What is a phreaker in hacking or IT terms? Phreaking is largely obsolete and doesn’t happen much anymore, but it’s an important historical concept in computer security. While phreaking wasn’t the first form of hacking, it’s probably the first example of hacking in a modern sense.
Phreaking was hacking the phone system, usually to make long distance calls for free.Some people phreaked for the thrill of it, but many of them did it because they made more long distance calls than they could afford. Two famous phreakers from the 1970s were Steve Jobs and Steve Wozniak, the co-founders of Apple.
When I first started interviewing for security jobs, I remember some of the jargon confusing me. “Infosec” was one of those terms. Getting that first job is hard enough without getting your resume binned over not knowing the word infosec. So what is infosec, what does it stand for, and how do you talk intelligently about it?
Amazon took some people aback when they said Honey, a company recently bought by Paypal, was a security risk. That raised some questions. Is the Honey Chrome extension safe? Is Honey a security issue? Let’s dig into it.
While it may be difficult or impossible to pinpoint any specific security issue in Honey, that doesn’t necessarily give it the green light. Regardless of how secure it may be, Honey definitely has privacy concerns, and that’s why security experts have concern about it.
We have a cybersecurity talent shortage. You know it, and I know it. But part of the problem is self-inflicted. We don’t know how to interview.
A common complaint about security professionals is that we’re all smug know-it-alls. We have that reputation because that’s precisely the kind of person our interview process is designed to find. We won’t solve the cybersecurity talent shortage and our people skills problem until we get beyond looking for people who can pass CISSP in a suit.
What is fuzzing? Fuzz testing, or fuzzing, is a concept in computer security. Like the name suggests, it’s the practice of sending messed-up data to a system to see how it behaves. A good computer system should handle fuzzing gracefully. As you might guess, not all do.
When a computer receives data it doesn’t expect, it may malfunction in unpredictable ways. Fuzzing attempts to find those malfunctions.
Authenticated vulnerability scans are usually better than unauthenticated scans. But sometimes there are valid reasons for running unauthenticated vulnerability scans. Here are some reasons you might want to do that.
The main reason to run unauthenticated vulnerability scans is to limit the information you share with people outside your organization, such as auditors. But they are also helpful for preparing for penetration tests.
Web browser manufacturers Google and Mozilla have been taking heat lately for wanting to implement a technology called DNS over TLS. This is an important technology, so let’s talk about what DNS over TLS does and why you need it.
An increasing amount of our communications online is encrypted, which keeps other people from snooping on what we do. Not encrypting our traffic to DNS, which is the Internet’s phone book, makes it possible to see who we’re communicating with online, even though the communications themselves aren’t visible. DNS over TLS seeks to close this huge privacy gap. When your operating system says your connection is secured, it’s only talking basic security.
A friend of a friend suggested to me that I should carefully preserve my Commodores and other vintage computer gear, because it’s the only secure computer equipment available. I said I don’t complain too loudly since security is my job. He then said I’ll always have a job, because so many security threats are deliberate. While he’s not wrong, saying all security threats are deliberate is unhealthy. Here’s why.
Deliberate security threats certainly exist, because planting backdoors in the supply chain is the best way to get into certain highly sensitive networks. But I’ll argue that more security threats are honest mistakes than intentional sabotage.
From time to time I get questions from people looking to break into my field. Here’s a good one: What’s better to get, a cyber security degree or certifications?
If you’re in school now, get the degree. But if you’re not currently in school, and can learn on your own, the certification route is much cheaper, and probably faster. The key is having something on your resume that gets you through HR, and most companies know they can’t demand both.