:13:45,690 --> 00:13:49,380 U I hit keyboard speċjali tiegħi shortcut log fil-websajt. 237 00:13:49,380 --> 00:13:53,325 U s-software wassal għal pop-up li qal, inti żgur 238 00:13:53,325 --> 00:13:55,950 inti trid lili biex awtomatikament tissottometti dan username u password? 239 00:13:55,950 --> 00:13:57,690 Minħabba li l-konnessjoni hija prekarju. 240 00:13:57,690 --> 00:14:01,450 >> Il-konnessjoni mhux użu HTTPS, għal sigura, 241 00:14:01,450 --> 00:14:04,900 jużaw dan il-protokoll magħrufa bħala SSL, Sokits Sikura Layer. 242 00:14:04,900 --> 00:14:07,640 U fil-fatt, jekk inti tħares lejn il-quċċata xellug ta 'din il-websajt, 243 00:14:07,640 --> 00:14:12,880 huwa biss www.ediblearrangements.com, ebda HTTPS, li ma jkunx hekk tajjeb. 244 00:14:12,880 --> 00:14:15,480 >> Issa, I kien curious-- forsi dan huwa biss bug fis-software. 245 00:14:15,480 --> 00:14:19,240 Żgur, xi websajt bħal dan li ħafna minna jafu 246 00:14:19,240 --> 00:14:24,046 huwa inqas tuża encryption jew HTTPS URLs log int fl. 247 00:14:24,046 --> 00:14:25,670 So I ltqajna ftit kurjuż dalgħodu. 248 00:14:25,670 --> 00:14:29,046 U sibt il-ħiliet CS50 tiegħi, I fetaħ Chrome Ispettur. 249 00:14:29,046 --> 00:14:30,295 Mhuwiex anki ħafna ta 'ħiliet. 250 00:14:30,295 --> 00:14:32,890 Huwa biss laqat il-keyboard dritt shortcut biex tiftaħ dan up. 251 00:14:32,890 --> 00:14:34,830 U hawnhekk tieqa big ta 'Spettur Chrome. 252 00:14:34,830 --> 00:14:38,960 >> Imma dak kien effettivament ftit traġiku u redikoli 253 00:14:38,960 --> 00:14:40,830 kienu dawn iż-żewġ linji hawn. 254 00:14:40,830 --> 00:14:44,570 Up fil-quċċata, avviż-URL li li username tiegħi u password 255 00:14:44,570 --> 00:14:45,530 kienu sottomessi. 256 00:14:45,530 --> 00:14:46,380 Let me zoom. 257 00:14:46,380 --> 00:14:47,352 Kien dan hawn. 258 00:14:47,352 --> 00:14:49,060 U kollha ta 'dan huwa tip ta 'uninteresting, 259 00:14:49,060 --> 00:14:54,962 ħlief għall-ħaġa-triq kollha lejn ix-xellug, li jibda bil http: //. 260 00:14:54,962 --> 00:14:57,240 U hekk allura, OK, forsi dawn qed biss jibgħat 261 00:14:57,240 --> 00:14:59,084 username tiegħi, li hija mhux tali big deal. 262 00:14:59,084 --> 00:15:00,500 Forsi password tiegħi gets mibgħuta iktar tard. 263 00:15:00,500 --> 00:15:02,300 Dan ikun it-tip ta ' deċiżjoni tad-disinn interessanti. 264 00:15:02,300 --> 00:15:03,100 >> Iżda Nope. 265 00:15:03,100 --> 00:15:06,130 Jekk inti mbagħad tħares lejn it-talba payload, il-username u password 266 00:15:06,130 --> 00:15:08,470 I sent-- u I mocked dawn il-up għall-slide-- 267 00:15:08,470 --> 00:15:10,000 kienu attwalment mibgħuta fil-ċar. 268 00:15:10,000 --> 00:15:13,792 Allura inti tmur din il-websajt partikolari u tordna Arranġament jittiekel bħal dan, 269 00:15:13,792 --> 00:15:16,750 u tabilħaqq, apparentement, għal dan kollu darba stajt ġiet tordna minnhom, 270 00:15:16,750 --> 00:15:19,800 username u password qed jiġri madwar fil-ċar. 271 00:15:19,800 --> 00:15:22,120 Allura onestament, dan huwa kompletament inaċċettabbli. 272 00:15:22,120 --> 00:15:26,240 U huwa hekk trivjali biex jevitaw affarijiet bħal dan bħala l-disinjatur ta 'websajt 273 00:15:26,240 --> 00:15:27,950 u bħala l-programmer ta 'websajt. 274 00:15:27,950 --> 00:15:31,020 >> Iżda l-takeaway hawn għal lilna bħala utenti ta 'websajts 275 00:15:31,020 --> 00:15:35,700 huwa biss japprezzaw li kollha li jieħu huwa għal disinn stupid wieħed 276 00:15:35,700 --> 00:15:40,010 deċiżjoni, id-deċiżjoni tad-disinn inġustifikabbli, b'tali mod li issa, jekk inti taf password tiegħi huwa 277 00:15:40,010 --> 00:15:41,820 "Krimżi" fuq din website, inti probabilment ħadthom 278 00:15:41,820 --> 00:15:44,654 biss ltqajna fis mazz sħiħ ta ' websites oħra li I issa għandhom. 279 00:15:44,654 --> 00:15:46,570 U hemm Ma tantx ta difiża kontra dan 280 00:15:46,570 --> 00:15:48,301 minbarra dak Chang għamlet dalgħodu. 281 00:15:48,301 --> 00:15:51,550 Huwa mar Arranġamenti li jittieklu, li tinsab fl-triq fil-Cambridge, 282 00:15:51,550 --> 00:15:53,430 u fiżikament mixtrija dan għalina. 283 00:15:53,430 --> 00:15:57,490 Li kien ferm aktar sikuri minn jużaw il-websajt f'dan il-każ. 284 00:15:57,490 --> 00:16:02,320 >> Iżda l-dettall li żżomm għajnejk out għal huwa attwalment x'hemm fil-browser top up 285 00:16:02,320 --> 00:16:02,940 hemmhekk. 286 00:16:02,940 --> 00:16:04,690 Iżda anke li tista 'tkun ftit qarrieqa. 287 00:16:04,690 --> 00:16:07,002 Allura ieħor interessanti eżempju u mod ta 'difiża 288 00:16:07,002 --> 00:16:09,960 kontra this-- u fil-fatt, ejja do li first---mod ta 'difiża 289 00:16:09,960 --> 00:16:12,540 kontra dan hija teknika li n-nies tas-sigurtà kieku 290 00:16:12,540 --> 00:16:14,810 sejħa awtentikazzjoni b'żewġ fatturi. 291 00:16:14,810 --> 00:16:20,130 >> Ħadd ma jaf x'inhi l-soluzzjoni għal problemi bħal dan ifisser? 292 00:16:20,130 --> 00:16:23,110 X'inhu awtentikazzjoni b'żewġ fatturi? 293 00:16:23,110 --> 00:16:27,320 Jew imqiegħda mod ieħor, kif ħafna minnkom qed tuża dan? 294 00:16:27,320 --> 00:16:28,650 OK, hekk koppja ta 'nies jitmeżmżu. 295 00:16:28,650 --> 00:16:29,060 Iżda yeah. 296 00:16:29,060 --> 00:16:29,976 Rajt naħa tiegħek jitla '. 297 00:16:29,976 --> 00:16:31,510 X'inhu awtentikazzjoni b'żewġ fatturi? 298 00:16:31,510 --> 00:16:34,010 >> UDJENZA: Bażikament, minbarra biex tittajpja password tiegħek, 299 00:16:34,010 --> 00:16:37,390 inti ukoll għandek [inaudible] sekondarja mibgħuta permezz messaġġ test għall-telefon tiegħek 300 00:16:37,390 --> 00:16:39,460 fil-[inaudible]. 301 00:16:39,460 --> 00:16:40,460 DAVID J. Malan: Eżattament. 302 00:16:40,460 --> 00:16:44,150 Minbarra għal xi forma primarja ta 'awtentikazzjoni, bħal password, 303 00:16:44,150 --> 00:16:47,190 int mitlub għal sekondarja fattur, li huwa tipikament 304 00:16:47,190 --> 00:16:49,740 xi ħaġa li għandek fiżikament fuqek, għalkemm dan 305 00:16:49,740 --> 00:16:51,610 jista 'jkun xi ħaġa oħra għal kollox. 306 00:16:51,610 --> 00:16:54,630 U li ħaġa huwa tipikament cellphone dawn il-jiem li inti tikseb 307 00:16:54,630 --> 00:16:59,200 bagħat messaġġ test temporanju li tgħid "Kodiċi tiegħek pass temporanju huwa 12345." 308 00:16:59,200 --> 00:17:01,280 >> Allura minbarra tiegħi password "krimżi," I wkoll 309 00:17:01,280 --> 00:17:03,916 għandek tip fi kwalunkwe il-websajt texted lili. 310 00:17:03,916 --> 00:17:06,290 Jew jekk għandek dan ma ' bank jew kont ta 'investiment, 311 00:17:06,290 --> 00:17:08,123 jekk xi kultant ikollok dawn dongles ftit li 312 00:17:08,123 --> 00:17:11,760 fil-fatt ikollhom psewdo każwali ġeneratur numru mibnija ġo fihom, 313 00:17:11,760 --> 00:17:15,849 iżda t-tnejn l-apparat u l-bank taf liema żerriegħa inizjali tiegħek huwa 314 00:17:15,849 --> 00:17:19,710 sabiex dawn ikunu jafu, anke bħala l- ftit kodiċi fuq fob ewlenin tiegħek ftit 315 00:17:19,710 --> 00:17:22,380 marċi quddiem kull minuta jew tnejn, bdil ta 'valuri, 316 00:17:22,380 --> 00:17:25,260 Allura dan it-tibdil valur fuq is-server tal-bank 317 00:17:25,260 --> 00:17:28,620 sabiex ikunu jistgħu bl-istess mod jawtentikaw inti, mhux biss ma 'password tiegħek, 318 00:17:28,620 --> 00:17:30,024 iżda ma 'dan il-kodiċi temporanju. 319 00:17:30,024 --> 00:17:31,690 Issa, inti tista 'attwalment jagħmlu dan fil-Google. 320 00:17:31,690 --> 00:17:33,606 U franchement, dan huwa drawwa tajba li jsibu rwieħhom, 321 00:17:33,606 --> 00:17:36,180 speċjalment jekk inti qed tuża Gmail il-ħin kollu fuq il-browser. 322 00:17:36,180 --> 00:17:39,880 Jekk inti tmur biex dan il-URL hawnhekk, li hija fil- l-pjastri online għal-lum, u mbagħad 323 00:17:39,880 --> 00:17:43,579 ikklikkja fuq Verifika 2-Pass, istess ħaġa attwali hemmhekk. 