Reporter: How do you explain to outsiders what this conference is like? There are serious subjects here and goofy things too.

记者:请向外行们介绍一下这个大会, 这里既有严肃的科目,也有愚笨的东西。

Moss: There is the social side and the technical content. People come to learn and share knowledge. Then there is the need to make new friends. I try to grow both sides. If you grew up in the hacking scene in the early days, with no video cameras and web chat, you formed your opinion of them based on what they did. People accepted each other for what they did or what they knew. You see people here with blue hair, dreadlocks or business suits. They’ll be sitting around a table having a conversation because they have something in common and have moved past what you look like. That’s a big success.

莫斯:这个大会包含技术的内容和社交 方面。人们可以学习和分享技术,在这 里也有结交朋友的需求。我希望两方面 我都能做到。如果你是从那个没有视频 摄像头和网络聊天的早期黑客环境中长 大,你会根据那些黑客的所作所为来了 解他们。人们也因为各自所做的事或所 知道的东西而相互接受。你看一下这里 的人,染着蓝色头发的、梳小辫的、穿 正规职业装的,他们都围坐在一张桌子 上交流,他们有共同点并经历相似,这 是一个很大的成功。

Reporter: What’s the contrast between Defcon and Black Hat?


Moss: Black Hat is like college and Defcon is the fraternity party. We also have really great content. At Defcon, it’s what I want to see. I want to learn about hacking Xboxes, satellite systems, and lockpicking, weird conspiracies. That content doesn’t make sense at Black Hat where there is more of a corporate focus.

莫斯:黑帽黑客是学院派,黑客大会是 江湖派。在黑客大会我们也有很好的内 容,这是我想看到的。来黑客大会的人 想学习如何破解Xbox游戏主机,破解 卫星系统,或者开锁等怪异的阴谋。这 些东西放在黑帽将很 不合时宜,-因为黑帽 的参与者多是公司。

Reporter: How concerned are you about how the show looks to the rest of the world—about whether it’s on the right side of the law or responsible behavior?

记者:你是否注意到 外部世界对你们的看 法,比如,是否偏离 法律或责任?

Moss: I don’t really care what the rest of the world thinks.

莫斯:我并不关心外 界的看法。

Reporter: How do you stay on the right side?


Moss: You have to set an example and hope people follow it. I can’t control what they do. If they want to be criminals, they will be criminals. I try to show them there are alternatives. You shouldn’t be ordered what to do. If you find a new bug, there is a big debate about what you should do. Should you disclose it responsibly? Tell it to the whole world? Responsible disclosure, full disclosure, partial disclosure? I believe in the responsible disclosure model, where you tell the party about the bug and give them time to fix it before you disclose it to the world. I select speakers that I think are ethical and create contests that are legal and hope people will follow the lead.

莫斯:你需要树立一个榜样,希望其他 人学着这个样子来。但我无法控制他们 的行为。如果他们想犯罪,他们就会犯 罪。我试图向他们展示,还有别的选 择。你不能命令别人如何做。如果你发 现一个新漏洞,大家都在争论你应该 怎么做,你应该负责地揭露?或是向全 世界公开?是全部透露出去,还是部分 透露出去?我会选择有责任地透露,将 漏洞透露给相关方,让他们有时间打补 丁,然后再透露给公众。我会选择我认 为有道德感的发言者,组织合法的竞 赛,我们希望其他人会学着来。

Reporter: You have federal agents coming in to give their own talks.


Moss: Since the very first Defcon. Well, we had a state prosecutor come in and talk. In the audience was someone who was being prosecuted by her. We've tried to have different viewpoints.

莫斯:从一开始就有司法部门的人参 加,一位州检察官出席会议并发表演 说,而听众中有她要起诉的人。我们尝试各种不同的观点。

Reporter: So it’s almost like a neutral ground?


Moss: That’s what I've created it to be. Originally, there was no Internet or Amazon.com. If you wanted information, you had to get it from the horse’s mouth. It was about getting the experts in the room to dispel myths that came from word of mouth. I knew federal agents would show up. I invited the FBI, Secret Service and others to come from the very beginning. Everyone thought I was absolutely insane because nobody had done that. I called the Secret Service about it. They said, “We are aware of your activities.”

莫斯:这是我要把它创办成的样子。一 开始还没有因特网或是亚马逊网站。你 要获取信息就要来听人讲,就要让那些 专家现场消除那些□耳相传的误解。我 知道联邦特工会来,开始我就邀请了 美国联邦调查局(FBI)、情报局和其他 机构。每个人都以为我肯定疯了,因为 没有人那么做过。我给情报局打电话, 他们说,我们知道你们的行动。

Reporter: They haven’t arrested anyone here?


