1 00:00:00,000 --> 00:00:11,300 2 00:00:11,300 --> 00:00:15,490 >> DAVID J. Malan: Hii ni CS50, na hii ni mwanzo wa wiki 10. 3 00:00:15,490 --> 00:00:19,460 Unaweza kukumbuka kwamba tumekuwa umeonyesha juu ya screen 3D printer, ambayo 4 00:00:19,460 --> 00:00:21,610 ni kifaa hiki kwamba inachukua spools ya plastiki 5 00:00:21,610 --> 00:00:24,840 na kisha extrudes hivyo kwa inapokanzwa up na kiwango hivyo kwamba tunaweza kisha 6 00:00:24,840 --> 00:00:27,310 kuunda jeshi Chang ya tembo, kwa mfano. 7 00:00:27,310 --> 00:00:29,184 >> Hivyo katika LEVERETT House, ingawa, hivi karibuni, mimi 8 00:00:29,184 --> 00:00:31,850 ilikuwa kuzungumza na moja ya yako wanafunzi wenzao na rafiki wa Chang ya 9 00:00:31,850 --> 00:00:35,720 aitwaye Michelle, ambaye kwa kweli interned katika kampuni hii nyingine mwaka huu zamani kwamba 10 00:00:35,720 --> 00:00:40,010 ina mbinu mbalimbali kwa ajili ya kweli kujenga tatu-dimensional vitu, 11 00:00:40,010 --> 00:00:41,890 kama hii kidogo kidogo tembo hapa. 12 00:00:41,890 --> 00:00:45,550 Hasa, njia hii kazi ni kwamba ni mfano wa kitu 13 00:00:45,550 --> 00:00:49,740 aitwaye stereolithography, ambapo kuna bonde hili la resin au kioevu, 14 00:00:49,740 --> 00:00:53,340 na kisha laser mgomo kwamba kioevu, na hatua kwa hatua, kifaa 15 00:00:53,340 --> 00:00:56,990 hissar na hissar na akanyanyua jambo kwamba wewe ni uchapishaji, kama tembo, 16 00:00:56,990 --> 00:00:58,676 kama kioevu kwamba inakuwa imara. 17 00:00:58,676 --> 00:01:00,550 Na matokeo, kwa kweli, ni kitu ambacho ni 18 00:01:00,550 --> 00:01:04,194 zaidi imara zaidi kuliko baadhi ya plastiki giveaways baadhi yenu 19 00:01:04,194 --> 00:01:04,819 Huenda alikuwa. 20 00:01:04,819 --> 00:01:06,860 >> Na nini Chang kindly alifanya kwa ajili yetu hapa mara 21 00:01:06,860 --> 00:01:12,210 alifanya wakati-lapse kutumia picha juu ya mwendo wa saa moja au zaidi, 22 00:01:12,210 --> 00:01:14,580 pengine, kuzalisha guy hii hapa. 23 00:01:14,580 --> 00:01:19,060 Ingekuwa mtu ambaye kamwe kuja kabla ya kama kuja kugonga Mwanzo kwenye video hii? 24 00:01:19,060 --> 00:01:21,250 Napenda kwenda na jinsi kuhusu huko. 25 00:01:21,250 --> 00:01:21,790 Kuja juu juu. 26 00:01:21,790 --> 00:01:24,960 27 00:01:24,960 --> 00:01:25,460 Wote haki. 28 00:01:25,460 --> 00:01:29,250 29 00:01:29,250 --> 00:01:29,896 Na wewe ni? 30 00:01:29,896 --> 00:01:31,270 LUKE: jina langu Luke [inaudible]. 31 00:01:31,270 --> 00:01:31,700 DAVID J. Malan: Hi, Luke. 32 00:01:31,700 --> 00:01:32,695 Nice kukutana na wewe. 33 00:01:32,695 --> 00:01:33,653 >> LUKE: Nice kukutana na wewe. 34 00:01:33,653 --> 00:01:35,120 Watazamaji: Yeye mbio kwa UC. 35 00:01:35,120 --> 00:01:38,640 >> DAVID J. Malan: Mimi najua, sisi ni kujaribu si kukuza. 36 00:01:38,640 --> 00:01:41,240 Haki wote, hivyo Luke, kila una kufanya hapa katika CS50 37 00:01:41,240 --> 00:01:45,829 kupigwa nafasi bar magazeti tembo huu. 38 00:01:45,829 --> 00:01:46,495 [Video avspelning] 39 00:01:46,495 --> 00:01:49,988 - [MASHINE whirring] 40 00:01:49,988 --> 00:02:00,467 41 00:02:00,467 --> 00:02:01,964 - [Ajali ya] 42 00:02:01,964 --> 00:02:04,459 - [BOOM] 43 00:02:04,459 --> 00:02:06,147 - [Ajali ya] 44 00:02:06,147 --> 00:02:06,980 [MWISHO video avspelning] 45 00:02:06,980 --> 00:02:09,370 DAVID J. Malan: Hivyo kwamba ni hasa nini ni kama kwa 3D magazeti. 46 00:02:09,370 --> 00:02:10,453 Na hapa ni tembo yako. 47 00:02:10,453 --> 00:02:12,100 Shukrani kwa ajili ya kujitolea. 48 00:02:12,100 --> 00:02:12,830 Wote haki. 49 00:02:12,830 --> 00:02:16,580 Hivyo tena, kwa vipimo kwa mradi wa mwisho, vifaa hii kwamba 50 00:02:16,580 --> 00:02:18,890 inapatikana na wewe guys yaani, kwa sababu fulani, 51 00:02:18,890 --> 00:02:21,870 mradi wako ina baadhi ya makutano ya programu na vifaa, 52 00:02:21,870 --> 00:02:24,650 kutambua kwamba hizi ni sasa rasilimali. 53 00:02:24,650 --> 00:02:27,750 >> Nilitaka kuchukua muda moja kwa kugusa juu ya makala Crimson waliotoka 54 00:02:27,750 --> 00:02:30,541 marehemu jana usiku, ambayo ilikuwa kutangaza kwamba huyu hapa, David 55 00:02:30,541 --> 00:02:33,920 Johnson, ambaye imekuwa mwandamizi preceptor kwa EC 10 kwa muda kabisa, 56 00:02:33,920 --> 00:02:36,210 ni kuacha Harvard katika mwisho wa mwaka wa masomo. 57 00:02:36,210 --> 00:02:38,390 Na mimi nilitaka kuchukua muda, uaminifu, 58 00:02:38,390 --> 00:02:41,620 kuwashukuru Daudi mbele ya CS50. 59 00:02:41,620 --> 00:02:44,360 Yeye imekuwa mshauri wa aina kwetu zaidi ya miaka. 60 00:02:44,360 --> 00:02:46,980 >> Na mimi kuhisi kama sisi, CS50, na badala mzima na EC 10 61 00:02:46,980 --> 00:02:48,870 katika hapa, kwani wao ni haki mbele yetu. 62 00:02:48,870 --> 00:02:52,040 Na yeye na timu nzima katika EC 10 ina imekuwa ya ajabu neema, kusema ukweli, 63 00:02:52,040 --> 00:02:55,410 kama sisi lug katika yote ya vifaa vya wetu kila mmoja na kila wiki, na miaka iliyopita, 64 00:02:55,410 --> 00:02:57,320 zinazotolewa mpango mkubwa shauri kama tulikuwa 65 00:02:57,320 --> 00:02:59,520 curious kama jinsi kazi EC 10. 66 00:02:59,520 --> 00:03:02,640 Hivyo shukrani yetu na Pongezi kwa Daudi Johnson. 67 00:03:02,640 --> 00:03:06,560 >> [Makofi] 68 00:03:06,560 --> 00:03:08,030 69 00:03:08,030 --> 00:03:12,180 >> Sasa, unrelatedly, hivyo mwisho ni kweli karibu. 70 00:03:12,180 --> 00:03:13,630 Sisi hapa katika wiki 10. 71 00:03:13,630 --> 00:03:15,920 Na sisi tu tu wiki kadhaa rasmi 72 00:03:15,920 --> 00:03:18,320 hapa katika darasa kushoto, ikifuatiwa na michache ya matukio. 73 00:03:18,320 --> 00:03:21,860 Hivyo kukupa hisia ya nini juu ya upeo wa macho, hapa sisi ni leo. 74 00:03:21,860 --> 00:03:24,480 >> Jumatano hii, kukumbuka, tutaweza kuwa mgeni hotuba 75 00:03:24,480 --> 00:03:27,040 na mwingine zaidi Microsoft ya mwenyewe Steve Ballmer. 76 00:03:27,040 --> 00:03:31,740 Kama wameweza bado wamekwenda cs50.harvard.edu/register, 77 00:03:31,740 --> 00:03:33,360 kufanya hivyo, tangu nafasi itakuwa mdogo. 78 00:03:33,360 --> 00:03:36,447 Na watakuwa kuangalia Vitambulisho vya mlangoni siku hii. 79 00:03:36,447 --> 00:03:38,280 Kama ungekuwa si hapa wiki iliyopita, mimi nilifikiri d 80 00:03:38,280 --> 00:03:41,850 tease wewe kwa kuangalia tofauti katika Steve na msisimko kwamba 81 00:03:41,850 --> 00:03:44,215 watapata sisi juu ya Jumatano. 82 00:03:44,215 --> 00:03:45,205 >> [Video avspelning] 83 00:03:45,205 --> 00:03:46,195 >> -Passion. 84 00:03:46,195 --> 00:03:50,650 >> -We're Itakuwa hardcore-- hardcore. 85 00:03:50,650 --> 00:03:51,640 >> -Innovator. 86 00:03:51,640 --> 00:03:53,339 >> -Bill Alisema, huna kupata. 87 00:03:53,339 --> 00:03:55,130 Sisi ni kwenda kuweka kompyuta kila dawati 88 00:03:55,130 --> 00:03:58,690 na katika kila nyumba, ambayo ilikuwa Wito kwa kampuni. 89 00:03:58,690 --> 00:04:01,850 Naapa, Bill zuliwa yake usiku kwa kweli nipe 90 00:04:01,850 --> 00:04:04,370 baadhi ya maono ya nini mimi lazima kusema ndiyo. 91 00:04:04,370 --> 00:04:07,280 Sijawahi inaonekana nyuma, kweli, baada ya hapo. 92 00:04:07,280 --> 00:04:10,010 >> -Fresh Nje ya chuo, yeye alijiunga startup fledgling 93 00:04:10,010 --> 00:04:14,450 na alisaidia ni kukua katika moja ya Amerika ya zaidi biashara ya mafanikio ya milele. 94 00:04:14,450 --> 00:04:16,920 maisha ya biashara na masomo ya kujifunza njiani 95 00:04:16,920 --> 00:04:19,925 awe nyuma yake utoto shauku na upendo. 96 00:04:19,925 --> 00:04:24,650 Na wale uzoefu kuwa tayari naye kwa changamoto ijayo yake katika maisha. 97 00:04:24,650 --> 00:04:27,150 >> -Nothing Anapata katika way-- boom yetu! 98 00:04:27,150 --> 00:04:29,330 Kuendelea kuja hardcore! 99 00:04:29,330 --> 00:04:31,150 Kwenda CLIPPERS! 100 00:04:31,150 --> 00:04:38,627 >> -Hii Ni Steve Ballmer, "Katika maneno Yangu Mwenyewe." 101 00:04:38,627 --> 00:04:39,460 [MWISHO video avspelning] 102 00:04:39,460 --> 00:04:41,240 DAVID J. Malan: --this Jumatano CS50. 103 00:04:41,240 --> 00:04:43,080 Kichwa tena URL hii hapa. 104 00:04:43,080 --> 00:04:46,500 Kama kwa ajili ya kile kingine ni juu ya upeo wa macho, wiki ijayo, hakuna hotuba siku ya Jumatatu. 105 00:04:46,500 --> 00:04:50,020 Lakini tutakuwa zifuatazo kwamba na jaribio moja juu ya Jumatano. 106 00:04:50,020 --> 00:04:54,390 Kwenda kwenye ukurasa wa mwanzo CS50 kwa maelezo juu ya watu, maeneo, na mara 107 00:04:54,390 --> 00:04:57,640 kwa wote wa proctoring mbalimbali vifaa na kama, 108 00:04:57,640 --> 00:05:00,190 vile vile kuhusu mapitio vikao kwamba ni ujao. 109 00:05:00,190 --> 00:05:06,479 Na kisha, mwisho, siku ya Jumatatu, siku kabla ya wiki ya Shukrani mapumziko, 110 00:05:06,479 --> 00:05:08,020 kutambua hilo itakuwa hotuba yetu ya mwisho. 111 00:05:08,020 --> 00:05:11,490 Sisi kuwatumikia keki na kubwa mpango wa msisimko, tunatarajia. 112 00:05:11,490 --> 00:05:13,976 >> Sasa, wanandoa wa updates nyingine. 113 00:05:13,976 --> 00:05:16,350 Weka akilini kwamba hali ya Ripoti hiyo, ambayo ni kweli tu 114 00:05:16,350 --> 00:05:20,430 maana ya kuwa mwingiliano wa kawaida na TF yako kujigamba hali tu 115 00:05:20,430 --> 00:05:23,106 jinsi mbali pamoja na yako mradi wa mwisho wewe ni, 116 00:05:23,106 --> 00:05:24,980 au angalau kama sanity kuangalia kwamba lazima 117 00:05:24,980 --> 00:05:27,250 kuwa inakaribia kuwa kumweka baada ya muda mfupi. 118 00:05:27,250 --> 00:05:28,660 Hackathon kisha ifuatavyo kwamba. 119 00:05:28,660 --> 00:05:30,800 Kutambua hackathon si nafasi 120 00:05:30,800 --> 00:05:33,690 kuanzisha mradi wako wa mwisho, lakini ni maana ya kuwa na nafasi 121 00:05:33,690 --> 00:05:37,040 kuwa katikati ya au kuelekea mwisho wa mradi yako ya mwisho, 122 00:05:37,040 --> 00:05:41,030 na utekelezaji kutokana chache Siku kadhaa baadaye, ikifuatiwa na CS50 haki. 123 00:05:41,030 --> 00:05:43,330 >> Sasa, uzalishaji CS50 ya timu, miaka michache iliyopita, 124 00:05:43,330 --> 00:05:46,127 kuweka pamoja teaser kwa CS50 haki kwamba sisi 125 00:05:46,127 --> 00:05:48,710 mawazo tunatarajia kuonyesha leo, kwa sababu wao tumekuwa bidii katika kazi 126 00:05:48,710 --> 00:05:51,930 juu ya prequel kwa kuwa, video mpya kwamba tutaweza kuhitimisha leo na. 127 00:05:51,930 --> 00:05:57,694 Lakini hapa ni nini watapata wewe kwa mwaka huu CS50 haki. 128 00:05:57,694 --> 00:05:58,360 [Video avspelning] 129 00:05:58,360 --> 00:06:00,680 - [Cell phone kupigia] 130 00:06:00,680 --> 00:06:07,624 131 00:06:07,624 --> 00:06:11,117 [MZIKI "mandhari kutoka MISSION: haiwezekani"] 132 00:06:11,117 --> 00:08:47,065 133 00:08:47,065 --> 00:08:52,820 [MWISHO video avspelning] 134 00:08:52,820 --> 00:08:56,840 DAVID J. Malan: Hivyo kwamba ni hasa jinsi sisi karibu maoni ya mwisho ya mradi. 