324 00:17:43,579 --> 00:17:45,870 Int ser tkun imħeġġa li jagħtu minnhom numru tiegħek cell phone. 325 00:17:45,870 --> 00:17:49,660 U mbagħad, kwalunkwe ħin li inti log fis Gmail, inti ser tkun mhux biss mistoqsi 326 00:17:49,660 --> 00:17:53,480 għall-password tiegħek, iżda wkoll għal ftit kodiċi li gets mibgħuta lill-telefon tiegħek 327 00:17:53,480 --> 00:17:54,190 temporanjament. 328 00:17:54,190 --> 00:17:57,894 U sakemm ikollok cookies ppermettiet, u sakemm inti ma espliċitament 329 00:17:57,894 --> 00:18:00,060 log out, inti ser ikollok biss biex tagħmel dan darba awhile, 330 00:18:00,060 --> 00:18:01,870 bħal meta inti tiltaqa fuq kompjuter ġdid. 331 00:18:01,870 --> 00:18:05,320 >> U l-rasu hawnhekk, wisq, huwa, jekk inti joqogħdu bilqegħda fuq xi stil kafetterija internet 332 00:18:05,320 --> 00:18:07,380 kompjuter jew biss kompjuter ħabib, anke 333 00:18:07,380 --> 00:18:09,710 jekk dik ħabib malizzjuż jew unknowingly 334 00:18:09,710 --> 00:18:13,580 għandha xi logger keyboard installat fil-kompjuter tiegħu jew tagħha, 335 00:18:13,580 --> 00:18:15,640 tali li kollox inti tip qed illoggjat, 336 00:18:15,640 --> 00:18:19,170 inqas li t-tieni fattur, li kodiċi temporanju, hija effimeru. 337 00:18:19,170 --> 00:18:21,630 Hekk hu jew hi jew kull min huwa kompromessa l-kompjuter 338 00:18:21,630 --> 00:18:24,890 ma tista 'log fis inti sussegwentement, anki jekk kollox 339 00:18:24,890 --> 00:18:27,890 kienet vulnerabbli jew saħansitra unencrypted għal kollox. 340 00:18:27,890 --> 00:18:29,760 Facebook għandha dan, wisq, ma 'dak URL hawn, 341 00:18:29,760 --> 00:18:32,070 fejn inti tista 'tikklikkja fuq Approvazzjonijiet Login. 342 00:18:32,070 --> 00:18:35,500 Allura hawnhekk, wisq, jekk inti ma tixtieq ħbieb poke nies, 343 00:18:35,500 --> 00:18:40,140 inti ma tridx tkun poking fuq Facebook jew kollokament aġġornamenti istatus għalik, 344 00:18:40,140 --> 00:18:42,479 awtentikazzjoni b'żewġ fatturi hawnhekk hija probabbilment ħaġa tajba. 345 00:18:42,479 --> 00:18:44,520 U allura hemm dan teknika oħra għal kollox, 346 00:18:44,520 --> 00:18:46,853 biss verifika, li huwa anke ħaġa tajba għalina bnedmin, 347 00:18:46,853 --> 00:18:49,950 jekk żewġ fattur juri annoying, li, Ċertament, tista ', jew huwa biss mhux 348 00:18:49,950 --> 00:18:53,930 disponibbli fuq xi websajt, minimament li żżomm għajnejk fuq jekk u meta 349 00:18:53,930 --> 00:18:57,650 int jillogja siti, jekk jippermettu li inti, hija teknika tajba, wisq. 350 00:18:57,650 --> 00:19:01,300 Allura Facebook wkoll jagħtik dan notifiki login karatteristika, fejn 351 00:19:01,300 --> 00:19:06,240 ghaċ Facebook jirrealizza, hm, David għandha illoggjat minn xi kompjuter jew telefon 352 00:19:06,240 --> 00:19:09,710 li aħna stajt qatt qabel minn indirizz IP li jistenna familjari, 353 00:19:09,710 --> 00:19:12,320 dawn ser inqas inti tibgħat email għal dak kollu indirizz email 354 00:19:12,320 --> 00:19:14,750 għandek fuq il-fajl, qal, ma dan ħarsa suspettużi? 355 00:19:14,750 --> 00:19:17,590 Jekk iva, bidla password tiegħek immedjatament. 356 00:19:17,590 --> 00:19:19,610 U hekk hemm, wisq, imġieba verifika biss 357 00:19:19,610 --> 00:19:21,940 anki wara li tkun ħadthom ġiet kompromessa, jista 'mill-inqas 358 00:19:21,940 --> 00:19:25,980 dejqa-tieqa matul li inti huma vulnerabbli. 359 00:19:25,980 --> 00:19:29,910 >> Kull dritt, xi mistoqsijiet fuq li Jittieħed s'issa? 360 00:19:29,910 --> 00:19:35,510 Illum huwa l-jum li tikseb kollha ta ' paranojja tiegħek ikkonfermata jew miċħuda. 361 00:19:35,510 --> 00:19:36,820 Li l-aktar ikkonfermat, sfortunatament. 362 00:19:36,820 --> 00:19:37,210 Yeah? 363 00:19:37,210 --> 00:19:39,223 >> UDJENZA: [inaudible] telefon, X'jiġri jekk pawżi tiegħek phone, 364 00:19:39,223 --> 00:19:41,010 u allura huwa dejjem diffiċli biex verify-- 365 00:19:41,010 --> 00:19:41,295 >> DAVID J. Malan: Veru. 366 00:19:41,295 --> 00:19:43,330 >> UDJENZA: Jew jekk int fil differenti pajjiż, u dawn ma tavżak 367 00:19:43,330 --> 00:19:44,505 log fil minħabba [inaudible]. 368 00:19:44,505 --> 00:19:45,630 DAVID J. Malan: Assolutament. 369 00:19:45,630 --> 00:19:48,780 U għalhekk dawn huma l-addizzjonali spejjeż li inti tagħmel. 370 00:19:48,780 --> 00:19:51,040 Hemm dejjem din it-tema ta 'kompromess, wara kollox. 371 00:19:51,040 --> 00:19:53,748 U mbagħad, jekk inti titlef telefon tiegħek, jekk pawżi, jekk int barra, 372 00:19:53,748 --> 00:19:56,382 jew inti biss ma jkollhomx sinjal, bħal 3G jew sinjal LTE, 373 00:19:56,382 --> 00:19:58,340 Inti tista 'ma attwalment ikunu kapaċi li jawtentikaw. 374 00:19:58,340 --> 00:20:00,520 >> Għalhekk għal darb'oħra, dawn iż-żewġ huma kompromessi. 375 00:20:00,520 --> 00:20:03,670 U xi kultant, ikun jista 'joħloq ħafna xogħol għalik bħala riżultat. 376 00:20:03,670 --> 00:20:08,130 Imma huwa verament jiddependi, imbagħad, fuq dak il-prezz mistenni lilek 377 00:20:08,130 --> 00:20:10,980 huwa ta 'xi ħaġa benessri kompromessa għal kollox. 378 00:20:10,980 --> 00:20:15,300 >> Allura SSL, allura, huwa din it-teknika li aħna kollha ġeneralment jieħdu għal mogħtija 379 00:20:15,300 --> 00:20:18,970 jew jassumi hemm, anke jekk thats manifestament il-każ. 380 00:20:18,970 --> 00:20:23,339 U inti xorta tista 'tqarraq nies, għalkemm, anke ma 'dan. 381 00:20:23,339 --> 00:20:24,630 Allura hawnhekk eżempju ta 'bank. 382 00:20:24,630 --> 00:20:25,860 >> Dan huwa Bank of America. 383 00:20:25,860 --> 00:20:28,730 Hemm mazz sħiħ ta 'dawn fl Harvard Square u lil hinn. 384 00:20:28,730 --> 00:20:32,530 U tinnota li, fil-quċċata ħafna ta ' l-iskrin, hemm xi, tabilħaqq, HTTPS. 385 00:20:32,530 --> 00:20:35,370 U huwa saħansitra aħdar u enfasizza għalina 386 00:20:35,370 --> 00:20:39,550 li jindikaw li dan huwa tabilħaqq websajt leġittimament sigura, 387 00:20:39,550 --> 00:20:41,420 jew hekk konna ġew imħarrġa biex jemmnu. 388 00:20:41,420 --> 00:20:46,416 >> Issa, minbarra dan, għalkemm, avviż li, jekk aħna zoom fi, 389 00:20:46,416 --> 00:20:48,790 hemm dan ħaġa hawn, fejn int imħeġġa biex log fil. 390 00:20:48,790 --> 00:20:54,920 Xi jfisser dan katnazz jfissirx dritt hemm, li jmiss għall username tiegħi fil-pront? 391 00:20:54,920 --> 00:20:57,890 Dan huwa pjuttost komuni fuq il-websajts, wisq. 392 00:20:57,890 --> 00:21:01,120 Xi jfisser dan katnazz jfisser? 393 00:21:01,120 --> 00:21:02,453 Inti jidhru simili inti taf. 394 00:21:02,453 --> 00:21:03,420 >> UDJENZA: Dan ma jfissirx xejn. 395 00:21:03,420 --> 00:21:04,230 >> DAVID J. Malan: Hija ma jfisser xejn. 396 00:21:04,230 --> 00:21:07,790 Dan ifisser li l-Bank of America jaf kif li tikteb HTML ma 'tags immaġni, id-dritt? 397 00:21:07,790 --> 00:21:12,080 Huwa tassew ifisser xejn, minħabba li, anki aħna, bl-użu l-ewwel jum ta 'ħarsa tagħna 398 00:21:12,080 --> 00:21:15,760 fil HTML, tista kodiċi up paġna ma sfond aħmar u immaġni, 399 00:21:15,760 --> 00:21:18,910 bħal GIF jew whatnot, li jiġri lill-dehra katnazz. 400 00:21:18,910 --> 00:21:20,890 And yet, dan huwa super komuni fil-websajts, 401 00:21:20,890 --> 00:21:24,000 għaliex aħna ve ġew imħarrġa biex tassumi li, oh, katnazz mezzi siguri, 402 00:21:24,000 --> 00:21:25,760 meta verament ifisser biss inti taf HTML. 403 00:21:25,760 --> 00:21:28,840 >> Per eżempju, lura fil-ġurnata, I jistgħu jkunu biss jitqiegħed dan fuq il-websajt tiegħi, 404 00:21:28,840 --> 00:21:31,660 fejn sostniet huwa sigur, u tistaqsi, b'mod effettiv, 405 00:21:31,660 --> 00:21:33,590 għall usernames u passwords tan-nies. 406 00:21:33,590 --> 00:21:36,310 Allura tfittex fil-URL huwa inqas clue aħjar, 407 00:21:36,310 --> 00:21:39,580 għaliex thats mibnija fis Chrome jew kwalunkwe browser inti qed tuża. 408 00:21:39,580 --> 00:21:41,470 Iżda anke dakinhar, xi kultant affarijiet jistgħu imorru ħażin. 