I never really wanted to be a Hot Shot IT Security Guru. It just sort of happened that way. Ten years ago I was working as a Web master’s apprentice at a dot-com and mentioned something about a patch Microsoft had just released.
Next thing I knew I was responsible for security of the Web site.
Lucky for me, I got out before everyone was laid off (although I should have stayed just to get the severance pay). When my new employer learned that I was the Old Security Guy at a dot-com (me and my Big Mouth) I immediately became the New Security Guy.
That was ten years ago. I am really beginning to hate this job. Not only is the entire Security Industry a Total Utter Failure, but the people in it are all dicks and assclowns.
Every man Jack of them.
Take, for instance, this recent thread at Full Disclosure. It didn’t start at Full Disclosure. It started out in a Security Wannabee mailing list. Some newb was wondering out loud about how to program a “secure” SMS banking program.
I’m designing an SMS baking application but i need to research on the security risks involved first. I’m thinking of subscribing mobile phone number along with a pin…
Little did he know he was starting an Epic Troll. First, he attracted a number of security dicks, who basically poo-pooed his approach and warned of the insecurities of SMS.
Then, the assclown showed up.
I have been aware of this OCD whack-job for several years. Back in the early days of GMail (when you could still get away with it) I used to mark all of his messages to the security lists I subscribe to as SPAM. He is just that annoying.
If you ever want to pull/troll this guy out of the woodwork and watch him froth, just join the wannabees list and post something about “security by obscurity”.
Most “Security Pros” despise security by obscurity simply because it rhymes. Or maybe it just makes it easier for them to remember that they hate it. Many have lost track of what it actually means and as a result it’s a great security list troll topic, right up there with automotive industry analogies (which are almost universally despised in security mailing lists these days – try it sometime).
So this man, A Legend In His Own Mind, shows up and the thread instantly becomes a pissing match. After 16 messages the head dick drags the argument out of Wannabees and into Full Disclosure and the real fun begins.
Normally I tend to ignore these things. One of the benefits of reading security mailing lists in GMail is you can construct a filter to instantly delete annoying threads like these (I have dozens and dozens of them).
It’s not my point to give a blow by blow synopsis of the Full Disclosure thread. If you’re really interested, read it. It’s still going on as I write this.
But it is the finest example of why I hate this industry and the people in it.
