In reply to SVreX:
In reply to SVreX:
In reply to GameboyRMH:
You are an IT guy, right?
Seems like a great business opportunity for you. Start your own security firm to address automotive and aircraft onboard computer security.
alfadriver wrote: In reply to GameboyRMH: You are an IT guy, right? Seems like a great business opportunity for you. Start your own security firm to address automotive and aircraft onboard computer security.
Haha I wish, that's a very tough job to get into, it's a cross between being a scientist and a gangsta rapper - you need to be doing good research and publishing all the time, and at the same time you need to have street cred, where it helps if you've been to jail.
Besides, someone well-connected already does that here, so the demand is filled.
alfadriver wrote: In reply to GameboyRMH: You are an IT guy, right? Seems like a great business opportunity for you. Start your own security firm to address automotive and aircraft onboard computer security.
I have a friend that works with banks assisting with security and while its a great niche market, its still very much an on-demand job. Meaning they only bring him in when something goes wrong, not because they want to be proactive about it.
The Auto and Air industries are likely to be just as bad, if not worse (look at Toyota's debacle with the gas pedal for an example).
A software engineer (and former Formula Ford racer) buddy of mine summed the issues up like this:
Wireless is required as the passengers are clamoring for web access. Of course, the avionics people don't have a clue regarding - well, pretty much anything. They barely understand that the 19 in front of the year is somehow different lately. They might have to form a committee to look into the issue. If the FAA tells them to.
Remember back when we were trying to get some type of telemetry on race cars? It was a freaking disaster. My analysis then was this: The cars guys don't understanding racing, the racing guys don't understand electronics, the electronics guys don't understand anything about cars, much less racing. So it is all E36 M3.
Now, same story, different actors - except the electronics team is still clueless about the world that this stuff has to work in.
Now I don't completely agree with everything he said, but I understand where he's coming from as people can very easily fall into knowledge or skill silo's in their chosen industries and fail to learn or forget quite a lot about things outside of their realm of responsibility. This combined with ever tightening budgets and shortened timelines and a lack of other available resources, you can very easily end up way too far down a path to turn around and change direction.
GameboyRMH wrote:alfadriver wrote: In reply to GameboyRMH: You are an IT guy, right? Seems like a great business opportunity for you. Start your own security firm to address automotive and aircraft onboard computer security.Haha I wish, that's a very tough job to get into, it's a cross between being a scientist and a gangsta rapper - you need to be doing good research and publishing all the time, and at the same time you need to have street cred, where it helps if you've been to jail. Besides, someone well-connected already does that here, so the demand is filled.
Huh? I don't get that- why do you need gagsta cred to be a person who can understand, analyze and fix security issues with cars? There's an unstopable movement to cars communicating with each other and the road systems- all to make vehicle movement more continious. With that comes required security.
That requires knowledge. And that's about it.
I don't see some gagsta rapper selling us any secirity systems for our cars. I see professional scientists/engineers that can demonstrate the issue and fix it.
In reply to turboswede:
There are a lot of instances where I can see that people don't undertand how something is actually used. That's pretty obvious.
People on THIS board do understand that. There are car people who are into electronics and electroics people who are into cars. Most of the infustructure and vehicle to vehicle shared info seems to be pretty well out there. So there ARE TONS of opportunities.
The aero industry I have less info about- so don't know about it.
This is a problem, a big one, which means it's also an opportunity- a big one.
alfadriver wrote:GameboyRMH wrote:Huh? I don't get that- why do you need gagsta cred to be a person who can understand, analyze and fix security issues with cars? There's an unstopable movement to cars communicating with each other and the road systems- all to make vehicle movement more continious. With that comes required security. That requires knowledge. And that's about it. I don't see some gagsta rapper selling us any secirity systems for our cars. I see professional scientists/engineers that can demonstrate the issue and fix it.alfadriver wrote: In reply to GameboyRMH: You are an IT guy, right? Seems like a great business opportunity for you. Start your own security firm to address automotive and aircraft onboard computer security.Haha I wish, that's a very tough job to get into, it's a cross between being a scientist and a gangsta rapper - you need to be doing good research and publishing all the time, and at the same time you need to have street cred, where it helps if you've been to jail. Besides, someone well-connected already does that here, so the demand is filled.
I think the point that gameboy is making is that unless you've actually done a crime that involves circumventing existing security measures, the system vulnerability will be considered "theoretical" by the corporation marketing it.
In reply to alfadriver:
My SIL is a developer, and quite insightful.
He says developer's biggest problem is that they generally suck at being users.