409 00:21:41,470 --> 00:21:45,940 U fil-fatt, inti tista 'ma dejjem tara HTTPS, aħseb u ara fl-aħdar. 410 00:21:45,940 --> 00:21:48,126 >> Have kwalunkwe inti qatt raw skrin bħal din? 411 00:21:48,126 --> 00:21:50,000 Inti jista 'jkollhom, fil-fatt, aktar kmieni f'Ottubru, 412 00:21:50,000 --> 00:21:54,740 meta I nesa li tħallas għall tagħna Ċertifikat SSL, kif huwa msejjaħ, 413 00:21:54,740 --> 00:21:58,400 u konna tfittex bħal dan għal siegħa jew tnejn. 414 00:21:58,400 --> 00:22:01,830 Allura inti ħadthom probabbilment jidhru l-affarijiet bħal dan, bil-through strajk, 415 00:22:01,830 --> 00:22:05,240 bħal linja ħamra, permezz il-protokoll fil-URL 416 00:22:05,240 --> 00:22:08,010 jew xi tip ta 'screen li l- inqas twiddeb inti 417 00:22:08,010 --> 00:22:09,760 għall jippruvaw biex jipproċedu aktar. 418 00:22:09,760 --> 00:22:12,540 U Google hawn qed tistieden inti tmur lura għas-sigurtà. 419 00:22:12,540 --> 00:22:17,120 >> Issa, f'dan il-każ, dan biss kien ifisser li iċ-ċertifikat SSL li aħna kienu jużaw, 420 00:22:17,120 --> 00:22:22,220 l-kbar, numri matematikament utli li huma assoċjati ma 'server CS50, l 421 00:22:22,220 --> 00:22:23,949 ma kienx aktar validu. 422 00:22:23,949 --> 00:22:26,490 U fil-fatt, nistgħu jissimulaw dan, kif inti tista 'fuq laptop tiegħek. 423 00:22:26,490 --> 00:22:30,270 Jekk immur fis Chrome hawn, u ejja mur facebook.com, 424 00:22:30,270 --> 00:22:32,230 u jidher qisu dan huwa sigur. 425 00:22:32,230 --> 00:22:36,910 Iżda let me imorru quddiem issa u ikklikkja fuq il-katnazz hawn. 426 00:22:36,910 --> 00:22:40,030 >> U let me mur Konnessjoni, Informazzjoni ċertifikat. 427 00:22:40,030 --> 00:22:42,020 U fil-fatt, dak li inti ser tara hawnhekk huwa mazz 428 00:22:42,020 --> 00:22:46,160 ta dettalji ta 'livell aktar baxx dwar li facebook.com verament huwa. 429 00:22:46,160 --> 00:22:49,380 Jidher li jkunu ħallsu l-flus biex kumpanija msejħa forsi DigiCert High 430 00:22:49,380 --> 00:22:54,420 Assigurazzjoni li wiegħed li tgħid il-bqija tad-dinja 431 00:22:54,420 --> 00:22:57,250 li, jekk browser qatt jara a certificate-- inti tista 'taħseb 432 00:22:57,250 --> 00:23:00,291 ta 'dan litteralment bħala ċertifikat li qisu li ħaġa Logged fil-quċċata 433 00:23:00,291 --> 00:23:04,360 left-- allura facebook.com huwa min huma jgħidu dawn huma, minħabba dan il-ħin, meta 434 00:23:04,360 --> 00:23:07,160 inti żżur il-website, bħal cs50.harvard.edu jew facebook.com 435 00:23:07,160 --> 00:23:11,880 jew gmail.com li jużaw HTTPS URLs, wara l-kwinti, 436 00:23:11,880 --> 00:23:15,190 hemm dan it-tip ta 'transazzjoni jiġri awtomatikament 437 00:23:15,190 --> 00:23:18,060 għalik, li biha facebook.com, f'dan il-każ, 438 00:23:18,060 --> 00:23:22,150 hija li jibgħat lill-browser tiegħek tagħha hekk imsejħa ċertifikat SSL, jew minflok, 439 00:23:22,150 --> 00:23:23,380 ċavetta pubblika tagħha, 440 00:23:23,380 --> 00:23:25,600 u mbagħad browser tiegħek qed tuża dan ċavetta pubblika 441 00:23:25,600 --> 00:23:29,600 li sussegwentement tibgħat encrypted traffiku lejn u minnha. 442 00:23:29,600 --> 00:23:32,360 >> Iżda hemm din il-ġerarkija kollu fid-dinja tal-kumpaniji 443 00:23:32,360 --> 00:23:36,430 li inti tħallas flus min se imbagħad jixhdu, f'sens diġitali, 444 00:23:36,430 --> 00:23:41,330 li inti tabilħaqq facebook.com jew server tiegħek huwa tabilħaqq cs50.harvard.edu. 445 00:23:41,330 --> 00:23:44,580 U mibnija fil-browsers, bħal Chrome u IE u Firefox, 446 00:23:44,580 --> 00:23:48,260 hija lista ta 'dawk kollha hekk imsejħa awtoritajiet ċertifikat 447 00:23:48,260 --> 00:23:51,360 li huma awtorizzati mill- Microsoft u Google u Mozilla 448 00:23:51,360 --> 00:23:55,410 biex jikkonfermaw jew jiċħdu li facebook.com huwa li huwa jgħid li huwa. 449 00:23:55,410 --> 00:23:57,430 Iżda l-qabda hija li dawn l-affarijiet do jiskadu. 450 00:23:57,430 --> 00:24:02,670 Fil-fatt, Facebook qisu tiskadi f'Ottubru li ġej, fl-2015. 451 00:24:02,670 --> 00:24:06,490 >> Allura nistgħu ngħidu jissimulaw dan jekk I jmorru fl Mac tiegħi Sistema ta 'Preferenzi tiegħi, 452 00:24:06,490 --> 00:24:11,070 u mmur fis Data u Ħin, u I tmur fis Data u Ħin hawn, 453 00:24:11,070 --> 00:24:17,190 u I nisfruttaw dan here-- Thankfully, aħna ma żvelatx password dan time-- 454 00:24:17,190 --> 00:24:20,660 u issa I jinżlu għal uncheck dan. 455 00:24:20,660 --> 00:24:25,660 U ejja actually-- oops, li l- mhux interessanti kif isir dan. 456 00:24:25,660 --> 00:24:30,140 Aħna litteralment fil-futur issa, li jfisser dan huwa dak 2,020 huwa simili. 457 00:24:30,140 --> 00:24:36,360 Jekk I issa rikarigu-page-- ejja tagħmel dan fil Ingognito mode-- 458 00:24:36,360 --> 00:24:40,910 jekk I rikarigu-paġna, hemm immorru. 459 00:24:40,910 --> 00:24:45,820 >> Allura issa, il-kompjuter tiegħi jaħseb huwa 2020, iżda browser tiegħi 460 00:24:45,820 --> 00:24:49,810 jaf li dan iċ-ċertifikat mill- Facebook tiskadi, naturalment, fl-2015. 461 00:24:49,810 --> 00:24:51,360 Allura huwa għoti me dan il-messaġġ aħmar. 462 00:24:51,360 --> 00:24:53,550 Issa, Thankfully, browsers bħal Chrome jkunu attwalment 463 00:24:53,550 --> 00:24:55,480 għamilha pjuttost diffiċli li tipproċedi xorta. 464 00:24:55,480 --> 00:24:57,300 Huma tassew trid lili li jmorru lura għas-sigurtà. 465 00:24:57,300 --> 00:25:00,550 >> Jekk I ikklikkja hawn fuq Advance, huwa ser jgħidlek me xi aktar dettalji. 466 00:25:00,550 --> 00:25:02,580 U jekk I verament irridu li tipproċedi, dawn ser let 467 00:25:02,580 --> 00:25:06,250 me mur facebook.com, li hija, għal darb'oħra, mhux sikuri, f'liema punt 468 00:25:06,250 --> 00:25:08,310 I ser tara homepage Facebook, bħal dan. 469 00:25:08,310 --> 00:25:10,080 Imma l-affarijiet imbagħad oħra jidhru li huma breaking. 470 00:25:10,080 --> 00:25:12,825 X'hemm probabbilment tkissir f'dan il-punt? 471 00:25:12,825 --> 00:25:13,700 UDJENZA: JavaScript. 472 00:25:13,700 --> 00:25:15,540 DAVID J. Malan: Bħall- JavaScripts u / jew CSS 473 00:25:15,540 --> 00:25:17,460 fajls huma simili jiltaqgħu dan l-iżball. 474 00:25:17,460 --> 00:25:19,830 Allura din hija biss sitwazzjoni ħażina ġenerali. 475 00:25:19,830 --> 00:25:24,790 Imma l-punt hawnhekk huwa li mill-inqas Facebook tabilħaqq jkollhom SSL ppermettiet 476 00:25:24,790 --> 00:25:30,040 għal servers tagħhom, kif ħafna websajts, do, iżda mhux neċessarjament kollha. 477 00:25:30,040 --> 00:25:33,360 >> Imma dak li mhux waħdu l-takeaway hawn. 478 00:25:33,360 --> 00:25:36,040 Jirriżulta li anke SSL Intwera 479 00:25:36,040 --> 00:25:37,810 li jkun prekarji b'xi mod. 480 00:25:37,810 --> 00:25:40,400 Hekk jien tip ta 'ssemmi li SSL, tajba. 481 00:25:40,400 --> 00:25:44,250 Fittex għall URLs HTTPS, u l-ħajja hija tajba, minħabba kollha ta 'traffiku HTTP tiegħek 482 00:25:44,250 --> 00:25:46,180 u headers u kontenut huwa encrypted. 483 00:25:46,180 --> 00:25:49,560 >> Ebda wieħed jista jinterċettaw fil- nofs, ħlief għal hekk imsejħa bniedem 484 00:25:49,560 --> 00:25:50,454 fin-nofs. 485 00:25:50,454 --> 00:25:52,870 Din hija teknika ġenerali fid-dinja ta 'sigurtà magħrufa 486 00:25:52,870 --> 00:25:54,420 bħala attakk bniedem in-the-nofs. 487 00:25:54,420 --> 00:25:57,067 Ejja ngħidu li int dan ftit laptop minn hawn fuq ix-xellug, 488 00:25:57,067 --> 00:25:59,900 u ejja ngħidu li inti qed tipprova li jżuru server hemmhekk fuq il-lemin, 489 00:25:59,900 --> 00:26:00,990 bħal facebook.com. 490 00:26:00,990 --> 00:26:03,940 >> Iżda jissoponi li, fil- bejnek u Facebook, 491 00:26:03,940 --> 00:26:07,750 huwa mazz sħiħ ta 'servers oħra u tagħmir, bħal swiċċijiet u routers, 492 00:26:07,750 --> 00:26:11,530 Servers DNS, DHCP servers, ebda wieħed minnhom aħna kontroll. 