The Ethical Hacker Network - Latest posts of: Equix3n-

Latest Additions

EH-Net Login

Welcome Guest.

No account yet? Register

Who's Online
We have 52 guests and 2 members online

Advertisement

You are here: Home

EH-Net

May 20, 2013, 08:21:24 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Go back to The Ethical Hacker Network Online Magazine Home Page

Home

Help

Calendar

Login

Register

Show Posts
Pages: 1 ... 22 23 [24] 25 26

346	Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP (Offensive Security Certified Professional) Certification	on: February 17, 2009, 07:51:59 AM
I think you should have a good hacking knowledge before taking this course. Based on what members who took this course say it's not easy to pass this course. I used to think that I could pass this course but I'm reconsidering my decision and improving my skills.Perhaps a six-eight month practice with the tools will do it for me. I advice you to improve your skills and knowledge before taking this course too.

347	Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Separating the Men from the Boys	on: February 15, 2009, 04:07:43 AM
Quote from: timmedin on February 14, 2009, 12:44:24 PM But that is what I mean, what do you think those mad skillz are that are the differentiator? For me. the difference lies in using and creating. By using I mean someone who uses pre-made exploits and steps to hack an application. His knowledge is confined to this area only and becomes helpless if the system is fully patched. On the other hand a creator makes his own exploits, finds his own vulnerabilities and sometimes makes his own tools. The difference between a hacker and a good hacker is great but there is a thin line between a good hacker and an excellent hacker.

348	Ethical Hacking Discussions and Related Certifications / Malware / Re: ANTIVIRUS-Yes or No?	on: February 14, 2009, 01:54:58 AM
Quote from: Stifler on February 14, 2009, 01:35:18 AM Since you guys are on the topic of Linux, I have a couple questions. I've never used Linux before but I hear good things about it, so my questions are... Is it free like I've heard? Can it be installed on a computer designed for windows? And if so, where can I get it? Most of the Linux distributions are free. Linux is more a kernel from which various operating systems have been designed. Each of these OS is called a linux distribution. Currently there are hundreds of distributions-both free and commercial. You can gather more info. at http://en.wikipedia.org/wiki/Linux http://www.linux.org/ You can get all the Linux distributions at http://distrowatch.com/ Since you have never used Linux I suggest you start off with Ubuntu which is a free Linux distribution. It's very easy to use. http://www.ubuntu.com/ The download link is here: http://www.ubuntu.com/getubuntu/download It's a 700 MB iso. If you have a slow internet there's an option of torrent download on the page too. It can be used with windows. However you have to partition the disk before installing it. Here are some links to help you out. https://help.ubuntu.com/community/WindowsDualBoot If you have problems in dual booting you can install Linux on a virtual machine. http://cmsproducer.com/Ubuntu-Linux-Windows-VMware-Server http://www.psychocats.net/ubuntu/virtualbox

349	Ethical Hacking Discussions and Related Certifications / Malware / Sun Java System Directory Server Directory Proxy Server Denial of Service	on: February 13, 2009, 11:56:28 PM
A vulnerability has been reported in Sun Java System Directory Server, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Sun Java System Directory Proxy Server. This can be exploited via specially crafted LDAP requests to cause the server to become unresponsive to certain requests implying a JDBC backend. The vulnerability is reported in Sun Java System Directory Server Enterprise Edition 6.0, 6.1, 6.2, and 6.3 for Solaris 9 and 10 on SPARC and x86 platforms, Linux, Windows, HP-UX, and AIX. Solution: Update to Sun Java System Directory Server Enterprise Edition 6.3.1 or apply patches. http://secunia.com/advisories/33923/

350	Ethical Hacking Discussions and Related Certifications / Malware / Apple Mac OS X Security Update Fixes Multiple Vulnerabilities	on: February 13, 2009, 11:27:13 PM
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. http://secunia.com/advisories/33937/ Quote Description: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A race condition error in the AFP Server can be exploited to trigger the execution of an infinite loop by sending a specially crafted file enumeration request. 2) An error in the handling of movie files using the Pixlet codec can be exploited to trigger a memory corruption. 3) An error in the Resource Manager related to CarbonCore can be exploited to trigger a memory corruption via a file containing a specially crafted resource fork. Successful exploitation of vulnerabilities #2 and #3 may allow execution of arbitrary code. 4) Certificate Assistant handles temporary files in an insecure manner. This can be exploited to overwrite arbitrary files with the privileges of the user running the application. 5) Two errors in ClamAV can be exploited to cause a crash or potentially execute arbitrary code. 6) An error in CoreText when processing specially crafted Unicode strings can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted web page. 7) The dscl program accepts passwords passed via command line arguments. This can be exploited by local users to obtain the received passwords via the process list. 8.) Multiple errors in fetchmail can be exploited by malicious people to cause a crash via overly large e-mail headers. 9) Folder Manager creates the "Downloads" folder with global read permissions after a user deletes it. This can be exploited by unprivileged local users to gain access to the "Downloads" folder. 10) An error in the fseventsd program can be exploited to disclose normally restricted filesystem activity via the FSEvents framework. 11) An error in perl when processing Unicode characters can be exploited to trigger a memory corruption and potentially execute arbitrary code. 12) An error handling problem in csregprinter can be exploited to cause a heap-based buffer overflow and potentially gain system privileges. 13) Multiple errors in python have an unknown impact or can be exploited to cause a crash or potentially compromise a vulnerable system. 14) An uninitialized memory access error in the Remote Apple events server can be exploited to disclose potentially sensitive memory contents via specially crafted Remote Apple events. 15) An error in Server Manager while validating authentication credentials can be exploited to alter the system configuration. 16) An integer overflow in the SMB implementation can be exploited to cause a heap-based buffer overflow by tricking a user into connecting to a malicious SMB server. Successful exploitation of this vulnerability may allow execution of arbitrary code. 17) An error in the SMB implementation can be exploited to exhaust available memory resources and cause a system shutdown by tricking a user into connecting to a malicious SMB server. 18) An error in SquirrelMail can be exploited to inject and execute arbitrary HTML and script code via a specially crafted email. 19) Multiple errors in the X11 server can be exploited by malicious, local users to cause a DoS, disclose potentially sensitive information, or gain escalated privileges. 20) Multiple errors in FreeType can be exploited to cause a DoS or compromise an application using the library. 21) Multiple errors in LibX11 can be exploited by malicious, local users to disclose sensitive information, cause a DoS, and gain escalated privileges. 22) Xterm creates TTY devices accessible to all users, when used with "luit". This can be exploited to e.g. write data to another user's Xterm.

