All posts by kyREcon

Getting a job in cybersecurity

I see a lot of young people that want to get a job in cybersecurity, and whenever possible I am trying to talk with them in order to understand what makes them  to want to get into this industry. Is it passion for IT security or is it just the growing salaries in this market? Unfortunately, it seems that getting a job into this area is becoming a trend while there is no real motivation for knowledge.
It really makes me sad when I see a person in his early 20s to only think about money. On the other hand, I also appreciate the fact that not everyone wants the same things from life, and for that reason I am not judging anyone. What is however important in any case, is how you get there. Putting things in the right order is the best way to go. These are just personal points of view. I am not trying to tell anyone what is right or wrong. I am only expressing my opinions, and you can agree or disagree. :)
The following are some of the things I hear quite often from people that come straight of the university. Continue reading Getting a job in cybersecurity

The HackingTeam and the Infosick White Angels

What have we really learned from the recent data leak regarding the operations of the so called HackingTeam?

Did we learn that there are some companies/people out there selling exploits?

Was it that the infosec industry is full of white angels that would never do so?

Maybe it was the fact that our industry is not so open-minded as we think?

Let’s see…

There are companies and individuals selling exploits. WOW, what a fucking surprise!!!
Sorry for disturbing your sweet dreams. Reality check! If you didn’t know, then you are reading the wrong article. I suggest you continue
reading –>here <–.
If you did know that shit happens, you may be interested in reading the rest of it.

Deamonizing the phrase “selling exploits” is like saying manufacturing cars is evil.
Just because some people will misuse either of them, doesn’t mean that both are necessarily bad.
Is it that bad to sell an exploit that might help the authorities to breach into a terrostists organization?
Is it more bad than driving drunk or high? Oh yes, you never do that!!!

Let’s now go back to those loud infosick people that started sharing lists, and putting labels on people that worked for the HackingTeam.
They even started saying to blacklist all those people from working again in IT. Shame on you!!!
You are not a judge, and you certainly won’t decide for anyone’s life. If you don’t like someone and his actions, you are free to say so.
However, organizing a witch hunting belongs to another era, and I wasn’t expecting to see people going down to that level.
Again, if you did that, shame on you!!!

So selling an exploit is evil. All white angels came out and said that out loud.
I am not really surprised. People do try to get attention by someone else’s failures. Sad creatures!
What these angels never said to us, is what they would have done if they had the skills to build an exploit that someone would happily
buy for $30k or more. I am pretty sure they would never sell that evil thing, because they are nice people!!!
I can understand people with the skills for doing so, that never did, to go out and critisize these actions. However, looking at the mass
shouting under the cross, it is really sad…,and at times even funny.

Now, I know people will come and say that I have connections with the HackingTeam and that I am trying to defend them. I am sorry to
disappoint you, but you are wrong!
They will pay for their mistakes when the time comes, but won’t be you who will decide how and when.
It makes me feel sick being part of a community that is ready at any time to blacklist and label people.
Today it’s them. Tomorrow it might be you, for whatever reason that might be.
At the end of the day, that’s just my opinion, and you don’t have to like it.

Just out of curiosity. Before wearing your superhero mask going out on tweeter saving the world with your (mostly) useless tweets,
did you ever consider what might be the real motivation behind this breach?
How do you know this was done for ethical reasons? How can you be so sure that someone didn’t get paid just to take them out of the game?
I am pretty sure this never occured to you. Surprise! Yeh, I know…shit happens. I don’t imply that I know what really happened, so don’t
pretend you do know that all this happened for a good reason. Just saying…

Apparently HackingTeam, did a lot of mistakes. They fucked up. However, I am pretty sure not all of their actions were evil, and if they were only time will tell.

Finally, I want to send my respects to all of them that handled things responsibly. That is, by sharing the information without judging the
people behind it. To those that spent some time analyzing the leaked data, extracting the exploits and helping the affected vendors to fix
those vulnerabilities, I have to say congrats! That’s what should be all about.

Don’t judge someone just because they sin differently than you.

kyREcon