493 00:26:11,530 --> 00:26:15,280 Jista 'jiġi kkontrollat ​​mill Starbucks jew Harvard jew Comcast jew bħalhom. 494 00:26:15,280 --> 00:26:18,090 Ukoll, ejja ngħidu li xi ħadd malizzjuż, fuq network tiegħek, 495 00:26:18,090 --> 00:26:20,800 fil bejnek u Facebook, huwa kapaċi jgħidlek 496 00:26:20,800 --> 00:26:24,740 li, inti taf liema, l-indirizz IP ta ' Facebook ma jkunx dak li taħseb li hu. 497 00:26:24,740 --> 00:26:26,250 Huwa dan IP minflok. 498 00:26:26,250 --> 00:26:28,740 >> U hekk browser tiegħek tricked fis titlob 499 00:26:28,740 --> 00:26:30,750 traffiku minn ieħor kompjuter altogether. 500 00:26:30,750 --> 00:26:35,350 Ukoll, jissoponi li l-kompjuter sempliċiment tħares lejn kollha 501 00:26:35,350 --> 00:26:38,859 tat-traffiku int titlob minn Facebook u kollha tal-paġni web 502 00:26:38,859 --> 00:26:40,400 li int titlob minn Facebook. 503 00:26:40,400 --> 00:26:45,700 U kull darba li jara fit-traffiku tiegħek URL li jibda bil HTTPS, 504 00:26:45,700 --> 00:26:49,250 b'mod dinamiku, fuq il- fly, rewrites bħala HTTP. 505 00:26:49,250 --> 00:26:53,490 U kull darba li jara post header, kolon post, 506 00:26:53,490 --> 00:26:55,930 bħal nużaw biex idawwru l-utent, dawk, wisq, 507 00:26:55,930 --> 00:27:00,690 tista 'tinbidel billi dan il-bniedem fil- l-nofs minn HTTPS għal HTTP. 508 00:27:00,690 --> 00:27:04,170 >> Allura anke jekk inti stess tista taħseb li int fil-Facebook reali, 509 00:27:04,170 --> 00:27:07,860 mhuwiex li diffiċli għal avversarju bil-aċċess fiżiku 510 00:27:07,860 --> 00:27:10,630 għal network tiegħek biex sempliċiment ritorn paġni lilek li 511 00:27:10,630 --> 00:27:12,650 dehra Gmail, dik look like Facebook, 512 00:27:12,650 --> 00:27:14,880 u tabilħaqq il-URL huwa identiċi, għaliex qed 513 00:27:14,880 --> 00:27:19,410 feint jkollhom l-istess isem ospitanti minħabba xi esplojtazzjoni ta 'DNS 514 00:27:19,410 --> 00:27:21,340 jew xi sistema oħra bħal dik. 515 00:27:21,340 --> 00:27:23,894 U r-riżultat, allura, huwa li aħna bnedmin tista biss 516 00:27:23,894 --> 00:27:26,810 jirrealizzaw li, OK, dan qisu Gmail jew għall-inqas il-verżjoni anzjani, 517 00:27:26,810 --> 00:27:29,480 kif dan slide minn preżentazzjoni anzjani. 518 00:27:29,480 --> 00:27:34,250 Iżda jidher qisu this-- http://www.google.com. 519 00:27:34,250 --> 00:27:37,370 >> Allura hawnhekk, wisq, ir-realtà hija li kif ħafna minnkom, 520 00:27:37,370 --> 00:27:41,290 meta inti tmur Facebook jew Gmail jew xi website u inti taf ftit xi ħaġa 521 00:27:41,290 --> 00:27:47,060 dwar SSL, kemm minnkom fiżikament tip https: // u mbagħad il-websajt 522 00:27:47,060 --> 00:27:48,990 isem, Ikteb. 523 00:27:48,990 --> 00:27:52,940 Ħafna minna biss tip, bħal, CS50, hit Ikteb, jew F-A għall Facebook 524 00:27:52,940 --> 00:27:54,770 u hit Ikteb, u ħallieh auto-komplet. 525 00:27:54,770 --> 00:27:57,620 Iżda wara l-kwinti, jekk inti watch traffiku HTTP tiegħek, 526 00:27:57,620 --> 00:28:00,090 hemm probabilment mazz sħiħ ta 'dawk headers lokalità 527 00:28:00,090 --> 00:28:03,580 li qed tibgħat inti minn Facebook biex www.facebook.com 528 00:28:03,580 --> 00:28:07,250 li https://www.facebook.com. 529 00:28:07,250 --> 00:28:12,300 >> Allura dak tranżazzjoni waħda jew aktar HTTP fejn l-informazzjoni tiegħek huwa kompletament 530 00:28:12,300 --> 00:28:15,102 mibgħuta fil-ċar, l-ebda encryption tkun xi tkun. 531 00:28:15,102 --> 00:28:17,810 Issa, dan jista 'ma jkunx big tali jittrattaw jekk inti kollha qed tipprova tagħmel 532 00:28:17,810 --> 00:28:20,980 huwa aċċess għall-homepage, int ma tibgħat username tiegħek u password. 533 00:28:20,980 --> 00:28:23,130 Imma x'inhu taħtha il-barnuża, speċjalment 534 00:28:23,130 --> 00:28:28,130 għall-websajts bbażati fuq PHP li wkoll qed tintbagħat quddiem u lura meta 535 00:28:28,130 --> 00:28:33,820 inti żżur xi webpage jekk li użi website, ngħidu aħna, PHP 536 00:28:33,820 --> 00:28:37,370 u timplimenta l-funzjonalità simili pset7? 537 00:28:37,370 --> 00:28:40,840 Dak li kien qed jintbagħtu lura u lura fl headers HTTP tiegħek li ħadt 538 00:28:40,840 --> 00:28:44,903 aċċess għal dan pretty utli super globali fil-PHP? 539 00:28:44,903 --> 00:28:45,710 >> Udjenza: Cookies. 540 00:28:45,710 --> 00:28:49,020 >> DAVID J. Malan: Cookies, speċifikament cookie ID-PHP sess. 541 00:28:49,020 --> 00:28:53,100 Allura recall, jekk immorru, jiġifieri, cs50.harvard.edu darb'oħra, 542 00:28:53,100 --> 00:28:56,440 iżda din id-darba, ejja tiftaħ il- Tab Network, u issa, hawn, 543 00:28:56,440 --> 00:29:01,570 ejja litteralment biss jmorru li http://cs50.harvard.edu 544 00:29:01,570 --> 00:29:03,030 u mbagħad hit Ikteb. 545 00:29:03,030 --> 00:29:05,520 U mbagħad tħares lejn l-iskrin stabbiliti hawn. 546 00:29:05,520 --> 00:29:09,600 Avviż li aħna tabilħaqq ltqajna lura 301 mċaqalqa b'mod permanenti 547 00:29:09,600 --> 00:29:12,820 messaġġ, li jfisser li hemm header post hawn, 548 00:29:12,820 --> 00:29:15,610 li issa hija ridirezzjonar lili biex HTTPS. 549 00:29:15,610 --> 00:29:21,330 >> Iżda l-qabda hija li, jekk I diġà kellha cookie stampata fuq naħa tiegħi virtwalment, 550 00:29:21,330 --> 00:29:25,890 kif konna diskussi qabel, u I-xorta tal-bniedem tal unknowingly 551 00:29:25,890 --> 00:29:29,090 biss żjara l prekarju verżjoni, u browser tiegħi tikkonsidraha 552 00:29:29,090 --> 00:29:34,020 lilha nnifisha biex juri li timbru idejn għall l-ewwel talba, li huwa permezz HTTP, 553 00:29:34,020 --> 00:29:36,610 kull bniedem fin-nofs, kwalunkwe avversarju fin-nofs, 554 00:29:36,610 --> 00:29:39,380 jista 'teoretikament biss tara dawk headers HTTP, biss 555 00:29:39,380 --> 00:29:40,980 simili aħna qed tħares lejn lilhom hawnhekk. 556 00:29:40,980 --> 00:29:43,310 Huwa biss ladarba int tkellem lil HTTPS 557 00:29:43,310 --> 00:29:47,780 URL ma li-timbru idejn innifsu jiksbu encrypted, a la Caesar jew Vigenere, 558 00:29:47,780 --> 00:29:50,500 iżda ma 'algoritmu fancier għal kollox. 559 00:29:50,500 --> 00:29:53,611 Allura hawnhekk, wisq, anki jekk websajts użu HTTPS, 560 00:29:53,611 --> 00:29:56,860 aħna bnedmin ġew kondizzjonati, grazzi għal tekniki awto-kompluti u oħrajn, 561 00:29:56,860 --> 00:29:59,827 li lanqas biss jaħsbu dwar l-implikazzjonijiet potenzjali. 562 00:29:59,827 --> 00:30:01,160 Issa, hemm modi madwar dan. 563 00:30:01,160 --> 00:30:03,140 Per eżempju, ħafna websajts jistgħu jiġu kkonfigurati 564 00:30:03,140 --> 00:30:05,848 sabiex, ladarba inti għandek dan idejn timbru, inti tista 'tgħid il-browser, 565 00:30:05,848 --> 00:30:07,750 dan it-timbru idejn huwa biss għall-konnessjonijiet SSL. 566 00:30:07,750 --> 00:30:11,702 Il-browser ma għandha tippreżenta lili sakemm huwa fuq SSL. 567 00:30:11,702 --> 00:30:13,410 Iżda bosta websajts ma jolqot ma 'dak. 568 00:30:13,410 --> 00:30:17,260 U ħafna websajts apparentement ma lanqas biss jitħajru ma SSL fil-livelli kollha. 569 00:30:17,260 --> 00:30:20,540 >> Allura għal aktar fuq li, hemm attwalment saħansitra aktar ħmieġ din il-preżentazzjoni 570 00:30:20,540 --> 00:30:24,010 li sħabi taw fil-hekk imsejħa iswed konferenza hat ftit ta 'snin ilu, 571 00:30:24,010 --> 00:30:26,468 fejn hemm anke oħrajn nies tricks malizzjużi użaw. 572 00:30:26,468 --> 00:30:28,630 Inti tista 'recall dan kunċett ta 'favicon, li 573 00:30:28,630 --> 00:30:32,270 huwa bħal logo ftit li l- spiss fil-tieqa tal-brawżer. 574 00:30:32,270 --> 00:30:34,610 Ukoll, dak li kien komuni fost guys ħżiena huwa 575 00:30:34,610 --> 00:30:36,340 biex tagħmel ikoni illamtat li jixbhu dak? 576 00:30:36,340 --> 00:30:39,054 577 00:30:39,054 --> 00:30:39,970 UDJENZA: [inaudible]. 