

Ask HN: Where did you learn about security/attacks? - odvious

I have noticed quite a few HN users are well versed in security and various attacks (recently mentioned is the "cleaning lady" attack by cperciva (http://news.ycombinator.com/item?id=895411)). I consider myself well versed in basic web attacks (SQL injection, CSRF, etc.), but I would love to learn more about the algorithms themselves and I'm wondering where you guys/gals learned about encryption algorithms in general and the various attacks on them.  Same thing with the general security issues (like the one discovered by dfranke on hacking arc).<p>Are there any resources you could recommend to those (like me) who want to learn more?
======
mbrubeck
Ross Anderson's _Security Engineering_ is an excellent introductory book.
Highly readable, and broad but not very deep. The first edition is free online
(and is still a perfectly resource; the second edition has a few added
chapters):

<http://www.cl.cam.ac.uk/~rja14/book.html>

------
yan
Pentesting/security analysis has been my hobby in high school/early college
and I ended up getting BS and MS degrees in CS, with concentration in
security. It's also my day job.

It's unclear what exactly you want to concentrate on. Do you want to learn
about encryption algorithm details and want to understand the design decisions
behind them or do you just want to effectively use them? Do you want to learn
about proper architecture and general principles?

edit: feel free to contact me if you have any specific questions, I'll try my
best to weigh in on specific issues.

~~~
odvious
Certainly more the former, but I think that the latter will come as a natural
result. I would love to learn both the algorithm details/design as you
mentioned and at the same time, some of the attacks available on them (my
assumption here is of course that there are a set number of attacks that
people would try on a new algorithm; it's entirely possible that is not the
case :) ).

~~~
yan
Well, I don't know if it's that clear. Knowing the math behind differential
analysis or the reasons behind the values of AES s-boxes won't make you any
better at assessing the standing of a web service or a daemon.

If it's not too technical, try finding some articles in phrack(.org) magazine.
They usually outline the details of attacks and will let you see what
vulnerabilities attackers take advantage of. If you want to stay technical,
I'd look for exploits online and try to understand how they work. If you start
at the defensive end, it might not be exactly clear why some counter-measures
are in place and might be more dry than playing with something you can
actually break.

Get a very old Linux install, disable ASLR, PaX, W^R and anything that might
stand in your way and create write your first buffer overflow attack. Then try
a a heap exploit. Then move on to more interesting things. Try to follow
security conferences and the papers presented there. Attend security-related
meet ups in your area. Idle in irc channels, etc.

------
iterationx
Metasploit is an open-source penetration / auditing framework written in ruby.
I also liked this book: [http://www.amazon.com/Hacking-Art-Exploitation-Jon-
Erickson/...](http://www.amazon.com/Hacking-Art-Exploitation-Jon-
Erickson/dp/1593270070)

