What is DDoSing? A DDoS attack something every system administrator and security professional needs to be concerned about. You can expect to see this concept on certification tests and get questions about it in job interviews. So let’s look at the concept of DDoS, and why I think this is going to get worse before it gets better.
DDoS stands for Distributed Denial of Service. A DDoS attack is just the process of overwhelming a computer system with more traffic than it can handle, so that it can’t serve its intended purpose.
I do a lot of work pulling data from systems via API, then doing things with parts of that data, whether it means feeding it to another system or creating a report. Some of these data structures are huge and unwieldy. Here’s how to pretty print JSON in Python so you can make sense of those data structures and get on with your code–without using an online pretty print website and potentially exposing sensitive data.
While json.loads is the key to getting your JSON data into a Python data structure, there’s a corresponding json.dumps to print it back out. It doesn’t sound like it would pretty print, but that’s what it does.
I’m not sure any three words strike more fear into the hearts and minds of security analysts than the words “Qualys false positives.” Some number of false positives is unavoidable. But the perceived number of false positives is usually an order of magnitude larger than the real number of false positives. Here’s how to estimate how many you should have, how to investigate them, and break the gridlock.
A former classmate told me his employer is making him take Kevin Mitnick’s security awareness training course. “Is he really the world’s most famous hacker?” he asked me. “And if he is, why should I trust a word he says?”
Those are excellent questions. I happen to have reviewed all of Kevin Mitnick’s various courses for a previous employer, so I’m familiar with them. And I had to take Kevin Mitnick Security Awareness Training this year myself. I don’t agree with the life decisions Kevin Mitnick made that landed him in prison, of course. But overall, I had only very minor objections to his training. Here’s why.
What is a phreaker in hacking or IT terms? Phreaking is largely obsolete and doesn’t happen much anymore, but it’s an important historical concept in computer security. While phreaking wasn’t the first form of hacking, it’s probably the first example of hacking in a modern sense.
Phreaking was hacking the phone system, usually to make long distance calls for free.Some people phreaked for the thrill of it, but many of them did it because they made more long distance calls than they could afford. Two famous phreakers from the 1970s were Steve Jobs and Steve Wozniak, the co-founders of Apple.
When I first started interviewing for security jobs, I remember some of the jargon confusing me. “Infosec” was one of those terms. Getting that first job is hard enough without getting your resume binned over not knowing the word infosec. So what is infosec, what does it stand for, and how do you talk intelligently about it?
Amazon took some people aback when they said Honey, a company recently bought by Paypal, was a security risk. That raised some questions. Is the Honey Chrome extension safe? Is Honey a security issue? Let’s dig into it.
While it may be difficult or impossible to pinpoint any specific security issue in Honey, that doesn’t necessarily give it the green light. Regardless of how secure it may be, Honey definitely has privacy concerns, and that’s why security experts have concern about it.
We have a cybersecurity talent shortage. You know it, and I know it. But part of the problem is self-inflicted. We don’t know how to interview.
A common complaint about security professionals is that we’re all smug know-it-alls. We have that reputation because that’s precisely the kind of person our interview process is designed to find. We won’t solve the cybersecurity talent shortage and our people skills problem until we get beyond looking for people who can pass CISSP in a suit.
What is fuzzing? Fuzz testing, or fuzzing, is a concept in computer security. Like the name suggests, it’s the practice of sending messed-up data to a system to see how it behaves. A good computer system should handle fuzzing gracefully. As you might guess, not all do.
When a computer receives data it doesn’t expect, it may malfunction in unpredictable ways. Fuzzing attempts to find those malfunctions.