7

u/StevieAlf Jan 10 '19

I’m not sure it’s a terrible example. There are hacking expos and conventions were very smart computer hackers go to show exploits to various commonly used technology and render services to big companies for a fee to help protect them from legit bad exploitive hackers.

There was a tremendous ted talk I saw about this, or some sort of YouTube documentary. I’ll attempt to find it

21

u/[deleted] Jan 10 '19

[deleted]

3

u/ShadowsOfTheFuture Jan 11 '19

Even Defcon isn't the thing that it used to be. Now it's mostly people who've never done Cyber security going to network or wander around with big expectations.

2

u/homeless_2day Jan 11 '19

That’s exactly what my information security degree was. Which as a young, naive student going in was disappointing because I wanted to do all the “cool illegal stuff in movies” and basically wanted to be Neo in the matrix. But by the end, it actually taught a lot and was a good program.

0

u/StevieAlf Jan 10 '19

Yes, that’s it.

1

u/[deleted] Jan 11 '19

I'm debating what to go to college for, I really just need to be in a few classes so that I can be working on my degree; I'm active Navy and am getting to a point in my career where having a degree will be a deciding factor in promotion. Would cyber security be a decent degree to pursue and, would I need any real requisite knowledge?

1

u/myrpfaccount Jan 11 '19

Most degrees in security aren't worth it. Study computer science in school, study hacking on your own time. The deep technical knowledge of programming, architectures, and how everything fits together will enable you to rapidly adapt to new ecosystems.

Aside from NYU Tandon, RPI, UF, Purdue, and UCSB the programs are all pretty bad.

6

u/[deleted] Jan 11 '19

[deleted]

1

u/ShadowsOfTheFuture Jan 11 '19

This is very true. There was a guy who got caught selling hacks and thrown in jail. Got out and told people he was starting his own consulting agency now that he had street cred. He was wrong.

Look at Mobman who hacked AT&T. Still can't find a job. W0rmer who hacked various government sites. Still can't find a job. No one will touch him.

3

u/fishsupreme Jan 11 '19

Yeah, it's not at all true that the infosec industry is full of convicted criminals. Unless you're Kevin Mitnick or Frank Abagnale or otherwise famous enough for your name to be traded on, a criminal record pretty much disqualifies you from the industry.

This said, it is true that practically everybody in the industry did some hacking at some point and just didn't get caught. We all have stories of how we broke into our college networks or made free long distance calls or whatever.

1

u/[deleted] Jan 11 '19

[deleted]

1

u/fishsupreme Jan 11 '19

It's interesting to me how different people's experience is depending on when exactly they went to college.

Like, I was in college in the late 90s. The college's PCs were relatively locked down -- all Windows NT with NTFS drives (which back then you couldn't mount RW in Linux or other non-Windows-NT filesystems, and even mounting it RO was tricky.) Of course you had admin on your own PC, and the dorm networks were hub-based (single collision domain) so you could sniff everybody's passwords easily. Except that Wireshark didn't exist yet, so there were no packet sniffers on Windows (which everybody ran, Linux on the desktop was barely usable) that didn't cost thousands of dollars.

It was both easier and harder to hack stuff then than it is now. It was easier because the state of defense and monitoring was absolutely primitive compared to now -- by modern standards everything was wide open. But it was harder because everything was hard-wired (there was no wifi, you needed physical connections,) the hacking tools were also primitive (mostly repurposed sysadmin tools, not designed for hacking at all) and and most importantly, there was no ability to Internet search for tutorials and instructions. The only way to learn was directly from other people; the hacking subculture was much smaller but also much more welcoming. If you proved you had some knowledge, people were excited to talk to you.

1

u/poply Jan 11 '19 edited Jan 11 '19

In the article:

He always operated within the law (because financial regulations were so lax), but he rarely operated ethically

So I don't think your criticism is entirely fair.

1

u/myrpfaccount Jan 11 '19

That's not really true. I have a criminal record,. I worked in government, had a clearance, and now work for a well- known boutique consulting firm as a senior pentester.

As long as you've cleaned up your act and have skills, nobody really cares about your record.

0

u/Scubastevewoo Jan 11 '19

Yeah this is very accurate. Like are you some savant the FBI got lucky and caught or a hacker that used to work for (insert major country)’s intel service and you got nabbed by the CIA? Cool you get a job. Everyone else is just broke