|
 Hello challenge fans. Sorry for the long delay, but better late than never, right? Actually this one caused a little debate, because we did not have anyone that gave a completely accurate answer on either the technical or creative sides. But in considering that these challenges are not just contests but also great ways to learn, we decided to release the answers without any winners. So although there are no signed copies of Ed Skoudis' book, Counter Hack Reloaded, a couple of you still get your name in lights as we mention some of your good thoughts. We'll just have to keep in mind the immortal words of Mike McDermott in Rounders when replying to one of the participants in the judges poker game that Professor Petrovsky is not paying him. Mike kindly replies, "Oh, well, knowledge is my reward, sir." So without further delay, here's Mr. Shewmaker with the answers to SSHliders.
|
|
Read more...
|
|
|
 As a courtesy to our members, we try to keep you informed of some of the more interesting items that have been published in our online magazine by sending out an electronic newsletter by email. But not everyone interested in our content is a member. For that reason, we have decided to also publish the newsletter in article format for all to see. Each EH-Net newsletter features the major articles of the past month such as our Free Monthly Giveaways, reviews of books, courses and products as well as other newsworthy items. The newsletters also includes updates on our Hacking Challenges in "Skillz Scoop," some links to interesting or eye-catching discussions including job postings in "Hot on the Forum," and a listing of security related conferences happening in the near future from the EH-Net Global Calendar in "Upcoming Events." We also try to keep you up-to-date as to what is coming down the pike in "Stay Tuned." We have made changed and additions based on reader feedback, so keep them coming. Some suggestions include sections for "Tool of the Month" and a "Member Spotlight." Let us know what you think of these and any other ideas you might have.
|
|
Read more...
|
|
We Have a Winner!!
 EH-Net member, oneeyedcarmen, will attend Black Hat DC on us. The Washington, DC version of the world's premier technical event for security experts is being held January 31 - February 3, 2010. One Passport Admission Ticket worth $1995 allows our winner entry into the 2-Day Briefings portion of the event. The event is described as, "Understanding the increasingly complex threats posed to an enterprise can be a daunting task for today’s security professional. Knowing how to secure an enterprise against those threats can be overwhelming. Black Hat is the premier information security event for senior-level professionals to learn the latest insights from security researchers on defending an enterprise against tomorrow’s challenges. Black Hat events are comprised of multi-day training sessions provided by some of the most respected security experts in the world; as well as of a number of short, topical briefings presentations which highlight the latest research in security." Congrats!! Don't forget to check out Black Hat Europe April 12 - 15 in Barcelona, Spain.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
|
 Review by Jason Haddix
Today we showcase a new web application scanner called Netsparker, and believe us when we say that we put this app through the ringer.
There's a big distinction between testing a tool against dummy apps in a lab and using it first hand against a large environment. Luckily for us we got to do both.
Over the course of a month we ran several engagements and specifically watched Netsparker’s performance compared to other tools we normally use in the assessment process (w3af, Grendel Scan, Nikto, Wikto, Websecurify, Paros, Burp, etc). We have to say, we are very impressed. Netsparker not only caught vulnerabilities that other scanners missed but also had excellent remediation and a documentation section for most of its findings.
For injection it does a full-scale attack, testing every parameter it can spider (which it also does very well), and, although this lengthens the testing time, it also awarded us with some valuable injection findings. Netsparker is developed by Mavituna Security, and more specifically our guest, Ferruh Mavituna.
|
|
Read more...
|
|
|
Review by Joel Dubin, CISSP
The Payment Card Industry Data Security Standard (PCI DSS) has taken it on the chin recently. With several high profile breaches of credit card numbers, some critics of the industry standard have said it either isn’t strong enough, or should be abolished altogether. But as Dr. Anton Chuvakin and Branden Williams correctly point out in the second edition of their book, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, PCI is here to stay.
This is no ordinary field manual to the PCI standard. It isn’t a book, for example, that a PCI auditor, called a Qualified Security Assessor (QSA), would have open on their lap as a reference while working with a client. Instead it carefully weaves together PCI, which is considered compliance, with IT security. In fact, it also discusses PCI in the universe of other regulatory compliance standards, like SOX and HIPAA, which also give IT managers plenty of headaches.
|
The book correctly notes that compliance isn’t the same as security, a common misconception of PCI critics, but that it is part of a sound IT security program covering both bases, compliance and security, and not narrowly focused on PCI, but other standards, as well. That’s good news for IT managers suffering from compliance fatigue and looking for a single path to handle not just security but all the other regulations they face. PCI might not be a cure-all, but the IT security it requires can go a long way toward that single path.
|
|
|
|
Read more...
|
|
|
 Review by Justin Kallhoff, CISSP, C|EH, GPCI, GCIH et al
SANS Security 550 - Information Reconnaissance: Competitive Intelligence and Online Privacy
A pessimistic view of the Internet: A network that enables every human to be within a few milliseconds from every psychopath and criminal on earth.
Bryce Galbraith of Layered Security, a SANS certified instructor, has authored a new one-day course titled “Information Reconnaissance: Competitive Intelligence and Online Privacy.” The course is designed to educate IT professionals on the risks associated with information disclosure. It also teaches the students tools, tips, and techniques that assist in discovering information.
The amount of our personal information that exists on the web today is staggering; our governments, corporations, phonebooks, colleges, Facebook, MySpace, and Twitter, are all guilty. According to Google, it is estimated the Internet grows a billion pages per day.
|
|
Read more...
|
|
|
 By Dr. Anton Chuvakin - http://www.chuvakin.org/
Lately, a lot of security industry discussions have been focused on PCI DSS (Payment Card Industry Data Security Standard). The conversation ranges from practical advice on “how to get compliant” all the way to branding PCI as a devilish invention (Google for “PCI is the devil”). Fiery debates aside, PCI DSS guidance helped countless organizations to see the light of security where there was none before. It goes without saying that it didn’t magically make them “become secure” – no external document can.
One of the frequent criticisms of PCI focuses on the misguided view that “PCI is all about passing an ‘audit’.” Many people would be surprised to find out that PCI DSS lists specific tasks that you have to be doing all the time – NOT just before the assessment. This article focuses on the exact steps organizations must take to actually stay compliant and not just pass validation via scanning, on-site assessment or self-assessment questionnaire (SAQ).
|
|
Read more...
|
|
|
 Ryan Linn continues his insiders look at Offensive Security's online training in Part 4 of this continuing review of 'Pentesting with BackTrack.' As a reminder, PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."
Ryan brings it all together for you next month with a complete review of the course as well as the exam experience. Stay tuned.
|
|
Read more...
|
|
|
Salutations, challenge fans! Ed Skoudis here, ready to introduce our newest challenge. Jim Shewmaker, SANS Instructor and creator of the Netwars Capture the Flag Competition, has taken the keyboard this time, creating an awesome challenge for you based on the TV show, Sliders. It's got some fun twists and turns, and includes jumps to parallel universes! What's not to like? Have fun unwrapping this mystery. As always, we'll choose three winners: the best technical one, a creative entry that is also technically correct, and a random draw. Even if you don't know all the answers or can only guess, submit an entry with what you do have, and you'll be entered in that random draw. Winners will receive signed copies of my book, Counter Hack Reloaded. All entries are due by November 23, 2009. Have a good time and I'm sure you'll learn cool things along the way with Jim's challenge!
--Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Fellow
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 79 - 91 of 176 |
|
del.icio.us
(4) 
News Items and General Discussion About EH-Net : [Article]-February 2012 Free Giveaway Sponsor - Global Knowledge