135 00:08:56,840 --> 00:08:59,220 michache ya sasa teasers-- kama Ningependa kujiunga Nick hapa 136 00:08:59,220 --> 00:09:02,740 kwa chakula cha mchana, kama kawaida, hii Ijumaa, kichwa na URL hii hapa. 137 00:09:02,740 --> 00:09:05,530 Aidha, kama ungependa kujiunga Nick au hii Nick 138 00:09:05,530 --> 00:09:08,770 au hii Allison au yoyote wanachama wa timu ya CS50 wa, 139 00:09:08,770 --> 00:09:11,110 kutambua kwamba, muda mfupi baada ya mwisho mrefu wa, 140 00:09:11,110 --> 00:09:13,780 CS50 itakuwa tayari kuwa kuajiri kwa ajili ya timu ya mwaka ujao, 141 00:09:13,780 --> 00:09:18,130 kwa CAS, TFS, wabunifu, wazalishaji, watafiti, na nafasi nyingine 142 00:09:18,130 --> 00:09:21,790 kwamba hapa kazi CS50 wote katika mbele na nyuma ya pazia. 143 00:09:21,790 --> 00:09:25,482 Hivyo kama hii inaweza kuwa ya riba na wewe, kichwa na URL hii hapa. 144 00:09:25,482 --> 00:09:28,190 Na wanafunzi vizuri zaidi, chini ya starehe, na mahali fulani katika 145 00:09:28,190 --> 00:09:31,710 kati ya sawa ni wote kuwakaribisha na moyo ya kuomba. 146 00:09:31,710 --> 00:09:34,920 >> Hivyo ilikuwa muda kamili kwamba, hakuna utani, asubuhi hii, wakati nilipoamka, 147 00:09:34,920 --> 00:09:37,220 Mimi nilikuwa hii hapa spam Inbox yangu. 148 00:09:37,220 --> 00:09:39,420 Ni kweli slipped kupitia Gmail spam filter 149 00:09:39,420 --> 00:09:41,659 namna fulani na kuishia katika Inbox yangu halisi. 150 00:09:41,659 --> 00:09:43,700 Na inasema, "Ndugu mailbox user, wewe ni sasa 151 00:09:43,700 --> 00:09:45,240 uppdaterade 4 gigabytes wa nafasi. 152 00:09:45,240 --> 00:09:50,750 Tafadhali kuingia katika akaunti yako ili adhibitishe E-nafasi. " 153 00:09:50,750 --> 00:09:54,100 >> Na kisha kuna hii ya bluu nzuri Huwaongoza kiungo hapo click kwenye 154 00:09:54,100 --> 00:09:59,480 kwa Kitivo na wafanyakazi, ambayo kisha aliniongoza ukurasa wa ajabu halali, ambayo 155 00:09:59,480 --> 00:10:02,300 akaniuliza kuwapa jina langu na barua pepe na, bila shaka, 156 00:10:02,300 --> 00:10:05,090 password ili adhibitishe Mimi ni nani na kadhalika. 157 00:10:05,090 --> 00:10:09,330 Lakini bila shaka, kama ni mara ya kesi, kuwasili katika ukurasa huu kutua, 158 00:10:09,330 --> 00:10:11,370 na bila shaka, kuna typo angalau moja, 159 00:10:11,370 --> 00:10:14,840 ambayo inaonekana kuwa msumari katika jeneza la yoyote ya scams haya. 160 00:10:14,840 --> 00:10:17,890 Na tutaweza post, labda, baadhi ya mengine viungo hizi aina ya shots screen 161 00:10:17,890 --> 00:10:18,473 katika siku zijazo. 162 00:10:18,473 --> 00:10:22,535 Lakini hopefully, watu wengi katika chumba hii si clicked-- 163 00:10:22,535 --> 00:10:24,410 au hata kama wameweza clicked viungo kama huu, 164 00:10:24,410 --> 00:10:28,040 wewe si wamekwenda mbali kama kujaza fomu hizo na kadhalika. 165 00:10:28,040 --> 00:10:30,210 Kwa kweli, ni sawa kama una. 166 00:10:30,210 --> 00:10:33,410 Tutaweza kujaribu kurekebisha kwamba leo, kwa sababu, Hakika, mazungumzo ya leo ni 167 00:10:33,410 --> 00:10:34,450 kuhusu usalama. 168 00:10:34,450 --> 00:10:36,500 >> Na kwa kweli, moja ya malengo ya CS50 ni si 169 00:10:36,500 --> 00:10:38,980 sana kufundisha CE au PHP au JavaScript au SQL 170 00:10:38,980 --> 00:10:41,610 au yoyote ya hizi msingi utekelezaji maelezo. 171 00:10:41,610 --> 00:10:45,612 Lakini ni kuwawezesha wewe kama binadamu tu kufanya maamuzi nadhifu kama 172 00:10:45,612 --> 00:10:48,070 inahusiana na teknolojia chini barabara ili, kama wewe ni 173 00:10:48,070 --> 00:10:51,370 mhandisi au Utu au mwanasayansi au jukumu nyingine yoyote, 174 00:10:51,370 --> 00:10:54,970 wewe ni maamuzi maamuzi kuhusu mwenyewe kompyuta yako matumizi, 175 00:10:54,970 --> 00:10:56,980 au kama wewe ni katika kufanya maamuzi nafasi, 176 00:10:56,980 --> 00:10:59,250 katika siasa, hasa, wewe ni kufanya mengi, 177 00:10:59,250 --> 00:11:02,770 maamuzi bora zaidi kuliko mengi ya binadamu leo ​​wamekuwa. 178 00:11:02,770 --> 00:11:04,830 Na tutaweza kufanya hivyo kwa njia ya mifano michache. 179 00:11:04,830 --> 00:11:09,030 >> Kwanza, mimi nilikuwa badala kushangaa hivi karibuni kugundua yafuatayo. 180 00:11:09,030 --> 00:11:11,120 Hivyo nywila, bila shaka, ni nini wengi wetu 181 00:11:11,120 --> 00:11:18,030 kutumia kulinda email yetu data--, kuzungumza, na kila aina ya rasilimali kama hiyo. 182 00:11:18,030 --> 00:11:23,020 Na tu kwa awkward-- si kuonyesha ya mikono, lakini inaonekana aibu ya aibu, 183 00:11:23,020 --> 00:11:26,600 jinsi wengi kutumia nywila sawa katika mengi ya Nje tofauti? 184 00:11:26,600 --> 00:11:28,020 >> Oh, sawa, hivyo tutaweza kufanya mikono. 185 00:11:28,020 --> 00:11:30,950 OK, hivyo mengi ya kufanya. 186 00:11:30,950 --> 00:11:33,770 Mtu yeyote ambaye hana huu, tu kwa nini? 187 00:11:33,770 --> 00:11:35,078 Na nini? 188 00:11:35,078 --> 00:11:36,537 Yeah? 189 00:11:36,537 --> 00:11:39,870 Watazamaji: Ni rahisi kukumbuka, kwa sababu huna kukumbuka [inaudible]. 190 00:11:39,870 --> 00:11:41,703 DAVID J. Malan: Yeah, ni rahisi kukumbuka. 191 00:11:41,703 --> 00:11:44,560 Ni kikamilifu busara, Tabia ya busara, 192 00:11:44,560 --> 00:11:46,920 ingawa hatari wewe ni kuweka mwenyewe 193 00:11:46,920 --> 00:11:50,540 saa katika kesi hizi ni tu moja au zaidi ya wale tovuti 194 00:11:50,540 --> 00:11:54,510 ni mazingira magumu na Hacking au usalama au password yako tu 195 00:11:54,510 --> 00:11:57,130 hivyo darn guessable, mtu yeyote anaweza takwimu ni nje. 196 00:11:57,130 --> 00:11:59,850 Si tu ni akaunti moja kuathirika, lakini katika nadharia, yoyote 197 00:11:59,850 --> 00:12:01,280 akaunti una kwenye mtandao. 198 00:12:01,280 --> 00:12:04,550 Hivyo najua mimi anaweza kusema leo, hawana kutumia nywila sawa kila mahali, 199 00:12:04,550 --> 00:12:06,450 lakini hiyo ni mengi rahisi kusema kuliko kutenda. 200 00:12:06,450 --> 00:12:10,850 Lakini kuna mbinu kwa kupunguza wasiwasi kwamba fulani. 201 00:12:10,850 --> 00:12:14,030 >> Sasa, mimi kutokea, kwa mfano, kwa kutumia mpango aitwaye 1Password. 202 00:12:14,030 --> 00:12:16,010 Mwingine mmoja maarufu inaitwa LastPass. 203 00:12:16,010 --> 00:12:19,030 Na rundo la CS50 matumizi ya wafanyakazi moja au zaidi ya aina hii ya zana. 204 00:12:19,030 --> 00:12:20,940 Na hadithi muda mfupi, takeaway moja kwa leo 205 00:12:20,940 --> 00:12:25,080 lazima, ndiyo, unaweza kuwa password sawa kila mahali, 206 00:12:25,080 --> 00:12:27,260 lakini ni rahisi sana tena kufanya hivyo. 207 00:12:27,260 --> 00:12:31,260 Kwa mfano, siku hizi, najua labda moja ya kadhaa yangu au mamia 208 00:12:31,260 --> 00:12:31,910 ya nywila. 209 00:12:31,910 --> 00:12:33,990 Yote ya nywila yangu nyingine ni Pseudo-nasibu 210 00:12:33,990 --> 00:12:36,046 yanayotokana na moja ya programu hizi hapa. 211 00:12:36,046 --> 00:12:38,420 Na kwa kifupi, na hata ingawa wengi wa programu hizi 212 00:12:38,420 --> 00:12:41,487 huwa na kuja na kidogo ya gharama, ungependa kufunga mpango kama huu, 213 00:12:41,487 --> 00:12:43,820 ungependa basi kuhifadhi yote ya majina ya watumiaji yako na nywila 214 00:12:43,820 --> 00:12:46,960 ndani ya mpango huu katika yako mwenyewe Mac au PC au whatnot, 215 00:12:46,960 --> 00:12:49,290 na basi itakuwa encrypted kwenye kompyuta yako 216 00:12:49,290 --> 00:12:51,599 na nini hopefully password hasa kwa muda mrefu. 217 00:12:51,599 --> 00:12:54,140 Hivyo nina rundo zima la nywila kwa ajili ya Nje ya mtu binafsi, 218 00:12:54,140 --> 00:12:56,390 na kisha mimi kuwa kweli password muda mrefu kwamba mimi 219 00:12:56,390 --> 00:12:59,059 kutumia kufungua yote ya wale nywila nyingine. 220 00:12:59,059 --> 00:13:00,850 Na nini ni nzuri kuhusu programu kama hii ni 221 00:13:00,850 --> 00:13:04,016 kwamba, wakati wewe kutembelea tovuti hiyo ni kuuliza kwa jina na password yako, 222 00:13:04,016 --> 00:13:06,304 siku hizi, sijui aina katika jina la mtumiaji yangu na password, 223 00:13:06,304 --> 00:13:08,970 kwa sababu, tena, sijui hata kujua nini zaidi ya nywila yangu ni. 224 00:13:08,970 --> 00:13:12,180 Mimi badala kugonga keyboard njia ya mkato, matokeo ya ambayo 225 00:13:12,180 --> 00:13:15,990 ni kusababisha programu hii kwa kuchochea mimi kwa bwana password yangu. 226 00:13:15,990 --> 00:13:18,780 Mimi basi aina ya kwamba moja kubwa password katika, na kisha browser 227 00:13:18,780 --> 00:13:21,090 moja kwa moja fyller katika nini password yangu ni. 228 00:13:21,090 --> 00:13:24,960 Hivyo kweli, kama wewe kuchukua kitu kingine mbali na leo katika suala la siri, 229 00:13:24,960 --> 00:13:28,440 hizi ni programu ambayo ni ya thamani kushusha au kuwekeza katika hivyo 230 00:13:28,440 --> 00:13:30,750 kuwa unaweza angalau mapumziko tabia hiyo hasa. 231 00:13:30,750 --> 00:13:33,374 Na kama wewe ni aina hiyo ni kutumia baada ya Ni maelezo au like-- 232 00:13:33,374 --> 00:13:37,310 na tabia mbaya ni angalau mmoja wenu is-- tabia hiyo, pia, inatosha kusema, 233 00:13:37,310 --> 00:13:38,340 lazima kuvunjwa. 234 00:13:38,340 --> 00:13:42,360 >> Sasa, mimi kilichotokea kwa kugundua, kama matokeo ya kutumia programu, kufuatia. 235 00:13:42,360 --> 00:13:45,690 Mimi nilikuwa kuagiza Mpangilio kula, kikapu hii ya matunda, hivi karibuni. 236 00:13:45,690 --> 00:13:49,380 Na mimi hit keyboard yangu maalum njia ya mkato ya kuingia kwenye tovuti. 237 00:13:49,380 --> 00:13:53,325 Na programu yalisababisha pop-up kwamba alisema, wewe ni kuhakikisha 238 00:13:53,325 --> 00:13:55,950 unataka mimi moja kwa moja kuwasilisha jina hili la mtumiaji na password? 239 00:13:55,950 --> 00:13:57,690 Kwa sababu uhusiano ni salama. 