Do you have the brains for cybersecurity? (opens in new tab)

(bbc.co.uk)

77 pointspelf10y ago20 comments

20 comments

What area of 'cybersecurity' would I be finding myself breaking substitution ciphers based on wingdings in?

I work in the information security industry, and I feel like I'm missing something but I really have to ask what these are relevant to.

Cryptography, which this appears to be a reduced form of is mostly tangential and very nuanced relative to the ciphers in this challenge. I often feel my line of work is grossly misrepresented by dizzying fields of esoteric numbers and references to ancient cryptography when I'm happy to find myself many of my days engrossed in the security characteristics of some powerful technology used right now in the real world.

I moved from engineering to security, but if this was my only interaction with security, I'm not sure I'd have been interested.

Edit: if you're interested in real crypto challenges, try http://cryptopals.com/ and read Cryptography Engineering, which is a wonderful read that goes over not only the cryptography but also the principles common across the many specialisations of the infosec industry

mortehu10y ago

This looks like it could have been inspired by the Cipher Challenge[1] from The Code Book[2], which starts with monoalphabetic substitution problems.

1. http://simonsingh.net/cryptography/cipher-challenge/the-ciph...

2. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/...

ultramancool10y ago

If anyone is looking for a seriously great introduction to cryptography check out the Art of the Problem series on YouTube, don't have a link right now because mobile but it is probably the best easily accessible explanation of real world cryptography I've ever seen.

EDIT: https://m.youtube.com/playlist?list=PLB4D701646DAF0817

besselheim10y ago

It's more a rough aptitude test for creative problem-solving and persistence than anything else. Of course you need the strong technical background as well. But enjoying these sort of puzzles can be an indicator of sorts. I also work in cybersecurity, and most of my colleagues and I get a kick out of these sort of challenges.

massemphasis10y ago

I think this is geared for kids, and not really adults.

TheOtherHobbes10y ago

It's a recruiting exercise for various companies.

Apparently it's a serious recruiting exercise for various companies - which is frankly terrifying for anyone who knows anything about infosec but isn't a cybercriminal, terrorist, or foreign hostile.

0x4a4210y ago

Yes, as the title says it's "cybersecurity", not infosec. :)

Moppers10y ago

Must be pretty smart kids. One of the last puzzles is very hard.

luch10y ago

> I often feel my line of work is grossly misrepresented by dizzying fields of esoteric numbers and references to ancient cryptography when I'm happy to find myself many of my days engrossed in the security characteristics of some powerful technology used right now in the real world.

Have you never worked a custom written crypto algo in your line of work ? For example, countries' army are the bane of sysadmins since they implement about every standard of networking since computer exists.

Working in infosec, you hardly have to crack an akbash cipher, but I'm pretty sure you'd had to understand a closed source algorithm.

AdmiralAsshat10y ago

I wasn't aware I had to explain how the crypto works in order to advise my clients that they should be disabling outdated SSL versions on their servers and returing RC4 ciphers.

Evidently I don't have the brains for cybersecurity. My clients should be just fine with their telnet-enabled/remote-root-accessible servers until someone who can descramble Wingdings riddles can save them.

patcheudor10y ago

I have mixed feelings about this. While being a good puzzle solver is important, to be really good you need a certain level of creativity in thinking which goes beyond just the ability to solve puzzles. Thinking like a criminal as an example is a necessity in a number of cyber-security fields and can trump the ability to solve puzzles. I see a lot of vulnerabilities get marginalized because people simply can't correlate how it could be used by a criminal to make money. Likely for a reason, it's the ability to think like a criminal which is largely missing & where people do have that ability many times they are treated by their cyber security peers as a bit suspect.

zubspace10y ago

If you enjoy this, maybe you will like the challenges of Hacking-Lab (https://www.hacking-lab.com).

Right now there's a Hacky Easter competition running which you can participate in for free: http://hackyeaster.hacking-lab.com/hackyeaster/challenges.ht...

1 more reply

AndyMcConachie10y ago

This is probably a recruitment operation. Not that there's anything wrong with that, but I think that's what this is.

ecma10y ago

"They range in difficulty from simple to knotty and fiendish. We will let you know the answers next week."

It's not a recruitment operation. They're just some fun puzzles which are accessible to laypeople. It shows the fundamentals of cryptanalysis in a way that a casual reader can understand and even have a crack at solving.

Someone mentioned in another comment that Simon Singh's "The Code Book" starts in a similar way and they're dead on. You don't introduce someone to a subject by posing problems based on constructs they don't yet have the tools or context understand. The history of the field informs its current state - cryptography and cryptanalysis have a very rich and fascinating history.

Animats10y ago

That's not "cybersecurity", that's paper and pencil cryptanalysis. Completely different skill.

Here's NSA's internal course list.[1] Not much about puzzles.

[1] https://cryptome.org/0001/ncs-courses.htm

merpnderp10y ago

This might be the optimal place to start (Khan academy's excellent intro): https://www.khanacademy.org/computing/computer-science/crypt...

terminado10y ago

No[1], because "cybersecurity" is an open-ended non-static target, with human adversaries in the loop, who will adapt to circumstantial changes dynamically.

  [1] https://en.wikipedia.org/wiki/Betteridge's_law_of_headlines

Moppers10y ago

I can't do one of these. It's the middle one of the last part. The diagram with the pentagon.

mtgx10y ago

What's the point if they're just going to ask for backdoors in those systems later?

balabaster10y ago

I guess if you can crack these, then you're more competent than the current guard you'll be asked to replace and won't be asked to compel companies to write code without pay to breach their own security systems... so perhaps you'd be doing the world a favour by becoming an underpaid cyber security expert working for peanuts at one of the world's premier intelligence gathering agencies without needing to ask for sweeping surveillance rights that are a gross breach of everyone's right to privacy - which there are laws set in place to protect, unless you're the Government, in which case, the law doesn't apply to you. ;)

j / k navigate · click thread line to collapse

20 comments

tshadwell10y ago

What area of 'cybersecurity' would I be finding myself breaking substitution ciphers based on wingdings in?

I work in the information security industry, and I feel like I'm missing something but I really have to ask what these are relevant to.

I moved from engineering to security, but if this was my only interaction with security, I'm not sure I'd have been interested.

mortehu10y ago

This looks like it could have been inspired by the Cipher Challenge[1] from The Code Book[2], which starts with monoalphabetic substitution problems.

1. http://simonsingh.net/cryptography/cipher-challenge/the-ciph...

2. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/...

ultramancool10y ago

EDIT: https://m.youtube.com/playlist?list=PLB4D701646DAF0817

besselheim10y ago

massemphasis10y ago

I think this is geared for kids, and not really adults.

TheOtherHobbes10y ago

It's a recruiting exercise for various companies.

0x4a4210y ago

Yes, as the title says it's "cybersecurity", not infosec. :)

Moppers10y ago

Must be pretty smart kids. One of the last puzzles is very hard.

luch10y ago

Working in infosec, you hardly have to crack an akbash cipher, but I'm pretty sure you'd had to understand a closed source algorithm.

AdmiralAsshat10y ago

I wasn't aware I had to explain how the crypto works in order to advise my clients that they should be disabling outdated SSL versions on their servers and returing RC4 ciphers.

patcheudor10y ago

zubspace10y ago

If you enjoy this, maybe you will like the challenges of Hacking-Lab (https://www.hacking-lab.com).

Right now there's a Hacky Easter competition running which you can participate in for free: http://hackyeaster.hacking-lab.com/hackyeaster/challenges.ht...

1 more reply

AndyMcConachie10y ago

This is probably a recruitment operation. Not that there's anything wrong with that, but I think that's what this is.

ecma10y ago

"They range in difficulty from simple to knotty and fiendish. We will let you know the answers next week."

Animats10y ago

That's not "cybersecurity", that's paper and pencil cryptanalysis. Completely different skill.

Here's NSA's internal course list.[1] Not much about puzzles.

[1] https://cryptome.org/0001/ncs-courses.htm

merpnderp10y ago

This might be the optimal place to start (Khan academy's excellent intro): https://www.khanacademy.org/computing/computer-science/crypt...

terminado10y ago

No[1], because "cybersecurity" is an open-ended non-static target, with human adversaries in the loop, who will adapt to circumstantial changes dynamically.

  [1] https://en.wikipedia.org/wiki/Betteridge's_law_of_headlines

Moppers10y ago

I can't do one of these. It's the middle one of the last part. The diagram with the pentagon.

mtgx10y ago

What's the point if they're just going to ask for backdoors in those systems later?

balabaster10y ago

j / k navigate · click thread line to collapse