Hm...re-reading that part of my post you quoted, I realize I wasn't being 100% clear.....

But yeah, Linksys/Cisco WiFi routers that are running DD-WRT/Tomato don't run WPS code at all.

Yeah, my next router (when I get the monies) is going to be the Asus RT-N66U I am not sure if I want to run the stock firmware (which I believe is DD-WRT or Tomato-based) or flash it to Tomato (I've been done with DD-WRT for quite some time now).

ajohnson, you are definitely right, but there was only one WiFi network around that might have been vulnerable, and that was the neighbors' network. Like I explained, I did nothing when I got in, just looked to see if it was one of the ones that doesn't turn WPS off, and then logged off.

I am really surprised this hasn't caught more attention for such a huge vulnerability across the world.

I mean, I have used Reaver when no one was home (got into a neighbors' WiFi with it). Just looked around their router, saw it was an ISP-provided NetGear router.

If I remember correctly, once I got the commands down, it took a matter a minutes to get the WPS key correct, and therefore the WPA2 key. WPA2, yo! That's quite the black eye on such a secure encryption for WiFi, no?

My router is WPS-incapable, being that it runs Tomato; most Linksys-based WRT routers do not implement WPS in any way, shape, or form, so that vulnerability is right out the window for those of us running alternative firmware on Linksys gear.

So far, I've only used it when no one was home, and didn't do anything malicious, like setting new passwords, or changing settings. I just wanted to see how it worked, and if it worked. Surprisingly it did, and quickly.

Should I install all three apps you have suggested? Can I use your channel without Channel Caster?

Cyber.spirit I was looking for good infosec news apps on Android, rather than tools to pentest or exploit things.

Please don't take offense to my comment earlier, I was just kinda surprised that you posted a bunch of stuff I didn't ask for, but found interesting nonetheless!

Cyber.spirit, I wasn't really looking for security/pentest tools on Android, but those are good to know! And putting BackTrack on my phone?  

So any suggestions for Twitter feeds to follow? I mean, since I have to create an account anyway, right?   Any suggestions for an Android Twitter app, too? Is the official Twitter app any good?

Oh snapples! I thought the 'Lessons' section was going to be an overview of the stuff they teach you, rather than the actual lessons.

Guess I still have a bit to learn on the info-gathering!

No offense, but am older than high school age (nearly 26), so I don't believe the HHS will work out for me, plus, there is almost no information on how/when/where theses ISECOM 'events' take place, their price, etc.

It seemed interesting until I tried to find out if it was an online thing, or you had to go to an on-site training, or if it was offered specifically to high school teachers/students....

EDIT: Okay, it's geared specifically at students still in public school....nevermind. Thanks anyway!

Hey all,

Just got a new Samsung Galaxy SIII on Verizon. Rooted, unlocked bootloader, and is running 9/14/12 build of CM10 right now. Can't wait for the final release!

Anyway, now that I have a phone that can handle more than one application at a time (RIP Droid Eris, aka CDMA Hero), I am looking for a good security news app for Android.

Though I don't want this to be all about Android, but you can share apps for iOS and WP7/8, too!

I know Rapid7 just released their SOC Monkey, but currently that's only on iOS I read they might look into an Android version if there was enough interest, but nothing much since. Any similar security news aggregator, aside from standards like gReader and such?

Putting the 'suit required' in the job description sounds a tad....childish? Not the word I'm thinking of, but you know.

And I think the job requirements shouldn't really include dress code, since every environment is different, and they might just copy/paste from another posting, or whatever.

I think, if you know it's a professional type place (not a mom'n'pop shop) then you need to either figure out what their dress code is (just ask during a phone screen, if you're going in for a meatspace interview), or just dress to the Nines, and work from there.

I personally don't own a full suit, but I have the pieces of one; slacks/khakis, dress shirts, shoes, and a suit jacket. But it's not tailored to me or anything, just a Wal*Mart special assemblage. And that seemed to work out for the one interview I've worn it to.

