• 0 Posts
  • 76 Comments
Joined 1 year ago
cake
Cake day: July 2nd, 2023

help-circle



  • Using Kali? Easy if you have training. The capstone for our security course a decade ago was too find and exploit 5 remote machines (4 on the same network, 1 was on a second network only one of the machines had access to) in an hour with Kali. I found all 5 but could only exploit 3 of them. If I didn’t have to exploit any of them 7 would be reasonably easy to find.

    Kali basically has a library of known exploits and you just run the scanner on a target.

    This isn’t novel exploit discovery. This is “which of these 10 windows machines hasn’t been updated in 3 years?”








  • I don’t think either is actually true. I know many programmers who can fix a problem once the bug is identified but wouldn’t be able to find it themselves nor would they be able to determine if a bug is exploitable without significant coaching.

    Exploit finding is a specific skill set that requires thinking about multiple levels of abstraction simultaneously (or intentionally methodically). I have found that most programmers simply don’t do this.

    I think the definition of “good” comes into play here, because the vast majority of programmers need to dependably discover solutions to problems that other people find. Ingenuity and multilevel abstract thinking are not critically important and many of these engineers who reliably fix problems without hand holding are good engineers in my book.

    I suppose that it could be argued that finding the source of a bug from a bug report requires detective skills, but even this is mostly guided inspection with modern tooling.



  • fkn@lemmy.worldtoMemes@lemmy.mlWhat a classic song though
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    9 months ago

    Them: “How do I get to your place in my career?”

    Me: “What do you mean?”

    Them: “You… Have the position I want eventually. What did you do?”

    Me: “Well. 20… No that cant be right… I mean… Yeah… 20 years ago… I graduated college… Then uhh. I’m… Uh…”

    At this point either you make up some bullshit or you say it’s just experience. Then you realize what a midlife crisis is and wonder if you are having one which like like 20% of the definition of a midlife crisis.


  • fkn@lemmy.worldtoMemes@lemmy.mlWarm Water Port Envy
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    9 months ago

    Most Americans on the west coast call any place a shipping container can unload or an aircraft carrier to dock a port.

    A grand total of zero Americans would ever think to disambiguate a warm water port or not. Especially from Texas. That’s the weird part. Not the word port itself.

    Harbor is usually reserved for non-commercial or fishing use only.







  • Generally yes with two huge caveats.

    First, It has been widely demonstrated that diverse teams are more productive and produce higher quality products than homogeneous teams.

    Second, selection criteria is heavily biased towards homogeneous teams and has also been demonstrated to stifle innovation.

    Desire/inspiration is nearly as important as capability and non-optimal teams (according to most, if not all selection criteria) will consistently outperform “optimal” teams in any tasks that require innovation.