Tuesday, January 31, 2023

Fired from your IT/Security job? Come to the dark web! We have cookies.

Your boss just asked you for a meeting. You walk into his office and realize HR is sitting there too; this is The Meeting. The company you have been working at needs to improve its quarter earnings, and you have just joined the thousands of unemployed IT and Security/Privacy professionals. I personally know people in that group. What to do? You have to find something else and quick: you have bills to pay and need to put food on your family's table. You will look anywhere for a job.

What about the dark web?

You would not be the first or the last. The truth is APT groups also need staff like any other business. The image of the lone hacker with no social skills and skin problems sitting on a dark room wearing a hoodie while being illumintated only by the glow of the laptop screen belongs to Hollyweird. ChatGPT notwithstanding, good malware does not write itself. Someone needs to be by the phone on the better phishing campaigns. Large scale attacks need monitoring, and attack servers do need to be patched. According to Kapersky, developers are in high demand in the dark web, and that has been the trend since COVID lockdowns:

Distribution of dark web job ads across specializations. source: http://kaspersky.com/

How safe are such jobs? Like everyone else, it depends. Some are scams, others are worse than that (think being kidnapped in the middle of the night either by your new employees or the FBI/NSA/Girl Scouts). After all, many of these jobs are sketchy at best; they legality depends on which nation is sponsoring the operation and which on the receiving end. But, there are organizations who treat this as a business, so they have a vested interested in having happy and productive employees who are eager to improve their software and services to levels they never thought possible. Some developers adn attack specialists are being offered $20K a month for their services; that is FAANG salary right there.

What about the company that fired you? Maybe after passing bonuses around for cuting costs, they bought the amazing cybersecurity software I mentioned in an earlier post to replace their staff. What could possibly go wrong?

Monday, January 30, 2023

The Amazing Cybersecurity Tool That Will Make You 10 Years Younger!

If you expect this post to be intelligent or thought-provoking, you may want to skip it.

Have you shopped around for some kind of tool to monitor your traffic and/or logs, adjust your firewall in response to an event such as good old exfiltration, or ensure your security and privacy policies are up to date? Or you just go to a trade show booth and ask a few questions. And you then make the mistake to leave your contact info, which then leads to and endless river emails and calls and brochures saying how their amazing product will drop ransomware dead, eliminate any and all phishing emails, patch your ssh to a release that is 2 years in the future, and all of that while shrinking the ozone layer and bringing the dodo bird back to life? Well, I decided it was time to make my own.

Ok, the software who features my code announces is vapourware, thankfully. But I thought it was time to have fun with the algamation of buzzwords salesreps call product descriptions. With my amazing tool you too can spew garbage like "Our disruptive tool implements a passwordless methodology enabling you to amplify the positive impact of the ROI of your verticals by using our continuous monitoring interface," which I do not know whether it promises things it does not deliver (vapurware?) because, to be quite honest, I do not think it really means anything. But, it sure sounds impressive for a someone of a business lean. So, if you need a laugh, give it a try. Or contribute with more buzzwords.

Repo link: https://github.com/raubvogel/cyberSecurityTool

Incidentally, this is related to a proper post I am trying to finish.