IT security

How to learn about IT security?
Are there any good books that are not outdated as all hell? Any free good and up to date online resources?

Other urls found in this thread:

ranum.com/security/computer_security/editorials/dumb/
tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/
danielmiessler.com/blog/build-successful-infosec-career/
toastersecurity.blogspot.com/2015/12/where-to-begin-as-infosec-noob.html
twitter.com/SFWRedditVideos

bump

bumpidy bumpy bump

IT security iike virgins fucking, it doesn't exist.
Everything is botnet and getting worse all the time.
Even stuff like OpenBSD is basically just a collection of "mitigations" piled on top of a bad foundation, in the hopes that somehow it'll slow down attacks.

Read ranum.com/security/computer_security/editorials/dumb/ , it's short and goes over some fundamental ideas that people still get wrong. Then get a foundation in cryptography. I personally liked Goldwasser and Bellare's Lecture Notes on Cryptography for a more theoretical text while Schneier's Applied Cryptography is a classic for the practical side of things.
From what I hear, the successors of his book (Practical Cryptography and Cryptography Engineering) are weak because they eschew theory for a bunch of "X because Best Practices™", which is as suspect as Schneier himself. However, take this with a grain of salt as I haven't actually read those two books.


What a convenient excuse for half-assing things. Do you happen to like Perl?

Read books

Brilliant why didn't OP think of that.

No, I'm more like the kind of guy who would use 30-40 year old DOS or CP/M machine with at most only serial network connection and floppy disks. Because those are a lot more secure than any of this new botnet hardware and overcomplicated software.

i installed kali and feel like im already a step closer to being a secruity professional

Security was non-existent on those old boxes. You could inject keystrokes via escape codes over serial if the serial terminal supported them (any decent one like ProTERM did). We used this in the BBS days to force people to hang up.

Depends what you think IT security is.

The problem is your systems are protected by the cheapest team of IT staff that can keep the up time required for the business to profit.

The problem is your code is written by the cheapest team that could push it out by the deadline.

The problem is all of the governing bodies pushing requirements to have security are government that thinks backdoors are a good idea.

The problem is the infrastructure is old and to expensive to replace.


That being said here are some links for nicely written overviews TLDR: get an IT or developer job then move laterally into a security position. Alternatively join a government/military org and pray you end up in a group of skiddys instead of paper pushing scapgoats.

tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/

danielmiessler.com/blog/build-successful-infosec-career/

toastersecurity.blogspot.com/2015/12/where-to-begin-as-infosec-noob.html

I wonder what all those expensive security expert teams are doing when they never get an assignment........ you realize how retarded this sounds right...... The investment in security is also dependent on the perceived risk impact and likelihood of a certain risk happening. Banks for example invest heavily in IT security on all levels.


OP could also go to a financial institution

I don't understand why I'm being straw-maned but I'll bite.

There is no point where I say people aren't paying for good services. The problem is where they aren't.

In CP/M, all terminals have different escape sequences, and there's a lot of them. You can also use dumb terminal (like teletype) which doesn't have any attack surface at all.
In the case of DOS, you can just simply not load ANSI.SYS (or equivalent).

be curious about stuff all the time and keep experimenting. the knowledge will come to you without extra effort.

if you want to be ebvin h44x0r and be cool then it doesn't come to you.

also palindrome dubs

The problem is you end up needing more to communicate and it'll all be low quality stuff. Not sure what CP/M had, but B&W TCP drivers in DOS were a buggy mess. And an encrypted handshake on those old machines might take many minutes.

The only people who think Einstein was the only person who had anything to do with relativity are idiot first-year physics students. Michelson, Lorentz, and Poincaré are and were all widely recognized, including by Einstein himself. Nobody educated thinks Einstein invented or discovered relativity, just that he formulated general relativity. Einstein himself widely cited other scientists, simply not in his theory of general relativity.

I want to be like Mr. Robot, he is hacker and very god

pentesting is a great way to get you are feet wet in the admin world tbh

Also, when asked about lack of citations in Einsteins original work Poincare, allegedly, said: 'We should give the right of way to the young".
That said, special relativity, as a cohesive theory, can certainly be attributed to Einstein, although it was based on an enormous body of work by other people.