- Support for BeagleBone and BB Black
- Some much-needed improvements to dhclient
- OpenSSH 6.3 with some new features
Much has been written about how to get started in InfoSec. Last week, I happened across this excellent post with guidance for college students interested in security. The fact is, most of his points are relevant for anyone, student or not, that feels like security is their calling. Of particular note that you really need to love this field to make a career of it without getting burned out in the first few months.
Landing an internship is a good start. I've worked with some brilliant interns from high school and college, but internships are usually only available to students. Most security industry internships are not only paid, but paid quite well compared to many entry-level part-time jobs. Like most internships, you stand a pretty good chance of finding a job in the field if you excel at your work.
Brian Krebs has also sought advice from various high-profile folks in the industry. Most of their sentiments line up: Be curious. Learn. Tinker. Show it off. Crafting excellent write-ups shows potential employers that you're an effective communicator, and that you have the skill to really dig into and understand a topic. These traits matter through your entire career. Even now, with nearly half my life spent in the information security field, I still can't resist the urge to get my hands dirty in the lab. As for how to show off your findings and get involved with the community, try setting up a blog, hanging out in /r/netsec and visiting local gatherings such as CitySec, ISACA, OWASP, yes, even 2600. If you get a chance, big security conferences can be a lot of fun, but I'd argue they're less useful for getting your foot in the door, and more useful for getting to know others in the field from all over the world.
It's worth reiterating how unfathomably broad the field of information security is. If you're looking to get started, it's best to pick one or two subjects to really focus on. Many of the "fun" topics make use of both offensive and defensive skills. You might need to Google some of the sub-topics, but to name a few I can arbitrarily think of off the top of my head:
Yes, you have to give them your e-mail address. And yes, like many publications, there are a bunch of advertisements. Every once in a while, BSDMag covers a lot of security-related topics, and this is one of those. Click below to get the latest issue.
I warned you all. I was going to do it.
When I was a kid that actually knew and used UNIX (AT&T and AIX at the time), I knew in my heart of hearts that there was no video-game-like flying graphical file manager for UNIX. A lot of us made fun of the computer scenes in Jurassic Park. Well, I was wrong. All of us were. Here's the 20+ year-old Fusion (fsn) file manager running on a 20-year old computer.
I like old computers. I like playing with different operating systems, including old ones. A year and a half ago, give or take, I received an SGI Indy from someone who was cleaning out the shed. This was a low-end machine from SGI, but a relatively high-end workstation by most standards of the era, meant for people doing 3D design and CAD work. This one was made in 1996, about a year before the product line was discontinued.
I have been running across malware like this lately.
It appears to be a local infection that appends some VBScript to HTML files on
the webmaster's computer, spreading to the Internet when it's uploaded.
Alternatively, it could be an infection on a Windows IIS server.
OpenBSD 5.3 was released on May 1. (I told you I'm running behind!)
There are many enhancements and changes, including some much-needed tweaking to dhclient, making it a little less frustrating to use. While updating the nginx/MySQL/PHP-FPM how-to, I noticed that nginx is now defined in rc.conf like Apache has been for quite a while, so the setup procedure changed ever so slightly. The Apache/MySQL/PHP how-to remains basically unchanged, and it'll continue to be maintained so long as Apache is available in either the base distribution or from ports/packages.