578 00:30:39,970 --> 00:30:40,280 DAVID J. Malan: Say mill-ġdid? 579 00:30:40,280 --> 00:30:41,490 UDJENZA: Il-websajts. 580 00:30:41,490 --> 00:30:42,130 DAVID J. Malan: Mhux websajt. 581 00:30:42,130 --> 00:30:43,394 Allura favicon, icon ftit żgħira. 582 00:30:43,394 --> 00:30:45,560 Liema jkun l-aktar malizzjużi, ħaġa manipulattivi 583 00:30:45,560 --> 00:30:47,832 inti tista 'tagħmel l-website tiegħek icon default look like? 584 00:30:47,832 --> 00:30:48,790 UDJENZA: A lock aħdar. 585 00:30:48,790 --> 00:30:49,080 DAVID J. Malan: X'hemm li? 586 00:30:49,080 --> 00:30:50,160 UDJENZA: A lock aħdar ftit. 587 00:30:50,160 --> 00:30:51,960 DAVID J. Malan: Bħall lock aħdar, eżattament. 588 00:30:51,960 --> 00:30:55,242 Allura inti jista 'jkollhom dan estetiku ta 'katnazz aħdar ftit, 589 00:30:55,242 --> 00:30:57,950 ssemmi għad-dinja, oh, aħna qed jiżguraw, meta, għal darb'oħra, kollha dan ifisser 590 00:30:57,950 --> 00:31:00,210 huwa li inti taf xi HTML. 591 00:31:00,210 --> 00:31:02,895 Allura ħtif sessjoni tirreferi għal eżattament dan. 592 00:31:02,895 --> 00:31:05,936 Jekk għandek xi ħadd li tip ta ' xamm l-frekwenzi radjuteleviżivi f'din il-kamra hawn 593 00:31:05,936 --> 00:31:09,150 jew ikollu aċċess fiżiku għal network u tista 'tara cookies tiegħek, 594 00:31:09,150 --> 00:31:12,152 hu jew hi jistgħu grab li Cookie ID PHP sess. 595 00:31:12,152 --> 00:31:13,860 U mbagħad, jekk dawn qed sofistikati biżżejjed biex tkun taf 596 00:31:13,860 --> 00:31:18,200 kif tibgħat dak il-cookie bħala tagħhom stess timbru idejn biss billi jikkopja dak il-valur 597 00:31:18,200 --> 00:31:20,860 u jibgħat l-headers HTTP, xi ħadd jista 'faċilment 598 00:31:20,860 --> 00:31:23,510 log fi kwalunkwe ta 'l-Facebook kontijiet jew kontijiet Gmail 599 00:31:23,510 --> 00:31:27,355 jew kontijiet Twitter li huma hawn, miftuħa fil-kamra, jekk int ma tuża SSL 600 00:31:27,355 --> 00:31:31,500 u jekk il-websajt hija ma jużawx SSL b'mod korrett. 601 00:31:31,500 --> 00:31:33,690 >> Mela ejja transizzjoni lejn xulxin. 602 00:31:33,690 --> 00:31:34,700 Allura istorja vera ieħor. 603 00:31:34,700 --> 00:31:38,680 U dan biss kissru fil- aħbarijiet ġimgħa jew tnejn ilu. 604 00:31:38,680 --> 00:31:41,520 Verizon kienet tagħmel ħaġa ħażen ħafna, 605 00:31:41,520 --> 00:31:45,110 u bħala aqwa nies tista 'tgħid, mill-inqas mill-2012, li biha, 606 00:31:45,110 --> 00:31:51,550 meta inti tagħmel aċċess websajts permezz ta 'Verizon cellphone, tkun xi manifattur huwa, 607 00:31:51,550 --> 00:31:54,150 kienu presumptuously, kif l-istorja tmur, 608 00:31:54,150 --> 00:31:59,890 tinjetta fis kollha ta 'HTTP tiegħek traffiku header HTTP tagħhom stess. 609 00:31:59,890 --> 00:32:04,040 U li header jistenna bħal this-- X-UIDH. 610 00:32:04,040 --> 00:32:06,465 UID huwa bħal unika identifikatur jew l-utent ID. 611 00:32:06,465 --> 00:32:09,660 U X ifisser biss dan huwa custom header li mhux standard. 612 00:32:09,660 --> 00:32:11,720 >> Imma dak li dan ifisser hija li, jekk I pull up, 613 00:32:11,720 --> 00:32:14,640 per eżempju, kwalunkwe websajt fuq here-- mobile tiegħi 614 00:32:14,640 --> 00:32:18,310 u jien jużaw Verizon bħala carrier-- tiegħi anki jekk browser tiegħi jista 'ma jkunx 615 00:32:18,310 --> 00:32:21,110 tkun qed tibgħat din HTTP header, Verizon, malli 616 00:32:21,110 --> 00:32:23,650 bħala l-sinjal jilħaq tagħhom torri cellphone x'imkien, 617 00:32:23,650 --> 00:32:28,187 ilha għal xi żmien tinjetta din header fis kollha ta 'traffiku HTTP tagħna. 618 00:32:28,187 --> 00:32:29,020 Għalfejn huma jagħmlu dan? 619 00:32:29,020 --> 00:32:31,920 Probabbilment minħabba raġjunijiet traċċar, għal raġunijiet ta 'reklamar. 620 00:32:31,920 --> 00:32:36,280 >> Iżda d-deċiżjoni tad-disinn moronic hawnhekk hija li header HTTP, 621 00:32:36,280 --> 00:32:41,090 kif inti guys taf minn pset6, tasal minn xi web server 622 00:32:41,090 --> 00:32:42,540 li int titlob traffiku tal. 623 00:32:42,540 --> 00:32:44,248 Allura dan il-ħin, jekk inti kont qed iżżur 624 00:32:44,248 --> 00:32:48,019 Facebook jew Gmail jew xi websajt li ma jużax SSL l-time-- 625 00:32:48,019 --> 00:32:49,810 u fil-fatt, dawk tnejn Thankfully issa do-- 626 00:32:49,810 --> 00:32:52,670 iżda websites oħra li ma jużawx SSL il-ħin kollu, 627 00:32:52,670 --> 00:32:54,930 Verizon għandha essenzjalment ġew tħawwil, bil-forza, 628 00:32:54,930 --> 00:32:58,180 timbru idejn fuq kollha ta 'tagħna idejn li anke aħna ma tara, 629 00:32:58,180 --> 00:33:00,330 iżda, il-websajts tmiem do. 630 00:33:00,330 --> 00:33:02,890 U għalhekk ma kienx li diffiċli għal xi ħadd fuq l-internet 631 00:33:02,890 --> 00:33:05,245 tmexxija ta 'web server li realizzata, ooh, dan huwa David, 632 00:33:05,245 --> 00:33:09,340 jew, ooh, dan huwa Davin, anke jekk aħna qed rigoruża dwar ikklerjar cookies tagħna, 633 00:33:09,340 --> 00:33:10,772 għaliex mhuwiex ġejjin minn us. 634 00:33:10,772 --> 00:33:11,980 Huwa li ġejjin mit-trasportatur. 635 00:33:11,980 --> 00:33:14,896 >> Huma jagħmlu Lookup fuq numru tat-telefon tiegħek u mbagħad jgħidu, oh, dan huwa David. 636 00:33:14,896 --> 00:33:18,890 Let me tinjetta identifikatur uniku hekk li min jirriklama tagħna jew min jista 637 00:33:18,890 --> 00:33:19,850 iżżomm kont ta 'dan. 638 00:33:19,850 --> 00:33:23,769 Allura dan huwa attwalment ħafna, ħafna, ħażina ħafna u horrifying. 639 00:33:23,769 --> 00:33:26,060 U jien ninkoraġġukom biex tagħti ħarsa, per eżempju, 640 00:33:26,060 --> 00:33:29,950 f'dan URL, li għandi jiċħadx I attwalment ppruvaw din dalgħodu. 641 00:33:29,950 --> 00:33:31,970 I kiteb b'kitba ftit, poġġih fil dan il-URL, 642 00:33:31,970 --> 00:33:34,770 żar bl Verizon tiegħi stess Cellphone wara tidwir Wi-Fi off. 643 00:33:34,770 --> 00:33:38,010 Allura inti għandek biex inbiddlu Wi-Fi off sabiex inti qed tuża 3G jew LTE jew bħalhom. 644 00:33:38,010 --> 00:33:40,010 U mbagħad, jekk inti żżur dan il-URL, kollha din l-iskrittura 645 00:33:40,010 --> 00:33:41,770 ma għalik guys, jekk inti tixtieq li jilagħbu, 646 00:33:41,770 --> 00:33:45,380 ma huwa spits out dak HTTP headers telefon tiegħek hija li jibgħat lill-server tagħna. 647 00:33:45,380 --> 00:33:48,510 U I attwalment, fil-ġustizzja, ma ma tara dan dalgħodu, li 648 00:33:48,510 --> 00:33:51,430 jagħmel me think jew lokali torri cellphone I kien konness ma 649 00:33:51,430 --> 00:33:55,160 jew whatnot qed ma nagħmilx hekk, jew li ħadthom appoġġjati off ta 'kif isir dan temporanjament. 650 00:33:55,160 --> 00:33:58,160 Iżda għal aktar informazzjoni, li ras għal dan il-URL hawn. 651 00:33:58,160 --> 00:34:00,680 >> U issa li this-- dan komiks jista 'jagħmel sens. 652 00:34:00,680 --> 00:34:03,530 653 00:34:03,530 --> 00:34:04,030 No? 654 00:34:04,030 --> 00:34:04,530 OK. 655 00:34:04,530 --> 00:34:05,390 Kull dritt. 656 00:34:05,390 --> 00:34:06,310 Li miet. 657 00:34:06,310 --> 00:34:07,240 Kull dritt. 658 00:34:07,240 --> 00:34:11,330 >> Mela ejja tagħti ħarsa lejn koppja ta 'aktar attakki, jekk biss biex iqajmu kuxjenza dwar 659 00:34:11,330 --> 00:34:13,179 u mbagħad joffru koppja soluzzjonijiet potenzjali 660 00:34:13,179 --> 00:34:14,430 hekk li int l-aktar konxja. 661 00:34:14,430 --> 00:34:17,305 Dan wieħed tkellimna dwar l-ieħor jum, iżda ma jagħtu l-isem lilha. 662 00:34:17,305 --> 00:34:22,360 Huwa talba falsifikazzjoni cross-sit, li huwa mod eċċessivament fancy ta 'tgħid 663 00:34:22,360 --> 00:34:26,489 inti trick utent fis tikklikkja fuq URL bħal dan, li tricks minnhom 664 00:34:26,489 --> 00:34:28,280 fis xi mġiba li ma kinitx intenzjonata. 