https://systemoverlord.com/tags/infosec.htmlRecent content in InfoSec on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Wed, 16 Apr 2014 04:55:14 +0000https://systemoverlord.com/2014/04/16/a-brief-history-of-the-internet-security-wise/Wed, 16 Apr 2014 04:55:14 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/04/16/a-brief-history-of-the-internet-security-wise/<p>I originally posted this to the <a href="http://dc404.org/">DC404 Mailing List</a>, but got some positive feedback, so I thought I&rsquo;d post it here as well. The broad strokes should be correct, but there might be some inaccuracies here — if you&rsquo;re aware of one, please let me know and I&rsquo;ll correct it.</p> <p>There was a thread ongoing about Heartbleed, and it turned into a question of why security on the Internet is so complicated, and couldn&rsquo;t it be any simpler? Well, the truth be told, security on the Internet is a house of cards.</p>https://systemoverlord.com/2014/01/13/ld_preload-for-binary-analysis/Mon, 13 Jan 2014 02:18:16 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/01/13/ld_preload-for-binary-analysis/<p>During the BreakIn CTF, there were a few challenges that depended on the return value of of libc functions like <code>time()</code> or <code>rand()</code>, and had differing behavior depending on those return values. In order to more easily reverse those binaries, it can be nice to control the return values of those functions. In other cases, you have binaries that may call functions like <code>unlink()</code>, <code>system()</code>, etc., where you prefer not to have those functions really called. (Though you are running these untrusted binaries in a VM, right?)</p>https://systemoverlord.com/2011/10/26/ksu-cyber-security-awareness-day-2011/Wed, 26 Oct 2011 22:25:19 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2011/10/26/ksu-cyber-security-awareness-day-2011/<p> Today was the KSU Cyber Security Awareness Day, presented by KSU's Information Technology Services (a sister department to the department I work in), and it was a resounding success!  There were several presentations that had standing-room only attendance, and for good reason.</p> <p> My personal favorites:</p> <p> <strong>Mike Rothman from Securosis</strong> on finding happiness in information security.  Mike's presentation was as much about being happy in your job and in your life as it was about cyber security, but he asked a number of very pointed questions.  Questions about pay/salary, job satisfaction, and life priorities.  I found the questions unsettling, not because of the actual question, but because I realized that I'd been subconsciously thinking those same things for quite a while now.  The take away from his presentation can probably be summed up as "Is what you're doing today getting you where you want to go?"</p>