So, I had my (in)formal postgrad interview with my employer this week where they set out what they expected from me as I start my MSc in Computer Security & Forensics early next year.
The interview went well, I think, but I can’t help but wish I could just do the MSc without my employers involvement (sadly though, I can’t afford the £14,000 or so that it’s going to cost so they kinda have me over a barrel). Being a technical guy who is happier probing our defences with tools like metasploit from the safety of a darkened server room than performing in front of crowds, the thought of having to give a formal lecture to my company fills me with terror. Hell, even the thought of doing lunch with the other postgrads on site makes me queasy. I totally understand why people doing similar MSc’s may want to get together, but my MSc is worlds apart from the life science degrees that they’re all doing. Ugh.
In other news, I ordered a Mk3 Pineapple from Hak5 last week, which I’m looking forward to getting my hands on. The Pineapple is essentially a device put together by Darren Kitchen and the Hak5 team to take advantage of a feature in most wifi devices that allows them to automatically reconnect to open Wifi networks that they’ve previously connected to, based on just the SSID of the network. The Pineapple is running Jasager (apparently German for “Yes man”), and when a wifi device starts up and sends out a probe asking if its wireless network is available, the Pineapple replies saying “Yep, I am that network”. The client then connects to the Pineapple without bothering to check if MAC address, Wifi channel or any other setting matches what was previously used by the real wifi network using that SSID, and that’s when the fun begins – at least, for the guy on the other end of the Pineapple :). I’m hoping to get time to sit down and really look at what this device does, how it all fits together, any additions I think I could make, as well as thinking about how best to defend against such a device from a corporate point of view. I shall post my findings back here later on once I’ve had a chance to play.