Linux Today: Linux News On Internet Time.

More on LinuxToday Interview with Brian Hatch

Oct 31, 2003, 11:30 (0 Talkback[s])

[ Thanks to jeremy for this link. ]

LQ) Tell us a little bit about yourself. How did you end up a security guru? Any advice for people who are interested in starting in "the business"?

"BH) I was always a paranoid security freak, though I didn't know it until much later. Even when I was 6 or so I had home-made locks on my bedroom door, Tripwire-like devices I could use to see if someone had opened my closet, and other stuff that was very unnecessary for someone with nothing interesting whatsoever. Building better and more foolproof and complicated systems was great fun for me, even if none of it was useful in the least.

"Advice? If you want to get into security, you must build an immediate distrust of everything you hear and see. (This also works well when listening to politicians.) When developing anything, be it your security policy or your random email signature generator, you need to take the stance 'What could go wrong? What weird situation/input/etc could cause this to fail? Have I set up enough barriers? Have I checked the exit status of each and every command, including 'print/printf'?' Never assume that something you write for a normal user will never be run by root, for example. Never assume something that, today, is only executable by trusted administrators will never be accessible to an attacker. Perhaps those admins become untrustworthy, or their account gets compromised, or you need to allow access by less-competent admins..."

Complete Story

Related Stories: