I agree... I would go for the Security+. Not a gold standard, but will certainly set you out from the field as a college recruit. As a bonus, you might learn something from studying for it.

If you buy 2 Sec+ books, download some free tools, get a few Linux and Windows VMs, you should have enough to get you prepared.

Eavesdropping is a misdemeanor or felony + fines in most US jurisdictions.

Remember the name of the site you post this on.

I don't think a vulnerability scanner will help you in this instance. If he was a true "NSA cracker", it is likely the backdoor is sophisticated enough to avoid detection though common security software.

Your best bet is to wipe the disk on the laptop completely (or find someone you trust to perform this if you are unsure how to). Reinstall the operating system, update and secure it (e.g. firewall, security software, disable unnecessary services, etc.).

Then just communicate with your Dad via phone and pen/paper. 

P.S. Why is the MS RAS (Remote Access Server) enabled? Do you use this functionality? It is typically not enabled by default.

P.P.S. Did he give you the laptop or at anytime have physical access to it? If that is the case, I would put it on Ebay if you are truly concerned about him "hacking" your laptop.

How do you know it accepts JPEGs? Can you do something like

  ?

If you are authorized, try to upload several variants of files and proxy the application's response. Look for subtleties.

It may be suspectible to parameter tampering. In PHP, it would be something like
If it's not validating your upload parameter, try some fuzzing; for example, /../../  or  command injection.

Check out Kon-boot:

http://www.piotrbania.com/all/kon-boot/

I would also consider the Verizon 2009 Data Breach Investigations Report. Though I might question the purview, it has a lot of information on the breaches they encountered and corresponding mitigation. The 2010 is due out this summer and they supposedly teamed with the Secret Squirrels.


http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

This is a very broad question, but for responses to these situations, any good security professional would have an incident response plan.

In addition to What90's reply, check NIST Special Publication 800-61, Computer Security Incident Handling Guide.

If companies were to look for their own bugs, wouldn't the products be slower to get on market? That translates to lost dollars.

Having external security researchers finding vulnerabilities doesn't cost much at all.

"Open" like you can access their internal protected network after receiving an IP address?

Unless you have performed some recon to determine what you can actually touch, this might be a non-issue to them.

At the same time, depending on your local laws, this recon activity may get you in trouble.

Disclosure to the vendor is noble, however, as you said vendors may reply in a very angry and threatening manner.

Personally, if identifying the vuln involved violating the EULA, I would not disclose it to the vendor. It wouldn't be worth the personal risk. One would also have to be careful of not violating other laws. Some the EFF mentioned:

• Computer Fraud and Abuse Act
• Anti-Circumvention Provisions of the DMCA
  
• Copyright law

If it seemed extremely important to disclose to the vendor (even in violation of the above), I would go to great lengths to remain anonymous.

I'm not experienced in the exploit development scene anyway, so this is all hypothetical.

Hey macdaddy,

If you don't have much luck with setting up Hackme Bank, maybe give Altoro Mutual a try at demo.testfire.net .

No configuration needed    , but maybe you already pwned this one.

Poor security is better than no security at all, as long as it is acknowledged as poor. Poor security can cause a false level of assurance.

As an example, a client was in the process of retiring plain-text protocols on their network. While upgrading, there were many instances of upgrading to SSH v1. While this is an improvement, it may give a false sense of assurance -- SSH v2 was instead recommended.

You could do several different things to monitor, but you could set up a dual-homed (two network adapters) computer between the router and the WAN. All traffic would have to cross through this node.

Cool, thanks for the info. I signed up for it, but wasn't able to make it.

Core has definitely been coming out with some cool stuff and meaningful contributions. I guess that is the advantage to paying, in my opinion, the higher prices for their licensing structure.

Good luck! Make sure you are familiar with hping and netcat.

Besides familiarity with hacking tools and hacking countermeasures, make sure you are able to decode hacker activity, e.g. interpret what a malicious user is doing by looking at a shell history file or explain what someone is attempting provided a web server log.