Name:
Fer Martin Age:
27 Location:
Singapore Company:Fusion Sytems
Search Blog
Suscribe by email!
Twitter Updates
@guykawasaki Ahh, the previews look much cooler b&w :) I think the popurl concession on "tech" was too much of a price for a start! ganbate! »on 2008/02/20
@Gellar Wow, eslpod.com looks very interesting! I love the accent of Olivia (dailybuzz.mobuzz.tv/) as much as i hate Iria's (dosisdiaria.~)! »on 2008/02/20
@guykawasaki Celebrities is pink on white..is that cheap marketing 4 followers? c'mon! :) btw, black on white is better for a preview ;-) »on 2008/02/20
I tried to edit an article in wikipedia today (Publish/Subscribe Paradigm), and found that my IP at home was blocked by Wikipedia because of some not-respectable behavior by one of my neighbors… apparently I live with vandals around!
Editing from xxx.xxx.xxx.xxx (your account, IP address, or IP address range) has been disabled by Dreadstar for the following reason(s):
Vandalism:Continued and repeated vandalism after being previously blocked
Your IP address is xxx.xxx.xxx.xxx, and the block has been set to expire: 04:04, 12 April 2008.
On the other hand, this is a good proof of the enormous effort by Wikipedia editors to maintain a good quality of User-generated-content (UGC). Clap! Clap!
I realized how little software engineers know about computer security. It is a fact that many engineers graduate from a 5-year course, without ever hearing terms such as buffer overflow, sql injection, MITM, Cross site scripting (XSS) and many other security exploits. And this is just a grasp of the whole area of security.
Picture of a typical Computer Security expert Harry Potter learns about Security in his School, but we don’t!
Engineers don’t (usually) know (enough) about Security
The general computer scientist usually don’t know much about general security concepts. And even when they have heard the term, they have a tough time trying to articulate a correct definition. Therefore, lets not assume that they will be able to hold onto proper design best practices when they sit down to code. This directly leads crackers to try to profit from Security Holes.
Usually, they don’t even know how to choose an antivirus (pdf), how to encrypt emails or check SSL certificates. I’m sure most of them, if they sit down and study it, they will understand everything and learn fast, but somehow I find most of my colleagues to have orthogonal love/hate approach to security.
Security Experts and Microeconomics Laws
This has a very logical consequence that we can extract from the principles of microeconomics. The laws of supply and demand have proven right in this case, because the increasing demand in “security professionals” and the limited supply of those, shifted the curves to a high equilibrium point. In other words, companies urged to hire security professionals and because there is not a high competition, they can charge ridiculous salaries for their services.
But we should be aware that this is our fault, and not theirs. If Universities and education centers would have reacted faster to this flashing alarm in the job market, probably we would be less vulnerable when we use a credit card on the internet or when someone decides to store our personal data in their servers.
Interesting Videos to Learn More
Here you have a couple of interesting videos to put you back on track.
