|
EH-Net
|
|
February 10, 2012, 06:00:26 AM
|
 Show Posts
|
|
Pages: [1] 2 3 ... 13
|
|
2
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Packet Capture and Traffic Analysis
|
on: July 30, 2007, 01:54:49 PM
|
It just needs a minor update, in that Ethereal is now WireShark. Has been for quite a while. Just run it through Word or something, and do a Find and replace; "Ethereal" for "Wireshark". Piece a cake. Also, I have a little program I use that might come in handy. It's called, "Dude", ["The Dude"], and it DRAWS a neat little network diagram for you, if you ever get as lazy as me. http://www.MikroTik.com/dude(Capitalization in the URL really means nothing, all URLS are lower case as far as a DNS server goes; but that's how THEY spell it, go figure....  ) Manual for the Dude is at: http://wiki.mikrotik.com/wiki/Dude_usage_notes |
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: CEH Recertification (valid for 2 years)
|
on: July 25, 2007, 11:33:52 AM
|
Even if I WANTED to recertify, there is no place near me to do the exam. The place where I originally passed the exam, does not offer the exam. The school where I did my class has NEVER even offered the exam. If I want to recertify, I'm looking at LEAST a 2 hour drive. And I don't pass exams on the first time. Then again how different is the new exam from the one that I did back in Dec. 04??? Maybe they could just do an exam with the new questions covering the "new" material we need to know, and they could also (maybe) drop the price of the exam a little?  Yeah, Right. |
|
|
|
|
4
|
Resources / News from the Outside World / DRM Cracked!
|
on: July 24, 2007, 09:05:40 AM
|
Just got the following in my email inbox yesterday from XPNews.com..... Windows Media DRM: Cracked! Many folks have said that they refuse to upgrade to Vista because of its Digital Rights Management (DRM) technology that supposedly makes it impossible to play "ripped" music. DRM is a controversial subject; it's not just content thieves who hate it. Many people who legitimately buy music and other protected content are outraged when they find they're unable to play that content when and where they want after they've paid for it. The biggest problem with DRM is that it takes a "guilty until proven innocent" approach to copyright protection. And that angers those customers or potential customers who have no intention of stealing, but just want to be able to fully use and enjoy what they've bought. Last week, a new version of a popular DRM cracking tool was released that, according to reports, removes DRM protection from files without any degradation in the quality. This works on both XP and Vista. My friend George Ou wrote about it in his blog post: http://www.wxpnews.com/YX6BTL/070724-Ou-BlogSome folks are hailing this software as the solution to the DRM "problem" - but there's just one minor problem with that: using it is illegal. Under the Digital Millennium Copyright Act (DMCA), which was signed into law in the U.S. by Bill Clinton in 1998, any act to circumvent copy protection is a federal offense. That's true even if you don't commit an actual copyright infringement. Music companies, movie studios and other content providers, along with software vendors, keep trying to create "fool proof" copy protection systems but hackers keep finding ways to crack them. That leads the companies to impose ever more restrictive technology on their customers, and it turns into a vicious cycle. The thieves, who don't care about breaking laws anyway, still manage to access the content. The ones who suffer are the law abiding folks who have to put up with increasing inconvenience and limitations on their legitimately purchased songs, movies or software. I had one reader bring up an interesting theory. He thinks the availability of DRM cracking software could actually lead to more sales for content providers. He notes that after downloading the crack, he's purchased a large number of songs because he no longer has to be afraid that he'll spend the money and then the copyright protection technology will prevent him from playing them. It sounds counter-intuitive, but it actually makes some sense when you think about it. Who wants to throw away money on something that you know from experience may not work? But if you know that you can rip out the DRM that causes the problems, you might indeed be more willing to pay. Just as some people argue that privacy invasions are okay because "if you aren't doing anything wrong, you don't have anything to worry about," those same folks will often tell you that DRM isn't a problem unless you're using stolen content or software. It would be nice if that were true, but 'tain't necessarily so. A case in point: I just spent several days struggling with a sudden problem involving my Nvidia display drivers freezing up on Vista. I'll be writing about it here in more depth if/when I find a solution, but it seems to be the problem described in this forum: http://www.wxpnews.com/YX6BTL/070724-Nvidia-VistaAt one point in the troubleshooting process, I was advised to download and install a certain update from Microsoft. Downloading it required going through the Windows Genuine Advantage verification process. No problem, I thought. My copy of Vista is legit and I've run WGA verification on it many times. This time, though, I got a response that "This copy of Windows did not pass genuine validation. Either an unauthorized change was made to your Windows license or a software program installed on this computer is not currently compatible with Windows." What's up with that? This same copy of Vista has passed with flying colors dozens of times in the past. And there's not a clue as to what change or software program is now causing it to fail. DRM is far from perfect, and its imperfections are alienating a lot of people who might otherwise buy digital music. Some have