cissp

Looking to hire IT talent? Write a good job description

Dave Farquhar Uncategorized , ,

I had lunch on Friday with the recruiter who placed me at my current gig. We talked about a lot of things, including our families, but we talked a lot about the tech labor market. It’s growing, finally, and going to grow a lot more in the next few years as Boeing relocates its IT operations to St. Louis, but the market still isn’t what I’d grown used to it being over the last seven years.

One problem he runs into is with clients. They’ll submit jobs that, for example, I’m a perfect match for, and he submits me, and we get no call. Then he follows up weeks or months later, and finds out something completely different. Read more

Deconstructing my conversation with “Computer Maintenance Department”

Dave Farquhar security , , , , , , ,

My tell-all about my encounter with “Computer Maintenance Department” was a little heavy on the jargon yesterday. It occurs to me that explaining what some of the terminology means, and the problem with their reasoning, may be helpful. I’ve also heard a few questions through various channels, and I think those are worth answering. Read more

This “Computer Maintenance Department” sure doesn’t know much about computer maintenance

Dave Farquhar scams, security , , , , , , , , , , , , ,

“Peggy” from “Computer Maintenance Department” (1-645-781-2458 on my caller ID) called again. Lots of people are aware of these phone calls. They call, make vague claims about receiving a report that your computer is running slow and giving you errors, and are very careful not to say who they are or who they work for. Usually I just do whatever I can to get them off the phone.

But after having lunch with some other computer security professionals last week, a couple of them talked me into finding out how these guys operate. So I fired up a PC that turned out to have a real, legitimate issue. After resolving that issue myself, I turned the caller loose on my semi-functional PC so I could see what these scammers actually do. He had me connect to Teamviewer.com and run their remote access software. I followed his instructions, watched him connect, then slyly unplugged my network cable.

When my network connection dropped, “Peggy” quickly transferred me to a “senior technician” who used the name “Roy.” Read more

“They were bored and wished they had a job.”

Dave Farquhar security , , , , , , ,

I was catching up on security podcasts this week, and a brief statement in one of them really grabbed me. The panel was talking about people who steal online gaming accounts, I think. The exact content isn’t terribly important–what’s very important is what this person found in the forums where the people who perform this nefarious activity hang out. What she found was that there was one common sentiment that almost everyone there expressed, frequently.

They were bored, and they wished they had a job.

There was about a 30-second exchange after that, but I don’t think it’s enough. Read more

When your CISSP isn’t enough

Dave Farquhar security , , ,

I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least.

Let’s do some post-mortem.

Read more

Ars Technica looks at asymmetric enryption

Dave Farquhar security , ,
Ars Technica posted an overview of asymmetric encryption recently. (Link removed in retaliation for Conde Nast’s 11/3/2025 layoffs. Sorry not sorry.)

CPE opportunity: Exploding the Phone

Dave Farquhar security , , , , , ,

This week Cnet interviewed Phil Lapsley, the author of Exploding the Phone, a book about the early history of phone phreaking.

Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those pages in the CBK about phone phreaking.

Read more

The lines between white hat/gray hat/black hat hacking and moral laws

Dave Farquhar security , , , , , ,

Longtime reader/commenter Joseph asked two questions yesterday: What’s the boundary between gray and black-hat hacking, and is it moral to pick and choose between moral and immoral laws?

The first question is easier than the second. So I’ll tackle that one first. Read more

University computer science programs need to teach security, not demonize it

Dave Farquhar security , , , ,

I saw this on Slashdot today: A computer science student was expelled from a Canadian university for practicing what most people would call white-hat hacking.

Their reasoning: “Schools are supposed to teach best practice, which includes ethics and adherence to reasonable laws.” But there is such thing as ethical hacking. Read more

Questions from the logs

Dave Farquhar Uncategorized , , , , ,

If one person uses a password, another will. That’s a popular hacking theory. If that’s true, then chances are if one person asks a question, another will. So here are three short questions (one completely unrelated to the others) I found in my logs over the weekend, and their answers.

Read more