240 00:13:57,690 --> 00:14:01,450 >> uhusiano si kutumia HTTPS, kwa amani, 241 00:14:01,450 --> 00:14:04,900 kutumia itifaki inajulikana kama SSL, Salama Sockets Tabaka. 242 00:14:04,900 --> 00:14:07,640 Na kwa kweli, kama ukiangalia juu kushoto wa tovuti hii, 243 00:14:07,640 --> 00:14:12,880 ni tu www.ediblearrangements.com, hakuna HTTPS, ambayo si nzuri. 244 00:14:12,880 --> 00:14:15,480 >> Sasa, nilikuwa curious-- labda hii ni tu mdudu katika programu. 245 00:14:15,480 --> 00:14:19,240 Hakika, baadhi ya tovuti kama hii kwamba mengi ya sisi kujua ya 246 00:14:19,240 --> 00:14:24,046 ni angalau kutumia encryption au HTTPS URLs kuingia katika. 247 00:14:24,046 --> 00:14:25,670 Hivyo mimi got kidogo curious leo asubuhi. 248 00:14:25,670 --> 00:14:29,046 Na mimi got nje CS50 ujuzi wangu, Mimi kufunguliwa Chrome Inspekta. 249 00:14:29,046 --> 00:14:30,295 Ni hata mengi ya ujuzi. 250 00:14:30,295 --> 00:14:32,890 Ni tu kugonga keyboard haki njia ya mkato ya kufungua hili. 251 00:14:32,890 --> 00:14:34,830 Na hapa ni dirisha kubwa ya Chrome Inspekta. 252 00:14:34,830 --> 00:14:38,960 >> Lakini nini alikuwa kweli kidogo ya kutisha na ujinga 253 00:14:38,960 --> 00:14:40,830 walikuwa mistari hizi mbili hapa. 254 00:14:40,830 --> 00:14:44,570 Hadi saa ya juu, taarifa URL kwa ambayo jina la mtumiaji yangu na password 255 00:14:44,570 --> 00:14:45,530 yaliwasilishwa. 256 00:14:45,530 --> 00:14:46,380 Napenda kuvuta. 257 00:14:46,380 --> 00:14:47,352 Ilikuwa hii hapa. 258 00:14:47,352 --> 00:14:49,060 Na yote hayo ni aina ya uninteresting, 259 00:14:49,060 --> 00:14:54,962 isipokuwa kwa jambo njia yote katika kushoto, ambayo huanza na http: //. 260 00:14:54,962 --> 00:14:57,240 Na hivyo basi, OK, labda wao ni kutuma tu 261 00:14:57,240 --> 00:14:59,084 jina la mtumiaji yangu, ambayo ni si kama mpango kubwa. 262 00:14:59,084 --> 00:15:00,500 Labda password yangu anapata alimtuma baadaye. 263 00:15:00,500 --> 00:15:02,300 Hiyo itakuwa aina ya kuvutia kubuni maamuzi. 264 00:15:02,300 --> 00:15:03,100 >> Lakini nope. 265 00:15:03,100 --> 00:15:06,130 Kama kisha kuangalia ombi payload, username na password 266 00:15:06,130 --> 00:15:08,470 Mimi sent-- na mimi walimdhihaki hizi up kwa slide-- 267 00:15:08,470 --> 00:15:10,000 walikuwa kweli alimtuma katika wazi. 268 00:15:10,000 --> 00:15:13,792 Hivyo kwenda kwenye tovuti fulani na ili Mpangilio aina ya kama hii, 269 00:15:13,792 --> 00:15:16,750 na kwa kweli, inaonekana, kwa haya yote wakati nimekuwa kuagiza kutoka kwao, 270 00:15:16,750 --> 00:15:19,800 username na password yako ni kwenda hela katika wazi. 271 00:15:19,800 --> 00:15:22,120 Hivyo kwa uaminifu, hii ni haikubaliki kabisa. 272 00:15:22,120 --> 00:15:26,240 Na hivyo ni dogo ili kuepuka mambo kama hii kama designer ya tovuti 273 00:15:26,240 --> 00:15:27,950 na kama programu ya tovuti. 274 00:15:27,950 --> 00:15:31,020 >> Lakini takeaway hapa kwa sisi kama watumiaji wa tovuti 275 00:15:31,020 --> 00:15:35,700 ni tu kufahamu kwamba wote inachukua ni kwa moja kubuni kijinga 276 00:15:35,700 --> 00:15:40,010 uamuzi, unjustifiable kubuni uamuzi, hivyo kwamba sasa, kama unajua password yangu ni 277 00:15:40,010 --> 00:15:41,820 "Bendera" juu ya hili tovuti, wameweza pengine 278 00:15:41,820 --> 00:15:44,654 tu got katika rundo zima la tovuti nyingine kwamba mimi sasa. 279 00:15:44,654 --> 00:15:46,570 Na kuna si mengi ya ulinzi dhidi ya kwamba 280 00:15:46,570 --> 00:15:48,301 zaidi ya kile Chang alifanya leo asubuhi. 281 00:15:48,301 --> 00:15:51,550 Alikwenda Mipango ya kula, ambayo iko chini ya mitaani katika Cambridge, 282 00:15:51,550 --> 00:15:53,430 na kimwili kununuliwa hii kwa ajili yetu. 283 00:15:53,430 --> 00:15:57,490 Hiyo ilikuwa salama zaidi kuliko kutumia tovuti katika kesi hii. 284 00:15:57,490 --> 00:16:02,320 >> Lakini undani na kushika jicho nje kwa ajili ya ni kweli nini katika browser up juu 285 00:16:02,320 --> 00:16:02,940 huko. 286 00:16:02,940 --> 00:16:04,690 Lakini hata ambayo inaweza kuwa ni kidogo ya udanganyifu. 287 00:16:04,690 --> 00:16:07,002 Hivyo mwingine kuvutia mfano na njia ya kutetea 288 00:16:07,002 --> 00:16:09,960 dhidi ya this-- na kwa kweli, hebu do kwamba first-- njia ya kutetea 289 00:16:09,960 --> 00:16:12,540 dhidi ya hii ni mbinu kwamba usalama watu ingekuwa 290 00:16:12,540 --> 00:16:14,810 kuwaita wawili uthibitishaji. 291 00:16:14,810 --> 00:16:20,130 >> Je, mtu yeyote kujua nini ufumbuzi kwa matatizo kama hii ina maana? 292 00:16:20,130 --> 00:16:23,110 Mbili uthibitishaji ni nini? 293 00:16:23,110 --> 00:16:27,320 Au kuweka njia nyingine, jinsi wengi wenu ni kutumia? 294 00:16:27,320 --> 00:16:28,650 OK, hivyo michache ya watu aibu. 295 00:16:28,650 --> 00:16:29,060 Lakini yeah. 296 00:16:29,060 --> 00:16:29,976 Niliona mkono wako kwenda juu. 297 00:16:29,976 --> 00:16:31,510 Mbili uthibitishaji ni nini? 298 00:16:31,510 --> 00:16:34,010 >> Watazamaji: Kimsingi, katika Aidha kwa kuandika katika nywila yako, 299 00:16:34,010 --> 00:16:37,390 pia una sekondari [inaudible] alimtuma kupitia ujumbe wa maandishi kwa simu yako 300 00:16:37,390 --> 00:16:39,460 katika [inaudible]. 301 00:16:39,460 --> 00:16:40,460 DAVID J. Malan: Hasa. 302 00:16:40,460 --> 00:16:44,150 Mbali na baadhi ya fomu ya msingi ya kujitambulisha, kama password, 303 00:16:44,150 --> 00:16:47,190 wewe ni aliuliza kwa ajili ya sekondari sababu, ambayo ni kawaida 304 00:16:47,190 --> 00:16:49,740 kitu una kimwili juu yenu, ingawa 305 00:16:49,740 --> 00:16:51,610 inaweza kuwa kitu kingine kabisa. 306 00:16:51,610 --> 00:16:54,630 Na kwamba kitu ni kawaida Mkono siku hizi ambayo kupata 307 00:16:54,630 --> 00:16:59,200 alimtuma muda ujumbe wa maandishi kwamba anasema "Kupita muda wako kificho ni 12345." 308 00:16:59,200 --> 00:17:01,280 >> Hivyo kwa kuongeza yangu password "bendera," Mimi pia 309 00:17:01,280 --> 00:17:03,916 kuwa na aina katika chochote tovuti ina texted mimi. 310 00:17:03,916 --> 00:17:06,290 Au kama una hii na benki au akaunti ya uwekezaji, 311 00:17:06,290 --> 00:17:08,123 wewe wakati mwingine kuwa haya dongles kidogo kwamba 312 00:17:08,123 --> 00:17:11,760 kweli kuwa Pseudo-random jenereta idadi kujengwa ndani yao, 313 00:17:11,760 --> 00:17:15,849 lakini wote wawili kifaa na benki kujua nini mbegu yako ya awali ni 314 00:17:15,849 --> 00:17:19,710 ili waweze kujua, hata kama kificho kidogo juu ya muhimu kidogo yako FOB 315 00:17:19,710 --> 00:17:22,380 maandamano mbele kila dakika au mbili, kubadilisha maadili, 316 00:17:22,380 --> 00:17:25,260 hivyo haina kuwa mabadiliko thamani juu ya server benki ya 317 00:17:25,260 --> 00:17:28,620 ili waweze vile vile kuthibitisha wewe, si tu na password yako, 318 00:17:28,620 --> 00:17:30,024 lakini pamoja na kwamba kanuni ya muda mfupi. 319 00:17:30,024 --> 00:17:31,690 Sasa, unaweza kweli kufanya hii katika Google. 320 00:17:31,690 --> 00:17:33,606 Na kusema ukweli, hii ni tabia nzuri ya kupata katika, 321 00:17:33,606 --> 00:17:36,180 hasa kama wewe ni kutumia Gmail wakati wote juu ya browser. 322 00:17:36,180 --> 00:17:39,880 Kama wewe kwenda URL hii hapa, ambayo ni katika slides online kwa leo, na kisha 323 00:17:39,880 --> 00:17:43,579 click kwenye 2-hatua Ukaguzi, sawa jambo halisi huko. 324 00:17:43,579 --> 00:17:45,870 Wewe utakuwa ilisababisha kutoa yao yako ya simu ya mkononi simu. 325 00:17:45,870 --> 00:17:49,660 Na kisha, wakati wowote wewe kuingia katika Gmail, wewe utakuwa si tu aliuliza 326 00:17:49,660 --> 00:17:53,480 kwa password yako, lakini pia kwa ajili ya kificho kidogo kwamba anapata alimtuma simu yako 327 00:17:53,480 --> 00:17:54,190 kwa muda. 328 00:17:54,190 --> 00:17:57,894 Na hivyo muda mrefu kama una cookies kuwezeshwa, na hivyo muda mrefu kama huna wazi 329 00:17:57,894 --> 00:18:00,060 logi nje, itabidi tu kufanya hivyo mara moja katika muda, 330 00:18:00,060 --> 00:18:01,870 kama wakati wewe kukaa chini katika kompyuta mpya. 331 00:18:01,870 --> 00:18:05,320 >> Na kichwa hapa, pia, ni, kama wewe kukaa chini katika baadhi internet cafe style 332 00:18:05,320 --> 00:18:07,380 kompyuta au tu kompyuta ya rafiki, hata 333 00:18:07,380 --> 00:18:09,710 kama kwamba rafiki maliciously au kwa kutojua 334 00:18:09,710 --> 00:18:13,580 ina baadhi ya logger keyboard imewekwa kwenye kompyuta yake, 335 00:18:13,580 --> 00:18:15,640 kama kwamba kila kitu aina ni kuwa watumiaji, 336 00:18:15,640 --> 00:18:19,170 angalau sababu ambayo pili, kwamba kificho muda, ni ephemeral. 337 00:18:19,170 --> 00:18:21,630 Hivyo yeye au yeye au mtu ni kuathirika kompyuta 338 00:18:21,630 --> 00:18:24,890 hawezi kuingia katika unaweza hatimaye, hata kama kila kitu kingine 339 00:18:24,890 --> 00:18:27,890 ilikuwa hatari au hata kimaandishi kabisa. 340 00:18:27,890 --> 00:18:29,760 Facebook ina hii, pia, na kwamba URL hapa, 341 00:18:29,760 --> 00:18:32,070 ambapo unaweza click kwenye Login vibali. 342 00:18:32,070 --> 00:18:35,500 Hivyo hapa, pia, kama huna wanataka marafiki kwa poke watu, 343 00:18:35,500 --> 00:18:40,140 wewe hawataki kuwa mchocheo kwenye Facebook au posting updates kwa ajili yenu, 344 00:18:40,140 --> 00:18:42,479 mbili uthibitishaji hapa pengine ni jambo jema. 345 00:18:42,479 --> 00:18:44,520 Na kisha kuna hii mbinu nyingine kabisa, 346 00:18:44,520 --> 00:18:46,853 tu ukaguzi, ambayo ni hata Jambo zuri kwetu binadamu, 347 00:18:46,853 --> 00:18:49,950 kama mbili-sababu inathibitisha annoying, ambayo, admittedly, inaweza, au ni tu si 348 00:18:49,950 --> 00:18:53,930 inapatikana kwenye baadhi ya tovuti, ya chini kuweka jicho ikiwa na wakati 349 00:18:53,930 --> 00:18:57,650 wewe ni kukata magogo katika maeneo, kama kuruhusu, ni mbinu nzuri, pia. 350 00:18:57,650 --> 00:19:01,300 Hivyo Facebook pia inakupa hii kuarifiwa kuingia kipengele, ambapo 351 00:19:01,300 --> 00:19:06,240 wakati wowote Facebook anatambua, hm, David ina watumiaji katika kutoka kwa baadhi ya kompyuta au simu 352 00:19:06,240 --> 00:19:09,710 kwamba tumekuwa kamwe kuona mbele kutoka IP kwamba inaonekana usio wa kawaida, 353 00:19:09,710 --> 00:19:12,320 wao itabidi angalau kutuma wewe email kwa chochote barua pepe 354 00:19:12,320 --> 00:19:14,750 una kwenye faili akisema, gani hii kuangalia tuhuma? 