suggested that it's the overall attitude of the record companies, from imposing DRM hassles on their customers to instituting lawsuits through RIAA, that's really responsible for slumps in sales and that the harder the companies try to exert dictatorial control over their customers, the more of those customers will desert them and turn to illegal downloading or just abandon digital music altogether. In fact, there is some evidence of the latter trend, in recent reports that sales of old vinyl albums and vintage CDs are actually on the rise: http://www.wxpnews.com/YX6BTL/070724-Vintage-Music-SalesWhat do you think? Are content providers and software vendors shooting themselves in the foot by adding more and more layers of copy protection to their products? Have you avoided installing Vista because of fears about the DRM? Would you buy more music if you didn't have to worry about DRM restricting your use of it after you pay for it? Have you ever been denied access to Windows updates due to WGA verification failure even though you know your copy of Windows is legal? Would sales increase if companies just did away with DRM completely? Or are companies just doing what they have to do to protect their rights and keep dishonest people from stealing? Let us know your opinions and experiences at feedback@wxpnews.com. |
|
|
|
|
5
|
Resources / Career Central / Re: Degree or Certs/Experience?
|
on: July 20, 2007, 02:58:33 PM
|
I don't know, I got my BS in MIS from an online college in California. I found round-trip airfare to California, and they reimbursed me for my airfare if I would come out there and visit with them. Good thing I did, too, I found out I was signed up for the wrong major, I was signed up for Computer Science, which translates into programming. I am the world's worst programmer. It wasn't free tuition, but they counted what I already had towards the deg. Cost me about 2 grand, I went and did it in a Sallie Mae loan I'm still paying off. BUT I only had to do 5 online classes (and only 5 tests), AND a 75 pg minimum Final Report. I did my report on the possibility of terrorists using steganographic techniques in a post and pre-9/11 environment. They made me the offer to come back for a Master's degree for $1500 (approx) and a 125 pg. min. Thesis. They also offer Doctorates for a 250 pg. min report. (forget what they called it). Anyway, it only took me 8 months to do all of it. I had to pay $250.00 for the actual degree, it's case, etc., which I didn't like,  But overall, I'm pretty happy with it. Not that's it's done anything for me, of course. I have a friend that has a PhD in Astrophysics, and all he can do is get a job teaching part-time at Kent State Univ. My friend says, "The ONLY degree that matters is 98.6". Go for it, if you want, but if you're lazy like me, Grin and opt for the conveinence factor, look again at online colleges. Maybe your employer would help you with it, as long as you would be staying in the area, and not hopping off to Finland. Also: the laws in Finland are quite different from here in the States, I imagine. Would a degree from a Finnish University have the same ooommmph as a degree from a University here in the states? Something to think about. |
|
|
|
|
6
|
Ethical Hacking Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: CEH Questions
|
on: July 18, 2007, 03:11:57 PM
|
Using a 802.11b wireless nic on your laptop with Netstumbler installed, you would like to scan an 802.11g network? Why is this not possible? Could be that 802.11g is faster than 802.11b? B and G work on different frequencies. 802.11N, when it is finally released, is supposed to be faster than B AND G, and is also supposed to be able to facilitate (wow, big word) long-range Wi-Fi. Hope it helps! |
|
|
|
|
9
|
Features / Book Reviews / Book Review--CEH "Official Certified Ethical Hacker Review Guide"
|
on: July 16, 2007, 01:23:11 PM
|
By Kimberly Graves, ISBN:978-0-7821-4437-6 Sybex Publishing, www.sybex.com On Amazon.com for $19.79, 58 used and new from $15.58 I bought this mainly to review, and for the CD-ROM. I wanted to try and get a little more current from my CEH v.2.5 up to the newer version. Sure enough, it does include a whopping 10 pages on the last module in the current CEH courseware, "Penetration testing". This book kind of disappointed me as soon as I unwrapped it; it's ONLY 238 pages! I'm used to a LOT more pages than that. On the other hand, It would be something neat and lightweight to be reading in the airport while waiting for your airplane. This book seems to cover most all the basics. The accompanying CD-ROM contains a test engine with two different tests, and a flashcard thingy so you can quiz yourself. Sadly, I DON'T see anything in the text about URL De-Obfuscation, just as it wasn't included in the class I attended back in July 04, but there IS a question about it in the test. Refreshingly, the test question asks you de-obfuscate in the opposite direction! The CD contains flashcards that can run on your PC, Pocket PC, or Palm handheld. The basics of how to determine if SQL Injection is possible are covered. The basics of footprinting, and session hacking, are discussed. AS mentioned, this book is a REVIEW for those looking to pass the exam. Lightweight, easy to carry, I would have preferred something thicker. Maybe about 350 pages, I would have some more confidence in it. If you're looking to do the exam, the flashcards and the test engine would come in handy while sitting at the aforementioned airport gate. The back cover says the "book includes over 300 review questions and practice tools". Best of all, as books go, it's fairly cheap! $19.79 new on Amazon, and with Free Shipping. How many other CEH books are there out there for about $20.00???  |
|
|
|
|
11
|
Ethical Hacking Discussions and Related Certifications / Hardware / Probably a stupid question, but....