665 00:34:28,280 --> 00:34:30,710 >> F'dan il-każ, dan jidher li għandha tipprova trick me 666 00:34:30,710 --> 00:34:32,920 fis-bejgħ f'ishma tiegħi ta 'Google. 667 00:34:32,920 --> 00:34:36,810 U dan se tirnexxi jekk I, il-programmer ta pset7, 668 00:34:36,810 --> 00:34:40,409 m'għamlux dak? 669 00:34:40,409 --> 00:34:44,739 Jew pjuttost, b'mod iktar ġenerali, f'dak li każijiet am I vulnerabbli għal attakk 670 00:34:44,739 --> 00:34:49,460 Jekk xi ħadd tricks utent ieħor fis tikklikkja URL bħal din? 671 00:34:49,460 --> 00:34:49,960 Yeah? 672 00:34:49,960 --> 00:34:52,500 >> UDJENZA: Inti ma jiddistingwux bejn IKOLLOK u POST. 673 00:34:52,500 --> 00:34:52,760 >> DAVID J. Malan: Tajba. 674 00:34:52,760 --> 00:34:54,850 Jekk aħna ma jiddistingwux bejn IKOLLOK u POST, 675 00:34:54,850 --> 00:34:57,950 u tabilħaqq, jekk inħallu IKOLLOK għall-bejgħ affarijiet, 676 00:34:57,950 --> 00:35:00,284 aħna qed tistieden dan it-tip ta 'attakk. 677 00:35:00,284 --> 00:35:01,950 Iżda aħna xorta jistgħu jtaffu kemmxejn. 678 00:35:01,950 --> 00:35:04,283 And I kkummentaw, I think, aħħar ġimgħa li Amazon inqas 679 00:35:04,283 --> 00:35:08,180 tipprova biex jittaffa dan ma 'teknika li pjuttost sempliċi. 680 00:35:08,180 --> 00:35:11,860 Xi jkun ħaġa intelliġenti tagħmel tkun fuq server tiegħek, 681 00:35:11,860 --> 00:35:14,652 aktar milli biss bl-addoċċ bejgħ ikun x'ikun simbolu it-tipi utent fil-? 682 00:35:14,652 --> 00:35:15,984 UDJENZA: Konferma ta 'tip? 683 00:35:15,984 --> 00:35:19,320 DAVID J. Malan: A iskrin konferma, xi ħaġa li tinvolvi interazzjoni tal-bniedem 684 00:35:19,320 --> 00:35:21,300 hekk li jiena sfurzati li tagħmel is-sejħa sentenza, 685 00:35:21,300 --> 00:35:23,930 anki jekk stajt naively għafast rabta li tidher bħal dan 686 00:35:23,930 --> 00:35:27,760 u wasslitni għall-iskrin cell, fi inqas talabni biex jikkonfermaw jew jiċħdu. 687 00:35:27,760 --> 00:35:32,460 Imma mhux attakk mhux komuni, speċjalment fl-hekk imsejħa phishing jew spam simili 688 00:35:32,460 --> 00:35:33,280 attakki. 689 00:35:33,280 --> 00:35:34,890 >> Issa, dan wieħed huwa ftit aktar sottili. 690 00:35:34,890 --> 00:35:37,060 Dan huwa attakk scripting cross-site. 691 00:35:37,060 --> 00:35:39,250 U dan jiġri jekk tiegħek websajt ma tuża 692 00:35:39,250 --> 00:35:41,260 l-ekwivalenti ta 'htmlspecialchars. 693 00:35:41,260 --> 00:35:45,160 U huwa teħid jintuza mill-utent u biss bl-addoċċ tinjettaha ġo web page, 694 00:35:45,160 --> 00:35:48,170 bħala li jistampa jew eku, with-- again-- out ssejjaħ xi ħaġa 695 00:35:48,170 --> 00:35:49,710 bħal htmlspecialchars. 696 00:35:49,710 --> 00:35:52,602 >> Allura jissoponi l-websajt kwistjoni hija vulnerable.com. 697 00:35:52,602 --> 00:35:55,620 U jissoponi li taċċetta parametru imsejjaħ q. 698 00:35:55,620 --> 00:35:59,040 Ħares lejn dak li jista 'jiġri jekk I attwalment, Guy ħażina, 699 00:35:59,040 --> 00:36:02,360 tip fi jew trick utent fis jżuru URL li qisu this-- 700 00:36:02,360 --> 00:36:05,900 q = lametta iskrittura miftuħa, magħluqa tag iskrittura. 701 00:36:05,900 --> 00:36:08,480 U għal darb'oħra, jien jekk wieħed jassumi li vulnerable.com mhuwiex 702 00:36:08,480 --> 00:36:11,740 ser dawran perikolużi karattri bħal parentesi miftuħa 703 00:36:11,740 --> 00:36:15,570 f'entitajiet HTML, l- ampersand, L-T, ħaġa virgola 704 00:36:15,570 --> 00:36:17,090 li inti tista raw qabel. 705 00:36:17,090 --> 00:36:18,900 >> Imma dak li hu l-iskrittura jew kodiċi JavaScript 706 00:36:18,900 --> 00:36:21,160 Jien tipprova trick għal utent fis eżekuzzjoni? 707 00:36:21,160 --> 00:36:25,420 Ukoll, document.location jirreferi biex indirizz kurrenti browser tiegħi. 708 00:36:25,420 --> 00:36:29,400 Hekk jekk nagħmel document.location =, dan jippermetti lili biex idawwru l-utent 709 00:36:29,400 --> 00:36:30,830 fl JavaScript lil website. 710 00:36:30,830 --> 00:36:34,290 Huwa simili funzjoni PHP tagħna idawwru, iżda jsir fil-JavaScript. 711 00:36:34,290 --> 00:36:35,900 >> Fejn am I jippruvaw jibagħtu l-utent? 712 00:36:35,900 --> 00:36:40,110 Well, apparentement, badguy.com/log.php, li hija xi iskrittura, apparentement, 713 00:36:40,110 --> 00:36:43,530 il-Guy ħażina kiteb, li jieħu parametru imsejjaħ cookie. 714 00:36:43,530 --> 00:36:46,790 >> U l-avviż, liema do I jidhru li huma concatenating 715 00:36:46,790 --> 00:36:49,190 fuq it-tmiem ta 'dak is-sinjal ugwali? 716 00:36:49,190 --> 00:36:52,030 Ukoll, xi ħaġa li jgħid document.cookie. 717 00:36:52,030 --> 00:36:53,320 Aħna ma tkellmu dwar dan. 718 00:36:53,320 --> 00:36:55,730 Iżda jirriżulta, fl JavaScript, bħal fil PHP, 719 00:36:55,730 --> 00:36:59,770 inti tista 'aċċess kollha tal-cookies li browser tiegħek huwa attwalment tuża. 720 00:36:59,770 --> 00:37:02,180 >> Allura l-effett ta 'dan wieħed linja tal-kodiċi, jekk utent 721 00:37:02,180 --> 00:37:06,440 huwa tricked fis tikklikkja fuq din ir-rabta u l-vulnerable.com websajt ma 722 00:37:06,440 --> 00:37:10,000 jaħarbu bl htmlspecialchars, huwa li inti għandek biss b'mod effettiv 723 00:37:10,000 --> 00:37:13,660 tittella log.php kollha tal-cookies tiegħek. 724 00:37:13,660 --> 00:37:17,300 U li mhux dejjem dik problematika, ħlief jekk waħda minn dawk cookies 725 00:37:17,300 --> 00:37:20,040 huwa sessjoni ID tiegħek, tiegħek hekk imsejħa timbru idejn, li 726 00:37:20,040 --> 00:37:26,470 ifisser badguy.com jistgħu jagħmlu tiegħu jew tagħha stess Talbiet HTTP, jibgħat dak l-istess naħa 727 00:37:26,470 --> 00:37:30,210 timbru, dik l-istess header cookie, u log fis x'ikun website 728 00:37:30,210 --> 00:37:33,680 inti kienu jżuru, li fil- f'dan il-każ huwa vulnerable.com. 729 00:37:33,680 --> 00:37:35,940 Huwa scripting cross-sit attakk fis-sens 730 00:37:35,940 --> 00:37:38,130 li int tip ta 'tricking sit wieħed fis javżak 731 00:37:38,130 --> 00:37:43,560 sit ieħor dwar xi informazzjoni m'għandux, fil-fatt, ikollhom aċċess għall. 732 00:37:43,560 --> 00:37:46,510 >> Kull dritt, lesta għal wieħed dettall tħassib ieħor? 733 00:37:46,510 --> 00:37:49,970 Kull dritt, id-dinja hija post scary, leġittimament hekk. 734 00:37:49,970 --> 00:37:52,480 Hawn sempliċi Eżempju JavaScript thats 735 00:37:52,480 --> 00:37:54,847 fil-kodiċi sors tal-lum imsejħa lokalità ġeografika 0 u 1. 736 00:37:54,847 --> 00:37:56,930 U hemm koppja walkthroughs online għal dan. 737 00:37:56,930 --> 00:37:59,920 >> U ma li ġejjin jekk I tiftaħ din il-paġna web fil Chrome. 738 00:37:59,920 --> 00:38:04,590 Hija l-ewwel ma xejn. 739 00:38:04,590 --> 00:38:07,300 OK, aħna ser nippruvaw dan mill-ġdid. 740 00:38:07,300 --> 00:38:07,800 Oh. 741 00:38:07,800 --> 00:38:10,990 742 00:38:10,990 --> 00:38:13,370 Le, dan għandu jagħmel xi ħaġa. 743 00:38:13,370 --> 00:38:16,500 OK, stand by. 744 00:38:16,500 --> 00:38:18,200 >> Ejja nippruvaw dan darba aktar. 745 00:38:18,200 --> 00:38:21,285 746 00:38:21,285 --> 00:38:21,785 [Inaudible] 747 00:38:21,785 --> 00:38:26,941 748 00:38:26,941 --> 00:38:29,444 Ah, OK, mhux ċert għaliex the-- oh, il-appliance 749 00:38:29,444 --> 00:38:31,360 probabbilment mitlufa internet aċċess għal xi raġuni. 750 00:38:31,360 --> 00:38:32,840 Kull dritt, hekk jiġri lili, wisq. 751 00:38:32,840 --> 00:38:34,650 >> Kull dritt, hekk avviż x'inhu għaddej hawn. 752 00:38:34,650 --> 00:38:37,300 Dan cryptic li tħares URL, li huwa biss wieħed ta 'server CS50, 753 00:38:37,300 --> 00:38:41,130 jixtieq li juża kompjuter tiegħi lokazzjoni, bħall fiżikament tfisser. 754 00:38:41,130 --> 00:38:45,160 U jekk, tabilħaqq, I ikklikkja fuq Ħalli, ejja ara dak li jiġri. 755 00:38:45,160 --> 00:38:49,030 Apparentement, dan huwa latitudni kurrenti tiegħi u lonġitudinali koordinati isfel 756 00:38:49,030 --> 00:38:51,660 għal riżoluzzjoni pretty darn tajba. 