Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


LinuxQuestions.org: Interview with Brian Hatch

Oct 31, 2003, 11:30 (0 Talkback[s])

[ Thanks to jeremy for this link. ]

LQ) Tell us a little bit about yourself. How did you end up a security guru? Any advice for people who are interested in starting in "the business"?

"BH) I was always a paranoid security freak, though I didn't know it until much later. Even when I was 6 or so I had home-made locks on my bedroom door, Tripwire-like devices I could use to see if someone had opened my closet, and other stuff that was very unnecessary for someone with nothing interesting whatsoever. Building better and more foolproof and complicated systems was great fun for me, even if none of it was useful in the least.

"Advice? If you want to get into security, you must build an immediate distrust of everything you hear and see. (This also works well when listening to politicians.) When developing anything, be it your security policy or your random email signature generator, you need to take the stance 'What could go wrong? What weird situation/input/etc could cause this to fail? Have I set up enough barriers? Have I checked the exit status of each and every command, including 'print/printf'?' Never assume that something you write for a normal user will never be run by root, for example. Never assume something that, today, is only executable by trusted administrators will never be accessible to an attacker. Perhaps those admins become untrustworthy, or their account gets compromised, or you need to allow access by less-competent admins..."

Complete Story

Related Stories: