[PLUG] Joe Jobbed - security considerations

M. Edward (Ed) Borasky znmeb at cesmail.net
Wed Oct 10 05:34:15 UTC 2007


Ronald Chmara wrote:
> So, hokay. A bit about frsirt, and my experience in the field....
> 
> I had this hardcore gig for about a year, where I was part of a 24/7  
> team that did nothing but monitor the existing known set of exploits,  
> write patten matching code (think of something like snort on  
> steroids, with end-user clients that could nuke other people (not a  
> rhetorical device)), and build detection rules for the exploits. One  
> of our best research tools was frsirt, because quite a few (half to  
> 80%) of their warnings, for a long time, came with PoC (Proof of  
> Concept) code to run, which made our lives easier.

[snip]

Reminds me of that set of photos -- "So you hate your job" :)

Seriously, though, I just can't imagine a worse job in computing. It 
takes a special breed to do stuff like that. My hat is off to you, etc. 
Me ... I'd rather clean up after elephants in a circus.



More information about the PLUG mailing list