Moss: The FBI arrested one speaker, Dmitri Sklyarov, in his hotel room after Defcon [in 2001]. That was because the Russian company Dmitri worked for was in a dispute with Adobe. Dmitri was kind of a hostage because they couldn’t go after the company in Russia.

莫斯:2001年,美国联邦调查局抓了一 个发言者,是德米特里.斯克利亚罗夫, 他刚参加完黑客大会回到 宾馆就被抓走了。那件事 的起因是德米特里工作的 俄罗斯公司和美国奥多比 电脑软件公司(Adobe) 有争端,因为他们没有办 法去俄罗斯公司处理,便 抓了德米特里做“人质”。

Reporter: There are a lot of controversies every year. The Massachusetts Bay Transit Authority sued to stop three of your speakers from proceeding with a talk. How do you deal with that every year?

记者:每年都有很多争端。马萨诸塞州 海湾运输管理局曾起诉要求禁止你们的 三个与会者讲话。你们每年都是怎么处 理的?

Moss: It sucks. In certain circumstances, it might be the right thing to pull a talk. But it seems most of the time it’s overreactions by security vendors who don’t understand. It’s a disservice for the whole community. How can businesses make informed risk decisions if they never get to hear real-world information? They only get to read press announcements and product literature. There are bigger implications for every conference. If everyone is afraid to speak, who will do and talk about interesting research? We’ll just lose that edge.

莫斯:这真不怎么样。有时候,要求取 消某个讲话的理由是正确的,但绝大部 分都是那些不明就里的安全领域的厂商 神经过敏,这对社区是一种伤害。那些 公司如果不听取这些现实的信息如何制 定带有风险的决策?他们只看印刷出版 的公告和产品说明书。每个会议都有更 多的含义。如果每个人都害怕讲话,谁会研究并讨论这些有趣的研究?我们会 失去这些最前沿的东西。

Reporter: Have you had fun doing personal hacks?


Moss: I have older hacks I'm really proud of but not lately. I manage the Defcon network and configure them. I watch them withstand millions of attacks. I,m fairly proud that no one has broken into me yet. But I’m smart enough to know it can’t stay like that forever. That’s where I put my creative energy.

莫斯:我确实对曾经的一些黑客感到很 骄傲,但那已经不是近期的事情了。我 现在管理并装配黑客大会的网络,每天 都看到数以百万的攻击。值得自豪的 是,没有人得逞,但我知道不会永远这 样,我现在的创造精力放在这里。

Reporter: Where did your handle, “The Dark Tangent” come from?

记者:你的网名“黑暗切线”是怎么来 的?

Moss: There was a comic book produced by one of my favorite artists. It was D,Arc Tangent. It was about an intelligent robot that got infused with a personality. Only one issue was ever produced. It was about what does it mean to be human. I wrote for a magazine and used it as a pen name.

莫斯:有一本漫画,叫《达克尔切线》, 是我喜欢的一个作者出的,关于一个被 注入了人性的智能机器人。只出了 _ 版。它阐述了它对于人类的意义。我为 杂志写文章的时候,用 “黑暗切线”做笔名。

Reporter: One of the government panelists said that after he leaves this show, he never feels really good. It’s that scary feeling that security vulnerabilities are everywhere and you have a whole lot more work to do to improve security.

记者:一个政府与会者 离开后曾说,他觉得很 不好,安全漏洞到处都 是,这很恐怖。我们需 要大量的工作来提高安 全性。

Moss: It’s a common reaction. You see five or six talks and wonder how we function as a society. We,re so dependent on technology and it’s so half-assed and jury-rigged. You poke any bit and it comes tumbling down. Automobiles aren’t like that. We put engineering thought into buildings and airplanes. But technology is really shaky. It energizes people who see there is so much more work to do. It’s not an area where everything is sorted out. You can explore and experiment with new ideas. The creative high keeps me going for months.

莫斯:这是正常的反 应。你会听到5到6个 关于社会功能的会谈。我们现在过度地 依赖技术,它是杂乱且应急的。你碰任 何一块都会掉下来。汽车不像那样。我 们将工程思维注入用于物建筑和飞机工 程。但是技术却不牢靠。它让那些面对 大量工作的人看到有许多工作要做。在 这里并不是所有问题都很清晰。你可以 用新观念探索和实验。创新的快感在我 这里持续了几个月。

Reporter: Where did traditions such as the “wall of sheep” come from? (Where you post the passwords and usernames of laptop users who aren’t careful on the wireless network.)

记者:你们的“绵羊墙”传统是怎么来 的?(将一些使用无线网络的粗心笔记本用户的用户名和密码写在无线网上。

Moss: It just started one year where people wrote them down on paper plates and put them up on the wall. The wireless network is like a free-for-all combat zone where you take your own risks. The No. 1 offender this year is the iPhone. The iPhone wants to auto-associate with any wireless network that it finds.

莫斯:刚开始一年,人们把那些账户写 在纸盘上并挂在墙上,无线网络是免费 的格斗场,风险自担。今年头号入侵者 是iPhone。iPhone想和它发现的任何无 线网络自动关联。

Reporter: Your badges are electronic gadgets. And there is the press badge and the “human” badge, as if the press were not human? And there are strict guidelines for the press.

记者:你们的胸牌是电子的,我看到还 有媒体专用胸牌和“人类” 专用胸牌,难道媒体不是人 类吗?你们对媒体有很多限 制吗?

Moss: That’s right. The press behavior has been sporadic. The guidelines wouldn’t be there if they behaved. We had to kick out G4 this year for violating the rules. They panned through the room without getting permission from people they shot, as the guidelines say. It,s always the TV cameras that violate the rules. They just want to get great shots. They want the green hair or the pierced faces for their 15-second sound bites. We get better stories from writers.

莫斯:是的。媒体行为是不 定时发生的,媒体行为不检 所以我们才为他们制定了制 度。今年,我们把违犯了规 定的G4赶了出去。他们在一 个房间中,未经同意拍摄与 会者,这与会规相违背。那些电视摄像 镜头总是规则的破坏者。他们只想着镜 头效果,他们喜欢拍那些绿头发和穿孔 的脸,就为了他们那15秒钟的原声摘 要播出。那些文字记者写的东西更好。

Reporter: Is there a connection between physical security and cyber security? You have lockpickers here.

记者:在现实世界的物理安全和网络空 间中的安全之间是否有某种接合?你们 这里有开锁人吗?

Moss: It’s more that physical and computer security are interesting to the type of people we draw. They are interested in how things work. They take things apart. It’s using a different part of your brain for hands-on work. They like to do the unconventional.

莫斯:我们吸引的不只是那些喜欢懂物 理和计算机安全的人。他们对事物的工 作原理感兴趣。他们把事物区分来看。 用大脑的不同部分来处理手头的工作。 他们喜欢做一些非传统的事情。

Reporter: How are security start-ups doing now?

记者:那些安全领域的创业公司在做什 么?

Moss: The VCs are smarter now. They ask better questions. From what I hear, they are interested in investing in sure things or things they can cash out in a few years. They aren’t interested in things that are harder to describe with longer time horizons.

莫斯:风险投资越来越聪明了,他们越 来越会问问题。据我所知,他们喜欢投资一些可靠的、短期 几年内能获得回报的 项目,那些说不清楚 和时间长的项目他们 是不会感兴趣的。

Reporter: It seems like security as a career path is a good move still.

记者:好像以安全行 业作为职业生涯仍然 是不错的。

Moss: There was a lot of excitement when there were movies about it. Fresh blood was coming into the scene. Now, it’s not as sexy. That has shifted to things like forensics because of Crime Scene Investigation. But the culture will have plenty of demand for people with knowledge of computer security.

莫斯:也许是一些电 影描述的缘故,这个 行业有很多激动人心 的东西。很多新人加入这个行业。但现 在,它已经不那么迷人了,因为经常卷 入犯罪现场勘查,所以这个行业更像一 场辩论游戏。但这个行业仍然需要那些 拥有计算机安全知识的人。

Reporter: Some independent security researchers can make more money now because they can sell the bugs they find to companies that buy them.

记者:一些独立安全研究者可以通过将 发现的漏洞卖给某些公司而赚大钱。

Moss: If you have the skills to find those kinds of bugs, then people will hire you. Some people work for security companies by day, and then at night they will find bugs to make extra income. If people stop talking about the bugs they find, and they sell them instead, and only the companies that buy them know about them, then you have a situation of the information have and have-nots. Will we just get second-tier information at this conference because all of the valuable stuff has been sold? We have a good line-up this year and so it hasn’t happened yet.

莫斯:如果你有能力发现漏洞,人们就 会雇你。一些人白天为安全公司工作, 晚上研究漏洞赚外快。如果人们将发现 的漏洞都卖掉,而不再讨论,只有买方 公司才知道这些漏洞,那么将会出现一 种信息是有还是没有的情形。我们是否 只能在大会上讨论那些二线的信息,因 为所有有价值的东西都卖掉了?今年, 队伍的秩序良好,到目前为止,这种事 还没发生。

Reporter: Do you worry that some of the sensational events here overshadow the real news on some kind of important crypto attack?

记者:你是否担心一些引起轰动的事件 会遮蔽了那些关于重要秘密攻击的真实 新闻?

Moss: Well, the crypto people would notice. Information finds its own place. I’ve long since given up on directing where the press should focus itself. Some of the sensational stories can be understood by larger audiences.

莫斯:嗯,密档人会注意。信息会找到 自己的位置。长久以来,我已经放弃了 告诉媒体应该关注其本身。有一些引起 轰动的故事可以被更多的人接受。