So as it’s my first shift as handler of the day I was worried if I would be able to live up to the bar the handlers have set in diaries and days past. This started a train of thought that was accelerated by Robert “RSnake” Hansen’s 1000th and final post on http://ha.ckers.org today. I am sure that everyone reading this is aware of whom Robert is but in case you have been under a rock for the last many years or just not involved in web application security. Robert is one of the giants upon whose shoulders we all stand. Robert has helped cause XSS, SQLi and XSRF to become terms that the business people we deal with understand. He has also fostered an environment where people share tips and tricks and encourage each other to become better.
In his last blog post on the site, Robert discusses how he needs to follow his happiness and that this is the main reason he is stepping out of the limelight. (Yes this blog post does continue the light shining on him a bit but I think its ok this once.) He brings up a point that is one that I have discussed with many people. What happens when this isn’t fun anymore? While I am sure that rooting boxes and yanking data through a web application will cause me to giggle for years into the future, how do we ensure that the people we have manage and monitor our security are still enjoying what they do?
Its also funny that this comes up at the same time that the mainstream news outlets are discussing the use of the history browsing attacks using JavaScript and CSS. This is an attack we have discussed for a long while now, but since its been found in the wild being used by advertising and adult sites, maybe we will see some more movement on fixing it.
Thoughts?
Kevin Johnson
Comments
Unfortunately with the current economy and the ever increasing pressure to get more stuff done faster than yesterday, it seems to be more of a struggle to keep number 1 or number 2 in perspective. I may just be getting older, who knows! ;-)
EVVJSK
Dec 2nd 2010
1 decade ago
Unfortunately with the current economy and the ever increasing pressure to get more stuff done faster than yesterday, it seems to be more of a struggle to keep number 1 or number 2 in perspective. I may just be getting older, who knows! ;-)
EVVJSK
Dec 2nd 2010
1 decade ago
http://threatpost.com/en_us/blogs/proftpd-server-backdoored-120210
Next thing you know, we will find out that openBSD has been backdoored.
real news proFTPD
Dec 2nd 2010
1 decade ago
http://threatpost.com/en_us/blogs/proftpd-server-backdoored-120210
Next thing you know, we will find out that openBSD has been backdoored.
real news proFTPD
Dec 2nd 2010
1 decade ago
purdy@tecman.com
vsftpd
Dec 2nd 2010
1 decade ago
The vast majority of "information security professionals", in my experience, are not capable of performing the tasks for which they are hired. They are mothers and fathers trying to make a living and maintain a modest middle class life style for their family, and so far as information security is concerned, they are frauds. The handful of rock stars are out there charging $500+ an hour in consulting fees while most of the industry stares at dashboards they do not comprehend.
Sorry to interject some reality into this thread.
Fun?
Dec 4th 2010
1 decade ago
Fun?
Dec 4th 2010
1 decade ago
I do it because I'm sort of good at it and I get paid to do it. I enjoy solving problems of the kind that I can solve. It isn't fun, but it is rewarding and challenging.
"Fun" is being able to afford games I want to play or being able to afford taking my wife out to mid-range fancy restaurants whenever we want to.
Jason
Dec 8th 2010
1 decade ago