From Reporter to Private Investigator to Security ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

100%

RetiredUser,
User Rank: Ninja
6/9/2017 | 3:28:33 PM

Kudos and Condolences and Kudos

I identify with your story - I remember my evolution from no-tech to low-tech to high-tech some twenty years ago. It was painful, blissful and startling. Kudos on getting where you are, and on even finding your toolkit included un-honed security skills.

Condolences, though, on your role as an investigator. It seems it must be hard being an investigator in software security if you are not the one defining who you take down. Like law enforcement, the judicial system, and financial industries, there are countless gray areas in InfoSec. How do you know who to arrest, who to prosecute, and who is better to let go in favor of bigger fish.

Cyber criminals come in all shapes and sizes, too. Some can be tracked and taken down with little resistance while others are part of a larger "army" who can be unforgiving once they know you have them in your sights.

But kudos again for giving back, and digging under the casing. With a focus on code, perhaps you'll be in better shape than as an investigator. Don't get me wrong, boy do we need InfoSec investigative work. But I don't envy those who do it.

Nice to see a personal story once in a while here on DR.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

How to Better Secure Your Microsoft 365 Environment

Kelly Sheridan, Staff Editor, Dark Reading, 1/25/2021

Many Cybersecurity Job Candidates Are Subpar, While On-the-Job Training Falls Short

Robert Lemos, Contributing Writer, 1/27/2021

Attackers Leave Stolen Credentials Searchable on Google

Kelly Sheridan, Staff Editor, Dark Reading, 1/21/2021

Webinars

Cybersecurity's Next Wave - What Every Enterprise Should Know

The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches

How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance

Webinar Archives

White Papers

A Technical Deep Dive on Software Exploits

What To Consider Before Renewing Your SD-WAN

Five Reasons to Protect your VPN with Multi-Factor Authentication

Top Threats to Cloud Computing: The Egregious 11

The Insecure State of Microsoft Teams Security

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Hey! Just a kind advice, we have hidden agents in your endpoint that allow us to know that you are not doing the report for your manager and you ...

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-3326
PUBLISHED: 2021-01-27

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

CVE-2021-22641
PUBLISHED: 2021-01-27

A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

CVE-2021-22653
PUBLISHED: 2021-01-27

Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

CVE-2021-22655
PUBLISHED: 2021-01-27

Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).

CVE-2021-26276
PUBLISHED: 2021-01-27

** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]