Now that’s a dedicated programmer/developer, love to see it.
@Eminent Not that I want to defend this exceptional individual, but at these cons there's a certain ceiling that can't be breached since these conferences only last a few days or weeks. Most of the challenges aren't that impressive it's more of a time trial against other people than it is an amazing accomplishment. In the wild real researchers take weeks, months, or years to make progress on security problems. Cryptography problems you're talking years or decades assuming there's not a critical error in an implementation that's discovered. A lot of the DefCon workers volunteer time for no pay, and there are only about a half dozen or dozen people who get paid to work on the con. A lot of these cons are kind of a joke even if they have very interesting talks by legit researchers. This isn't something that's just an issue in cybersec, most cons as far as I can tell are just a way for people to job hop or sell their product.
Gestating wildly at an audience would be extremely impressive because he's a man and physically incapable of carrying an embryo and growing it into a fetus.
That's so incredibly petty and malicious that you have to wonder if he's a Scooby Doo villain.
How many of these have "overheated" in Jason's care? I'm fairly sure two other ferrets sealed themselves inside something and died as well.
What does he mean by that? In his experience it happens a lot, but when researching this issue, he didn't find others with similar problems, or it happens a lot, but didn't do any additional research about it? Either way this is a strange wording.
So his pooner wife isn't a vet...
Sure, it's the same reason interviews for jobs requiring math or coding ask weird puzzles to test how someone thinks and solves problems as opposed to presenting them with a real problem the company is working on. Usually the questions to test this are intentionally abstract to test how they behave on the spot.
I love how even when talking about how his beloved ferret died he HAS to clarify that his pooner wife is a Vet and that she absolutely knows what she is doing.
Yes, and no. One of the other big thing that happens is companies developing tools or exploits will join CTFs to win and market their tools. All of these little contests can be LARPy jokes, but they can be useful for training, and simulating real world threat environments. A lot of CTFs are about as impressive as the crypto puzzles that he found. That being said all kinds of events at these cons are opportunities for people to learn about stuff outside of their expertise. How basic and LARPy they are varies greatly. Now whether it's worth spending 3-5k to do something your company could run for basically nothing on some weekend is debatable. Biggest opportunity at most cons is for sales.
@Retink Retunk, not to start a tangent argument, but in my experience talking to grey beards about interviewing the shift happened dramatically after Google took off. It wasn't a common practice to give everyone a bunch of puzzles in an interview. Google started to take off and everyone said, "Google has the best smartest people we have to copy Google!" Destroying hiring practices across the entire industry.
@Johnny Silverhand, as above not to start a tangent, but this is not the case with companies working with cybersec services. You're talking "cheap" bills in the quarter millions for companies with CTOs, and CSOs, of their own who are literate. There's so many bullshitters because cybersecurity is heavily connected to legal requirements, and government jobs. It's seen as a cost that adds nothing to revenue generation of the company. There's a lot of what you could call regulatory capture. I don't think anything will change until they start throwing C-suite in prison for their negligence. I'm not holding my breath. They want their rubber stamp so they can make regulators, investors, whoever is requiring the assessment happy. Many customers just want to get past whatever legal requirement they have so they can keep doing business. Hiring someone like Jason is actually an excellent strategy for this end, especially since he'll be so much cheaper than most experienced hires! Save costs, and give the customer what they want.
Phenotypes are real, don't dismiss them as pseudo-science.
Majority of cyber-security specialists in the government are mainly people familiar with security tools and laws/processes/etc. The actual hacker/programmer types who work for the government, are really under Raytheon, GDIT, and others who are contracted to the government. Your day to day guys who man the SOC, let's just say I know two of them who have LTT hoodies. Never had a problem with them and they're personable enough, but they're not turbo-autists, they're a typical nerdy/weirdo/Internet autist computer person; but that's me throwing stones in glass houses.
Had a friend similar to Thor.
it reads to me like a very poor attempt at trying to hide his negligence. you're right that the wording is very strange, it immediately caught my attention too, it almost sounds like a subtle admission. but really it seems like it's just his usual routine of, "i'm smarter than you, i already did the research and cleared myself of blame, you need to take the master hacker's word for it you idiot." now, i'm no vet, but how does one ferret get overheated by another if they're in an air conditioned room and supposedly not cramped or overcrowded? and why would you start a rescue being so under-prepared for something so simple?
I don't think puzzles and quizzes are necessarily bad, but most are administered by HR these days as opposed to skilled engineers, which is kind of like hiring a plumber to give you a colonoscopy, but the plumber is also mentally retarded.
Completely agree with this point. It is mostly parroted around by posers or people with little experience. I have seen a ton of people say they consider going into bug bounty without having any understanding of the subject matter.
Of course. You would absolutely struggle with a time restriction to solve a more complex puzzle, my primary gripe with the situation, as others have mentioned, is that solving these challenges are discussed as if they *are* some great, month-long complex achievement. There are certainly difficult and longer term CTFs out there. Personally I would love to see Jason Hall do something like Flare-on or similar, as he has experience with "digging in code caves" and "removing the polymorphic".
>Overheating is impossible