Of course, if you should show up in a full suit, and everyone's just wearing jeans and t-shirt/polo, then you can talk about it during the interview, make a comment about 'being overdressed' or something. Interviewers tend to like someone likable and can make/take a joke, at least in my experience.

Unfortunately (or fortunately in a few rare cases) having general knowledge of concepts in say, SQL, or the searching through Linux logs, is not usually enough for interviews.

I've been to a number of them, through an IT contractor company, where the requirements they gave me didn't quite match up with what the interviewer actually expected.

I mean, Googling a company is fine and dandy, but sometimes they have several different businesses umbrella'd under their name, and so, you can prepare for their core business, but the part of it you might be working for? Totally different and unrelated. Especially (and I know this excuse is older than the dead horse) in this economy. Many businesses have been bought up and just rebranded, while they do their original thing. And sometimes they don't even do the same thing as the parent company, so you can research the entirely wrong business division, and come in cold to the interviewer.

I do agree preparing for an interview is a really great way to wow the interviewer(s), but sometimes I personally feel like not even bothering. There have been a number of times where I researched the company, read up on a couple of the things they said they needed, and then bullshitted my way through the interview because they wanted a completely different set of expertise.

Again, though, this is probably miscommunication between a middle manager at the company, and their contact at the contracting agency, then to me with their gobbled list of things.

Very few direct interviews have these problems, but that might just be from my perspective

Cyber.spirit and chrisj thanks for the advice! I'll look into many of these things soon!

And I bought the basics of pentesting book because I don't know how to do it, hence, I need the basics. I understand basic security concepts and abstracts, but have had little "in-the-field" experience with them.

But PenTesting sounds like something I might be able to do as a job, maybe even a career of sorts. Not sure what I want to do as a career right now, but I do want it to be in the vast IT industry

SO THIS.

Also, awesome piece of kit you're giving away!

I agree that Hackers, while not a 'good' movie, was my gateway movie to hacking.

Not that I've done a lot, to anything other than my own systems, but it got me interested, and I still am very interested. Mostly in something super-challenging and rewarding like PenTesting. I owe it all to Hackers.

But, watching it now, in 2012, a lot of things in the movie don't make sense, or are super-antiquated by todays' standards, so unless you've seen it before, it's probably not a good idea to introduce someone to 'hacking' with the movie.

HM...Good point. I am currently A+ Certified, and I've taken the Net+ classes, but have not taken the test. Currently in Chapter 6 of the 2009 edition of the study guide, but at this point, it seems a tad much, just really boring (but necessary, I know!) stuff at the point I am in the book. Plus I know, in general, how TCP/IP works as it relates mostly to Windows systems. I've dabbled in Linux, but have never really used it in a desktop, day-to-day situation for very long. I've tried Slackware....back in 2003/4, Ubuntu every couple releases (not a fan of Unity, BTW), and I think once I tried Gentoo to force myself to learn about Linux, and that just netted me an unbootable machine for a week. 

Have been thinking really hard about getting CCNA certified, taking the classes because of the incredible volume of information, but don't have ~$3k+ for the classes, and I can't find a local campus offering the course at the moment.

The way I learn is very complicated, but according to this list on Wikipedia, I can learn all four 'ways', but I would prefer not to stick to a single method if possible. Hence my want of the class for CCNA specifically.

It seems Self-Study, for me, only works for a while, maybe a month at max. After that I just lose interest in the text and move on to something else. Maybe a study group of some kind?

Also, are there free(ish) alternative to the courses offered by SANS? I might be able to get some kind of tuition reimbursement from my employer (if I get a day position in their IT dept) but I'm not holding my breath, plus, I'd have to have the cash to pay for any training myself first.....

Ah, First World Problems, right? Looks like I am going to enjoy my time here! Can't believe I haven't found this place, or similar before! I wonder is there a 'Non-Ethical Hacker' sister site?