Over the last week we have seen the Strava heatmap and the Autosploit issues come up. since the start of the new year, I have watched fight after fight over opinions on many different things in the world of infosec. Can we get the claws retracted and have meaningful discussions please?
Ok, seriously, most of the debates have been quite informative and pretty clam. Still there have been some people who have dug deep trenches. Autosploit, if you think someone(s) else have not done that sort of script in the past, you are probably kidding yourself. Yes with ti out there, it makes it easier for the kiddies to do it, but truth be told it was going to be made public at some point. The debate on the morals of that are immaterial except for a thought experiment. Something like this will get released to the public again, and just like anything in the world of IT, not just inofsec, it can be used for good or evil. I suggest focusing on how to use it for good, as a way of showing why you need the new tool, new infosec employee or bigger budget. It is a golden opportunity, especially if you have higher ups that read infosec headlines and tend to freak out at the next problem they define.
Speaking of that, is it just me or does it seem like publications, both in print and on the net, have gotten away from proofreading? The idea that we can still understand what they mean (for instance lunch instead of lung when talking about breathing issues) shows two things related to our field. First, the mind is an amazing thing. We can figure stuff out pretty quickly if we do not fight ourselves over it. I know, easier said than done. Second, we have gotten lazy. We rely on the tool (spellchecker, grammar checker in the example I used) and have stopped using that great mind of ours. This is a complaint I know many in the infosec world have talked about. Start with the people and then get just what tools are needed. Still, it gives a great, easy to understand real world example to those not in our field of what we are talking about. Mistakes will happen, but they should be able to be mitigated.
That is it for this week. See you all on the flip side!