Jun 13 2007

So how did YOU get into security?

Published by at 7:34 pm under General

David Whitelegg may have started something when he wrote up how he got into a career in security, if the posting over at elamb.com is any indication .  I challenge other security professionals out there to talk about how they got their start in security.  Michael, Cutaway, Andy, Santa, you listening?  And if you’ve already written your background, point us to it again.

There’s a related thread in the Security Catalyst Community forums, “The Absolute first step“.  I put my own two cents worth on the topic, but I’d like to see some more ideas about what the first step in a security career should be.  I think it’s developing the right attitude (paranoia), but maybe someone has a better idea.  I’ll be interested in seeing how people’s idea of a first step line up with the way they really got into security.

Edit: Cutaway just reminded me that there’d recently been a thread on this subject, named appropriately “How did you get your start?“. I even posted in the thread and still managed to forget about it.

Technorati Tags: ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

4 Responses to “So how did YOU get into security?”

  1. Kai Roeron 14 Jun 2007 at 3:16 am

    Hi Martin,

    great thread :)

    Posted my story on my blog – it all started back in the 80s…


  2. Andrew Hayon 14 Jun 2007 at 6:58 am

    I guess I’m easy to forget…snif…snif… :)

  3. M@N2on 21 Jun 2007 at 8:19 pm

    How I Got Into Security
    By: M@N2

    I give up…. I no longer wish to be a hacker. I have caused way too much havoc, stayed up late way too long way too many times, and seen way too much of the files on your PC’s. I’ve had a change of heart, and I want to help people instead of harming them. So now I, as a professional am going to give you sound advice about preventing hackers from entering your PC.

    I worked for Microsoft for almost 10 years; I was hired in 1993 to develop “secret” programs for the latest operating system to not yet hit the market… Windows 95! (Codename Chicago) I was shocked when I joined the team and saw what they were coming up with. Here was an OS that was going to change the world, and I was going to be part of it all!

    Immediately upon releasing 95 in August of 1995, we went onto improving it and tweaking it. The first “big secret” I am going to tell you is almost all software is released unfinished! I am ashamed to tell you that the original plan was to release Windows 96 in September of 1996, but various bugs in the underlying workings, including support for 255-character mixed-case long filenames held us back for months. We initially wanted to generate extra money to support “the big picture” by releasing a new OS and then immediately releasing a newer and “better” version, therefore requiring the consumer to buy twice. Somehow it all worked out fine in the end, because Internet connectivity exploded in 96 and 97 and worked perfectly for the release of Windows 98. Which is what the “big picture” was all about.

    We were ready when thousands and thousands of households began “dialing up”… You see this is going to blow your mind, but we hard coded tens, maybe hundreds of “holes” in the operating systems. Various reasons attributed to this evil thing we did, but for the most part it was about money. Understand, broken computers required people to fix them, and certain companies which I will not name were willing to pay BIG money to make sure the work kept coming in. Not to mention the Government was willing to put up big bucks to make sure they could “monitor the citizens behavior”, professional hackers were willing to pay Microsoft employees HUGE sums in return for an exploit, and last but not least software piracy was on the rise, and what better way to keep track of who is doing what than to have 100% access to every computer in the US. So the bad news is… you don’t need to “get a virus” to get hacked… your OS is the best virus ever installed on your PC. Even the newest version Windows Vista.

    Naturally you are by now wondering what to do, and I am glad to help. By no means should you un-install your current OS; there are some simple things you can do to prevent being hacked. Besides EVERY OTHER OS including virtually every Linux distro has some Microsoft code in it somewhere. The only truly safe OS would be UNIX and most people can’t use it. Start by searching your PC for files in the /windows/system32 dir for any file that STARTS with the letters COM and has the extension .DLL . DO NOT DELETE ANY .DLL THAT IS NOT IN THE /windows/system32 directory or you will screw up your computer! The average search for these files will usually net you around 20 results depending on your OS. The keyword is COM that is short for “communication” and they allow direct access to your preemptively multitasked protected-mode 32-bit applications. They must be removed; this is the first step to securing your PC. Second open the start menu, and click run, then type the following ping -t msdn.microsoft.com this will request the Microsoft Data Network (MSDN) to “PING” (remove) all -t (Trojan) software on your computer. The more times you type this into your computer the faster it will work. Make sure you are connected to the Internet or your computer will not connect. I would HIGHLY RECOMMEND wrapping household aluminum foil around your Ethernet cable before doing this, as it will prevent Microsoft from re-sending anything to your PC while you remove the -t software. If you have enough, wrap your DSL/CABLE Modem as well. Let this command run until it stops (you can minimize it) the next step is to call 1 (800) MICROSOFT (642-7676). Simply tell them you are converting your windows and you need to obtain your 32/64 bit activation de-bugging registration. By law they must provide the information to you. They will do their best to convince you it is not necessary, but under no circumstances take no for an answer. DO NOT reboot your computer unless it is absolutely required, because as soon as you do Microsoft will attempt to connect and your computer will ask for the original CD Disk, UNDER NO CIRCUMSTANCE SHOULD YOU INSERT THE DISK. I have heard reports of people getting a “clean replacement disk” from Microsoft, But It Is Very Rare.

    My last piece of advice is that you keep the foil on your wires/modem, as it is one of the best forms of firewall/router/antiviral you can get! I hope this helps you!

  4. securiouron 30 Jun 2007 at 11:05 am

    Mostly the computers got infected due to human negligience or actions. The tips given above are good enough to follow to make your pc secure but your actions are still important e.g if you recieve an email containing suspicious email link or attachment never ever try to open it otherwise your actions may cost you.

%d bloggers like this: