How do you know…?

In my days in industry, I interviewed a lot of people.  It’s hard to find the right person for a job sometimes, so I talked to … well, a lot of people of various skill sets.  I talked to so many different people I had an interview question list of 164 questions.

I didn’t ask any one person all 164 questions, I promise.  When I say I interviewed a wide range of people, I talked to network engineers, software engineers, database admins, system administrators, security engineers, techsupport, and I’m sure I’m forgetting a few positions.  At a startup, these things happen.  You need to hire, which means you need to interview, and someone has to ask the tough questions.

I had questions that ranged from “How does traceroute work?” to “Describe the 3-handed handshake for TCP”, not to mention “What is a normalized database?” and “How do you do variable scoping in Perl?” Technical questions.  I wanted to know if these people who we were potentially hiring knew what they claimed to know.

I had other questions.  A silly question, “If this was an interview for the Justice League, what would be your superpower?”.  Yes, silly.  Deliberately so, I just wanted to find out more about how the person thought and how they handled questions from left field.  Plus I got some fun responses.

I also had one question I really liked to ask, especially to security engineers and system administrators.  “Has your computer ever been hacked?”.  If the answer was yes, I’d ask “How did you find out?”.  If the answer was no, I’d ask “How do you know?”

It’s hard to prove a negative.  I can’t prove my computer has never been hacked.  I can’t prove it isn’t hacked right now.  I can use the tools on hand (like antivirus) and say “Well, it appears it’s never been hacked…”.  But I don’t know. 
I started this post because of this article.  Someone has been hacking MSSQL servers to join botnets for almost two years,  A nice company released detection scripts for this hack and made them available on github which means you can find out if you’ve been hacked… in this way.  If the attackers change their methods then the scripts won’t work and you’re back to asking “Have I been hacked?”.

This is an unsolved problem in Cybersecurity and I think it’s unsolvable.  If you think I’m wrong, write an article for DTRAP.  Tell me why I’m wrong.

Share
May 11, 2020 by DTRAP Blog Research Issues 0

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

About This Blog

A place to publish your thoughts about prevention, identification, mitigation, and elimination of digital threats. We especially encourage practitioners who aren’t used to journal publication to submit your work here–if there’s a good response from the community, we can guide you to publication in the journal as well.