757 00:38:51,660 --> 00:38:53,310 >> Allura kif ma nasal fuq dan? 758 00:38:53,310 --> 00:38:57,620 Kif ma din il-websajt, bħal server CS50, jafu fiżikament fejn fid-dinja 759 00:38:57,620 --> 00:38:59,600 I am, aħseb u ara ma 'dak preċiżjoni. 760 00:38:59,600 --> 00:39:01,990 Ukoll, dawriet out-- ejja biss tħares lejn source-- tal-paġna 761 00:39:01,990 --> 00:39:05,280 li fil hawn huwa mazz ta 'HTML fi il-qiegħ li l-ewwel għandha this-- 762 00:39:05,280 --> 00:39:09,080 onload korp = "geolocate" - biss funzjoni I kiteb. 763 00:39:09,080 --> 00:39:11,840 >> U jien qal, fuq it-tagħbija il-paġna, sejħa geolocate. 764 00:39:11,840 --> 00:39:13,750 U allura hemm xejn fil-ġisem, għaliex 765 00:39:13,750 --> 00:39:16,270 fir-ras tal-paġna, Avviż dak li għandi hawn. 766 00:39:16,270 --> 00:39:18,090 Hawn funzjoni geolocate tiegħi. 767 00:39:18,090 --> 00:39:23,560 U dan huwa biss uħud żball checking-- jekk it-tip ta 'navigator.geolocation 768 00:39:23,560 --> 00:39:24,490 mhuwiex indefinit. 769 00:39:24,490 --> 00:39:26,240 Allura JavaScript għandha dan mekkaniżmu fejn inti 770 00:39:26,240 --> 00:39:28,270 tista 'tgħid, dak li huwa l- tip ta 'dan il-varjabbli? 771 00:39:28,270 --> 00:39:30,790 U jekk mhuwiex undefined-- li jfisser li huwa xi value-- 772 00:39:30,790 --> 00:39:35,940 Jien ser sejħa navigator.geolocation.getCurrentPosition 773 00:39:35,940 --> 00:39:37,230 u mbagħad callback. 774 00:39:37,230 --> 00:39:37,750 >> X'hemm dan? 775 00:39:37,750 --> 00:39:39,916 Allura b'mod ġenerali, dak li huwa callback, biss biex tkun ċara? 776 00:39:39,916 --> 00:39:42,890 Inti jista 'jkollok ltaqgħu magħhom dan diġà fil pset8. 777 00:39:42,890 --> 00:39:44,790 Callback l ġeneriku tul biex isir dak? 778 00:39:44,790 --> 00:39:48,430 779 00:39:48,430 --> 00:39:49,554 Jħoss simili biss lili llum. 780 00:39:49,554 --> 00:39:50,470 UDJENZA: [inaudible]. 781 00:39:50,470 --> 00:39:53,322 782 00:39:53,322 --> 00:39:55,280 DAVID J. Malan: Eżattament, funzjoni li għandha 783 00:39:55,280 --> 00:39:57,330 jintalab biss meta aħna jkollhom data. 784 00:39:57,330 --> 00:40:01,510 Din is-sejħa għall-browser, nikseb kurrenti tiegħi pożizzjoni, jista 'jieħu millisekonda waħda, 785 00:40:01,510 --> 00:40:02,720 jista 'jieħu minuta. 786 00:40:02,720 --> 00:40:06,960 X'inhu dan ifisser huwa li aħna qed ngħidu il-metodu get getCurrentPosition, 787 00:40:06,960 --> 00:40:09,910 sejħa din il-funzjoni callback, li jiena litteralment jismu callback 788 00:40:09,910 --> 00:40:13,150 għas-sempliċità, liema apparentement dan wieħed hawn. 789 00:40:13,150 --> 00:40:16,290 >> U l-mod getCurrentPosition xogħlijiet, sempliċiment mill-qari d-dokumentazzjoni 790 00:40:16,290 --> 00:40:19,540 għal xi kodiċi JavaScript online, huwa li huwa jappella li l-hekk imsejħa callback 791 00:40:19,540 --> 00:40:23,220 , funzjoni jgħaddi fis hu oġġett JavaScript, 792 00:40:23,220 --> 00:40:28,970 ġewwa tiegħu huwa .coords.latitude u .coords.longitude, 793 00:40:28,970 --> 00:40:32,140 li huwa eżattament kif, imbagħad, meta I tgħabba mill-ġdid din il-paġna, 794 00:40:32,140 --> 00:40:33,985 I kien kapaċi biex tara post tiegħi hawn. 795 00:40:33,985 --> 00:40:35,610 Issa, mill-inqas kien hemm difiża hawn. 796 00:40:35,610 --> 00:40:37,820 Qabel I miżjura din il-paġna, meta fil-fatt maħduma, 797 00:40:37,820 --> 00:40:40,935 dak li kien I-inqas imqanqla għall? 798 00:40:40,935 --> 00:40:42,180 >> UDJENZA: [inaudible]. 799 00:40:42,180 --> 00:40:44,200 >> DAVID J. Malan: Iva jew no-- do inti tixtieq li jippermettu jew li tiċħad dan? 800 00:40:44,200 --> 00:40:46,630 Imma naħseb, wisq, dwar il-drawwiet inti guys għandek probabbilment adottati, 801 00:40:46,630 --> 00:40:48,330 kemm fuq it-telefowns tiegħek u browsers tiegħek. 802 00:40:48,330 --> 00:40:50,390 Ħafna minna, myself inklużi, huma probabbilment 803 00:40:50,390 --> 00:40:54,960 pretty predisposti dawn days-- inti tara pop-up, biss tidħol, OK, japprova, 804 00:40:54,960 --> 00:40:55,730 Jippermettu. 805 00:40:55,730 --> 00:40:59,070 U dejjem aktar, inti tista 'tpoġġi lilek innifsek f'riskju għal dawn ir-raġunijiet. 806 00:40:59,070 --> 00:41:03,280 >> Allura fil-fatt, kien hemm dan bug isbaħ ftit snin ago-- jew nuqqas ta 'feature-- 807 00:41:03,280 --> 00:41:08,250 li iTunes kellha ftit snin ilu, li biha, jekk kellek cell phone, 808 00:41:08,250 --> 00:41:12,000 u kien iPhone, u inti xellug dar tiegħek 809 00:41:12,000 --> 00:41:15,600 u għalhekk vvjaġġaw madwar id-dinja jew il-lokal, dan il-ħin, 810 00:41:15,600 --> 00:41:17,819 telefon tiegħek kienet logging fejn inti via GPS. 811 00:41:17,819 --> 00:41:20,610 U dan huwa attwalment żvelata, u n-nies tip ta 'jistennew dan issa. 812 00:41:20,610 --> 00:41:21,930 Telefon tiegħek ikun jaf fejn int. 813 00:41:21,930 --> 00:41:24,990 Iżda l-problema kienet li, meta inti kienu rinforz up 814 00:41:24,990 --> 00:41:29,260 telefon tiegħek biex iTunes-- dan kien qabel il-ġranet ta iCloud, li huwa għall-aħjar 815 00:41:29,260 --> 00:41:33,960 jew għall worse-- l-informazzjoni kienet qed tiġi maħżuna fil iTunes, kompletament unencrypted. 816 00:41:33,960 --> 00:41:37,370 Mela jekk għandek familja jew roommates jew ġar malizzjużi li s 817 00:41:37,370 --> 00:41:41,430 kurjużi dwar litteralment kull GPS jikkoordinaw qatt kellek biex, 818 00:41:41,430 --> 00:41:43,300 hu jew hi tista 'biss joqogħdu bilqegħda fuq iTunes, run 819 00:41:43,300 --> 00:41:46,540 xi softwer li kien liberament disponibbli, u jipproduċu mapep bħal dan. 820 00:41:46,540 --> 00:41:48,680 >> Fil-fatt, dan huwa dak I prodotta tat-telefon tiegħi stess. 821 00:41:48,680 --> 00:41:49,380 I pplaggjat fil. 822 00:41:49,380 --> 00:41:51,670 U jidher qisu, ibbażata fuq l-tikek blu hemmhekk, 823 00:41:51,670 --> 00:41:53,900 li fejn aktar ta ' il-koordinati GPS kienu 824 00:41:53,900 --> 00:41:56,680 logged permezz iTunes li jien kien fil-Grigal hemmhekk. 825 00:41:56,680 --> 00:42:00,030 Imma jien apparentement traveled madwar daqsxejn, anke fi ħdan Massachusetts. 826 00:42:00,030 --> 00:42:01,950 >> Allura dak Boston Harbor hemm fuq il-lemin. 827 00:42:01,950 --> 00:42:04,430 C'est tip ta 'Cambridge u Boston, fejn huwa l-aktar skur. 828 00:42:04,430 --> 00:42:07,660 U kultant, I imur errands għal ġeografija akbar. 829 00:42:07,660 --> 00:42:11,464 >> Iżda iTunes, għas-snin, kellha, bħala l-aħjar I tista 'tgħid, kollha ta' din id-data fuqi. 830 00:42:11,464 --> 00:42:13,380 Inti tista 'tgħid li, dik is-sena, I kien attwalment 831 00:42:13,380 --> 00:42:17,990 jivvjaġġaw ħafna bejn Boston u New York, jmorru quddiem u lura 832 00:42:17,990 --> 00:42:18,830 u quddiem u lura. 833 00:42:18,830 --> 00:42:22,660 U fil-fatt, dan huwa me fuq Amtrak, dahar u lura, u lura, pjuttost ftit. 834 00:42:22,660 --> 00:42:25,970 Kollha ta 'dan kien qed illoggjat u maħżuna encrypted fuq il-kompjuter tiegħi 835 00:42:25,970 --> 00:42:28,520 għal kulmin jista 'jkollhom aċċess għall-kompjuter tiegħi. 836 00:42:28,520 --> 00:42:29,480 >> Dan kien tħassib. 837 00:42:29,480 --> 00:42:32,180 Ma kontx naf għaliex I kien fil-Pennsylvania jew għaliex 838 00:42:32,180 --> 00:42:35,277 telefon tiegħi kien fil-Pennsylvania, apparentement pjuttost densament. 839 00:42:35,277 --> 00:42:37,360 U mbagħad, finalment, Fittixt fil GCAL tiegħi, u, oh, I 840 00:42:37,360 --> 00:42:39,880 żar CMU, Carnegie Mellon, fil-ħin. 841 00:42:39,880 --> 00:42:42,031 U Phew, dak it-tip ta ' spjega li blip. 842 00:42:42,031 --> 00:42:43,780 U mbagħad, jekk inti zoom out ulterjuri, inti tista 843 00:42:43,780 --> 00:42:46,850 tara I miżjura San Francisco darbiet aktar allura wieħed jew, 844 00:42:46,850 --> 00:42:51,140 u I anke kellhom layover fil dak Naħseb huwa Vegas, stabbiliti hemmhekk. 