355 00:19:14,750 --> 00:19:17,590 Kama ni hivyo, mabadiliko ya password yako mara moja. 356 00:19:17,590 --> 00:19:19,610 Na hivyo kuna, pia, tu ukaguzi tabia 357 00:19:19,610 --> 00:19:21,940 hata baada ya wewe tumekuwa kuathirika, unaweza angalau 358 00:19:21,940 --> 00:19:25,980 nyembamba dirisha wakati ambayo wewe ni katika mazingira magumu. 359 00:19:25,980 --> 00:19:29,910 >> Haki zote, maswali yoyote juu ya mambo ambayo hivi sasa? 360 00:19:29,910 --> 00:19:35,510 Leo ni siku ya kupata yote ya paranoia yako alithibitisha au alikanusha. 361 00:19:35,510 --> 00:19:36,820 Hiyo hasa alithibitisha, kwa masikitiko. 362 00:19:36,820 --> 00:19:37,210 Yeah? 363 00:19:37,210 --> 00:19:39,223 >> Watazamaji: [inaudible] ya simu, nini kama simu mapumziko yako, 364 00:19:39,223 --> 00:19:41,010 na basi ni daima vigumu verify-- 365 00:19:41,010 --> 00:19:41,295 >> DAVID J. Malan: Kweli. 366 00:19:41,295 --> 00:19:43,330 >> Watazamaji: Au kama wewe ni katika tofauti nchi, na wao si basi wewe 367 00:19:43,330 --> 00:19:44,505 kuingia katika sababu [inaudible]. 368 00:19:44,505 --> 00:19:45,630 DAVID J. Malan: Kabisa. 369 00:19:45,630 --> 00:19:48,780 Na hivyo hizi ni ziada gharama kwamba watapata. 370 00:19:48,780 --> 00:19:51,040 Kuna daima mada hii ya biashara-off, baada ya wote. 371 00:19:51,040 --> 00:19:53,748 Na kisha, kama kupoteza simu yako, kama ni mapumziko, kama wewe ni nje ya nchi, 372 00:19:53,748 --> 00:19:56,382 au wewe tu hawana ishara, kama 3G au LTE ishara, 373 00:19:56,382 --> 00:19:58,340 Unaweza kweli kuwa na uwezo wa kuthibitisha. 374 00:19:58,340 --> 00:20:00,520 >> Hivyo tena, hizi mbili ni biashara awamu ya pili. 375 00:20:00,520 --> 00:20:03,670 Na wakati mwingine, inaweza kujenga mengi ya kazi kwa ajili yenu kama matokeo. 376 00:20:03,670 --> 00:20:08,130 Lakini ni kweli inategemea, basi, juu ya nini inatarajiwa bei na wewe 377 00:20:08,130 --> 00:20:10,980 ni wa kitu kuwa kuathirika kabisa. 378 00:20:10,980 --> 00:20:15,300 >> Hivyo SSL, basi, ni mbinu hii kwamba sisi wote kwa ujumla kuchukua kwa nafasi 379 00:20:15,300 --> 00:20:18,970 au kudhani ni pale, ingawa hiyo ni wazi si kesi. 380 00:20:18,970 --> 00:20:23,339 Na bado unaweza kupotosha watu, ingawa, hata na hili. 381 00:20:23,339 --> 00:20:24,630 Hivyo hapa ni mfano wa benki. 382 00:20:24,630 --> 00:20:25,860 >> Hii ni Benki Kuu ya Marekani. 383 00:20:25,860 --> 00:20:28,730 Kuna rundo zima la hizi katika Harvard Square na zaidi. 384 00:20:28,730 --> 00:20:32,530 Na taarifa kwamba, saa sana juu ya screen, kuna, kwa kweli, HTTPS. 385 00:20:32,530 --> 00:20:35,370 Na ni hata kijani na yalionyesha kwa ajili yetu 386 00:20:35,370 --> 00:20:39,550 zinaonyesha kwamba hii ni kweli tovuti kihalali salama, 387 00:20:39,550 --> 00:20:41,420 au hivyo tumekuwa mafunzo ya kuamini. 388 00:20:41,420 --> 00:20:46,416 >> Sasa, badala ya kuwa, ingawa, taarifa kwamba, kama sisi zoom katika, 389 00:20:46,416 --> 00:20:48,790 kuna jambo hili hapa, ambapo wewe ni ilisababisha kuingia katika. 390 00:20:48,790 --> 00:20:54,920 Nini kufuli hii ina maana haki kuna, karibu na jina la mtumiaji yangu kuchochea? 391 00:20:54,920 --> 00:20:57,890 Hii ni pretty kawaida kwenye tovuti, pia. 392 00:20:57,890 --> 00:21:01,120 Nini kufuli hii maana yake nini? 393 00:21:01,120 --> 00:21:02,453 Wewe kuonekana kama unajua. 394 00:21:02,453 --> 00:21:03,420 >> Watazamaji: Ni haina maana yoyote. 395 00:21:03,420 --> 00:21:04,230 >> DAVID J. Malan: Ni haina maana yoyote. 396 00:21:04,230 --> 00:21:07,790 Maana yake ni kwamba Benki Kuu ya Marekani anajua jinsi kuandika HTML na vitambulisho picha, haki? 397 00:21:07,790 --> 00:21:12,080 Ni kweli ina maana chochote, kwa sababu hata sisi, kwa kutumia siku ya kwanza ya kuangalia yetu 398 00:21:12,080 --> 00:21:15,760 katika HTML, unaweza kanuni ya juu ya ukurasa na background nyekundu na picha, 399 00:21:15,760 --> 00:21:18,910 kama GIF au whatnot, kwamba kinachotokea kwa kuangalia kama kufuli. 400 00:21:18,910 --> 00:21:20,890 Na bado, hii ni super kawaida katika tovuti, 401 00:21:20,890 --> 00:21:24,000 kwa sababu tumekuwa mafunzo kwa kudhani kwamba, oh, kufuli ina maana salama, 402 00:21:24,000 --> 00:21:25,760 wakati ni kweli tu ina maana unajua HTML. 403 00:21:25,760 --> 00:21:28,840 >> Kwa mfano, nyuma katika siku, mimi naweza kuweka tu hii kwenye tovuti yangu, 404 00:21:28,840 --> 00:21:31,660 wakidai ni salama, na kuuliza, kwa ufanisi, 405 00:21:31,660 --> 00:21:33,590 kwa majina ya watumiaji wa watu na nywila. 406 00:21:33,590 --> 00:21:36,310 Hivyo kuangalia katika URL ni angalau fununu bora, 407 00:21:36,310 --> 00:21:39,580 kwa sababu hiyo kujengwa katika Chrome au chochote browser unatumia. 408 00:21:39,580 --> 00:21:41,470 Lakini hata hivyo, wakati mwingine mambo yanaweza kwenda vibaya. 409 00:21:41,470 --> 00:21:45,940 Na kwa kweli, unaweza daima kuona HTTPS, achilia katika kijani. 410 00:21:45,940 --> 00:21:48,126 >> Yoyote ya wewe milele kuonekana screen kama hii? 411 00:21:48,126 --> 00:21:50,000 Unaweza kuwa, kwa kweli, mapema mwezi Oktoba, 412 00:21:50,000 --> 00:21:54,740 wakati mimi alisahau kulipia wetu SSL cheti, kama ni kuitwa, 413 00:21:54,740 --> 00:21:58,400 na sisi walikuwa kuangalia kama hii kwa saa moja au mbili. 414 00:21:58,400 --> 00:22:01,830 Hivyo wameweza pengine kuonekana mambo kama hii, na mgomo-kwa njia ya, 415 00:22:01,830 --> 00:22:05,240 kama mstari nyekundu, kupitia itifaki katika URL 416 00:22:05,240 --> 00:22:08,010 au aina fulani ya screen kwamba angalau kuwaonya ninyi 417 00:22:08,010 --> 00:22:09,760 kwa kujaribu kuendelea zaidi. 418 00:22:09,760 --> 00:22:12,540 Na Google hapa ni kuwakaribisha wewe kwenda nyuma na usalama. 419 00:22:12,540 --> 00:22:17,120 >> Sasa, katika kesi hii, hii tu maana kwamba SSL cheti kwamba sisi walikuwa kutumia, 420 00:22:17,120 --> 00:22:22,220 kubwa, kihisabati muhimu namba kwamba ni kuhusishwa na server CS50 wa, 421 00:22:22,220 --> 00:22:23,949 walikuwa halali tena. 422 00:22:23,949 --> 00:22:26,490 Na kwa kweli, tunaweza kuiga hii, kama unaweza juu ya mbali yako. 423 00:22:26,490 --> 00:22:30,270 Kama mimi kwenda katika Chrome hapa, na hebu kwenda facebook.com, 424 00:22:30,270 --> 00:22:32,230 na inaonekana kama hii ni salama. 425 00:22:32,230 --> 00:22:36,910 Lakini basi mimi kwenda mbele sasa na click kwenye kufuli hapa. 426 00:22:36,910 --> 00:22:40,030 >> Na napenda kwenda Connection, Habari cheti. 427 00:22:40,030 --> 00:22:42,020 Na hakika, nini utasikia kuona hapa ni rundo 428 00:22:42,020 --> 00:22:46,160 ya chini ya ngazi maelezo kuhusu ambao facebook.com kweli ni. 429 00:22:46,160 --> 00:22:49,380 Inaonekana kwamba wao kulipwa fedha kwa kampuni inayoitwa labda DigiCert High 430 00:22:49,380 --> 00:22:54,420 Uhakika kwamba ameahidi kuwaambia wengine wa dunia 431 00:22:54,420 --> 00:22:57,250 kwamba, kama browser milele anaona certificate-- unaweza kufikiria 432 00:22:57,250 --> 00:23:00,291 yake halisi kama cheti kwamba Inaonekana kama kwamba jambo cheesy juu 433 00:23:00,291 --> 00:23:04,360 left-- basi facebook.com ni nani wanasema wao, kwa sababu muda wote huu, wakati 434 00:23:04,360 --> 00:23:07,160 wewe kutembelea tovuti, kama cs50.harvard.edu au facebook.com 435 00:23:07,160 --> 00:23:11,880 au gmail.com kwamba kutumia HTTPS URL, nyuma ya pazia, 436 00:23:11,880 --> 00:23:15,190 kuna aina hii ya manunuzi kinachotokea moja kwa moja 437 00:23:15,190 --> 00:23:18,060 kwa wewe, ambapo facebook.com, katika kesi hii, 438 00:23:18,060 --> 00:23:22,150 ni kutuma kwa browser yako zake kinachojulikana SSL cheti, au tuseme, 439 00:23:22,150 --> 00:23:23,380 ufunguo wa umma wake, 440 00:23:23,380 --> 00:23:25,600 na kisha browser yako ni kutumia kwamba muhimu ya umma 441 00:23:25,600 --> 00:23:29,600 hatimaye kutuma encrypted trafiki na kutoka humo. 442 00:23:29,600 --> 00:23:32,360 >> Lakini kuna uongozi hili lote katika dunia ya makampuni 443 00:23:32,360 --> 00:23:36,430 kwamba kulipa fedha kwa nani basi ushahidi, kwa maana ya digital, 444 00:23:36,430 --> 00:23:41,330 kuwa wewe ni kweli facebook.com au server yako ni kweli cs50.harvard.edu. 445 00:23:41,330 --> 00:23:44,580 Na kujengwa katika browsers, kama Chrome na IE na Firefox, 446 00:23:44,580 --> 00:23:48,260 ni orodha ya wale wote kinachojulikana mamlaka cheti 447 00:23:48,260 --> 00:23:51,360 kwamba ni zilizoidhinishwa na Microsoft na Google na Mozilla 448 00:23:51,360 --> 00:23:55,410 kuthibitisha au kukataa kwamba facebook.com ni nani anasema ni. 449 00:23:55,410 --> 00:23:57,430 Lakini catch ni kwamba mambo haya kumalizika. 450 00:23:57,430 --> 00:24:02,670 Kwa kweli, Facebook inaonekana kama muda wake Oktoba ijayo, katika mwaka 2015. 451 00:24:02,670 --> 00:24:06,490 >> Hivyo tunaweza kweli kuiga hii kama mimi kwenda katika Mac yangu System Mapendekezo yangu, 452 00:24:06,490 --> 00:24:11,070 na mimi kwenda katika Tarehe na Muda, na Mimi kwenda katika Tarehe na Muda hapa, 453 00:24:11,070 --> 00:24:17,190 na mimi kufungua here-- hii nashiriki, hatukuwa yatangaza password time-- hii 454 00:24:17,190 --> 00:24:20,660 na sasa mimi kwenda chini uncheck hii. 455 00:24:20,660 --> 00:24:25,660 Na hebu actually-- oops, hiyo ni si kama kuvutia kama kufanya hivyo. 456 00:24:25,660 --> 00:24:30,140 Sisi ni halisi katika siku zijazo sasa, ambayo ina maana hii ni nini 2020 ni kama. 457 00:24:30,140 --> 00:24:36,360 Kama mimi sasa Reload page-- hebu kufanya hivyo katika Ingognito mode-- 458 00:24:36,360 --> 00:24:40,910 kama mimi upya ukurasa, kuna sisi kwenda. 459 00:24:40,910 --> 00:24:45,820 >> Hivyo sasa, kompyuta yangu anadhani ni 2020, lakini browser yangu 460 00:24:45,820 --> 00:24:49,810 anajua kwamba hati hii kutoka Facebook muda wake, bila shaka, katika mwaka 2015. 461 00:24:49,810 --> 00:24:51,360 Hivyo ni kunipa ujumbe huu nyekundu. 462 00:24:51,360 --> 00:24:53,550 Sasa, nashiriki, browsers kama Chrome kuwa kweli 463 00:24:53,550 --> 00:24:55,480 alifanya hivyo vigumu kwa kuendelea hata hivyo. 