Posts

Social Contract Theory, an IT example

After much thought I believe that the “Social Contract Theory” is one of the most important theories in the list, after all in an online environment where almost everyone is anonymous it is important that people remember that on the other end of the conversation there is another human, not because it might hurt the other persons feelings but because we want order to be maintained. Now onto the example, I believe that in the future as cyber-security professionals we will run into situations where we have to develop a project form scratch, or setup a server form the ground up, and in situations like that it is important to follow rules and regulations, as not only will that help guide you on the proper path to setting up your project or server, once your project is almost setup and an error pops up for some reason then using online guides and forums, you would be able to look up error and consult other specialists that might know something about the problem that you are having, while if

Review of the “Capture The Flag 101” wiki

Before I start digging into the wiki, for full disclosure, I do have to give some background as to my own experience with Capture the Flag, I have never done one to completion. I have researched some for school, I have also given a couple a try, but I have never finished, so some of my critic or praise might miss informed. My first impression of the “What is Capture the Flag?” part of the wiki is that it lacks sources, tho I do admit that my part of the wiki does look similar due to the inconvenience of putting the sources where appropriate so I do understand why there is a lack of them, but still it was a point worthy of mention. Now I do believe that the “Definition” part does a very good job at introducing the subject, as I am able to understand what a CTF is just from one paragraph! My only complaint with the next part is that most CTFs that I have seen accurately explain or at the least approximate their difficulty level, so that should have been said instead of what was written.

Practical applicability of ideals in the modern world

After reading the different guidelines for hackers I’ve come to the conclusion that at best they can only be used as rough guidelines, after all nothing in this world is absolute. Passion – While I do believe that hackers have to love, or at the very least enjoy what they do, I also do believe that even if they do not enjoy it, they can still achieve something in the field, sure they won't be at the top, but in the ever growing field of IT, as long as they work on improving them selves then even people that just see hacking as just a job will be able to achive something. Freedom – I believe that this is one of the most important characteristics, after all a caged bird will never learn to fly, sure some people say that the most ingenious idea were created when a person was put under pressure and had limitations imposed upon them, but then can you image what they would have created without those limitations, how much better the result would have been if they were

Online censorship and privacy

Online censorship is currently might be one of the most important issues currently, if this was an actual conversation someone might have brought up climate change, a war in some place, and any number of any problems that currently plague the world, but if we took the time we would almost certainly be able to trace at least a portion of the momentum against- or pro- movement to misinformation, which may or may not have been spread intentionally by someone.  And a discussion about that almost always leads to a discussion about online censorship, how it may help with the issue or maybe how it could work against it, basically everyone has their own opinion about it, and to prove that one is opinion is more correct then another is almost impossible, unless those polices actually get implemented and tested in the real world.  Now this leads me to the recent developments that happened before and around the pandemic that it easily overshadowed, and with good reason at that, but this issue is

Technology, training and policy lead to security

Kevin Mitnick in one of his books that security comes from technology, training and policy leads to security, and I believe that that is the truth, as a good example I can point to is Estonia’s ID card technologies. Unlike most countries Estonia took the plunge into virtualization their governments services, something that is widely debated in many other countries who hesitate to transition due to the security concerns, and due to that Estonia had to pioneer many different technologies and techniques to keep their and their citizens info safe. The prime example as I had mentioned is the Estonia’s ID card technology, each citizen has one and it is unique to them, on the surface it may seem like something that would be ripe for exploitation, just steal someones ID card and you can basically impersonate them online, and that might even be the case if they were also somehow able to obtain the passwords and pins associated with that ID card. But that is where the “technology, training and p

A bad design that led to a disaster and a good design that prevented one (or 2 smaller good ones...)

The bad design Probably the most infamous bad design that I can think of is that of the Hawaii alert system and the 2018 disaster it led to. There are two conflicting accounts of how everything went down, but the common denominator in both is that the software being used was of very low quality and didn’t have any type of double verification, sadly there are no actual screenshots of available online, but buy looking at the examples provided by the official sources it isn’t hard to understand why such a mistake could have been made. The first version is that an employee went rouge, some say due to an un-diagnosed mental illness, and turned a unplanned drill into an actual alert, resulting in 38 minutes of absolute horror for the citizens, I have read multiple harrowing accounts from the people there: A mother who didn’t wake her children, deciding to let them perish peacefully in their sleep A family who just sat down on the beach to enjoy their last moments together Large

A modern IT professional

Before having to write this blog post I haven't really thought about what would make an IT professional, what would be some common defining characteristic in successful IT professionals that someone could point at. I had to spend a while really thinking about it and I believe that one of, if not the most, important characteristic that an IT professional must have is adaptability. You might ask why would I decide that adaptability is truly the ultimate characteristic for an IT professional, well it is because the field of IT is the most rapidly advancing field  and if the IT profession in question doesn’t keep up or can’t keep up then they would be left behind, and eventually their skill would stop being relevant. With the adaptability of an IT professional it is only natural that not only would they have a field of specialty, but they would also at the very least dabble in other fields and specialties. I do not really have much knowledge of how an average IT professional looked bef