|
on: July 13, 2007, 07:25:53 PM
|
I really don't know the answer to this. Hey, this how I learn! I don't get into text messaging. I can do it on my cellphone, but I don't do it, I don't really have anyone to TM. I see commercials on TV all the time, and during WWE Smackdown (which I'm watching right now).  Example: These commercials advertise ringtones you can pruchase (among other crap); "text VV44 (or whatever) to 77442" How does this TM addressing scheme work? 77442? Does that translate to an IP address or something? TM works over NNTP, the same as newsgroups? I get ADS from AT&T (It used to be Cingular); I can make free intnl phone calls, blah, blah blah. There is an address this TM came from: 1 111 509 412 IS TEXT messaging different than INSTANT messaging??? Just wondering.........  |
|
|
|
|
12
|
Ethical Hacking Discussions and Related Certifications / Hardware / Re: Not really hacking related, but kind of urgent!
|
on: July 12, 2007, 07:27:53 PM
|
|
The job is over: I was only there today a little over an hour. I think they were getting antsy about having to pay me the $35.00/hr we agreed upon. I told them I could be flexible; That's part of what I offer my "customers" is adjustable pricing. I told them we could do what they thought was fair. I have to send them an invoice.
I didn't see a Foxpro version number, All I saw in a window titlebar was MS Visual FoxPro. Most likely part of Visual Studio, that's fairly recent, no?
I DON"T have Foxpro on my machine; I've never had a need for it. I do have Access somewhere, if I ever want/need to do a db, I would probably use Access.
They had two versions of the DB; the older one, created in 2005, I think, was approx. 1.84GB, or thereabouts. The other DB, which was dated newer than that one, was approx. 487 MB. I;m pretty sure that was the one that was corrupted when the server failed.
I did a System Restore in the server yesterday, restoring the server back to a July 3 checkpoint. Doing this removed the icon for the working copy of the db on the server, and caused much concern. I was talking to the company on the phone this morning before I got there, I told them that the System Restore can be undone. They went ahead and did that before I got there, the DB was restored to working order, BEFORE I got there, ON the server, so I didn't touch the server at all today.
The clients were NOT set up for full access. I went into Safe Mode on each client, right clicked on the CPTOS folder, and set Full Control for each user. Creator/Owner would not maintain Full Control perms, I didn't press the issue. I made sure the Admin and Computer1/Computer2 accounts had full access, rebooted back into normal mode. I'm just not sure about if "rights" on an XP Home box is actually NTFS perms or not. I don't really use XP Home here at home, I use XP Pro.
On my way out the door, I told them, just for fun, they could call up Geek Squad and get an estimate, and I'll do it for half. I apologized to the manager yesterday for taking so long; I was there approx. 4 hrs. I told her that I was coming into the situation after someone else was already in there, and I had to see what was going on. She said she understood. "Damage Control", it's called. I still harped on them that they should not be using XP Home. But the entire network is ONLY 3 boxes.
You may think I'm undercutting myself financially here. Maybe so, but the only way I'm going to make any money in computers is to get in somewhere fulltime. Low prices [supposedly] brings in customers, and Word-of-mouth.
Thanks for all yor help.
|
|
|
|
|
13
|
Ethical Hacking Discussions and Related Certifications / Hardware / Re: Not really hacking related, but kind of urgent!
|
on: July 12, 2007, 11:45:50 AM
|
|
OK, I'm here now in the office.
ALL three machines are XP Home. "Server" is XP Home, the only two clients are both XP Home. Clients are popping ballons that this version of XP is no longer up to date, click here to upgrade.
Manager ran the System Restore Undo this morning before I got here, the VPTOS working edition was restored, that works now. that's on the server, they don't want me to touch that, and I'm not.
