Re: How to become a Computer Security Professional ?

[rchrafe <rchrafe () gmail com>]

worried security wrote:
> On Nov 17, 2007 1:08 PM, Meef <massa () iut-dhaka edu> wrote:
>   
> > What are the steps to follow to become a computer security professional ?,
> >     
>
> Sorry, you will never make it to professionalism as you broke the
> first and most important rule.
>
> NEVER POST ON A PUBLIC MAILING LIST!!!!
>   

And you are here because, you are 'worried security'.
> The second most important rule of becoming a security professional is,
> if you do need to post to a public mailing list then never do it under
> a .edu or .gov or official company e-mail address, we will all just
> point and laugh and have your account hi-jacked with the next
> cross-site scripting flaw that gets to to the public mailing list.
>
>   
But I thought the first most important rule, which was not to be broken, 
was not to post on a security mailing list, such as this.

Kindly go through your cross-site request forgery techniques with me, 
I'm really in need of a m3nt0r
> The third most important rule to becoming a security professional is
> never talk to people on public mailing lists who have broken rule one
> and rule two or take whats said on public mailing lists seriously. As
> soon as you take what is said on a public mailing list seriously is
> the day you should cut your wrists.
>
>   
He's getting so horny right now
> Always get advice from a credible source after learning of a threat on
> the public mailing lists.
>   
Like worried security?

Please tell me if you think the linux/tcp stack is currently vulnerable.

I have N0 1D34
> The forth most important rule to becoming a security professional,
> always use a throw-away e-mail account so it doesn't matter of script
> kids hi-jack your e-mail account with the next cross-site scripting
> vulnerablity that gets posted to the public mailing lists.
>   

HIJACK THIS BITCH
> The fifth most important rule to becoming a security professional is
> use an alias on public mailing lists, never use your real name, place
> of work, place of education, place of living, as backfires cannot be
> reversed. Once you've post something its post, archived around the
> world and translated into more languages than you can shake a stick
> at.
>
>   
Y0u juzt m1ght be shirl0ck h0lm3z
> The sixth most important rule to becoming a security professional is
> be paranoid. Yes, don't listen to people who say paranoia is bad for
> you. In this industry it pays to be paranoid. Forget about your own
> welfare, you've got millions of users and the economic stability of
> the world to think about. Trade in your own life to save the life of
> others. Indeed being a security professional will mean long hours, and
> sleepless nights. Be prepared to be woken up in the middle of the
> night and expect to have people shouting for answers down the phone to
> you or rush you into the security operations center when news of a
> major data breach reaches the inbox of your security team.
>   
"Be prepared to be woken up in the middle of the
night and expect to have people shouting for answers down the phone to

you or rush you into the security operations center when news of a
major data breach reaches the inbox of your security team."

This is what a professional at computer security undergoes?

I thought I could just, be in my bedroom reading about aix security enhancements and win32 buffer overflow prevention 
methods

> The seventh most important rule to becoming a security professional.
> Think for yourself don't post ridiculous questions to a public mailing
> list and expect to get the right answer, most folks will make anything
> up and people generally cannot be trusted. Use search engines, read
> books and free your mind from what other security researchers are
> doing. Don't duplicate, originate your own work.
>   

He talks a whole lot about mailing lists
> The eighth most important rule to becoming a good security
> professional is have balls, if you think something is wrong, don't be
> affraid to speak up, even if it means losing your job. Remember, the
> security of other people comes before the security of your job
> position. So if you think something is wrong, tell people about it,
> and if they don't listen, then keep repeating it over and over. Never
> give in and keep on trying to tell people about something you believe
> in. You are a slave to the security of others, you don't come first
> "they" do.
>   

So what's wrong buddy?
> Ninth most important rule to becoming a good security professional.
> Don't read public mailing lists, don't read security news sites, and
> don't read web logs about what other people think about security. They
> all suck, don't trust anyone in this world and don't believe the hype.
> 99.9% of anything post in public is attention grabbing bullshit, you
> don't need it. Concentrate with whats going on within your own company
> and screw all the others. Only read these mediums if its related to
> what you're doing that day at work to fix a bug or thrawt a security
> incident. Don't read about what could happen, stick to with whats
> actually happening to you that day. Not what other people say is going
> to happen next week.
>
> Tenth most important rule to becoming a security professional, know
> your enemy. Yes, get to know them, eavesdrop on them, send them gifts
> and make them feel special. Your enemy is the single most important
> person to you and your company's assets. If you don't know what your
> enemy is doing then you don't have security. Remember though, don't
> concetrate on other peoples enemies, concentrate on enemies for your
> company. Don't read websites that say they are your enemy, because its
> unlikely they really are. Your real enemies don't announce themselves
> often and are unlikely to make public announcements about it, and the
> ones that do are usually hoaxes.
>   

Fuck, I couldn't read it all.. I got exhauzted

rchrafe.wordpress.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/