Latest news
Jacob Carlson is a senior security engineer for TrustWave Corporation. His primary role is leading the penetration testing and vulnerability assessment team.In his copious free time he likes breaking things and writing code.
Jacob Carlson is also the co-author of the acclaimed "Internet Site Security". The recent review of this book at HNS was a perfect opportunity to get him to answer a few question. Here we go...
How did you gain interest in computer security?
Hrm....I think that it was the same curiosity that had me taking apart door knobs and clock radios when I was a kid. I've always just been curious about how things work, and more importantly how to make things work in ways the designer didn't intend.
You do a lot of penetration testing for your company, what are your favourite tools and why?
Most of the tools I use I either wrote myself or are one-offs/modifications of publicly available tools. The main publicly available unmodified (well, only slightly modified :) tool that I cannot live without is netcat. It is exactly the correct tool for a billion different tasks; most of the reconnaissance and exploitation that I do is manual and netcat allows me complete control over the network connections.
In your opinion what are the most important things an administrator has to do in order to keep a network secure?
#1: disable everything not in use.
#2: patch patch patch patch patch. then patch.
#3: do not trust any users.
What was it like to be a co-author of "Internet Site Security"? Any major difficulties?
Writing a book is very similar to giving breach birth to a porcupine. We didn't get time off of our normal jobs to write (like other people out there :), so we were constantly facing book deadlines in addition to work deadlines. Last September, right as we were wrapping up the first draft of the completed book, I had to go to Germany and France to teach some classes. Because France has weird laws concerning cryptography I didn't bring my laptop, but since I only planned on being gone a short while I thought that I would still be able to get everything completed. Well, I was in Germany on September 11 and ended up not getting back to New York for 2 and a half weeks or something. Obviously the book delay was not the greatest of my worries (my wife and I live about a mile and a half from the former World Trade Center), but by that point I thought that we would never finish.
What books, articles, whitepapers would you recommend to people that are starting to learn about computer security?
Spotlight
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
Internet Explorer best at blocking malware
Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.
Researcher refuses to help Saudi telco to spy on people
Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.
Malicious browser extensions are hijacking Facebook accounts
Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
