You need to reinstall windows first off. I would think he has some kind of root kit installed on your machine or other malware that is allowing him to access your machine. If you change IP's or ISP's it won't help, the software that he has installed will just start reporting back to him you new IP.

The only way you will get rid of him is a clean fresh install.

You should also make sure when you rebuild that you have AV running and it is always up to date. Also might want to run some anti malware software such as adaware.

Let me know if you need any help.

Hey,

Thanks for the reply. The version of Jetty that they are using has the "//" problem that allowed me to view the files that make up the login page. From there I could download the swf file for the front page.

Using a little product from HP called swfscan (http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.aspx) to decomplie the swf and view the source code. Found a few little issues with the code and was able to get into the app.

Also ran WebScarab over the site and it found lots of nice little bits of information.

Thanks again for the advice.

A

Hi all...

I have been asked to have a look at a new webapp that my company is working on. It is built with Flex and runs on the Jetty web server. They want some ideas on how to test the security of the application.

Any advice on what tools to use and where to start!

Thanks heaps

A