They can design just about anything, but are terrible at understanding how most people use their products.
I agree. Big opportunity.
In reply to 1988RedT2:
And I don't see that as a requirement. One does not need to be a crimianl to show a problem. Smart people here agree that this is a serious problem. To me, that means there's an equal serious solution. Therefore, smart people here can start a company and make a lot of money fixing said problem.
Or, perahaps I'm getting tired of all the ranting and raving from people who pretend that they know what the problem is and how serious it is. If they actually know that, then they have the ability to do something and make a lot of money doing it.
Or- stop whining, start fixing.
I DO think it's serious, and I also know that the auto industry IS going to go down this path. I KNOW that there are opportunitues to work a good and proper fix. So come help. We need it.
1988RedT2 wrote: I think the point that gameboy is making is that unless you've actually done a crime that involves circumventing existing security measures, the system vulnerability will be considered "theoretical" by the corporation marketing it.
No that's not my point, my point is that you need street cred to make a name for yourself in the security research scene. Having gone to jail helps but isn't necessary.
Edit: It may not make sense - it hardly does to me - but this is a profession where fame is half the battle.
"The computer industry is the only industry that is more fashion-driven than women's fashion." - Larry Ellison
A lot of the big names in IT security started out hacking stuff they should not have and ended up talking to people in dark suits.
I have zero IT cred but my cousin is deep into this industry and as others have said: for some completely foolish reason the boss types think IT security employee means bad guy turned good. Too many movies I suppose where the former security threat to global security of nuclear weapons or whatever becomes the savior once "accepted" by the boss types and given power to do good with their skills.
Still a stereotype in media today, Skye on Agents of Shield got people killed but somehow her internet skill gives her a pass to stay on the team instead of being put to death for treason.
My wife is a recruiter for an applications security company. Finding engineers in that field is kinda difficult and they are expensive.
Anyone looking for work in that field? She really could use some leads.
Part of what I do is already in that field, I'll have to let HR know it's supposed to be expensive 
SVreX wrote: The vulnerability is not the machines. It is our own corporate attitude about technology. We want stuff and convenience more than we care about security.
tr00f. Edward Snowden released all that NSA crap then took off; I saw the interview that Jon Oliver had with him and it became quite clear that where Snowden went wrong was: the real problem is that everybody demands ease of use not realizing that brings with it the larger chance of their information winding up all over the place. The whole Snapchat dirty pictures thing proved the victory of convenience over security.
Giant Purple Snorklewacker wrote: Have we learned nothing from the Cylon invasion?
All of this has happened before, and all of it will happen again.
Will wrote:Giant Purple Snorklewacker wrote: Have we learned nothing from the Cylon invasion?All of this has happened before, and all of it will happen again.
So say we all.
I think some of the issues we have with IT security are a result of the engineering successes. After several thousand years of work, humans can build bridges, roads, buildings, canals and ships that are pretty safe and convenient. what's forgotten is a lot of people were hurt and killed as technology developed.
Over the last 100 to 125 year ago, people took what was learned from the advances listed above and started building cars and automobiles. Those are pretty safe and convenient as well. What's forgotten is a lot of people were hurt or killed as the technology developed.
I suspect the general public doesn't understand how comparatively young the IT industry is and the implications of that. Software engineering as a field of study is what 60 years old? Since, at least in the US, there is not much emphasis place on learning history, people are going to get hurt and killed as this technology develops too.
Apexcarver wrote: My wife is a recruiter for an applications security company. Finding engineers in that field is kinda difficult and they are expensive. Anyone looking for work in that field? She really could use some leads.
I'd love to, but I doubt they have apprenticeships.
Talk about a click bait title. Or just lack of actual comprehension of the systems involved.
https://www.defcon.org/images/defcon-22/dc-22-presentations/Polstra/DEFCON-22-Phil-Polstra-Cyber-hijacking-Airplanes-Truth-or-Fiction-Updated.pdf
Here is the actual defcon talk, short of having access to the main relay, some very serious hardware, and a tremendous amount of hacking its not really possible on a commercial airliner. Yes you can spoof some of the smaller jets ground collision warning, yes you can make some things possibly show up as possible air collision. On some systems you might e able to see outputs. In a major jet these things are airgapped though.
Short answer it would be 1000 times easier to hijack a plane using traditional means.
Rusted_Busted_Spit wrote: A lot of the big names in IT security started out hacking stuff they should not have and ended up talking to people in dark suits.
Very true. I personally know one, and he has REALLY good stories.
You'll need to log in to post.
