A Career in Computer Security

October 16, 2009

The security industry in the U.S. is over a $100 billion a year business and growing. Employment opportunities exist at all levels within the security industry. Currently, at least 400,000 tech jobs are going begging even in this economy. Before the recession, it was 700,000.

Now the tech jobs in security have salary ranges of $35,000 to $215,000 depending on the skill level and job title. And if you want a secure government job, Homeland Security needs 1,000 people right now. What could be better than Job Security of a government job, on the job training and good pay.

Candidates for security jobs don’t need to be programmers or systems analysts, or have worked for a tech company to get hired because most jobs are in tech support in a wide range of businesses like hotels, hospitals, and factories.

Still, it’s tough to break into an industry where every single issue is described in very weird concepts and even weirder word combinations. In reality, the language barrier is stronger than the science barrier.

I mean after a couple of kids and a few more grandchildren, I am fairly adept and capable of taking care of the needs of a six year old but I can’t understand the problem if they are speaking Chinese or crying to much to talk. That’s exactly the barrier to becoming a computer security expert.

Of course, employers often want to hire people who have earned the CISSP (Certified Information Systems Security Professional) designation but candidates need 5 years of hands-on experience before taking the exam. Even with the Sans Institute courses and certifications, if you can’t understand the language before you take a course, you will have difficulty passing them or even dealing with the course concepts. I mean who but a geek does math in binary or hexadecimal numbering systems, yet it is not essential to understand this if your just trying to defend your machine or even your network.

Now the list of names for programs that infect you machines is long and anybody who has used the Internet for any time has heard of Virus, Trojan, Downloader, Worms, Bots, Adware, Malware and I’m sure I missed a few. Ffor the most part, these bugs are all “Malware” or “Bad Software”. While it may not be necessary to be a security expert to operate a computer, there are plenty of reasons why every computer user should have a basic understanding of security or put their faith in God because everybody else misrepresents the truth or in my case may not be aware of every single problem.

Reasons to Understand Security.

  1. There is no safe operating system, all of them have bugs from the day they are sold.
  2. There is no antivirus product that offers 100% protection against “Malware”

  3. Most computers that go to the repair shops are infected with so much Malware that is competing for memory that they shut down.

  4. Computers store your personal information and subject you to identity theft.

  5. Computers store every image ever seen on your machine forever and images can be easily recovered

  6. Computer files that have been erased can be recovered by an expert.

  7. Passwords offer only minimal protection.

The problem is that anything which protects your privacy and security 100% would do the same for terrorists. So we live in a world where identity theft, and hacking are tolerated by the government even though profits from computer crimes can fund these same criminal organizations.

Well this blog is devoted to explaining technical issues so that everyone can understand them and defend themselves when it is possible. In fact some socially engineered computer crimes are almost impossible to defend against.

Always remember, the only dumb question is the one you never asked. So ask away and I’ll try to find the answer and tell you the truth about Internet security.

If you understand the following list of terms, there is no need to stick around as I develop a reasonable paradigm (model) for computer security. Truth be told, I don’t understand all of them but if I get lucky, I will develop a security approach that makes most of these concepts obsolete.

Botnet

phishing

malformed SMS messages

identity theft

URI Handling Remote Code Execution

Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities

ActiveX Control Remote Code Execution

Interaction NULL Pointer Dereference

RPC Module Stack Buffer Overflow Vulnerability

Verbose Option Information Disclosure

File Buffer Overflow

Cross Site Scripting

Parameter SQL Injection

Arbitrary Script Injection

The FBI comes to visit!

October 2, 2009

So, I’m more than a little pissed.  Seems that I went to a fantastic Network Solutions Grow Small Business conference and came out stoked for the future of the Internet and the presence of small business making money with social networking as the tool.  I decided to start my security company because e-commerce needs e-security and the big boys arte failing in this area.

I scoped out my business plan, set up this blog and met with a software developer capable of doing what I wanted done on a low budget. I called in my friendly graphic designer and specked out the project.  Total elapsed time less than 3 days.

 What next?

I started adding content to the blog.
Now I started with vanilla stuff that I didn’t think was controversial and started to post. I selected the story about a federal judge who stripped an innocent victim of their identity. I figure that Google’s complicity is an old story by now but smooth vanilla is always a pleasant place to start.
Well all my nighttime posting efforts got nuked and I never did get the story on line.

Today was actually a vacation day on family computers so I just surfed after last nights experience.  When it got too slow to proceed, I checked out “netstat -ano” and “tracert www.fbi.gov” and you got it, the FBI was already online domestic spying on me.  It’s really easy to check when the IP’s from netstat operating on your computer match the IP for www.fbi.gov.

Hell, if they are so interested in what I going to write and the security system I’m designing, why dont the just buy me out for a few million dollars and put in a non compete clause.  Meanwhile. I’ll just excercise the rights I acquired at birth which were and are being destroyed by the Bush/Obama Cabal.

Security Brief – Google Chrome

October 2, 2009

GOOGLE’S Chrome is the fourth most widely used web browser and the version that starts with 3.? has problems.  Seems a  vulnerability has been reported in Google Chrome which can be triggered by visiting a malicious website.   Successful exploitation might allow an attacker to execute arbitrary code.  Worse news is that failed attempts might lead to a denial-of-service condition and shut you down.

Google has confirmed this problem and updates are available.

Hello world!

September 30, 2009

Over the past few years, I have come to be obsessed with computer security and my findings are unnerving.  Computer Security is an oxymoron.  For those who don’t know, an oxymoron is the coupling together of two words that create an unbelievable occurrence like “happily married” or “military intelligence” which both rank up there with “computer security” in rare occurrence.   Debating which operating system is best or which anti-virus system is best  is the modern day equivalent of debating how many angels can dance on the head of a pin.

Occam solved the problem of how many angles dance on the head of a pin, by a simple rule which is now called Occam’s Razor and states that the simplest solution is usually the correct one.  In his case, he stated that Angle’s don’t dance on the heads of pins all day because they are busy doing God’s work so the answer is none.

In my case, I really am somewhat obsessed with the fact that no operating system is secure from a serious attacker and that no hardware or software exists that protects your computer or the information on it and in the end,  will really defend you from financial run or worse.  While the debate on computer security may be fun,  it always detracts from the purpose at hand which is to protect your identity, freedom and finances. I am beginning to see that no one wants to completely secure your computer because there would be no need for new hardware, operating systems or anti-virus programs and many people would end up unemployed and out of business.

Well the problems I am going to attack in this blog are the types of attacks which are possible and how one can defend against them. When I solve the problem, I hope you trust me enough to buy a product that works, just as you have spent your money on products from Norton and Microsoft that provide very little in the way of protecting your property, privacy and freedom.