Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Incognito mode (Score 2) 308 308

IANAL, but I would think if you consistently use incognito mode, you could make the case that it's just how you work and was not an action taken in response to any sort of criminal activity or investigation. I'm not aware of any law that requires people to maintain evidence as part of their daily lives....

Comment: Easy as 3.14159 (Score 1) 205 205

First off, start playing. Grab a free VM tool like VirtualBox, load up some raw Linux and Windows VMs in it, launch Kali, and start poking around. Break things, but in a manageable, recoverable, legal way. Never, ever, ever poke at something where you don't have written permission from the owner. If you want something a little less random, Lamp Security had some guided CTF exercises out there a few years ago that took you through the pen test process.

Look into formal training. In my experience, SANS has some decent hands-on classes, and you get a fancy certification to go with it. A better option would be to look into Black Hat Training class, and stay for the briefings and Defcon.

Talk to people in the profession. There are a lot of security folks on Twitter - Jack Daniel, Jeff Moss, Dan Kaminsky, Johnny Long, HD Moore and Deviant Ollam to name a few. Follow them, ask questions, join in conversations. Meet up with them at conferences. Security professionals love to tell war stories, and we love to educate people who are interested and want to learn.

Speaking of certifications, don't make the mistake of making them a goal. For what you're looking at, the so-called "big name" certifications (like CISSP) are pretty meaningless. CEH (Certified Ethical Hacker) would probably be worthwhile to have, since it would relate directly to the work you're doing. But realize that certs are mainly viewed as window dressing - great for the business card and marketing department, but all they prove is that you're good at taking tests. Make sure you're getting the knowledge that goes with the cert, and can demonstrate it in the field. The skills and abilities are far more important than the letters in your signature block.

Comment: Laplink or null modem (Score 1) 466 466

I think the biggest issue you'll run into is finding something that will work for the DOS/Win 3.11 device.

See if you can rustle up a copy of Laplink with the LPT cables. It was designed for moving files in just this scenario; using the LPT cable was always a lot faster than serial, which topped out at 115kbps. Yes, that's kilobits per second, you young whippersnappers.

If you can't find laplink, find (or build) yourself a null modem cable. Hook it between the two systems' COM ports, and fire up a basic transfer program that supports batch transfers (look for ZMODEM support).

Comment: Perfect world (Score 2) 182 182

In a perfect world, your employer would jump at the chance to send you, give you full per diem and a room in the conference hotel, rental car, and an allowance for books and materials on sale at the conference.

But as Huey Lewis said, "Ain't no living in a perfect world."

I was fortunate to go to Black Hat and Defcon in Las Vegas for 11 years while I was at my previous (private sector) employer. They paid for all but the first time. For that one, I took leave, paid my own way, and then came back and demonstrated to them the value and knowledge I picked up (mainly by starting just about every sentence with "Well, in a talk at Black Hat..." I got laid off when the company was downsizing, ended up in a public sector agency, which sounds very similar to your situation (great people, interesting work, surprising lack of sticks inserted up people's butts). Same situation - I had to go on my own first, the next year they willingly paid for me to go.

Your employer is at least offering to pay for the training piece, which says that they see some value in this. And I know how hard it is to do things like this on a public sector salary (which is still about 40-50% of an equivalent private sector one). My advice: look for the bargains. Stay at a cheap casino (you can get into places like Excalibur for $40-50/night, sometimes lower) instead of the conference hotel. Walk and use the monorail to get around ($10/day). Eat fast food, or fill up on conference munchies - don't eat in the conference hotel or celebrity chef restaurants, but find the coffee shops and cheap buffets. And most of all, talk to your employer. Tell them you're willing to go on your own dime this time, but when you get back, you'll want to make the case for someone from your group going every year, fully paid.

Comment: Social Opportunity (Score 3, Insightful) 274 274

My choice is Poker, because for me, it's the most social of the games listed. When my friends and I were all local to each other (we're now scattered to opposite ends of the country), we'd get together for penny-ante games that were more about conversation, jokes and obscure movie references than about gambling. The big winner of the night might leave $4-5 richer, the big loser might drop $2-3, but everyone would have had a great time.

People who go to conferences are the ones who shouldn't.

Working...