makes perfect sense.  Glad the blog post was useful.

Cheers

Syn

Hi Ghost

Not sure if your interested but I wrote a blog post on information disclosure in email headers a while back.  It only scratches the surface but it might be of interest to you still.

http://synjunkie.blogspot.com/2007/10/information-disclosure-from-email.html

Cheers

Syn

Cain is also an excellent tool for compromising VNC.

It can either pull the passwords from the registry:

http://www.wonderhowto.com/how-to/video/how-to-decode-vnc-passwords-with-cain-160725/



Or sniff them off the wire and bruteforce them:

http://www.youtube.com/watch?v=-8SOVQXD3mg

Hope this helps.

Syn

Just a couple of my favs that arn't listed yet:

http://serversniff.net
http://clez.net/
http://tineye.com/


Syn

Chris

Sorry, I should have made that clearer.  That is what I meant when I said "if your short on time there is a podcast version". Or words to that effect.

I don't have time to read his blog but I do have a 3hr commute every day so the podcast is perfect for me.

Regards

Syn

Just one last thought on the Reverse Engineering. Not sure if you would have caught this on an old episode of hak5 but there are RE challenges that range from the starter level to quite an advanced level.

Maybe these could give you the challenge you need.

Check em out!

http://www.crackmes.de/

http://www.hak5.org/?s=crackme&x=0&y=0

Syn

Not sure if this might help but I wrote a blog post a while ago about spoofing email using Sterm and Telnet.

http://synjunkie.blogspot.com/2008/05/abusing-mail-servers.html

Cheers

Syn

Thanks guys, those suggestions help, particularly those suggestions regarding security both at home and at work. 

Cheers

That does help Don.  I do have management buy-in and I have volunteered for this task as I have a good handle on the threats and risks.  It just so happens I'm not the best person in the world at explaining things to users in a way that they understand and won't forget.

This education effort is going to be solely email based unfortunately so I need to make it as effective as possible.

Cheers

syn

THis is a really great book, as is his other book "Beyond Fear".  Essential reading in my opinion.

If you enjoy Bruces books he has a monthly news letter here:

http://www.schneier.com/crypto-gram.html

If your limited on reading time you could cath the podcast version here:

http://crypto-gram.libsyn.com

Cheers


Syn

Have you considered approaching an open source project for a tool you use.  Maybe the authors could use some help.  This might give you a sense of direction and you would be giving something back. Explaining your circumstances to the project lead might get you the mentoring you need to get you started.

Just a thought.

Syn

I'll echo BillyV's comment regarding the CEH and tools.  I did the version 5 of the course and was quite let down by the emphasis on the tools rather than the methodology and techniques.  I hope that this has changed in later revision of the course.

I also passed the Security + recently and although i'm currently working on a CCNA I think the GCIH looks like an interesting option for next year.

Good luck.

Hi guys

I would like to undertake a user education program (obviously security related) for my company and I would like to know if anyone has either sent or recieved emails regarding email threats, spam etc... and thought "hey thats a neat way of getting the point across".

I know what the threats are and I know I can explain them to other technical peope but i'm not so great at taking a technical issue and dumbing it down so the average user can understand and "get it".

So can anyone suggest any resources or email templates I can use for ideas.

Many thanks

Syn

Lets hope it better than there Spyware (Defender) effort!

I'll probably get flamed for this but have you thought about PowerShell?  It's just about to have Version 2 released and pretty soon it will be default on all new Windows OS's replacing good ol' Cmd.exe. 

I think of it like this, when I get a shell on a box at the moment I need to know my Command Line Kung Fu,  well in a couple of years that Kung Fu is going to be all PowerShell Fu.  And I'll tell you this, there isn't much you can't do with it.

Just my thoughts anyway.

Syn