发新话题
打印

[翻译]地下基地的简短历史(A brief history of the Underground scene)

[翻译]地下基地的简短历史(A brief history of the Underground scene)

文章作者:迷失的黑客圈(1、2节)(The Circle of Lost Hackers)
原始出处:http://www.phrack.com/issues.html?issue=64&id=4
译文作者:techwei
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
声明:
   本人是个新人,水平有限,有欠妥之请大家及时提出。

  1. Introduction
  1、简介(概述)
“很久很久以前,
我私下里将这一消息传递给你,
但是现在看起来当时并不合时宜,
我仍然想要私下里联系(get throug to)到你。”

I am sure most of you know and love this song (Stir it Up). After all, who doesn't like a Bob Marley song? The lyrics of this song fit very well with my feeling : I was never on time but now I'm ready to deliver you the message.
我确信你们大部分都知道而且喜欢这首歌(燃烧激情,Stir it Up,雷鬼教父Bob Marley经典代表),总之,没有人会不喜欢Bob Marley的歌!这首歌的歌词非常适合我和的感情:我过去没能及时传递这一消息,但是我现在准备(be ready to)将这一消息传递给你。

So what is this article about? I could write another technical article about an eleet technique to bypass a buffer overflow protection, how to inject my magical module in the kernel, how to reverse like an eleet or even how to make a shellcode for a not-so-famous OS. But I won't. There are some other people who can do it much better than I could.  
那么这篇文章将要讲什么呢?我可以另写一些技术类文章,这些文章涉及如何绕过缓冲区溢出保护的优秀(eleet)技巧,如何向内核植入我们神奇的模块,如何像那些高手(eleet)一样做逆向工程,甚至如何为不很出名的操作系统做一个Shellcode。但是,我不愿意这么做。有人做这类事比我好的多。

But it is the reason not to write a technical article. The purpose of  this article is to launch an SOS. An SOS to the scene, to everyone, to all the hackers in the world. To make all the next releases of Phrack better  than ever before. And for this I don't need a technical article. I need  what I would call Spirit.
但是这的确是我没有写技巧性文章的原因,这篇文章的目的是发出一个SOS,这个SOS针对地下现场,针对每一个人,针对世界上的所有黑客。为了使下一期的Phrack比以前的任何一期都好,为了这一目的,我不需要技巧文章,我需要我所谓的精神。

Do you know what I mean by the word spirit?
你明白我所指的“精神”这一个词的含义吗?

2. The security paradox.
2、安全的矛盾

There is something strange, really strange. I always compare the security world with the drug world. Take the drugs world, on the one side you have all the "bad" guys: cartels, dealers, retailers, users... On the other side, you have all the "good" guys: cops, DEA, pharmaceutical groups creating medicines against drugs, president of the USA asking for more budget to counter drugs... The main speech of all these good guys is : "we have to eradicate drugs!". Well, why not. Most of us agree.
很奇怪,真的很奇怪。我经常那安全界和毒品界相比较。以毒品界作为例子,一方面存在“坏”人:销售集团,批发商,零售商,用户等等,在另一方面,有好人:警察,禁药取缔机构(DEA,Drug Enforcement Administration),设计毒品抵抗药的制药集团。美国总统要求更多预算用于抵制毒品,...。所有这些好人的主要言论是:“我们必须要根除毒品”,但是,为什么没有?对于这一点大家都认同。

But if there is no more drugs in the world, I guess that a big part of the world economy would fall. Small dealers wouldn't have the money to buy food, pharmaceutical groups would loose a big part of their business, DEA and similar agencies wouldn't have any reason to exist. All the drugs centers could be closed, banks would loose money coming from the drugs market. If you take all thoses things into consideration, do you think that governments would want to eradicate drugs? Asking the question is probably answering it.
但是,如果这个世界上没有那么多毒品,我猜世界经济很大一部分将会不景气。小的批发商将没有钱来卖食品,制药集团将会失去很大一部分生意,禁药取缔机构及类似机构将没有存在的理由。所有的禁毒中心将关闭,银行将失去来源与毒品市场的收入。如果你将这些事情都考虑进来,你认为政府真的想取缔毒品吗?问这个问题大概也就回答了这个问题。

Now lets move on to the security world.
让我们回到安全问题上。

On the one side you have a lot of companies, conferences, open source security developers, computer crime units... On the other side you have hackers, script kiddies, phreackers.... Should I explain this again or can I directly ask the question? Do you really think that security companies want to eradicate hackers?
一方面,你有很多合作伙伴,会议,开源安全软件开发者,计算机犯罪稽查局(CCU,Computer Crime Unit)...,另一方面,有黑客,脚本破坏少年(script kiddies),飞客(phreackers)...。还需要我再一次解释吗?或者我是否可以直接问这个问题?你真的会认为安全厂商想要根除黑客吗?

