IT jobs aren’t as easy to come by as they were 20 years ago, but web app pentesting is one subset of the field that I don’t see slowing down any time soon. Unfortunately it’s a poorly understood one.
But if you spent any significant time in the 1980s or early 1990s abusing commercial software, especially Commodore and Apple and Atari and Radio Shack software, I’m looking at you. Even if you don’t know it, you’re uniquely qualified to be a web app pentester.
Continue reading Looking for a career change? Consider web app pentesting
After Ebay got hacked, someone asked Rob O’Hara why they don’t just hire hackers to stop the hackers.
That’s a more complicated question than it sounds like. The simple answer is that most companies do, but their hackers don’t find everything. The more complicated question is one of ethics. Continue reading Why don’t they just hire some hackers to stop the other hackers?
One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?”
The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you can mitigate, but there’s no longer any such thing as a completely friendly network. The reasoning that you’re behind a firewall doesn’t work anymore. On corporate networks, there’s always something hostile roaming around behind the firewall, and you have to protect against it. If you’re on a home network with just a computer and a router, your computer and router attack each other from time to time. That’s the hostile world we live in right now. Patching is one of the fundamental things you have to do to keep those attacks from being successful.
That said, there are things you can do to patch less. Continue reading How to patch less
As I mentioned in passing last week, I had a job interview at the end of the week. There was one question, near the end of the interview, that’s a fairly common question, but I wanted to record my answer to that question because I think it’s important.
The question: What do I see my next role being?
Fair question. I said I didn’t know for sure, but I knew what I have to do to find out. Continue reading Farquhar’s security New Year’s resolutions
I saw this piece by Steve Losh last week, and thought it was some of the best advice about writing I’ve seen in a very long time. Programmers don’t generally like to write, but I find if you tell them how, they can do a good job of it. It’s much easier for a programmer to learn to write than for a writer to learn how to program. Losh does a good job of telling how.
But beyond that, I think it’s a good reading assignment for anyone who writes documentation of a technical nature. I’ve worked with some very good writers and some very bad writers over the course of my education and career, and this would have helped both types. It would have made the good ones better and the bad ones at least marginal. The thing about writing is that if you know the rules and you follow them, it doesn’t take much else on top of that to be good.
So, if you ever get stuck writing documentation–and if you’ve been reading me for many years, I’d say there’s a pretty good chance you do sometimes–give this a read. It will help you get into the mindset you need to be in, and write more effectively. Even if you’re not a programmer. Because, even though he’s a programmer, he uses cars and guitars as his examples. So if you were writing about how to build a bookcase, his instructions would help you.
Lifehacker asked what a first-time credit card owner needs to know. As someone who first got a credit card at the age of 20 and is still reaping the benefits of using one correctly from the start, I have some advice to give on that.
Continue reading What you should know about your first credit card
I ran into a former supervisor from many years ago at the local Home Depot this evening. We had a pleasant discussion. It reminded me of a question I asked, right around the time he and I last talked. I asked whether it’s better to be a consultant or an employee.
Here’s what I would say to my 2005 self if I could, somehow. I present it here since I know someone else must have the same question.
Continue reading Is it better to be a consultant or an employee?
My boss told me to write something on the third-grade level yesterday. Curious what level I normally write on, I found this readability index tool.
Depending on whose algorithm you use, I typically write on the 5th-7th grade level.
Continue reading How to not let your writing get in the way of your message
So, The Register reports that Windows on ARM will not have compatibility with apps compiled for x86. Intel has been saying this for a while, while Microsoft has been mum. So now we know.
There are arguments both for and against having an x86 emulation layer.
Continue reading Microsoft: No x86 apps for ARM
I keep reading stuff about Windows and ARM and, well, I think people just aren’t remembering history.
I’m not saying that Windows 8 on ARM will save the world, or even change it substantially. It probably won’t, since Microsoft tends not to get things right the first time. But will I automatically write off the project? No. It could prove useful for something other than what it was originally intended. That happens a lot.
But I’m more interested in clearing up the misinformation than in trying to predict the future.
Continue reading Windows, ARM, emulation, misconceptions and misremembered history