464 00:24:55,480 --> 00:24:57,300 Wao kweli unataka mimi kwenda nyuma ya usalama. 465 00:24:57,300 --> 00:25:00,550 >> Kama mimi bonyeza hapa juu ya Advance, ni kwenda kuniambia baadhi ya maelezo zaidi. 466 00:25:00,550 --> 00:25:02,580 Na kama kweli mimi nataka kuendelea, wao itabidi basi 467 00:25:02,580 --> 00:25:06,250 mimi kwenda facebook.com, ambayo ni, tena, salama, ambapo kiwango 468 00:25:06,250 --> 00:25:08,310 Mimi itabidi kuona homepage Facebook, kama hii. 469 00:25:08,310 --> 00:25:10,080 Lakini mambo mengine basi kuonekana kuwa kuvunja. 470 00:25:10,080 --> 00:25:12,825 Nini pengine kuvunja katika hatua hii? 471 00:25:12,825 --> 00:25:13,700 Watazamaji: JavaScript. 472 00:25:13,700 --> 00:25:15,540 DAVID J. Malan: Kama Javascripts na / au CSS 473 00:25:15,540 --> 00:25:17,460 files ni vile vile kukutana kosa hilo. 474 00:25:17,460 --> 00:25:19,830 Hivyo hii ni tu hali mbaya kwa ujumla. 475 00:25:19,830 --> 00:25:24,790 Lakini uhakika hapa ni kwamba angalau Facebook haina kweli kuwa SSL kuwezeshwa 476 00:25:24,790 --> 00:25:30,040 kwa servrar yao, kama tovuti nyingi, kufanya, lakini si lazima kila kitu. 477 00:25:30,040 --> 00:25:33,360 >> Lakini si kwamba peke takeaway hapa. 478 00:25:33,360 --> 00:25:36,040 Zinageuka kuwa hata SSL imekuwa imeonesha 479 00:25:36,040 --> 00:25:37,810 kuwa salama katika baadhi ya njia. 480 00:25:37,810 --> 00:25:40,400 Hivyo mimi nina aina ya hinting kwamba SSL, nzuri. 481 00:25:40,400 --> 00:25:44,250 Kuangalia kwa HTTPS URLs, na maisha ni nzuri, kwa sababu kila HTTP yako trafiki 482 00:25:44,250 --> 00:25:46,180 na headers na maudhui ni encrypted. 483 00:25:46,180 --> 00:25:49,560 >> Hakuna anayeweza kukatiza katika katikati, isipokuwa kwa kinachojulikana mtu 484 00:25:49,560 --> 00:25:50,454 katikati. 485 00:25:50,454 --> 00:25:52,870 Hii ni mbinu ujumla katika ulimwengu wa usalama inayojulikana 486 00:25:52,870 --> 00:25:54,420 kama mtu-katika-katikati mashambulizi. 487 00:25:54,420 --> 00:25:57,067 Tuseme kwamba wewe ni hii kidogo mbali zaidi hapa upande wa kushoto, 488 00:25:57,067 --> 00:25:59,900 na kudhani wewe ni kujaribu kutembelea server zaidi ya hapo juu ya haki, 489 00:25:59,900 --> 00:26:00,990 kama facebook.com. 490 00:26:00,990 --> 00:26:03,940 >> Lakini tuseme kwamba, katika kati ya wewe na Facebook, 491 00:26:03,940 --> 00:26:07,750 ni rundo zima la seva nyingine na vifaa, kama swichi na ruta, 492 00:26:07,750 --> 00:26:11,530 Servrar DNS, servrar DHCP, hakuna ambayo sisi kudhibiti. 493 00:26:11,530 --> 00:26:15,280 Inaweza kudhibitiwa na Starbucks au Harvard au Comcast au kama. 494 00:26:15,280 --> 00:26:18,090 Vizuri, tuseme kwamba mtu maliciously, kwenye mtandao wako, 495 00:26:18,090 --> 00:26:20,800 katika kati ya wewe na Facebook, ni uwezo wa kuwaambia 496 00:26:20,800 --> 00:26:24,740 kwamba, unajua nini, anwani ya IP ya Facebook ni nini unafikiri ni. 497 00:26:24,740 --> 00:26:26,250 Ni IP hii badala yake. 498 00:26:26,250 --> 00:26:28,740 >> Na hivyo browser yako ni mkadanganywa katika kuomba 499 00:26:28,740 --> 00:26:30,750 trafiki kutoka mwingine kompyuta kabisa. 500 00:26:30,750 --> 00:26:35,350 Vizuri, tuseme kompyuta tu inaonekana wakati wote 501 00:26:35,350 --> 00:26:38,859 ya trafiki wewe ni kuomba kutoka Facebook na wote wa kurasa za mtandao 502 00:26:38,859 --> 00:26:40,400 kuwa wewe ni kuomba kutoka Facebook. 503 00:26:40,400 --> 00:26:45,700 Na wakati wowote anaona katika trafiki yako URL kwamba huanza na HTTPS, 504 00:26:45,700 --> 00:26:49,250 ni dynamically, juu ya kuruka, liandike tena kama HTTP. 505 00:26:49,250 --> 00:26:53,490 Na wakati wowote anaona eneo header, eneo koloni, 506 00:26:53,490 --> 00:26:55,930 kama sisi kutumia kuelekeza user, wale pia, 507 00:26:55,930 --> 00:27:00,690 inaweza kubadilishwa na mtu huyu katika katikati kutoka HTTPS kwa HTTP. 508 00:27:00,690 --> 00:27:04,170 >> Hivyo hata kama wewe mwenyewe nguvu kufikiri uko katika Facebook halisi, 509 00:27:04,170 --> 00:27:07,860 ni kwamba ngumu kwa adui na upatikanaji wa kimwili 510 00:27:07,860 --> 00:27:10,630 mtandao wako tu kurudi kurasa na wewe kwamba 511 00:27:10,630 --> 00:27:12,650 kuangalia kama Gmail, kwamba kuangalia kama Facebook, 512 00:27:12,650 --> 00:27:14,880 na kwa kweli URL ni kufanana, kwa sababu wao ni 513 00:27:14,880 --> 00:27:19,410 kujifanya kuwa na kwamba huo jeshi jina kwa sababu ya baadhi ya matumizi ya DNS 514 00:27:19,410 --> 00:27:21,340 au baadhi mfumo mengine kama hayo. 515 00:27:21,340 --> 00:27:23,894 Na matokeo, basi, ni kwamba sisi wanadamu wapate tu 516 00:27:23,894 --> 00:27:26,810 kutambua kwamba, OK, hii inaonekana kama Gmail au angalau toleo la wazee, 517 00:27:26,810 --> 00:27:29,480 kama ni slide hii kutoka kuwasilisha wakubwa. 518 00:27:29,480 --> 00:27:34,250 Lakini inaonekana kama this-- http://www.google.com. 519 00:27:34,250 --> 00:27:37,370 >> Hivyo hapa, pia, ukweli ni kwamba jinsi wengi wenu, 520 00:27:37,370 --> 00:27:41,290 wakati wa kwenda Facebook au Orodha au yoyote tovuti na unajua kitu kidogo 521 00:27:41,290 --> 00:27:47,060 kuhusu SSL, jinsi wengi wenu kimwili aina https: // na kisha tovuti 522 00:27:47,060 --> 00:27:48,990 jina, kuingia. 523 00:27:48,990 --> 00:27:52,940 Wengi wetu tu aina, kama, CS50, hit Enter, au F-A kwa Facebook 524 00:27:52,940 --> 00:27:54,770 na hit Enter, na basi ni auto-kamili. 525 00:27:54,770 --> 00:27:57,620 Lakini nyuma ya pazia, kama wewe kuangalia HTTP yako trafiki, 526 00:27:57,620 --> 00:28:00,090 kuna pengine rundo zima ya wale headers eneo 527 00:28:00,090 --> 00:28:03,580 kwamba ni kutuma kutoka Facebook www.facebook.com 528 00:28:03,580 --> 00:28:07,250 kwa https://www.facebook.com. 529 00:28:07,250 --> 00:28:12,300 >> Hivyo hiyo ni moja au zaidi shughuli HTTP ambapo habari yako ni kabisa 530 00:28:12,300 --> 00:28:15,102 alimtuma katika wazi, hakuna encryption wowote. 531 00:28:15,102 --> 00:28:17,810 Sasa, kwamba wanaweza kuwa kama kubwa kukabiliana kama wote wewe ni kujaribu kufanya 532 00:28:17,810 --> 00:28:20,980 ni kupata homepage, wewe si kutuma username na password yako. 533 00:28:20,980 --> 00:28:23,130 Lakini ni nini chini ya kofia, hasa 534 00:28:23,130 --> 00:28:28,130 kwa ajili ya Nje PHP-msingi kwamba pia kupelekwa na kurudi wakati 535 00:28:28,130 --> 00:28:33,820 wewe kutembelea baadhi ya tovuti kama kwamba matumizi ya tovuti, kusema, PHP 536 00:28:33,820 --> 00:28:37,370 na kutekeleza utendaji kama pset7? 537 00:28:37,370 --> 00:28:40,840 Nini mara kuwa kutumwa na kurudi katika HTTP yako headers kwamba alitoa 538 00:28:40,840 --> 00:28:44,903 upatikanaji wa hii pretty muhimu super kimataifa katika PHP? 539 00:28:44,903 --> 00:28:45,710 >> Watazamaji: Cookies. 540 00:28:45,710 --> 00:28:49,020 >> DAVID J. Malan: Cookies, hasa PHP sess ID kuki. 541 00:28:49,020 --> 00:28:53,100 Hivyo kukumbuka, kama sisi kwenda, kusema, cs50.harvard.edu tena, 542 00:28:53,100 --> 00:28:56,440 lakini wakati huu, hebu kufungua Mtandao tab, na sasa, hadi hapa, 543 00:28:56,440 --> 00:29:01,570 hebu halisi tu kwenda kwa http://cs50.harvard.edu 544 00:29:01,570 --> 00:29:03,030 na kisha hit Enter. 545 00:29:03,030 --> 00:29:05,520 Na kisha kuangalia screen chini hapa. 546 00:29:05,520 --> 00:29:09,600 Taarifa kwamba sisi kweli got nyuma 301 wakiongozwa kudumu 547 00:29:09,600 --> 00:29:12,820 ujumbe, ambayo ina maana kwamba kuna eneo header hapa, 548 00:29:12,820 --> 00:29:15,610 ambayo sasa imetuma mimi HTTPS. 549 00:29:15,610 --> 00:29:21,330 >> Lakini catch ni kwamba, kama mimi tayari alikuwa kuki mhuri upande wangu karibu, 550 00:29:21,330 --> 00:29:25,890 kama tumekuwa kujadiliwa kabla, na Mimi aina ya binadamu ya kutojua 551 00:29:25,890 --> 00:29:29,090 tu kutembelea usalama toleo, na browser yangu inachukua 552 00:29:29,090 --> 00:29:34,020 juu ya yenyewe kuonyesha kwamba upande muhuri kwa ombi la kwanza, ambayo ni kupitia HTTP, 553 00:29:34,020 --> 00:29:36,610 mtu yeyote katika katikati, yoyote adui katikati, 554 00:29:36,610 --> 00:29:39,380 Unaweza kinadharia tu kuona wale headers HTTP, tu 555 00:29:39,380 --> 00:29:40,980 kama sisi ni kuangalia yao hapa. 556 00:29:40,980 --> 00:29:43,310 Ni mara moja tu uko kuzungumza na HTTPS 557 00:29:43,310 --> 00:29:47,780 URL gani kwamba mkono stempu yenyewe kupata encrypted, la Kaisari, au Vigenere, 558 00:29:47,780 --> 00:29:50,500 lakini pamoja na algorithm fancier kabisa. 559 00:29:50,500 --> 00:29:53,611 Hivyo hapa, pia, hata kama Nje kutumia HTTPS, 560 00:29:53,611 --> 00:29:56,860 sisi binadamu wamekuwa conditioned, shukrani kwa auto-kamili na mbinu nyingine, 561 00:29:56,860 --> 00:29:59,827 si hata kufikiria kuhusu matokeo ya athari. 562 00:29:59,827 --> 00:30:01,160 Sasa, kuna njia ya kuzunguka hili. 563 00:30:01,160 --> 00:30:03,140 Kwa mfano, wengi Nje inaweza configured 564 00:30:03,140 --> 00:30:05,848 hivyo kwamba, mara moja una mkono huu muhuri, unaweza kuwaambia browser, 565 00:30:05,848 --> 00:30:07,750 hii stempu mkono ni tu kwa ajili ya uhusiano SSL. 566 00:30:07,750 --> 00:30:11,702 browser haipaswi kuwasilisha kwa mimi isipokuwa ni juu ya SSL. 567 00:30:11,702 --> 00:30:13,410 Lakini wengi tovuti si bother na kwamba. 568 00:30:13,410 --> 00:30:17,260 Na tovuti nyingi inaonekana hawana hata bother na SSL wakati wote. 569 00:30:17,260 --> 00:30:20,540 >> Hivyo kwa zaidi juu ya kwamba, kuna kweli uchafu hata zaidi katika mada hii 570 00:30:20,540 --> 00:30:24,010 kwamba wenzake alitoa katika kinachojulikana nyeusi kofia mkutano ya miaka michache iliyopita, 571 00:30:24,010 --> 00:30:26,468 ambapo kuna hata wengine tricks malicious watu wametumia. 572 00:30:26,468 --> 00:30:28,630 Unaweza kukumbuka hii dhana ya favicon, ambayo 573 00:30:28,630 --> 00:30:32,270 ni kama alama kidogo kwamba mara nyingi katika dirisha browser. 574 00:30:32,270 --> 00:30:34,610 Naam, nini imekuwa kawaida kati ya watu wabaya ni 575 00:30:34,610 --> 00:30:36,340 kufanya icons fab ili kuangalia kama nini? 576 00:30:36,340 --> 00:30:39,054 577 00:30:39,054 --> 00:30:39,970 Watazamaji: [inaudible]. 