To show you how these two worlds are similar, lets look at another example. Sometimes, you hear about the cops arrested a dealer, maybe a big dealer. Or even an entire cartel. "Yeah, look ! We have arrested a big dealer ! We are going to eradicate all the drugs in the world!!!". And sometimes, you see a news like "CCU arrests Mafiaboy, one of the best hacker in the world". Computer crime units and DEA need publicity - they arrest someone and say that this guy is a terrorist. That's the best way to ask for more money. But they will rarely arrest one of the best hackers  in the world. Two reasons. First, they don't have the intention (and if  they would, it's probably to hire him rather than arrest him). Secondly, most of the Computer Crime Units don't have the knowledge required.
为向你展示这两个领域是多么的类似,我们看另外一个例子。有时你听说警察逮捕了一个毒品贩子,也许是一个毒枭,甚至整个毒品集团。“奥,看呀,我们逮捕了一个大毒品贩子!我们将铲除世界上的毒品!”。进一步,有时你会看到这样的新闻:“计算机犯罪稽查局(CCU)逮捕了一名少年骇客(Mafiaboy),他是世界上最顶尖的黑客。”计算机犯罪稽查局和禁药取缔机构需要公开---他们逮捕了某人并宣称该人是恐怖分子。这是要更多钱的最有效的方法。但是他们几乎不会抓住顶尖黑客中的任何一个。有两个原因:第一,他们没有这样的想法(即便是有,他们会雇佣该黑客而不是逮捕他)。第二,大部分计算机犯罪稽查局(CCU,Computer Crime Unit)没有所要的知识。

This is really a shame, nobody is honest. Our governments claim that they want to eradicate hackers and drugs, but they know if there were no more hackers or drugs a big part of the world economy could fall. It's again exactly the same thing with wars. All our presidents claim that we need peace in the world, again most of us agree. But if there are no more wars, companies like Lockheed Martin, Raytheon, Halliburton, EADS, SAIC... will loose a huge part of their markets and so banks wouldn't have the money generated by the wars.
这的确很羞愧,没有人是诚实的。我们的政府宣称他们想根除黑客和毒品,但是他们知道如果没有黑客和毒品,很大一部分的世界经济将会萧条。这就像战争一样。我们的总统宣称我们的世界需要和平,这一点大家共观点都是一致的。但是如果没有战争,像Lockheed Martin, Halliburton, EADS, SAIC...这样的公司将会失去大量的市场而银行也将失去由战争产生的收入。

The paradox relies in the perpetual assumption that threat is generated from abuses where in fact it might comes from inproper  technological design or money driven technological improvement where the  last element shadows the first. And when someone that is dedicated enough  digs it, we have a snowball effect, thus every fish in the pound at one  time or an other become a part of it.
这一矛盾在于(原文为rely in,应为rely on)那个永恒的假设,即威胁是由滥用而产生,然而事实上,威胁很有可能来源于不恰当的技术设计或金钱驱动下的技术改进,往往是后者盖过前者。当某个人投入足够的精力去挖掘它,就会有雪崩效应,而且迟早会发生( thus every fish in the pound at one time or an other become a part of it)。

And as you can see, this paradox is not exclusive to the security industry/underground or even the computer world, it could be considered as the gold idol paradox but we do not want to get there.
正如你所看到的,这一矛盾并不仅限于安全界/地下基地以至于计算机世界。这一矛盾可以看做是我们不想解决的至高的矛盾(the gold idol paradox but we do not want to get there)。

In conclusion, the security world need a reason to justify its business. This reason is the presence of hackers or a threat (whatever hacker means), the presence of an hackers scene and in more general terms the presence of the Underground.
总之,安全界需要理由来证明他们的工作。这一理由是黑客或威胁(不管黑客的意思)的存在,确切说是黑客基地的存在或使用更广的词“地下基地”的存在。

We don't need them to exist, we exist because we like learning, learning what we are not supposed to learn. But they give us another good reason to exist. So if we are "forced" to exist, we should exist in the good way. We should be well organized with a spirit that reflect our philosophy. Unfortunately, this spirit which used to characterized us is long gone...
我们不需要他们的存在,我们的存在是因为我们喜欢学习,学习那些不该学的内容。但是它给予我们了另一存在的理由。因此我们必须存在,我们应该以更好的方式存在。我们应该采用可以反映我们哲学的精神很好的组织起来。不幸的是,过去标榜我们特色的这种精神已经失去了。

注释:
Eleet: this is Geek Speak for the word, Elite. Often used online as a replacement for Elite.

A shellcode is a relocatable piece of machine code used as the payload in the exploitation of a software bug. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.[1] However, attempts at replacing the term have not gained wide acceptance.

In hacker culture, a script kiddie (occasionally script bunny, skidie, script kitty, script-running juvenile (SRJ), or similar) is a derogatory term used for an inexperienced malicious cracker who uses programs developed by others to attack computer systems, and deface websites. It is generally assumed that script kiddies are kids who lack the ability to write sophisticated hacking programs on their own,[1] and that their objective is to try to impress their friends or gain credit in underground cracker communities.
MafiaBoy was the Internet alias of a high school student from the upscale area of the West Island in Montreal, Canada who launched a series of highly publicized script kiddie denial-of-service attacks in February 2000 against large commercial websites including Yahoo!, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.

附件

A brief history of the Underground scene.zip (144.03 KB)

2008-6-6 22:44, 下载次数: 1240

TOP

提点建议:
1、“Introduction”是不是翻译成“引言”比较好。
2、“The lyrics of this song fit very well with my feeling ”楼主翻译的是:“这首歌的歌词非常适合我和的感情”,“和”应该是笔误;“feeling”有“感觉”和“感情”两种意思,“feeling”翻译成感情的话,“fit……with”翻译成“适合”似乎不太合适,也许翻译成“符合”或者“切合”要好一点。
3、第2部分“我经常那安全界和毒品界相比较”,“那”应为“拿”,应是楼主笔误
  看完了,感觉楼主翻译的很严谨,想多提点建议也难呀。

[ 本帖最后由 0605 于 2009-5-6 18:26 编辑 ]

TOP

以为是国外的一个著名论坛
地下基地,没怎么听说过
地下系统就听说过.........
看看是怎么个优秀组织...

TOP

发新话题