Ask HN: Where did you learn about security/attacks?

4 points by odvious ↗ HN
I have noticed quite a few HN users are well versed in security and various attacks (recently mentioned is the "cleaning lady" attack by cperciva (http://news.ycombinator.com/item?id=895411)). I consider myself well versed in basic web attacks (SQL injection, CSRF, etc.), but I would love to learn more about the algorithms themselves and I'm wondering where you guys/gals learned about encryption algorithms in general and the various attacks on them. Same thing with the general security issues (like the one discovered by dfranke on hacking arc).

Are there any resources you could recommend to those (like me) who want to learn more?

5 comments

[ 223 ms ] story [ 1114 ms ] thread
Ross Anderson's Security Engineering is an excellent introductory book. Highly readable, and broad but not very deep. The first edition is free online (and is still a perfectly resource; the second edition has a few added chapters):

http://www.cl.cam.ac.uk/~rja14/book.html

Pentesting/security analysis has been my hobby in high school/early college and I ended up getting BS and MS degrees in CS, with concentration in security. It's also my day job.

It's unclear what exactly you want to concentrate on. Do you want to learn about encryption algorithm details and want to understand the design decisions behind them or do you just want to effectively use them? Do you want to learn about proper architecture and general principles?

edit: feel free to contact me if you have any specific questions, I'll try my best to weigh in on specific issues.

Certainly more the former, but I think that the latter will come as a natural result. I would love to learn both the algorithm details/design as you mentioned and at the same time, some of the attacks available on them (my assumption here is of course that there are a set number of attacks that people would try on a new algorithm; it's entirely possible that is not the case :) ).
Well, I don't know if it's that clear. Knowing the math behind differential analysis or the reasons behind the values of AES s-boxes won't make you any better at assessing the standing of a web service or a daemon.

If it's not too technical, try finding some articles in phrack(.org) magazine. They usually outline the details of attacks and will let you see what vulnerabilities attackers take advantage of. If you want to stay technical, I'd look for exploits online and try to understand how they work. If you start at the defensive end, it might not be exactly clear why some counter-measures are in place and might be more dry than playing with something you can actually break.

Get a very old Linux install, disable ASLR, PaX, W^R and anything that might stand in your way and create write your first buffer overflow attack. Then try a a heap exploit. Then move on to more interesting things. Try to follow security conferences and the papers presented there. Attend security-related meet ups in your area. Idle in irc channels, etc.