351	Ethical Hacking Discussions and Related Certifications / Malware / Conficker worm interesting links	on: February 13, 2009, 11:23:23 PM
I just stumbled upon this article by Andre L. in the SANS website. It contains a lot of info. about conficker worm and its removal. http://isc.sans.org/diary.html?storyid=5860 To quote the author Quote In an effort to provde YOU the enduser the ability to educate your self on this threat I will be posting as much information as possible, from as many sources as possible. This may lead to redundancies in the data that is avalible but I am hoping that this will allow you to pick and choose the information, removal tool, and more importantly your own path when mitigating Conficker. Please do note that ISC nor SANS is verifying the validity of any of the information or tools present here (you can check our own posts on this topic, or compare against multiple sources).

352	Ethical Hacking Discussions and Related Certifications / Malware / Skype Valentine spam lure	on: February 13, 2009, 11:11:45 PM
Websense Security Labs™ ThreatSeeker™ Network has spotted an emerging malicious spam lure, masquerading as a message from Skype. The spammed message uses Skype's logos and themes, posing as a Valentine promotion. With two days to go before Valentine's day, the fake promotion entices the user into sending a free Valentine video message to a loved one. The proposed video link in the message leads to a malicious compressed archive file named valentine.exe located at http://[removed]ftp.com/skype.com/valentine/valentine.exe (SHA1: e5f752badaf0fbc0afcf3081ac10bf781da59de6). Executing the file installs a version of Skype along with an IRC backdoor file named: spoolsv.exe. http://securitylabs.websense.com/content/Alerts/3305.aspx

353	Ethical Hacking Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: Just passed the CEH	on: February 13, 2009, 10:58:43 PM
Congrats raytracer, It would be very helpful if discuss about your test experience and how you prepared for CEH.

354	Resources / News from the Outside World / Re: Stolen wallets cause most identity theft	on: February 13, 2009, 10:47:51 PM
Easy dude. Everyone has gone through this.

355	Ethical Hacking Discussions and Related Certifications / Physical Security / Re: Researchers hack facial authentication systems	on: February 13, 2009, 08:13:40 AM
Now that's scary especially considering the fact that biometric authentication is considered to be one of the most secure methods. I guess Vijay will give us more info. after he attends the Blackhat DC briefing.

356	Resources / News from the Outside World / Re: Stolen wallets cause most identity theft	on: February 13, 2009, 07:59:42 AM
Lolz! I was about to give my expert opinion based on Jason's post alone without reading the actual article. Thanks you saved me

357	Ethical Hacking Discussions and Related Certifications / GCIH - GIAC Certified Incident Handler / Re: Should I go for GCIH after CEH?	on: February 13, 2009, 07:48:39 AM
Quote Alternatively, once you have earned CEH you can pay a $50 (last I checked) fee to receive CNDA I just checked EC-COUNCIL's website. It states that Quote The CNDA certification is awarded only to employees who work for United States Government and Military Agencies From where did you get this info.?

358	Ethical Hacking Discussions and Related Certifications / Wireless / Re: When is enough really enough?	on: February 13, 2009, 07:43:10 AM
Quote from: dalepearson on February 12, 2009, 09:33:07 AM Sorry for not having the exact info, but I think its in India, they are now giving the responsibility to the police force, to go around and enforce people to secure their wireless devices. I don't know whether to agree or disagree with you. There was an incident in India in which some terrorists cracked a person's wireless network and used it to send mails to the local media. After they were exposed there were a large number of articles on how to secure your wireless devices both from the government and the local newspapers. Articles regarding civilian security regularly come from the Police but I have to yet to read about some police responsibility like the one you are talking about(I'm an Indian).

359	Resources / Tutorials / Re: ceh 5.0	on: February 13, 2009, 07:04:56 AM
Hi nabhi2k, You can start by visiting the CEH section and read some of the threads. I'm sure you'll find them useful. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,2.0/ The site has lots of CEH certificate holders and they'll guide you more. Additionally, if you face problem in understanding some concept you can ask for a tutorial in the forum. I'm sure that some member will make tutorials if they get some request. We currently don't a have tutorial requests section but I think that Don should make one<-----------So read this Don

360	Resources / Links to cool sites. / Comptia Discount certification vouchers.	on: February 13, 2009, 06:46:51 AM
Here's a wonderful site to get cheap Comptia exam vouchers, but unfortunately the service is available only in the United States and Canada. http://www.totalsem.com/vouchers.php

Pages: 1 ... 22 23 [24] 25 26

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com

Page created in 0.075 seconds with 21 queries.

Exclusive Deal

SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format! Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013

Polls

Compared to this year, 2013 will be:

	Great!
	Better.
	About the same.
	Little worse.
	FUBAR!

Recent Forum Topics

EH-Net News Feeds
Latest Additions

Privacy Notice
for TDCC & All Properties

Advertisement

© 2013 The Ethical Hacker Network

Joomla! is Free Software released under the GNU/GPL License.