It sounds like he's just looking for projects for personal study. It'll be difficult to recommend things without knowing your interests.

If you're bored, why don't you start a blog and see what direction that takes you in?

What types of passwords are you trying to manage? Utilities like Keepass and Password Safe can be helpful. Then users just have to keep track of one password (or two if you count logging into the computer); that's still much more manageable. Sometimes they do forget, so you have to have reset policies in place.

Storing a book with everyone's in them and giving access to someone is dangerous because he/she can then impersonate users.

Pass phrases are another good technique to make passwords easier to remember (although longer to type).

Do you have any good resources for this? I've gone through the Wireshark book and have several other TCP/IP books, and there's always the RFCs. I didn't know if there were any other online tutorials, etc. Thanks.

I completely agree. Some of my favorite books for learning programming are the cookbooks, cool script/hack books, etc. It's fun if you try to just look at the title of the hack/script/recipe and try to do it on your own before seeing how it was done in the book.

This is a site I was recently exposed to and am starting to work on: http://projecteuler.net/ I hear it's kind of math-heavy, but it should still be fun/interesting to some.

You might also want to check out /pentest/web/put.pl in Backtrack. Curl supports HTTP Put as well.

You can petition to have the (ISC)2 endorse you as well if you cannot find someone else who will. Since you are, in a way, putting your reputation on the line when you endorse someone, you'll probably have a difficult time finding a stranger that'll endorse you.

Welcome to the forums

It's actually trivial to sniff and spoof MAC addresses, so you're really only protecting yourself from very casual users. You really should be using WPA or WPA2. Anyone within range can see everything you're transmitting over the wireless network. WEP is broken and can be circumvented in minutes.

Edit: Aw, lost by 52 seconds

This comment from the Digg submission pretty much sums up my feelings:


http://digg.com/security/Rogue_Security_Researchers_vs_Microsoft_Karma_Is_A_Bitch

That's nice and everything, but that's still breaking significant laws. It's probably not likely, but do you really want to risk the FBI showing up on your doorstep because you wanted to find an email address.

Yea, I definitely wish-listed this when it came up a few days ago (I think that was here on EH). The cover art is cool, but I was going to get it regardless

What's there to think about? DO IT!

Congrats on the GWAPT, btw.

What type of router? It sounds like you're referring to a SOHO unit like a D-Link or Linksys.

If they support remote management, you'll probably have to enable that somewhere in the advanced settings. If you're working with an enterprise-class router, it should support a variety of remote administrative protocols. SSH would be recommended, and you'd ideally use ACLs to limit the IP address or addresses ranges that could connect to that service.

I don't have any experience with that one, but this might be of interest to you if you're interested in Python: http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5617.msg29578/topicseen,1/

It really depends on the person. I think it's great for me. YMMV.

As far as jobs go, this field seems to be increasingly more popular. It seems like it will stay that way for the foreseeable future.


Like I mentioned before, you really need to be passionate about the material and enjoy working with it. If it's just appealing because you're after a big check or it seems exotic, you're not going to last. It's going to take a lot of time outside of business hours. I would wager that most of us are ok with that because we also consider it to be a hobby.

I also see others get frustrated and quit because they're not willing to put in the time mastering the fundamentals and want to do exciting work right off the bat. Like I said, you'll more than likely have to put in some time as a systems and/or network administrator. You're only going to be able to do a half-assed job (at best) if you don't develop a solid understanding of  TCP/IP first.

What appeals to me is the fact that things are constantly changing, and I'm constantly learning. As you can see, what may be considered a con to some people is a pro to me. That's why the answer to a lot of your questions are going to be, "it depends." I enjoy doing challenging work and having to think critically. Some want a job that's slower-paced with less pressure. I think you get the idea...

Welcome to the forums!

Here's one example of how to go about that: http://www.larsen-b.com/Article/212.html

Googling something like "kismet map gps" will yield many results. There are other utilities that can do similar things (i.e. Netstumbler can collect GPS information as well).