Hiya guys,

I dont work in the Medical / Health Care industry, but some of you might have some exposure there.

I dont know alot about HIPAA, but my general understanding is that its all about safguarding the patient information, with various administrative, physcial and technical solutions.

Anyway, what I am trying to understand is, is there something similar that applies in the UK, and I believe this is a US regulatory requirement?

If anyone has any information it would be much appreciated.

Thanks in advance.

Hiya guys,

I often listen to my ipod in the car on my commutes, and I often have the PaulDotCom or Security Podcasts.

So I was wondering what security podcasts you guys listen to, that I might add to my download list.

Cheers

Don I agree, however this only continues to show that organisations are not taking enough to notice of the advice, guidance and policy statements to stop this simple mishaps occuring.

Ex-Con would mean someone who had been convicted of their crimes.

This doesnt mean that everyone who has never been caught has been a naughty boy / girl though.

I think the distinction with this all round, is to not employ someone where you feel their personality, background and criminal checks would lead you to believe they would be a risk to your organisation or any other.

Like I said, dont put all your eggs in one basket (all one vendor) unless there is a strategic reason.

Multiple layers is the key, and if this can incorporate various vendor offerings the better.

I think there are two points to be made here.

People and organisations may be concerned about employing a so called "Ex-Hacker", as I guess there will be concerns around trust, and someone falling back into not so legal habits.

I dont think that you have to be a Black Hat to really offer any benefit. I think most people will have done something that wasnt 100% legal, speeding and technical related issues.
The skills are the same, and the difference is doing something with permission.

It makes some form of sense in my mind anyway

I am sure many people will have many different opinions on this.
Cisco is for sure a good brand, with some quality products, and alot of companies are Cisco houses.

My personal opinion is where possible go for best of breed, and just not to put all your eggs in one basket. So I like to have a few solutions in the mix by different vendors. That way when a major issues flares up (some zero day attack) I will hopefully have some layer providing some protection.

Just my thoughts.

Dark_Knight, thanks for the write up, your opinions and insight, I am sure it will be of use to many of the forum considering the boot camp, and studying for the C|EH.

And congratulations.

Welcome to the forum.
My lab I have a couple of laptops running vista and XP sp3. One laptop also have Ubuntu on it. I have my netbook with Linpus and BT3. Then I have a desktop machine that has unpatched or limited versions of patching for XP, 2000, 2k Server, 2003, Mandrake, Ubuntu and Fedora.
Also a switch, couple of routers, AP's and bluetooth carkits etc.

I also have a few live cds that people mentioned on here for giving pen testing environments, like the DE-ICE series etc.

Welcome to the forum, and all the best for the future, and looking forward to helping with any questions you have.

The objective is a CD that can be sold to the local community and easy to use, but difficult for average Joe to make a copy of.

This software works really well actually. The files can only be view from the CD, copy them off the CD they dont work, try and copy the CD in a standard way and it fails.

The most important bit for a charity, only $70. Fingers crossed it covers everything they seemed to need.

Just for information sharing. I found some software called "DiscKeeper BlackBox" that I think will do exactly what the charity needs.

However if anyone has experiance with anything else thats known to work, please feel free to share.

First of all, we all know that nothing is 100% copy protected, but hear me out.
I am doing some volunteer work with a small charity, and they are creating a CD with PDF and JPG's on, and they will be selling these to help fund some of the charity.

They would like to where possible make these harder to copy, but still easy for a buyer to use. Obviously as a charity it needs to be very cheap / free, and fairly easy to produce, not mega volumes, but maybe 5 at a time.

I found something called SecurDisc, but it can only copy protect a pdf, and only does it on a DVD, and these needs to be a CD.

Any suggestions would be much appreciated.

If your looking to do some form of autorun feature for a USB attack, then you need to look to a U3 device, as this has a partition that acts like a CD, and you can use it to autorun apps in a stealthy fashion (assuming the system is configured for autorun).

With non U3 devices social engineering techniques would be required to make someone execute the command your looking to use. There may be other batch techniques etc.

From personal experiance, most of the hack type things regarding USB are commonly detected by AV and Spyware detectors etc, so the results are not always that rewarding.