Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Robert Hansen and our happiness SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Robert Hansen and our happiness

 So as it’s my first shift as handler of the day I was worried if I would be able to live up to the bar the handlers have set in diaries and days past.  This started a train of thought that was accelerated by Robert “RSnake” Hansen’s 1000th and final post on http://ha.ckers.org today.  I am sure that everyone reading this is aware of whom Robert is but in case you have been under a rock for the last many years or just not involved in web application security.  Robert is one of the giants upon whose shoulders we all stand.  Robert has helped cause XSS, SQLi and XSRF to become terms that the business people we deal with understand.  He has also fostered an environment where people share tips and tricks and encourage each other to become better.

 
In his last blog post on the site, Robert discusses how he needs to follow his happiness and that this is the main reason he is stepping out of the limelight. (Yes this blog post does continue the light shining on him a bit but I think its ok this once.)  He brings up a point that is one that I have discussed with many people.  What happens when this isn’t fun anymore?  While I am sure that rooting boxes and yanking data through a web application will cause me to giggle for years into the future, how do we ensure that the people we have manage and monitor our security are still enjoying what they do?
 
Its also funny that this comes up at the same time that the mainstream news outlets are discussing the use of the history browsing attacks using JavaScript and CSS.  This is an attack we have discussed for a long while now, but since its been found in the wild being used by advertising and adult sites, maybe we will see some more movement on fixing it.
 
Thoughts?
 
Kevin Johnson
 
Kevin

6 Posts
Dec 2nd 2010
In my opinion, I think it continues to be fun as long as 1) you are seen as a valuable team member by your peers and by your company, not just a resource who can "put in the cycles to get stuff done" and 2) as long as the work varies and you feel that you are accomplishing something of value.
Unfortunately with the current economy and the ever increasing pressure to get more stuff done faster than yesterday, it seems to be more of a struggle to keep number 1 or number 2 in perspective. I may just be getting older, who knows! ;-)
Anonymous
In my opinion, I think it continues to be fun as long as 1) you are seen as a valuable team member by your peers and by your company, not just a resource who can "put in the cycles to get stuff done" and 2) as long as the work varies and you feel that you are accomplishing something of value.
Unfortunately with the current economy and the ever increasing pressure to get more stuff done faster than yesterday, it seems to be more of a struggle to keep number 1 or number 2 in perspective. I may just be getting older, who knows! ;-)
Anonymous
I think this is interesting, but the real news today is that the most secure FTP server on earth has been backdoored. For several days...
http://threatpost.com/en_us/blogs/proftpd-server-backdoored-120210

Next thing you know, we will find out that openBSD has been backdoored.
Anonymous
I think this is interesting, but the real news today is that the most secure FTP server on earth has been backdoored. For several days...
http://threatpost.com/en_us/blogs/proftpd-server-backdoored-120210

Next thing you know, we will find out that openBSD has been backdoored.
Anonymous
Actually, I just found out from my sysadmin that we have not used proFTPd for years. Since we are a RedHat house, we use vsFTPd, actually NOW the most secure ftp sever on earth. I am still waiting for someone to pwnd my site, and hope that this info will help.

purdy@tecman.com
Anonymous
Most of us are in it for the money. Fun doesn't enter into the equation.

The vast majority of "information security professionals", in my experience, are not capable of performing the tasks for which they are hired. They are mothers and fathers trying to make a living and maintain a modest middle class life style for their family, and so far as information security is concerned, they are frauds. The handful of rock stars are out there charging $500+ an hour in consulting fees while most of the industry stares at dashboards they do not comprehend.

Sorry to interject some reality into this thread.
Anonymous
0+ an hour == "Five hundred dollars plus an hour"
Anonymous
Some people have fun at their job? Inconceivable!

I do it because I'm sort of good at it and I get paid to do it. I enjoy solving problems of the kind that I can solve. It isn't fun, but it is rewarding and challenging.

"Fun" is being able to afford games I want to play or being able to afford taking my wife out to mid-range fancy restaurants whenever we want to.
Jasey

93 Posts

Sign Up for Free or Log In to start participating in the conversation!