With all the recent headlines about companies losing their customer's
data, I think to myself - why can't I have some fun? Of course I don't want to
do any real damage (I'd rather stay out of jail), and I don't want to be the
center of an FBI manhunt, but why not learn a new skill set pertaining to a
field I eventually want to work in?
Think about the last time you made a purchase online. I almost
guarantee you never had any thoughts of your personal data being compromised.
Your credit card information, address, name, phone number, email, and in some
cases even your birthday is required for a transaction, but do you ever really
question the integrity of a company's security infrastructure? We have become so ignorant to
the fact that some IT guy locked in the basement of a company, who couldn't care less about his job, may be in charge of keeping your personal data, and the data of
millions of other people, safe and secure from outside threats. Even if those
thoughts cross your mind, what’s the worst that can happen? Your credit card
company places a hold on your card and issues you a new one. Any lost money
will be reimbursed. You’ll receive an apology email (how thoughtful).
The data security climate has changed extensively over the past 10
years. It used to be just annoyances: pop-ups, spam, adware, toolbars,
downtime, etc. Today, hackers are looking to make a statement. They release
classified information to the public, steal financial data from databases
containing millions of credit card records, and take websites offline. The goal
is to make a financial gain or to draw attention to a cause hackers deem worthy-- not just to inconvenience you, the lowly user.
This is where I step in. My goal is to learn the most common
exploits to make sure everything I work on in the future is protected from
common web vulnerabilities.
