Dailydave mailing list archives
Re: Information security certifications diversity and getting lost
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 10 Sep 2007 15:33:06 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Ptacek wrote:
How do you plan on solving the problems the CISSP has? 1. People will "teach to the test". 2. Certs get stale fast. 3. Cert businesses are high-overhead, but the IP for a cert is hard to protect (if your cert is going to be fair and meaningful).
I would say the problem with the CISSP is "irrelevance" but that's just me. We passed out "Not a CISSP" buttons at DefCon and they were a big hit. To get one you had to not have CISSP on your business card though. :> For practicals like "write me this buffer overflow", it's much harder to "teach to the test" while avoiding imparting useful knowledge. We keep people from rote memorization of the VisualSploit picture by having the executable be randomized for each test taker. """ Dave, THat sounds like a really interesting idea but wouldn't win xp sp2 be more realistic? I would want someone at the basic level to at least understand trampolines as jmping straight to the stack would work on your test but is unrealistic in the real world. Thanks, David Weston FGM, Inc """ Jumping straight to the stack would not work on our test as the stack would be at a semi-random address each time, depending on thread initialization. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG5ZvxtehAhL0gheoRAsD1AJ9vIZDQ837MBJIHl0V6cEvFE6EBHgCfZ6LT 3Msnqp7c5jPkIuAna0P1SO0= =4C2T -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Information security certifications diversity and getting lost Michael Myers (Sep 03)
- Re: Information security certifications diversity and getting lost Andre Gironda (Sep 03)
- Re: Information security certifications diversity andgetting lost J.M. Seitz (Sep 04)
- Re: Information security certifications diversity andgetting lost Security Admin (NetSec) (Sep 06)
- Re: Information security certifications diversity andgetting lost Dave Aitel (Sep 10)
- Re: Information security certifications diversity andgetting lost Thomas Ptacek (Sep 10)
- Re: Information security certifications diversity and getting lost Dave Aitel (Sep 10)
- Re: Information security certifications diversity and getting lost Andre Gironda (Sep 10)
- Re: Information security certifications diversity Lindley James R (Sep 10)
- Re: Information security certifications diversity andgetting lost Weston, David (Sep 10)
- Re: Information security certifications diversity andgetting lost nnp (Sep 10)
- Re: Information security certifications diversity andgetting lost Paul Wouters (Sep 11)
- Re: Information security certifications diversity andgetting lost matthew wollenweber (Sep 11)
- <Possible follow-ups>
- Re: Information security certifications diversity and getting lost Kristian Erik Hermansen (Sep 10)
- Re: Information security certifications diversity and getting lost Darren Spruell (Sep 10)
- Re: Information security certifications diversity and getting lost Thomas Ptacek (Sep 10)
- Re: Information security certifications diversity and getting lost Bruce Ediger (Sep 10)