578 00:30:39,970 --> 00:30:40,280 DAVID J. Malan: Sema tena? 579 00:30:40,280 --> 00:30:41,490 Watazamaji: Nje. 580 00:30:41,490 --> 00:30:42,130 DAVID J. Malan: Si tovuti. 581 00:30:42,130 --> 00:30:43,394 Hivyo favicon, vidogo icon kidogo. 582 00:30:43,394 --> 00:30:45,560 Nini itakuwa zaidi malicious, manipulative jambo 583 00:30:45,560 --> 00:30:47,832 unaweza kufanya tovuti yako default icon kuangalia kama? 584 00:30:47,832 --> 00:30:48,790 Watazamaji: kufuli kijani. 585 00:30:48,790 --> 00:30:49,080 DAVID J. Malan: Nini hiyo? 586 00:30:49,080 --> 00:30:50,160 Watazamaji: kijani kidogo atakavyo. 587 00:30:50,160 --> 00:30:51,960 DAVID J. Malan: Kama lock kijani, hasa. 588 00:30:51,960 --> 00:30:55,242 Hivyo unaweza kuwa na hii aesthetic ya kijani kidogo kufuli, 589 00:30:55,242 --> 00:30:57,950 hinting kwa dunia, oh, sisi ni kupata, wakati, tena, kila inamaanisha 590 00:30:57,950 --> 00:31:00,210 ni kwamba unajua baadhi HTML. 591 00:31:00,210 --> 00:31:02,895 Hivyo kikao utekaji nyara inahusu hasa kwamba. 592 00:31:02,895 --> 00:31:05,936 Kama una mtu ambaye ni aina ya sniffing airwaves katika chumba hii hapa 593 00:31:05,936 --> 00:31:09,150 au ana kimwili kupata mtandao na unaweza kuona cookies zako, 594 00:31:09,150 --> 00:31:12,152 anaweza kunyakua kwamba PHP sess ID kuki. 595 00:31:12,152 --> 00:31:13,860 Na kisha, kama uko savvy kutosha kujua 596 00:31:13,860 --> 00:31:18,200 jinsi ya kutuma kwamba kuki kama wao wenyewe mkono stempu tu kwa kuiga thamani kwamba 597 00:31:18,200 --> 00:31:20,860 na kutuma headers HTTP, mtu angeweza kwa urahisi sana 598 00:31:20,860 --> 00:31:23,510 kuingia katika yoyote ya Facebook akaunti au akaunti ya Gmail 599 00:31:23,510 --> 00:31:27,355 au akaunti Twitter kwamba ni hapa, wazi katika chumba, kama wewe si kutumia SSL 600 00:31:27,355 --> 00:31:31,500 na kama tovuti ni si kwa kutumia SSL kwa usahihi. 601 00:31:31,500 --> 00:31:33,690 >> Basi hebu mpito kwa mtu mwingine. 602 00:31:33,690 --> 00:31:34,700 Hivyo hadithi nyingine ya kweli. 603 00:31:34,700 --> 00:31:38,680 Na hii kuvunja tu katika habari wiki moja au mbili zilizopita. 604 00:31:38,680 --> 00:31:41,520 Verizon amekuwa akifanya jambo baya sana, 605 00:31:41,520 --> 00:31:45,110 na kama watu bora wanaweza kuwaambia, tangu angalau 2012, ambapo, 606 00:31:45,110 --> 00:31:51,550 wakati kupata tovuti kupitia Verizon Mkono, chochote watengenezaji ni, 607 00:31:51,550 --> 00:31:54,150 wamekuwa kujikinai, kama hadithi inakwenda, 608 00:31:54,150 --> 00:31:59,890 sindano katika yote ya HTTP yako trafiki mwenyewe HTTP header yao. 609 00:31:59,890 --> 00:32:04,040 Na kwamba kichwa inaonekana kama this-- X-UIDH. 610 00:32:04,040 --> 00:32:06,465 UID ni kama ya kipekee kitambulisho au user ID. 611 00:32:06,465 --> 00:32:09,660 Na X tu ina maana hii ni desturi header si kwamba kiwango. 612 00:32:09,660 --> 00:32:11,720 >> Lakini nini maana ya hii ni kwamba, kama mimi kuvuta up, 613 00:32:11,720 --> 00:32:14,640 kwa mfano, tovuti yoyote kwenye simu yangu here-- 614 00:32:14,640 --> 00:32:18,310 na mimi nina kutumia Verizon kama carrier-- yangu ingawa browser yangu huenda si 615 00:32:18,310 --> 00:32:21,110 kutuma hii HTTP header, Verizon, haraka 616 00:32:21,110 --> 00:32:23,650 kama ishara fika yao Mkono mnara mahali fulani, 617 00:32:23,650 --> 00:32:28,187 imekuwa kwa muda sindano hii header katika yote ya HTTP yetu trafiki. 618 00:32:28,187 --> 00:32:29,020 Kwa nini wao kufanya hili? 619 00:32:29,020 --> 00:32:31,920 Takribani kwa sababu ya kufuatilia, kwa sababu ya matangazo. 620 00:32:31,920 --> 00:32:36,280 >> Lakini moronic kubuni uamuzi hapa ni kwamba header HTTP, 621 00:32:36,280 --> 00:32:41,090 kama wewe guys kujua kutoka pset6, ni kupokea na server yoyote ya mtandao 622 00:32:41,090 --> 00:32:42,540 kuwa wewe ni kuomba trafiki wa. 623 00:32:42,540 --> 00:32:44,248 Hivyo muda wote huu, kama tumekuwa kutembelea 624 00:32:44,248 --> 00:32:48,019 Facebook au Orodha au tovuti yoyote kwamba haina matumizi SSL time-- wote 625 00:32:48,019 --> 00:32:49,810 na kwa kweli, wale mbili nashiriki sasa do-- 626 00:32:49,810 --> 00:32:52,670 lakini tovuti nyingine kwamba hawatumii SSL wakati wote, 627 00:32:52,670 --> 00:32:54,930 Verizon ina kimsingi wamekuwa kupanda, kwa nguvu, 628 00:32:54,930 --> 00:32:58,180 mkono stempu juu ya yote ya yetu mikono kwamba hata hatuoni, 629 00:32:58,180 --> 00:33:00,330 lakini badala yake, Nje mwisho kufanya. 630 00:33:00,330 --> 00:33:02,890 Na hivyo haijawahi kuwa ngumu kwa mtu yeyote juu ya biashara ya 631 00:33:02,890 --> 00:33:05,245 kuendesha server mtandao kutambua, ooh, hii ni David, 632 00:33:05,245 --> 00:33:09,340 au, ooh, hii ni Davin, hata kama sisi ni ukali kuhusu kufuta vidakuzi yetu, 633 00:33:09,340 --> 00:33:10,772 sababu si kuja kutoka kwetu. 634 00:33:10,772 --> 00:33:11,980 Ni kuja kutoka carrier. 635 00:33:11,980 --> 00:33:14,896 >> Wao kufanya Luke kwenye simu yako ya simu na kisha kusema, oh, hii ni David. 636 00:33:14,896 --> 00:33:18,890 Napenda kuingiza kitambulisho kipekee hivyo kwamba matangazo yetu au mtu anaweza 637 00:33:18,890 --> 00:33:19,850 kuweka wimbo wa hii. 638 00:33:19,850 --> 00:33:23,769 Hivyo hii ni kweli sana, sana, mbaya sana na horrifying. 639 00:33:23,769 --> 00:33:26,060 Na napenda moyo kuangalia, kwa mfano, 640 00:33:26,060 --> 00:33:29,950 URL hii, ambayo mimi lazima WANAKANUSHA Mimi kwa kweli walijaribu hii leo asubuhi. 641 00:33:29,950 --> 00:33:31,970 Niliandika script kidogo, kuiweka katika URL hii, 642 00:33:31,970 --> 00:33:34,770 alitembelea ni pamoja na Verizon yangu mwenyewe Mkono baada ya kugeuka Wi-Fi mbali. 643 00:33:34,770 --> 00:33:38,010 Hivyo una kugeuka Wi-Fi mbali ili unatumia 3G au LTE au kama. 644 00:33:38,010 --> 00:33:40,010 Na kisha, kama wewe kutembelea URL hii, script hii yote 645 00:33:40,010 --> 00:33:41,770 gani kwa ajili yenu guys, kama Ningependa kucheza, 646 00:33:41,770 --> 00:33:45,380 ni ni akimtemea nini HTTP headers simu yako ni kutuma kwa server yetu. 647 00:33:45,380 --> 00:33:48,510 Na mimi kwa kweli, katika haki, alifanya si kuona hii asubuhi hii, ambayo 648 00:33:48,510 --> 00:33:51,430 inafanya mimi nadhani aidha mitaa mnara Mkono nilikuwa kushikamana na 649 00:33:51,430 --> 00:33:55,160 au whatnot si kufanya hivyo, au wameweza yanayoambatana mbali ya kufanya hivyo kwa muda. 650 00:33:55,160 --> 00:33:58,160 Lakini kwa habari zaidi, kwa kichwa na URL hii hapa. 651 00:33:58,160 --> 00:34:00,680 >> Na sasa kwa this-- hii Comic wanaweza kufanya maana. 652 00:34:00,680 --> 00:34:03,530 653 00:34:03,530 --> 00:34:04,030 Hakuna? 654 00:34:04,030 --> 00:34:04,530 OK. 655 00:34:04,530 --> 00:34:05,390 Wote haki. 656 00:34:05,390 --> 00:34:06,310 Kwamba alikufa. 657 00:34:06,310 --> 00:34:07,240 Wote haki. 658 00:34:07,240 --> 00:34:11,330 >> Basi hebu tuangalie michache ya zaidi mashambulizi, kama tu ili kuongeza uelewa wa 659 00:34:11,330 --> 00:34:13,179 na kisha kutoa wanandoa ufumbuzi uwezo 660 00:34:13,179 --> 00:34:14,430 hivyo kwamba wewe ni kukumbuka yote zaidi. 661 00:34:14,430 --> 00:34:17,305 Hii moja kuongelea nyingine siku, lakini hakuwa na kutoa jina hilo. 662 00:34:17,305 --> 00:34:22,360 Ni msalaba-site ombi kughushi, ambayo ni njia kupita kiasi dhana ya kusema 663 00:34:22,360 --> 00:34:26,489 you hila user katika kubonyeza URL kama hii, ambayo mbinu yao 664 00:34:26,489 --> 00:34:28,280 katika baadhi ya tabia kwamba wao hakuwa na nia. 665 00:34:28,280 --> 00:34:30,710 >> Katika kesi hiyo, hii inaonekana kuwa kujaribu hila mimi 666 00:34:30,710 --> 00:34:32,920 ndani ya kuuza hisa wangu wa Google. 667 00:34:32,920 --> 00:34:36,810 Na hii itakuwa kufanikiwa kama Mimi, programu ya pset7, 668 00:34:36,810 --> 00:34:40,409 hawajafanya nini? 669 00:34:40,409 --> 00:34:44,739 Au tuseme, kwa ujumla zaidi, katika kile kesi mimi kuathirika zaidi na mashambulizi 670 00:34:44,739 --> 00:34:49,460 kama mtu tricks mtumiaji mwingine ndani ya kubonyeza URL kama hii? 671 00:34:49,460 --> 00:34:49,960 Yeah? 672 00:34:49,960 --> 00:34:52,500 >> Watazamaji: Huwezi kutofautisha kati ya kupata na POST. 673 00:34:52,500 --> 00:34:52,760 >> DAVID J. Malan: Good. 674 00:34:52,760 --> 00:34:54,850 Kama hatuwezi kutofautisha kati ya kupata na POST, 675 00:34:54,850 --> 00:34:57,950 na kwa kweli, kama sisi kuruhusu GET kwa ajili ya kuuza vitu, 676 00:34:57,950 --> 00:35:00,284 sisi ni kuwakaribisha aina hii ya mashambulizi. 677 00:35:00,284 --> 00:35:01,950 Lakini sisi bado linaweza kupunguza kiasi fulani. 678 00:35:01,950 --> 00:35:04,283 Na mimi maoni, nadhani, wiki iliyopita kwamba Amazon angalau 679 00:35:04,283 --> 00:35:08,180 anajaribu kupunguza hii na mbinu hiyo ni pretty moja kwa moja. 680 00:35:08,180 --> 00:35:11,860 Nini ingekuwa jambo smart kufanya kuwa juu ya server yako, 681 00:35:11,860 --> 00:35:14,652 badala ya tu upofu kuuza chochote ishara aina user katika? 682 00:35:14,652 --> 00:35:15,984 Watazamaji: Uthibitisho wa aina? 683 00:35:15,984 --> 00:35:19,320 DAVID J. Malan: screen uthibitisho, kitu kuwashirikisha mahusiano ya binadamu 684 00:35:19,320 --> 00:35:21,300 hivyo kwamba mimi ni kulazimishwa kufanya wito hukumu, 685 00:35:21,300 --> 00:35:23,930 hata kama nimepata naively clicked kiungo kwamba inaonekana kama hii 686 00:35:23,930 --> 00:35:27,760 na aliniongoza screen kiini, katika angalau akaniuliza kuthibitisha au kukataa. 687 00:35:27,760 --> 00:35:32,460 Lakini si mashambulizi makali, hasa katika kinachojulikana wizi au spam-kama 688 00:35:32,460 --> 00:35:33,280 mashambulizi. 689 00:35:33,280 --> 00:35:34,890 >> Sasa, hii ni moja ya hila kidogo zaidi. 690 00:35:34,890 --> 00:35:37,060 Hii ni msalaba-site scripting mashambulizi. 691 00:35:37,060 --> 00:35:39,250 Na hii hufanyika kama yako tovuti si kutumia 692 00:35:39,250 --> 00:35:41,260 sawa htmlspecialchars. 693 00:35:41,260 --> 00:35:45,160 Na ni kuchukua pembejeo user na tu upofu sindano ndani ya ukurasa wa mtandao, 694 00:35:45,160 --> 00:35:48,170 kama na magazeti au echo, with-- again-- nje wito kitu 695 00:35:48,170 --> 00:35:49,710 kama htmlspecialchars. 696 00:35:49,710 --> 00:35:52,602 >> Hivyo tuseme tovuti katika Swali ni vulnerable.com. 697 00:35:52,602 --> 00:35:55,620 Na tuseme ni anapokea parameter aitwaye q. 698 00:35:55,620 --> 00:35:59,040 Kuangalia nini kinaweza kutokea kama mimi kweli, guy mbaya, 699 00:35:59,040 --> 00:36:02,360 aina katika au hila user katika kutembelea URL kwamba inaonekana kama this-- 700 00:36:02,360 --> 00:36:05,900 q = wazi script tag, tag imefungwa script. 701 00:36:05,900 --> 00:36:08,480 Na tena, mimi nina kuchukua kwamba vulnerable.com si 702 00:36:08,480 --> 00:36:11,740 kwenda kugeuka hatari wahusika kama mabano wazi 703 00:36:11,740 --> 00:36:15,570 ndani ya vyombo HTML, ampersand, L-T, semicolon jambo 704 00:36:15,570 --> 00:36:17,090 kwamba unaweza kuwa na kuonekana kabla. 705 00:36:17,090 --> 00:36:18,900 >> Lakini ni nini script au JavaScript kificho 706 00:36:18,900 --> 00:36:21,160 Mimi nina kujaribu hila user katika utekelezaji? 707 00:36:21,160 --> 00:36:25,420 Naam, document.location inahusu kwa sasa browser anwani yangu. 708 00:36:25,420 --> 00:36:29,400 Hivyo kama mimi kufanya document.location =, hii inaruhusu mimi kuelekeza user 709 00:36:29,400 --> 00:36:30,830 katika JavaScript tovuti nyingine. 710 00:36:30,830 --> 00:36:34,290 Ni kama PHP wetu kazi kuelekeza, lakini kufanyika katika JavaScript. 711 00:36:34,290 --> 00:36:35,900 >> Ambapo mimi kujaribu kupeleka user? 712 00:36:35,900 --> 00:36:40,110 Naam, inaonekana, badguy.com/log.php, ambayo ni baadhi script, inaonekana, 713 00:36:40,110 --> 00:36:43,530 guy mbaya aliandika, kwamba inachukua parameter kinachoitwa cookie. 714 00:36:43,530 --> 00:36:46,790 >> Na ilani, je mimi kuonekana kuwa concatenating 715 00:36:46,790 --> 00:36:49,190 kwenye mwisho wa ishara kwamba sawa? 716 00:36:49,190 --> 00:36:52,030 Vizuri, jambo ambalo anasema document.cookie. 717 00:36:52,030 --> 00:36:53,320 Sisi si aliongea kuhusu hili. 718 00:36:53,320 --> 00:36:55,730 Lakini zinageuka, katika JavaScript, kama katika PHP, 719 00:36:55,730 --> 00:36:59,770 unaweza kupata yote ya cookies kwamba browser yako ni kweli kutumia. 720 00:36:59,770 --> 00:37:02,180 >> Hivyo athari za hii moja mstari wa kanuni, kama mtumiaji 721 00:37:02,180 --> 00:37:06,440 ni mkadanganywa katika kubonyeza kiungo huu na tovuti vulnerable.com haina 722 00:37:06,440 --> 00:37:10,000 kutoroka kwa htmlspecialchars, ni kwamba una ufanisi tu 723 00:37:10,000 --> 00:37:13,660 kupakiwa kwa log.php yote ya cookies yako. 724 00:37:13,660 --> 00:37:17,300 Na kwamba si mara zote kwamba tatizo, isipokuwa kama moja ya kuki wale 725 00:37:17,300 --> 00:37:20,040 ni kikao ID yako, yako kinachojulikana mkono stempu, ambayo 726 00:37:20,040 --> 00:37:26,470 ina maana badguy.com wanaweza kufanya yake mwenyewe Maombi HTTP, kutuma mkono huo huo 727 00:37:26,470 --> 00:37:30,210 muhuri, header kwamba huo cookie, na kuingia katika tovuti yoyote 728 00:37:30,210 --> 00:37:33,680 wewe walikuwa kutembelea, ambayo katika kesi hii ni vulnerable.com. 729 00:37:33,680 --> 00:37:35,940 Ni msalaba-site scripting mashambulizi katika hisia 730 00:37:35,940 --> 00:37:38,130 kuwa wewe ni aina ya tricking moja tovuti katika kusimulia 731 00:37:38,130 --> 00:37:43,560 tovuti nyingine kuhusu baadhi ya habari ni lazima, kwa kweli, wanapata. 732 00:37:43,560 --> 00:37:46,510 >> Haki zote, tayari kwa ajili ya moja nyingine inatia mashaka undani? 733 00:37:46,510 --> 00:37:49,970 Haki zote, dunia ni mahali inatisha, kihalali hivyo. 734 00:37:49,970 --> 00:37:52,480 Hapa ni rahisi JavaScript mfano kwamba 735 00:37:52,480 --> 00:37:54,847 katika kanuni chanzo leo aitwaye geolocation 0 na 1. 736 00:37:54,847 --> 00:37:56,930 Na kuna wanandoa Walkthroughs online kwa hili. 737 00:37:56,930 --> 00:37:59,920 >> Na haina zifuatazo kama mimi kufungua ukurasa huu mtandao katika Chrome. 738 00:37:59,920 --> 00:38:04,590 Ni ya kwanza haina chochote. 739 00:38:04,590 --> 00:38:07,300 OK, tutaweza kujaribu hii tena. 740 00:38:07,300 --> 00:38:07,800 Oh. 741 00:38:07,800 --> 00:38:10,990 742 00:38:10,990 --> 00:38:13,370 Hakuna, ni lazima kufanya kitu. 743 00:38:13,370 --> 00:38:16,500 OK, kusimama kwa. 744 00:38:16,500 --> 00:38:18,200 >> Hebu jaribu hii mara moja zaidi. 745 00:38:18,200 --> 00:38:21,285 746 00:38:21,285 --> 00:38:21,785 [Inaudible] 747 00:38:21,785 --> 00:38:26,941 748 00:38:26,941 --> 00:38:29,444 Ah, OK, uhakika kwa nini the-- oh, appliance 749 00:38:29,444 --> 00:38:31,360 pengine wamepoteza biashara upatikanaji kwa sababu fulani. 750 00:38:31,360 --> 00:38:32,840 Haki wote, hivyo hutokea kwangu, pia. 751 00:38:32,840 --> 00:38:34,650 >> Haki wote, hivyo ilani nini kinaendelea hapa. 752 00:38:34,650 --> 00:38:37,300 Hii cryptic-kuangalia URL, ambayo ni moja tu ya CS50 server, 753 00:38:37,300 --> 00:38:41,130 anataka kutumia kompyuta yangu eneo, kama kimwili maana yake. 754 00:38:41,130 --> 00:38:45,160 Na kama kweli, mimi click kwenye Kuruhusu, hebu angalia nini kinatokea. 755 00:38:45,160 --> 00:38:49,030 Inavyoonekana, hii ni latitude yangu ya sasa na longitudinal kuratibu chini 756 00:38:49,030 --> 00:38:51,660 kwa azimio pretty darn nzuri. 757 00:38:51,660 --> 00:38:53,310 >> Hivyo ni jinsi gani mimi kupata katika hili? 758 00:38:53,310 --> 00:38:57,620 Jinsi gani tovuti hii, kama CS50 server, kujua kimwili ambapo katika dunia 759 00:38:57,620 --> 00:38:59,600 Mimi, achilia na kwamba usahihi. 760 00:38:59,600 --> 00:39:01,990 Vizuri, anarudi out-- hebu tu kuangalia ukurasa wa source-- 761 00:39:01,990 --> 00:39:05,280 kwamba katika hapa ni kundi la HTML katika chini kwamba kwanza ina this-- 762 00:39:05,280 --> 00:39:09,080 mwili onload = "geolocate" - tu kazi niliandika. 763 00:39:09,080 --> 00:39:11,840 >> Na mimi kusema, juu ya upakiaji ukurasa, piga geolocate. 764 00:39:11,840 --> 00:39:13,750 Na kisha kuna kitu katika mwili, kwa sababu 765 00:39:13,750 --> 00:39:16,270 katika kichwa cha ukurasa, taarifa ya nini mimi hapa. 766 00:39:16,270 --> 00:39:18,090 Hapa ni geolocate yangu kazi. 767 00:39:18,090 --> 00:39:23,560 Na hii ni baadhi tu ya makosa checking-- kama aina ya navigator.geolocation 768 00:39:23,560 --> 00:39:24,490 si kisichojulikana. 769 00:39:24,490 --> 00:39:26,240 Hivyo JavaScript ina hii utaratibu ambapo wewe 770 00:39:26,240 --> 00:39:28,270 unaweza kusema, ni nini aina ya kutofautiana hii? 771 00:39:28,270 --> 00:39:30,790 Na kama si undefined-- hiyo ina maana ni baadhi value-- 772 00:39:30,790 --> 00:39:35,940 Mimi nina kwenda kuwaita navigator.geolocation.getCurrentPosition 773 00:39:35,940 --> 00:39:37,230 na kisha callback. 774 00:39:37,230 --> 00:39:37,750 >> Nini hii? 775 00:39:37,750 --> 00:39:39,916 Hivyo kwa ujumla, ni nini callback, tu kuwa wazi? 776 00:39:39,916 --> 00:39:42,890 Unaweza kuwa wamekutana hii tayari katika pset8. 777 00:39:42,890 --> 00:39:44,790 Callback ni generic mrefu kwa ajili ya kufanya nini? 778 00:39:44,790 --> 00:39:48,430 779 00:39:48,430 --> 00:39:49,554 Anahisi kama mimi tu leo. 780 00:39:49,554 --> 00:39:50,470 Watazamaji: [inaudible]. 781 00:39:50,470 --> 00:39:53,322 782 00:39:53,322 --> 00:39:55,280 DAVID J. Malan: Hasa, kazi ambayo lazima 783 00:39:55,280 --> 00:39:57,330 kuitwa tu wakati tuna data. 784 00:39:57,330 --> 00:40:01,510 Wito huu kwa kivinjari, kupata sasa yangu msimamo, inaweza kuchukua millisecond moja, 785 00:40:01,510 --> 00:40:02,720 inaweza kuchukua dakika. 786 00:40:02,720 --> 00:40:06,960 Nini maana ya hii ni sisi ni kuwaambia Njia ya kupata getCurrentPosition, 787 00:40:06,960 --> 00:40:09,910 wito huu kazi callback, ambayo mimi literally aitwaye callback 788 00:40:09,910 --> 00:40:13,150 kwa unyenyekevu, ambayo inaonekana ni moja hii hapa. 789 00:40:13,150 --> 00:40:16,290 >> Na njia getCurrentPosition kazi, tu kwa kusoma nyaraka 790 00:40:16,290 --> 00:40:19,540 kwa baadhi JavaScript kificho online, ni kwamba wito kwamba kinachojulikana callback 791 00:40:19,540 --> 00:40:23,220 kazi, hupita katika ni JavaScript kitu, 792 00:40:23,220 --> 00:40:28,970 ndani ya ambayo ni .coords.latitude na .coords.longitude, 793 00:40:28,970 --> 00:40:32,140 ambayo ni hasa jinsi, basi, wakati mimi reloaded ukurasa huu, 794 00:40:32,140 --> 00:40:33,985 Nilikuwa na uwezo wa kuona eneo yangu hapa. 795 00:40:33,985 --> 00:40:35,610 Sasa, angalau kulikuwa ulinzi hapa. 796 00:40:35,610 --> 00:40:37,820 Kabla ya mimi alitembelea ukurasa huu, wakati ni kweli kazi, 797 00:40:37,820 --> 00:40:40,935 nini ilikuwa mimi angalau ilisababisha kwa? 798 00:40:40,935 --> 00:40:42,180 >> Watazamaji: [inaudible]. 799 00:40:42,180 --> 00:40:44,200 >> DAVID J. Malan: Ndiyo au no-- kufanya unataka kuruhusu au kukataa hili? 800 00:40:44,200 --> 00:40:46,630 Lakini nadhani pia, juu ya tabia nyie pengine iliyopitishwa, 801 00:40:46,630 --> 00:40:48,330 wote juu ya simu yako na browsers yako. 802 00:40:48,330 --> 00:40:50,390 Wengi wetu, mimi mwenyewe pamoja, pengine 803 00:40:50,390 --> 00:40:54,960 pretty predisposed haya days-- unaweza kuona pop-up, kuingia tu, sawa, kupitisha, 804 00:40:54,960 --> 00:40:55,730 Kuruhusu. 805 00:40:55,730 --> 00:40:59,070 Na kuongezeka, unaweza kuweka mwenyewe katika hatari kwa sababu hizo. 806 00:40:59,070 --> 00:41:03,280 >> Hivyo kwa kweli, kulikuwa mdudu hii ya ajabu miaka michache ago-- au ukosefu wa feature-- 807 00:41:03,280 --> 00:41:08,250 kwamba iTunes alikuwa na miaka michache iliyopita, ambapo, kama alikuwa simu ya mkononi, 808 00:41:08,250 --> 00:41:12,000 na ilikuwa iPhone, na wewe kushoto yako ya nyumbani 809 00:41:12,000 --> 00:41:15,600 na hivyo alisafiri duniani kote au kitongoji, muda wote huu, 810 00:41:15,600 --> 00:41:17,819 simu yako ilikuwa magogo ambapo ni kupitia GPS. 811 00:41:17,819 --> 00:41:20,610 Na hii ni kweli wazi, na watu wa aina hii wanatarajia sasa. 812 00:41:20,610 --> 00:41:21,930 Simu yako anajua wapi. 813 00:41:21,930 --> 00:41:24,990 Lakini tatizo ni kwamba, wakati walikuwa inaunga mkono up 814 00:41:24,990 --> 00:41:29,260 simu yako iTunes-- hii ilikuwa kabla ya siku ya iCloud, ambayo ni kwa ajili ya bora 815 00:41:29,260 --> 00:41:33,960 au kwa worse-- data mara kuwa kuhifadhiwa katika iTunes, kabisa kimaandishi. 