Robby R.O.B.B.

Buffer Over Flow or Not

8 posts in this topic

I was researching exploitation, and am interested in a potential career as a professional exploit developer or bug hunter. However, with all the security mechanisms in memory, I want to know whether this is even worth pursuing, or are vulnerabilities still likely?

0

Share this post


Link to post
Share on other sites

As long as humans write code, there will be vulnerabilities. A safe career choice, if you like doing it.

0

Share this post


Link to post
Share on other sites
10 hours ago, systems_glitch said:

As long as humans write code, there will be vulnerabilities. A safe career choice, if you like doing it.

dunno. since humans have to write the code that would be then writing code, how would they assure there was no bugs in the first one to create even more bugs in later ones? buut.. i am waiting for them to start calling people to arms, you dont have the right to install any programs you want, you cant program for your computer you might be up to good

 

edit: thought i replied earlier but i guess not lol XD. the position will probably be around for a long time but, its also a relatively high demanding position being that, if you want to be legit, like say moxie marlinspike you have to know your shit, you have to research basically forever would be like if you were an accountant and the math was constantly changing, no you dont use a calculator you use a japanese abacus, you cant do multiplication you have to do addition etc etc. the basic core knowledge you have will still be useful but when all the programs, standards, protocols get patched, forked, deprecated new ones get introduced i mean if you specifically target a protocol or something for research and can consistently deliver stuff you might be able to get away with it but most likely youd end up at a job looking at their program(s) doing code auditing or something, or freelance whatever penetration testing where youd have to be up on all the popular program versions, attacks etc

Edited by dinscurge
added text
0

Share this post


Link to post
Share on other sites

For every bug found, there are several that are never found. Windows 7 is said to of had 40 million lines of code. That's a potential for over 40 million vulnerabilities. 

 

 

EDIT: what glitch was getting at (I think). This type of work is really hard work that takes sacrifice: weekends doing research, all nighters a few nights in a row, girl friends getting disinterested and not allowing time you need to keep up with technology etc...   But would be very satisfying as not many achieve the ability to be professional security analysts at that level. 

 

Good luck man!

Edited by tekio
0

Share this post


Link to post
Share on other sites
1 hour ago, tekio said:

EDIT: what glitch was getting at (I think).

 

was that a glitch or a pun?

 

but anyways yea basically, if your an electrician or plumber or some other generic trade in the us, assuming you dont move alot of the code seems to not change very rapidly you kinda just go to school once and after that its just oh this new wire is the trend or doing pex instead of hardline or whatever but talking exponentially more research on finding suppliers or good deals on supplies than what you are supposed to use or to keep up with codes. where with security stuff, they change alot more rapidly so its alot more unpaid research on your own time just to keep your chops up so.. if you enjoy research and learning on its own merits regardless of pay then it could be very rewarding otherwise might want to try to find an angle/specific field where its a bit slower paced

0

Share this post


Link to post
Share on other sites

No, when he mentioned "if you like doing it".  That is something a person would need to like doing. Basically a career as a Computer Scientist. I.T. is much easier than Computer Science. 

0

Share this post


Link to post
Share on other sites
1 hour ago, tekio said:

No, when he mentioned "if you like doing it".  That is something a person would need to like doing. Basically a career as a Computer Scientist. I.T. is much easier than Computer Science. 

 

ooh right you are

0

Share this post


Link to post
Share on other sites

Yeah, when I go into full hack mode, chasing a bug or a weird problem or something, it becomes its own unpaid full-time job for a while. I do it because I like it, not because it makes me money. I don't like it enough to try to monetize it, that's why I'm still a programmer/hardware design guy for a day-job :)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now