I was catching up on security podcasts this week, and a brief statement in one of them really grabbed me. The panel was talking about people who steal online gaming accounts, I think. The exact content isn’t terribly important–what’s very important is what this person found in the forums where the people who perform this [...]
I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least. Let’s do some post-mortem.
Ars Technica posted an overview of asymmetric encryption recently.
This week Cnet interviewed Phil Lapsley, the author of Exploding the Phone, a book about the early history of phone phreaking. Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those [...]
Longtime reader/commenter Joseph asked two questions yesterday: What’s the boundary between gray and black-hat hacking, and is it moral to pick and choose between moral and immoral laws? The first question is easier than the second. So I’ll tackle that one first.
I saw this on Slashdot today: A computer science student was expelled from a Canadian university for practicing what most people would call white-hat hacking. Their reasoning: “Schools are supposed to teach best practice, which includes ethics and adherence to reasonable laws.”
If one person uses a password, another will. That’s a popular hacking theory. If that’s true, then chances are if one person asks a question, another will. So here are three short questions (one completely unrelated to the others) I found in my logs over the weekend, and their answers.
I ran into a former supervisor from many years ago at the local Home Depot this evening. We had a pleasant discussion. It reminded me of a question I asked, right around the time he and I last talked. I asked whether it’s better to be a consultant or a permanent employee. Here’s what I [...]
One of my coworkers invited me to watch a webinar with him today that promised to compare CompTIA’s new high-end certification with the CISSP. I was skeptical at first, especially when I heard it was an 80-question, 150-minute test. But by the end, I mostly liked what I heard.
I don’t remember much about playing baseball in the fifth grade. I was an outfielder, but I don’t remember if I played left or right field that year. I don’t remember if I hit at the top of the order, or if I hit sixth. My main memory of that year is one specific incident. [...]