816 00:41:33,960 --> 00:41:37,370 Hivyo kama una familia au roommates au jirani malicious ambaye ni 817 00:41:37,370 --> 00:41:41,430 curious kuhusu literally kila GPS kuratibu umewahi kuwa na, 818 00:41:41,430 --> 00:41:43,300 yeye au yeye anaweza tu kukaa chini iTunes, kukimbia 819 00:41:43,300 --> 00:41:46,540 baadhi ya programu hiyo ilikuwa kwa uhuru inapatikana, na ramani mazao kama hii. 820 00:41:46,540 --> 00:41:48,680 >> Kwa kweli, hii ni nini mimi zinazozalishwa ya simu yangu mwenyewe. 821 00:41:48,680 --> 00:41:49,380 Mimi plugged katika. 822 00:41:49,380 --> 00:41:51,670 Na inaonekana kama, kulingana juu ya dots bluu huko, 823 00:41:51,670 --> 00:41:53,900 hiyo ni ambapo zaidi ya GPS kuratibu walikuwa 824 00:41:53,900 --> 00:41:56,680 watumiaji na iTunes kwamba mimi ilikuwa katika kaskazini huko. 825 00:41:56,680 --> 00:42:00,030 Lakini mimi inaonekana alisafiri kote kidogo, hata ndani ya Massachusetts. 826 00:42:00,030 --> 00:42:01,950 >> Hivyo hiyo ni Boston Bandari kuna juu ya haki. 827 00:42:01,950 --> 00:42:04,430 Hiyo ni aina ya Cambridge na Boston, ambapo ni giza. 828 00:42:04,430 --> 00:42:07,660 Na mara kwa mara, napenda kukimbia safari fupi kwa Jiografia kubwa. 829 00:42:07,660 --> 00:42:11,464 >> Lakini iTunes, kwa miaka, alikuwa, kama bora Mimi nilikuwa kuwaambia, wote wa data hii mimi. 830 00:42:11,464 --> 00:42:13,380 Unaweza kuwaambia kwamba, mwaka huo, nilikuwa kweli 831 00:42:13,380 --> 00:42:17,990 kusafiri mengi kati ya Boston na New York, kwenda na kurudi 832 00:42:17,990 --> 00:42:18,830 na na kurudi. 833 00:42:18,830 --> 00:42:22,660 Na hakika, huu ni yangu juu ya Amtrak, nyuma na nje, na kurudi, kidogo kabisa. 834 00:42:22,660 --> 00:42:25,970 Yote ya kwamba mara kuwa watumiaji na huhifadhiwa kwenye encrypted kwenye kompyuta yangu 835 00:42:25,970 --> 00:42:28,520 kwa mtu yeyote ambaye anaweza kuwa upatikanaji wa kompyuta yangu. 836 00:42:28,520 --> 00:42:29,480 >> Hii ilikuwa inatia mashaka. 837 00:42:29,480 --> 00:42:32,180 Sikujua nini nilikuwa katika Pennsylvania au nini 838 00:42:32,180 --> 00:42:35,277 simu yangu alikuwa katika Pennsylvania, inaonekana uungwana lenye. 839 00:42:35,277 --> 00:42:37,360 Na kisha, hatimaye, nikaona katika Gcal yangu, na, oh, mimi 840 00:42:37,360 --> 00:42:39,880 alitembelea CMU, Carnegie Mellon, wakati huo. 841 00:42:39,880 --> 00:42:42,031 Na phew, aina hiyo ya Alieleza kuwa blip. 842 00:42:42,031 --> 00:42:43,780 Na kisha, kama wewe kuvuta nje zaidi, unaweza 843 00:42:43,780 --> 00:42:46,850 kuona mimi alitembelea San Francisco moja au zaidi ya mara kisha, 844 00:42:46,850 --> 00:42:51,140 na mimi hata alikuwa layover katika kile Nadhani ni Vegas, chini huko. 845 00:42:51,140 --> 00:42:54,120 Basi wote wa this-- tu layover, katika uwanja wa ndege. 846 00:42:54,120 --> 00:42:56,420 >> Watazamaji: [Kicheko] 847 00:42:56,420 --> 00:43:00,760 >> Hivyo hii ni tu kusema kwamba hizi matatizo, uaminifu, ni omnipresent. 848 00:43:00,760 --> 00:43:02,780 Na anahisi tu inazidi kama kuna 849 00:43:02,780 --> 00:43:05,810 zaidi na zaidi ya hii kuwa wazi, ambayo pengine ni jambo jema. 850 00:43:05,810 --> 00:43:08,390 Mimi daresay, dunia si inazidi kuwa mbaya katika kuandika programu. 851 00:43:08,390 --> 00:43:10,520 Sisi ni kupata bora, hopefully, katika noticing 852 00:43:10,520 --> 00:43:13,037 jinsi mbaya programu fulani ni kwamba sisi ni kutumia. 853 00:43:13,037 --> 00:43:14,870 Na nashiriki, baadhi makampuni ni mwanzo 854 00:43:14,870 --> 00:43:17,080 kuwajibishwa kwa hili. 855 00:43:17,080 --> 00:43:19,080 >> Lakini ni aina gani ya ulinzi unaweza kuwa na akili? 856 00:43:19,080 --> 00:43:23,610 Hivyo badala ya mameneja password, kama 1Password na LastPass na wengine, 857 00:43:23,610 --> 00:43:27,340 badala ya tu kubadilisha nywila yako na kuja na ndio random 858 00:43:27,340 --> 00:43:29,700 kutumia programu kama kwamba, unaweza pia kujaribu 859 00:43:29,700 --> 00:43:31,700 kama bora unaweza encrypt yote ya trafiki yako 860 00:43:31,700 --> 00:43:34,680 angalau kupunguza ukanda wa tishio. 861 00:43:34,680 --> 00:43:38,100 Hivyo kwa mfano, kama Harvard washirika, unaweza wote kwenda vpn.harvard.edu 862 00:43:38,100 --> 00:43:41,010 na kuingia kwenye Harvard ID yako na PIN. 863 00:43:41,010 --> 00:43:49,350 Na hii itakuwa kuanzisha salama uhusiano kati ya wewe na Harvard. 864 00:43:49,350 --> 00:43:51,150 >> Sasa, kwamba haina lazima kulinda wewe 865 00:43:51,150 --> 00:43:54,360 dhidi ya vitisho yoyote kwamba ni kati ya Harvard na Facebook au Harvard 866 00:43:54,360 --> 00:43:54,861 na Gmail. 867 00:43:54,861 --> 00:43:56,735 Lakini kama wewe ni ameketi katika uwanja wa ndege au uko 868 00:43:56,735 --> 00:43:59,260 ameketi katika Starbucks au uko ameketi katika rafiki, 869 00:43:59,260 --> 00:44:02,730 na wewe si kweli imani yao au wao Configuration ya nyumba zao router, 870 00:44:02,730 --> 00:44:04,970 angalau unaweza kuanzisha uhusiano salama 871 00:44:04,970 --> 00:44:10,260 kwa chombo kama nafasi hii kwamba pengine kidogo bora kuulinda 872 00:44:10,260 --> 00:44:12,437 kuliko kitu kama Starbucks au kama. 873 00:44:12,437 --> 00:44:14,270 Na nini hii haina ni itaanzisha tena, 874 00:44:14,270 --> 00:44:16,300 encryption kati ya wewe na endpoint. 875 00:44:16,300 --> 00:44:17,880 >> Hata fancier ni mambo kama haya. 876 00:44:17,880 --> 00:44:20,000 Hivyo baadhi ya unaweza tayari kuwa ukoo na Tor, 877 00:44:20,000 --> 00:44:22,930 ambayo ni ya aina hii ya anonymization mtandao, ambapo kura ya watu, 878 00:44:22,930 --> 00:44:26,640 kama wao kukimbia programu hii, njia hatimaye biashara zao 879 00:44:26,640 --> 00:44:27,990 trafiki kwa njia ya kila mmoja. 880 00:44:27,990 --> 00:44:31,460 Hivyo hatua fupi ni tena kati ya A na B. 881 00:44:31,460 --> 00:44:35,850 Lakini inaweza kuwa wote juu ya mahali ili kwamba wewe ni kimsingi 882 00:44:35,850 --> 00:44:40,742 kufunika nyimbo moja na kuacha chini ya rekodi kama ambapo HTTP yako 883 00:44:40,742 --> 00:44:43,950 trafiki alikuja kutoka, kwa sababu ni kwenda kupitia rundo zima la watu wengine 884 00:44:43,950 --> 00:44:45,990 Laptops au desktops, kwa bora au mbaya. 885 00:44:45,990 --> 00:44:48,180 >> Lakini hata hii si jambo surefire. 886 00:44:48,180 --> 00:44:51,560 Baadhi ya unaweza kukumbuka mwaka jana scare bomu aliyeitwa katika. 887 00:44:51,560 --> 00:44:54,662 Na ilikuwa chapwa hatimaye mtumiaji ambaye alikuwa kutumika mtandao huu hapa. 888 00:44:54,662 --> 00:44:57,870 Na kukamata huko, kama mimi kukumbuka, yaani, kama kuna watu wengine si kwamba wengi 889 00:44:57,870 --> 00:45:02,190 kutumia programu kama hii au kutumia hii bandari na itifaki, 890 00:45:02,190 --> 00:45:06,250 si kwamba vigumu kwa mtandao hata kufikiri ambao, pamoja na baadhi ya uwezekano, 891 00:45:06,250 --> 00:45:08,950 alikuwa katika anonymizing ukweli yake au trafiki yake. 892 00:45:08,950 --> 00:45:12,030 >> Na mimi sijui kama wale walikuwa maelezo halisi katika swali. 893 00:45:12,030 --> 00:45:15,400 Lakini hakika, kutambua kwamba hakuna hizi ni ufumbuzi surefire, kama vile. 894 00:45:15,400 --> 00:45:18,820 Na lengo hapa leo ni angalau kupata wewe kufikiria juu ya mambo haya 895 00:45:18,820 --> 00:45:23,140 na kuja na mbinu kwa ajili ya kutetea mwenyewe dhidi yao. 896 00:45:23,140 --> 00:45:28,858 Maswali yoyote juu ya yote ya vitisho kwamba wakisubiri wewe huko nje, na katika hapa? 897 00:45:28,858 --> 00:45:29,358 Yeah? 898 00:45:29,358 --> 00:45:29,858 899 00:45:29,858 --> 00:45:31,793 Watazamaji: Jinsi salama kufanya tunatarajia wastani 900 00:45:31,793 --> 00:45:35,210 [? tovuti ya kuwa,?] kama wastani CS50 mradi? 901 00:45:35,210 --> 00:45:38,530 >> DAVID J. Malan: wastani CS50 mradi? 902 00:45:38,530 --> 00:45:43,190 Ni daima imeonekana kila mwaka kwamba baadhi CS50 miradi ya mwisho ni si 903 00:45:43,190 --> 00:45:44,530 hasa salama. 904 00:45:44,530 --> 00:45:47,940 Kawaida, ni baadhi roommate au hallmate kwamba takwimu hii nje 905 00:45:47,940 --> 00:45:51,200 kwa kutuma maombi ya mradi wako. 906 00:45:51,200 --> 00:45:55,230 >> Short answer-- wangapi Nje ni salama? 907 00:45:55,230 --> 00:45:57,450 Mimi kuokota juu leo ​​anomalies. 908 00:45:57,450 --> 00:46:00,640 Kama ilivyokuwa tu happenstance kwamba mimi alitambua kwamba tovuti hii 909 00:46:00,640 --> 00:46:03,390 Nimekuwa kuagiza haya kusema ukweli mipango ladha from-- 910 00:46:03,390 --> 00:46:05,348 na mimi nina uhakika mimi itabidi kuacha kutumia tovuti yao, 911 00:46:05,348 --> 00:46:08,030 Mimi inaweza kubadilika tu wangu password zaidi regularly-- 912 00:46:08,030 --> 00:46:11,320 Ni wazi jinsi mazingira magumu yote haya various-- 913 00:46:11,320 --> 00:46:12,970 hii ni chocolate-kufunikwa kweli. 914 00:46:12,970 --> 00:46:16,172 915 00:46:16,172 --> 00:46:19,130 jibu fupi, siwezi kujibu kwamba ufanisi, zaidi ya kusema hivyo 916 00:46:19,130 --> 00:46:22,150 sio kwamba vigumu kwa mimi kupata baadhi ya mifano tu 917 00:46:22,150 --> 00:46:24,040 kwa ajili ya majadiliano katika hotuba. 918 00:46:24,040 --> 00:46:26,456 Na tu kuweka jicho Google News na rasilimali nyingine 919 00:46:26,456 --> 00:46:29,590 kuleta wote zaidi ya aina hii ya mambo kwa mwanga. 920 00:46:29,590 --> 00:46:32,460 >> Haki zote, hebu kuhitimisha na prequel hii 921 00:46:32,460 --> 00:46:36,870 kuwa timu CS50 ya ameandaa kwa ajili yenu kwa kutarajia CS50 hackathon. 922 00:46:36,870 --> 00:46:39,763 Na juu ya njia yako nje katika sasa, matunda itakuwa aliwahi. 923 00:46:39,763 --> 00:46:40,429 [Video avspelning] 924 00:46:40,429 --> 00:46:43,595 [MZIKI Fergie, Q TIP, NA GOONROCK, "A LITTLE PARTY Hawajaua hakuna mtu (ALL 925 00:46:43,595 --> 00:46:44,373 Tulipata) "] 926 00:46:44,373 --> 00:48:08,880 927 00:48:08,880 --> 00:48:13,467 >> - [Snoring] 928 00:48:13,467 --> 00:48:14,300 [MWISHO video avspelning] 929 00:48:14,300 --> 00:48:15,420 DAVID J. Malan: Hiyo ni kwa CS50. 930 00:48:15,420 --> 00:48:16,544 Tutaweza kuona juu ya Jumatano. 931 00:48:16,544 --> 00:48:20,670 932 00:48:20,670 --> 00:48:25,840 [MUSIC - SKRILLEX, "Imma 'kujaribu nje"] 933 00:48:25,840 --> 00:51:47,776