Info sec Dilemma

t. ignorant resentful dropouts

lmaoing @ all the people that dropped out when I was in university.

these fucking retards could barely pass any of the courses and had to resort to cheating to get through. I thought it would be over when I got a job that required a degree to be there.. nope, even more incompetency thanks to the third worlders asking me questions that they could figure out by reading the FUCKING documentation.

Isn't a lot of the stuff in the show technically accurate? I mean, besides like, using a raspberry pi from a supply closet in a bathroom to raise the temps in a server room

I'm planning to take a sabbatical with a few guys i know to make a "real" computer game and get it up on steam or something (not exactly a high bar i know), but i dunno, making a game is kind of on our collective bucket list. We have most of it done, but can really do with 6 months to a year to really get things nailed down.

I know Jow Forums likes to pretend its too mature for such things, but its actually quite fun and have to think of things in a different way to my day job.

>want to be hacker
>no efor to understand underlying stuf
Ya can't hack without understanding underlying stuf. If he is speaking about metasploitkiddies then yes.

>Isn't a lot of the stuff in the show technically accurate?
Only quasi-accurate. The jargon and stuff was okay, and above what I expected for a TV show.

However, it was full of inconsistencies. For example, accessing the gate locks from the guest wifi in the prison is completely implausible, as such systems are have to go through lengthy safety inspection protocols (similar to automatic fire doors etc, they have to work even if power fails drastically). And the initial idea by infecting the police station network with a virus just made no sense, as the police station is not connected to the prison in anyway.

And the raspberry pi thing is just retarded, the whole premise was that he couldn't use his phone because there were no cell phone coverage in the mountain, but how did the raspberry pi he mounted in the fucking toilet manage to be connected? If it connected to the wifi, then a sysadmin would clearly discover the unauthorized device on the network. And also, the termostat on the toilet is not magically connected to the advanced temperature control systems in the server farm.

I dropped out after midway in season 2, so I don't know if it got any better or not.

thats not a job though thats called a hobby

Jeez that's awful

I believe that the non-IT side of hacking is very much disregarded, especially by people that focus completely on IT hacking
in many cases you can get what you want much faster by being good at circumventing locks and social engineering. in fact, most successful red team tests are due to these approaches - not running payloads or exploits

you don't need much IT knowledge to do this well. sure, some basic system admin stuff and basic EE is certainly helpful, but really not that important.
IT security is the strongest part of the chain in quite a lot of cases, mostly because sysadmins know everyone else working there is a dumbass and they secure and update stuff properly and don't give anyone else root (also, because they don't want to clean up the mess someone else has made)

walking into a building wearing a nice suit and bamboozling someone to give you exactly what you want is generaly the easiest approach and by far the fastest.
people that focus on IT hacking don't like this fact, because they often lack social skills, but that doesn't change that it's true. they are quite quick to point out the effectiveness of lockpicking etc. but that's really only an option if you're either a social engineer in the first place (or you go straight up night burglar, but that's a sure fire way to get locked up because alarm systems are actually well designed)

Attached: CyberSecurity-Blog-Series-Social-Engineering-1.jpg (1080x675, 206K)

Season 3 had some good character development and the way they filmed a couple of the episodes was pretty neat

>butthurt sysadmin mad at things

Literally who cares?

Dude I have a room temp IQ and I managed to train my own computer vision neural network. You gotta believe.

Pssst check it out papers.nips.cc/paper/4824-imagenet-classification-with-deep-convolutional-neural-networks.pdf

Shhhh I have no social skills but that doesn't mean I can't put on a show. It takes the effort of believing my own bullshit and then you are good.

t. freak that started doing card tricks and slight of hand

> because alarm systems are actually well designe
No they aren't. Half the crap you said isn't true even.

Muh sekrit klub

People with dreams like that should watch DEFCON presentations. They sometimes mention how they spent two weeks reading the docs and trying to find vulnerabilities and got nothing. And that's two weeks of work in their spare time.

The allure and the hollywood cool factor goes away when you realize how the magic happens.

I suppose you are right, but there is no need for childish gatekeeping from current infosec professionals

Why don't hackers just hack a bank and retire in the Bahamas or something?

why don't athletes just play in the NBA and retire in the Bahamas or something?

Because there's a lot of competition?

elaborate or youre larping nigger

Those were the two plot points where the writers took the most liberties and they admitted as much. Everything else is pretty much on-point (except that part where they used a CLI command that scans Bluetooth devices, to connect to a Bluetooth device.)

We see charaxters surviving explosions without organ rupture or going deaf, characters shooting two guns at the same time or making jumps for distances too long for human beings; movies and TV shows always have to bend the rules a little bit to make shit interesting. For what it is, Mr Robot is fine.

The biggest problem with the show for me is that there is no realistic way for the characters to have all the information they have access to. And Elliot shouldn't be able to function as well as he did, considering how sick he is.

Yup. Infosec has nothing to do with your expectations as a 'hacker". The closest thing I think of is being a sysadmin or a devops, you need a similar skillset. You mostly write reports and test systems and you cant just rekt a website even when they hire you to pentest it.

>Those were the two plot points where the writers took the most liberties and they admitted as mu
Nah, I think blowing up server rooms by overheating them is pretty unlikely.

Lol this. Fucking wannabe l33t larps, they keep shitting up the infosec threads too. Cant hire anyone these days, kids tend to overestimate their worth and they straight up lie on interviews. This field needs a fucking purge.

>No effort to understand

But being a hacker is all about understanding. I thought everyone thought that. Even movies portrait Hackers as weird geniuses who somehow understand computers at a deeper level than normies.

>a sysadmin would clearly discover the unauthorized device on the network
There are several techniques to avoid that, I recommend the following book: "
Advanced Penetration Testing: Hacking the World's Most Secure Networks 1st Edition". Its informative and also a fun read.

not him but Im working on a forensic project right now, the company got absolutely fucking rekt, like catastrophically. The atackers managed to rekt more than 4000 servers and a bunch of workstations too and they deployed a crypto virus(lockergoga, not that it really matters). The company had monitoring set up and the system detected the intrusions but the actual monitoring was done by IBM and they have a 2 weak response time. not a misstype, TWO FUCKING WEEKS, these IBM niggers will take your money and run with it. Without a trained, well-prepared CSIRT team monitoring is fucking useless. Av is useless too if the attackers knows their stuff, its only good against mass scans and automated attacks(and skids).

A datacenter would obviously use RADIUS to authorize access to the SSID, so I doubt it would be so simple. In any case, the termostat in the toilet isn't fucking connected to the cooling system in the server hall so it's just ridiculous.

Yeah thats true but its not impossible, many BCS systems are vulnerable(they can be really fucking old) and actually connected to various networks. Its a fucking show, not a documentary and its fairly accurate compared to other representations of the infosec field in the media. Im grateful to the writers that they actually did their research. I also think that you are being a huge nitpicking autist. I dont even like the so that much but I give credit where credit is due.

>Its a fucking show, not a documentary
I totally agree, the reason I fell of in the second season was the ridiculously complicated story line and totally unbelievable characters. But my initial point was that the tech babble, while infinitely better than the shit on CSI or NCIS, is still not very accurate.

t. currently in college for game design after a wish and a whim

i know people that have programmed on some of the world's most popular games, and these people are far from rich. the pay is ok, but the hours are mental, and then there's the final release.. so much drama. I've seen these people get death threats for not having a certain feature or a bug that might appear. people ringing up their office and making crazy threats, as well as online, so, more security is hired to watch over the facilities. these devs' bosses take threats incredibly seriously, to the point where it's supposedly kinda scary. the company could only guarantee their employees security on the premises and car park, after that they were on their own. this is a multi-billion dollar company btw. and this is the best they could do for their top-tier programmers and staff.

average pay+awful hours+abuse from customers+increased security presence = maximum stress for all. and people wonder why working for the video game industry sucks balls? i know exactly why it sucks.

Considering you can find prison doors exposed on /0 I'd say that specific scenario is very plausible...

Agree about the Pi though.

Of course you were, it's all Hollywood shit.

Yes there is. You need raw unfiltered weapons grade autism to implement a proper exploit even after shifting through it all to find a possible vuln. You absolutely do not want billybob normalfag doing that job give it to angus autist weirdo who does just that and only that. Exploit hunting is the most autistic activity ever devised.

Half true. There really are no hard and fast rules. Maybe to sustain success.

Like anything else. You can be totally clueless and still be able to social engineer gain access, or sometimes just dumbly stumble onto something that your target completely overlooked.

>maximum stress for all
There was a guy who slept on the studio for months to complete Silent Hill on time. Afterwards the dude was so burnt out, he decided to quit his career and he became a farmer.

Attached: 1558714256139.png (417x384, 294K)

>Sure is summer
do you live in florida? cuz to me it seems that summer is all year long

if you use i9 instead of xeons it could happen

>there is no need for childish gatekeeping
oh, there absolutely is. if we didn't, kiddos would start doing stupid shit without much knowledge of anything causing harm to others.
loosely related but if you want to get into this check out hacker highschool so you get an insight on what's up.

Nah, you guys are right, things would get messy if anyone were just told how to hack at an advanced level without properly understanding it all

Absolutely. I work in infosec and the amount of people who have never actually written a line of damn code in their life is astounding.

These are the people giving advice and consulting for others. It's sad.

this is true. just look at the two most well-known exploit hunters in recent years: weev (now a nazi rape victim) and asshurtmacfags (now a dead shemale). they were both great at that one thing, and their autism was/is way off the charts.

Real Info Sec end up usually EE or low level programmers works as security team and math guys using math models to check software

Fake Info sec begin a lot only high schoolers or dropout bullshit about magical hacker powers and looking like Hollywood stereotype.

Makes me kinda feel good about myself. I make games but I rarely play them. I just enjoy the design and working on projects.

>watch Mr.robot first couple of episodes
Ohh, this is neat. This actually use real terminology and suchness
>as the show goes on
Oh, I guess this is just fight club with slightly more accurate computer jargon but equally as absurd

I have a teenage autistic cousin (actual autism) who's pretty intelligent, but falls into this fantasy mindset of being some cowboy internet hacker who hacks for good reasons.

I've explained to him the futility, impracticality, legality, etc. He still talks about wanting to be a hacker and asks me questions leading towards "how do i learn to hack X".

autists in this thread who were once like that, what finally convinced you to stop dreaming, besides maturity?

give him some actual resources, even if it's just things like chaos communication congress youtube videos (youtube.com/user/mediacccde)
while they probably know dick now, everyone starts off like that, give them resources and see where they go with it
encouraging them to give up cos it's hard is retarded

not hacker but i did install linux to get internet from my neighbor after he had wep key years and years ago. his key was his phone number so i called it a few times. i realized i couldve probably figured more out but really hacking is the mother of necessity imho if there's a will there's a way just has to know his aim.

i'm not telling him "no don't do that" whenever i talk to him, i'm just trying to steer him away from the fantasy element of being an untouchable hackerman.

that's what I have to figure out is a realistic aim for him. he likes nes/snes games, so I gave him resources on romhacking. but inevitably he'll say "that's cool but how do I hack servers?"

>"that's cool but how do I hack servers?"
>"well first you'll need to understand what a server is, what they're used for, what software they use, how that software is configured. then you'll need to learn about computer networks...."