845 00:42:51,140 --> 00:42:54,120 Allura kollha ta this-- biss layover, fl-ajruport. 846 00:42:54,120 --> 00:42:56,420 >> UDJENZA: [Rires] 847 00:42:56,420 --> 00:43:00,760 >> Allura dan huwa biss li jgħidu li dawn problemi, onestament, huma omnipreżenti. 848 00:43:00,760 --> 00:43:02,780 U biss iħoss dejjem aktar simili hemm 849 00:43:02,780 --> 00:43:05,810 aktar u aktar ta 'dan ma jinkixef, li probabbilment hija ħaġa tajba. 850 00:43:05,810 --> 00:43:08,390 I daresay, id-dinja mhix tiggrava fil-kitba software. 851 00:43:08,390 --> 00:43:10,520 Aħna qed jkollna aħjar, nisperaw, fil jinnota 852 00:43:10,520 --> 00:43:13,037 kif bad ċertu softwer huwa li aħna qed jużaw. 853 00:43:13,037 --> 00:43:14,870 U Thankfully, xi kumpaniji qed jibdew 854 00:43:14,870 --> 00:43:17,080 jinżammu responsabbli għal dan. 855 00:43:17,080 --> 00:43:19,080 >> Imma liema tipi ta 'difiżi inti jista 'jkollhom fil-moħħ? 856 00:43:19,080 --> 00:43:23,610 Allura minbarra maniġers password, bħal 1Password u LastPass u oħrajn, 857 00:43:23,610 --> 00:43:27,340 minbarra biss passwords jinbidlu tiegħek u toħroġ ma 'dawk każwali 858 00:43:27,340 --> 00:43:29,700 permezz ta 'softwer bħall- li, inti tista 'wkoll tipprova 859 00:43:29,700 --> 00:43:31,700 bħala l-aħjar li tista 'biex kriptaġġ kollha ta 'traffiku tiegħek 860 00:43:31,700 --> 00:43:34,680 għal mill-inqas dejqa-żona ta 'theddida. 861 00:43:34,680 --> 00:43:38,100 Allura per eżempju, bħala affiljati Harvard, inti kollha tista 'tmur vpn.harvard.edu 862 00:43:38,100 --> 00:43:41,010 u l-log ma ID Harvard tiegħek u PIN. 863 00:43:41,010 --> 00:43:49,350 U dan se tistabbilixxi sigura konnessjoni bejn inti u Harvard. 864 00:43:49,350 --> 00:43:51,150 >> Issa, dan ma neċessarjament tipproteġi lilek 865 00:43:51,150 --> 00:43:54,360 kontra kwalunkwe theddid li huma bejn Harvard u Facebook jew Harvard 866 00:43:54,360 --> 00:43:54,861 u Gmail. 867 00:43:54,861 --> 00:43:56,735 Imma jekk int seduta f'ajruport jew int 868 00:43:56,735 --> 00:43:59,260 seduta fil Starbucks jew int seduta fil-post ta 'ħabib, 869 00:43:59,260 --> 00:44:02,730 u inti ma verament fiduċja fihom jew tagħhom konfigurazzjoni tal router dar tagħhom, 870 00:44:02,730 --> 00:44:04,970 inqas inti tista 'tistabbilixxi konnessjoni sigura 871 00:44:04,970 --> 00:44:10,260 lil entità bħal dan il-post li l- probabbilment ftit aħjar assigurati 872 00:44:10,260 --> 00:44:12,437 minn xi ħaġa bħal Starbucks jew simili. 873 00:44:12,437 --> 00:44:14,270 U dak li dan ma huwa hija tistabbilixxi, għal darb'oħra, 874 00:44:14,270 --> 00:44:16,300 encryption bejnek u l-endpoint. 875 00:44:16,300 --> 00:44:17,880 >> Anki fancier huma affarijiet bħal dan. 876 00:44:17,880 --> 00:44:20,000 Sabiex xi wħud minnkom jista 'diġà ikun familjari mal-Tor, 877 00:44:20,000 --> 00:44:22,930 li huwa dan it-tip ta 'anonimizzazzjoni network, li biha lottijiet ta 'nies, 878 00:44:22,930 --> 00:44:26,640 jekk huma mmexxija dan is-software, ir-rotta sussegwentement internet tagħhom 879 00:44:26,640 --> 00:44:27,990 traffiku permezz xulxin. 880 00:44:27,990 --> 00:44:31,460 Għalhekk il-punt iqsar huwa m'għadhomx bejn A u B. 881 00:44:31,460 --> 00:44:35,850 Iżda jista 'jkun madwar il- post hekk li int essenzjalment 882 00:44:35,850 --> 00:44:40,742 jkopru binarji wieħed u jħallu inqas ta 'rekord dwar fejn HTTP tiegħek 883 00:44:40,742 --> 00:44:43,950 traffiku ġew minn, għaliex dan huwa għaddej permezz mazz sħiħ ta 'l nies oħrajn 884 00:44:43,950 --> 00:44:45,990 laptops jew desktops, għall-aħjar jew għall-agħar. 885 00:44:45,990 --> 00:44:48,180 >> Iżda anke din mhix ħaġa surefire. 886 00:44:48,180 --> 00:44:51,560 Xi wħud minnkom jista 'recall aħħar sena il-biża bomba li kienet imsejħa fl. 887 00:44:51,560 --> 00:44:54,662 U kien traċċjati finalment għal utent li kienet użat dan in-netwerk hawnhekk. 888 00:44:54,662 --> 00:44:57,870 U l-qabda hemmhekk, kif niftakar, huwa, jekk ikun hemm mhux li ħafna nies oħra 889 00:44:57,870 --> 00:45:02,190 użu ta 'softwer bħal dan jew jużaw dan il-port u l-protokoll, 890 00:45:02,190 --> 00:45:06,250 mhuwiex li diffiċli għal netwerk li anki figura li, b'xi probabbilità, 891 00:45:06,250 --> 00:45:08,950 kienet fil-fatt anonimità traffiku tiegħu jew tagħha. 892 00:45:08,950 --> 00:45:12,030 >> U jien ma nafx jekk dawk kienu l- partikolaritajiet attwali in kwistjoni. 893 00:45:12,030 --> 00:45:15,400 Iżda żgur, tirrealizza li l-ebda dawn huma soluzzjonijiet surefire, kif ukoll. 894 00:45:15,400 --> 00:45:18,820 U l-għan hawn illum huwa li l-inqas inti tikseb jaħsbu dwar dawn l-affarijiet 895 00:45:18,820 --> 00:45:23,140 u toħroġ bi tekniki għall tiddefendi ruħek kontra tagħhom. 896 00:45:23,140 --> 00:45:28,858 Kwalunkwe mistoqsijiet fuq kollha tal-theddid li tistenna minnkom hemmhekk, u fil hawn? 897 00:45:28,858 --> 00:45:29,358 Yeah? 898 00:45:29,358 --> 00:45:29,858 899 00:45:29,858 --> 00:45:31,793 UDJENZA: Kif sigura do aħna nistennew li l-medja 900 00:45:31,793 --> 00:45:35,210 [? website li tkun,] bħal il-proġett medja CS50? 901 00:45:35,210 --> 00:45:38,530 >> DAVID J. Malan: Il- proġett medja CS50? 902 00:45:38,530 --> 00:45:43,190 Huwa dejjem ippruvat kull sena li xi proġetti finali CS50 mhumiex 903 00:45:43,190 --> 00:45:44,530 partikolarment sigur. 904 00:45:44,530 --> 00:45:47,940 Normalment, huwa xi roommate jew hallmate l-figuri dan out 905 00:45:47,940 --> 00:45:51,200 billi jibgħat talbiet għall-proġett tiegħek. 906 00:45:51,200 --> 00:45:55,230 >> Answer-- qasir kemm websites huma sikuri? 907 00:45:55,230 --> 00:45:57,450 Jien picking dwar anomaliji llum. 908 00:45:57,450 --> 00:46:00,640 Bhalu kien biss happenstance li I induna li din il-websajt 909 00:46:00,640 --> 00:46:03,390 Stajt ġiet tordna dawn franchement arranġamenti Delicious from-- 910 00:46:03,390 --> 00:46:05,348 u M'inix ċert I ser tieqaf tuża websajt tagħhom; 911 00:46:05,348 --> 00:46:08,030 I tista 'biss bidla tiegħi password aktar regularly-- 912 00:46:08,030 --> 00:46:11,320 mhuwiex ċar kemm vulnerabbli dawn kollha various-- 913 00:46:11,320 --> 00:46:12,970 dan huwa attwalment koperti ċikkulata. 914 00:46:12,970 --> 00:46:16,172 915 00:46:16,172 --> 00:46:19,130 Ir-risposta qasira, I ma tistax twieġeb li effettiv, minbarra li jgħidu li din 916 00:46:19,130 --> 00:46:22,150 Ma kienx li diffiċli għalija li isibu xi wħud minn dawn l-eżempji biss 917 00:46:22,150 --> 00:46:24,040 għall-fini ta 'diskussjoni fil-lecture. 918 00:46:24,040 --> 00:46:26,456 U biss żżomm għajnejk fuq Google News u riżorsi oħra 919 00:46:26,456 --> 00:46:29,590 se jġibu l-aktar ta ' dawn it-tipi ta 'affarijiet għad-dawl. 920 00:46:29,590 --> 00:46:32,460 >> Kull dritt, ejja jikkonkludu ma 'dan prequel 921 00:46:32,460 --> 00:46:36,870 li t-tim CS50 tal ħejja għalik fl-antiċipazzjoni ta 'l-Hackathon CS50. 922 00:46:36,870 --> 00:46:39,763 U fuq tiegħek mod out fil- mument, frott ser jiġi servut. 923 00:46:39,763 --> 00:46:40,429 [Daqq ta 'video] 924 00:46:40,429 --> 00:46:43,595 [MUSIC Fergie, TIP Q, U GOONROCK, "A LITTLE PARTY QATT maqtula ħadd (ALL 925 00:46:43,595 --> 00:46:44,373 WE GOT) "] 926 00:46:44,373 --> 00:48:08,880 927 00:48:08,880 --> 00:48:13,467 >> - [Snoring] 928 00:48:13,467 --> 00:48:14,300 [END daqq ta 'video] 929 00:48:14,300 --> 00:48:15,420 DAVID J. Malan: Li lilha għall CS50. 930 00:48:15,420 --> 00:48:16,544 Aħna ser tara int nhar l-Erbgħa. 931 00:48:16,544 --> 00:48:20,670 932 00:48:20,670 --> 00:48:25,840 [MUSIC - SKRILLEX, "JIEN" TRY IT OUT "] 933 00:48:25,840 --> 00:51:47,776