Untitled attachment

Notices where this attachment appears

1. djsumdog (djsumdog@djsumdog.com)'s status on Monday, 07-Oct-2024 02:19:21 JST djsumdog

   in reply to
   I wouldn't say infosec is "bullshit." I'd say a lot of people in those fields are NOT developers, and they lack a true understanding of what security techniques are actually versus beneficial versus those that tick a box on a checklist (CrowdStrike was always a garbage security nightmare from the moment I saw it; and I constantly raised concerns and no one cared because "compliance.")
   
   SHIELD certification was talked about a lot ~2012 and a lot of people in the security sector were against any type of certification, because it's just so pointless. There was a panel discussion about SHEILD form 2012, but Ruxcon pulled the video for some reason. I'd put it on catbox, but it's 950Mb.
   
   One of the most iconic images I remember for a security conference was [Travis Goodspeed's talk on packet-in-packet injection](https://www.youtube.com/watch?v=iQk0GHXs8NY), because of the following image titled "Encapsulation."
   
   Software is built on layers, and even security is designed in layers that are intended to create isolation as well as redundancy. The trouble is that very few people can describe, in any reasonable level of detail, everything that happens in a single HTTP request.
   
   Modern security exploits are often a single strap in these layers. No matter how much everything else is locked in, one bad link could cause everything to come crashing out on the motorway.