I was catching up on security podcasts this week, and a brief statement in one of them really grabbed me. The panel was talking about people who steal online gaming accounts, I think. The exact content isn’t terribly important–what’s very important is what this person found in the forums where the people who perform this [...]
All posts tagged cissp
“They were bored and wished they had a job.”
Posted by Dave Farquhar on April 25, 2013
http://dfarq.homeip.net/2013/04/they-were-bored-and-wished-they-had-a-job/
When your CISSP isn’t enough
I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least. Let’s do some post-mortem.
Posted by Dave Farquhar on April 24, 2013
http://dfarq.homeip.net/2013/04/when-your-cissp-isnt-enough/
Ars Technica looks at asymmetric enryption
Ars Technica posted an overview of asymmetric encryption recently.
Posted by Dave Farquhar on February 18, 2013
http://dfarq.homeip.net/2013/02/ars-technica-looks-at-asymmetric-enryption/
CPE opportunity: Exploding the Phone
This week Cnet interviewed Phil Lapsley, the author of Exploding the Phone, a book about the early history of phone phreaking. Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those [...]
Posted by Dave Farquhar on February 17, 2013
http://dfarq.homeip.net/2013/02/cpe-opportunity-exploding-the-phone/
The lines between white hat/gray hat/black hat hacking and moral laws
Longtime reader/commenter Joseph asked two questions yesterday: What’s the boundary between gray and black-hat hacking, and is it moral to pick and choose between moral and immoral laws? The first question is easier than the second. So I’ll tackle that one first.
Posted by Dave Farquhar on January 26, 2013
http://dfarq.homeip.net/2013/01/the-lines-between-white-hatgray-hatblack-hat-hacking-and-moral-laws/
University computer science programs need to teach security, not demonize it
I saw this on Slashdot today: A computer science student was expelled from a Canadian university for practicing what most people would call white-hat hacking. Their reasoning: “Schools are supposed to teach best practice, which includes ethics and adherence to reasonable laws.”
Posted by Dave Farquhar on January 25, 2013
http://dfarq.homeip.net/2013/01/university-computer-science-programs-need-to-teach-security-not-demonize-it/
Questions from the logs
If one person uses a password, another will. That’s a popular hacking theory. If that’s true, then chances are if one person asks a question, another will. So here are three short questions (one completely unrelated to the others) I found in my logs over the weekend, and their answers.
Posted by Dave Farquhar on January 6, 2013
http://dfarq.homeip.net/2013/01/questions-from-the-logs/
Is it better to be a consultant or an employee?
I ran into a former supervisor from many years ago at the local Home Depot this evening. We had a pleasant discussion. It reminded me of a question I asked, right around the time he and I last talked. I asked whether it’s better to be a consultant or a permanent employee. Here’s what I [...]
Posted by Dave Farquhar on October 16, 2012
http://dfarq.homeip.net/2012/10/is-it-better-to-be-a-consultant-or-an-employee/
CISSP vs. CASP vs. CEH
One of my coworkers invited me to watch a webinar with him today that promised to compare CompTIA’s new high-end certification with the CISSP. I was skeptical at first, especially when I heard it was an 80-question, 150-minute test. But by the end, I mostly liked what I heard.
Posted by Dave Farquhar on October 3, 2012
http://dfarq.homeip.net/2012/10/cissp-vs-casp-vs-ceh/
Hey! That’s your teammate.
I don’t remember much about playing baseball in the fifth grade. I was an outfielder, but I don’t remember if I played left or right field that year. I don’t remember if I hit at the top of the order, or if I hit sixth. My main memory of that year is one specific incident. [...]
Posted by Dave Farquhar on September 16, 2012
http://dfarq.homeip.net/2012/09/hey-thats-your-teammate/