I'm waiting to hear from the tech support guy; they put in a call to him, waiting to hear back.
They have Roxio CD burning software installed on the clients. I need to ask the tech guy where the Visual FoxPro database file DATAPT.DBF goes, and if it's the same for both server and clients. Don't see the DATAPT.DBF on the VPTOS on Manager share, but there are DATAPT.DBC, .DCX, .DCT, located in M:\VPTOS (network drive).
"Access Rights": Went into Safe Mode with Networking on clients; NTFS permissions were NOT set for Admin and Users: I clicked on Full Control, so permissions should now be OK.
Network drive is drive M:; on this client computer I'm on now, it shows as "vptos on manager M:"; Also "Documents on Manager Y:" and "Documents on Computer2 Z:".
Server name is Manager; then "Computer1" and "Computer2".
Client CAN run CPTOS, but it can't find the db file. Prompt from CPTOS software that Run1 and Transaction files need to be updated. Then error messages, "Cannot find field Fname, Lname", while CPTOS is booting. Clients apparently conect through \\server\share. I CAN browse to where the DB is stored, but I'm unsure where it's supposed to go. THEY DO HAVE a WORKING, GOOD copy of the DB on a USB drive, thank goodness.
Yes Don, what you have so far IS correct. Pretty bad, huh? Can I pick 'em, or what?
Not really sure backups are needed at this point in time; the only thing they're having problems with is the PTOS software. If I upgrade them to XP Pro, I'll do backups then. I've been pestering them to find the install disk for PTOS; they THINK they have it somewhere, but the version they using now (3.5) is a later one than the install disk, they must have updated it from the website.
I don't know if tech support knows they're runnning XP home, but when I talk to him when he calls back, I'll sure tell him.
I have MY notebook with me, which is XP Pro, but I don't have Visual FoxPro installed on it; never had a need for it. Testing the DB on my machine is not an option.
The "Server" is a PowerSpec; my local computer store, Micro-Center carries PowerSpec as their house brand.
|
|
|
|
|
14
|
Ethical Hacking Discussions and Related Certifications / Hardware / Not really hacking related, but kind of urgent!
|
on: July 12, 2007, 09:43:58 AM
|
OK, I got a phone call yesterday from a recruiter, a local company had a server crash, could I go and take a look? "Sure", I said. (I didn't have anything else to do except deposit a measly $32.00 paycheck in my bank). So I said about an hour. "No problem, thanks very much", they said. I get there, and it's a physical therapy office; they have weight machines, exercise balls, etc. SO the application runs on the server, the two client machines run off that. This is an XP HOME environment. The server runs the application, "VPTOS", and the clients run "CPTOS". The pyhsical therapy software runs FoxPro databases, seems in the server crash, the main db was corrupted. They SAID they backed up the good database onto a USB drive. Sure hope so. There are Shared drives, Network drive is M:, and there is a network drive Y: that appears to be non-existent. I discovered that the one client computer I was working on (I haven't touched the second client computer yet) was not in the same workgroup. I fixed that. Admin password is the same as the user name. So is each user password, the same as uname. Tech support from PTOS says the key to the clients seeing the server is the access rights. The clients have to have full access rights. So I rebooted into safe mode, ran msconfig, and checked the perms. They all said "Full Control", but I want to make sure I'm not confusing access rights with NTFS permissions. When you run the app from the client, it comes up asking for the Foxpro database, says the Run1 file has to be updated. It'ss supposed to find the DATAPT.DBF file, and I tried pathing to it, but it didn't work. I have to go back there tomorrow;I recommended that we just re-install the whole software package and then just update it. They have it installed in several locations, on the server C: drive, and on the M:drive. What's the best way for me to optimize this? Application website: http://www.ptos.comI've never worked with this software before, never worked with FoxPro before. But this is how you learn. I've kinda been pre-occupied elsewhere, know what I mean? This is the first place I come to for help. Haven't had to monkey around with access rights under XP Home, all my machines at home are XP Pro. I question the use of XP Home in a business, but the business owner set it up, and she's a physical therapist, not a computer person. I hate going in and cleaning up after someone else has been in there. They told me today they were thinking of calling in Geek Squad from Best Buy. I doubt they could handle it. I doubt that I can handle it. They originally offered me $35.00/hr, I'm going to have to go down on that. The app they had running on the server stopped working yesterday after I did a sytem restore back to July 3rd. I plan on going back there today to undo that system restore. Any suggestions? Thanks a lot, guys!! |
|
|
|
|
Loading...
|
Forum 
OSCP - Offensive Security Certified Professional : OSCP Review
