I noticed that this topic isn't on this forum so I decided to share.

This is actually pretty old news, in January, after working for 5 weeks GeoHot found a way to circumvent the hypervisor in the PS3.
Last month he released the exploit for it and on April 1st Sony disabled the OtherOS feature.

I think this topic is invaluable to us in a lot of ways.
I'm interested in hearing your guys comments on these range of issues.

1) The technical details. How the exploit works (I don't understand the PPC architecture + proprietary sony/ibm hypervisor), how it provides total control of the hardware etc.

2) The PS3 was considered the most secure console on the market, with an infamous reputation for being "unhackable" yet this guy did what other groups have tried to do for years in 5 weeks. Amazing stuff how this guy was able to deduce how to hack the OtherOS.

3) The ethics issues surrounding this exploit. Should he have released it? Etc

4) Sony's decision to disable a key feature of their console the "OtherOS" which allows the ps3 to run linux. All in a bid to prevent the future possibility of piracy. Is it ethical for a company to take a feature away?

I'm 26, worked 3 years in IT, doing system administration and the odd project here and there implementing whatever is required of my clients.

I too picked up an alphabet soup along the way but I never finished my degree.

I plan to do a degree whilst working in the future. When? I don't know but I think I will need it eventually.

If it turns out that I don't need it then sweet, its obvious cause I'll have a job in the role that I want in security.

If not I slug away at sysops for a few more years and then get that degree and then move into the role I want.

I'm quite happy with the path that I have taken and I think doing my degree later has been a better choice for me.

My understanding of their issue is that their internet presence was being exploited by their competitors to sell their competitor's products.

So when a customer would go and pay for their order some sort of local malware would redirect the customer to another website via a pop up effectively stealing the custom.

I think this sort of targetted client side attack is hard to prevent for a company so small. The whole problem is not just the security of the hosted website but also the security of the customer's own computer here.

I think it is true that hiring a pro is definitely the way to go but I don't think a 2 person home based business is going to be able to afford a security pro long enough to develop a solution to such a problem.

I'm not sure I am reading your explanation correctly hayabusa but I don't think that is how NAT works in vmware...

If you are using bridged networking then you either need to assign a static IP on the network your adapter is connected to or more logically receive a DHCP lease.

If you are using NAT networking what happens is that vmware creates an internal network inside your host and automatically assigns the guest with a DHCP lease for the internal network.
This internal network is then NAT'ed on your network adapter which is on your local subnet. This part obviously does not work if the guest's NAT network adapter is assigned a static IP which is different to the internal network.

Took your time!!!

Congrats btw well done.

I would prob do the ECSA if you got nothing else lined up.

I think breaking out of virtualisation and attacking the hypervisor is going to gain momentum as more and more companies turn to virtualisation to solve IT issues.

You could think of it as another form of priviledge escalation.

I think that VOIP networks are going to see an increase in attacks (if you are subscribed to CANVAS you will have seen some of the latest modules to do such a thing).
Why? because you can do a lot with it. The immediate one is monetary gain. Racking up phone charges on the victim's account to your billed account.

Offer free beer.

Have a policy of inviting every chick.

I believe this is your problem. foo/bar/protected?

The thing with SSCP is that there are just so many other more technical certifications to do, granted many of them are vendor specific but in the real world thats the gear you work with.

Also I think its important for you to decide on a specialisation and draw up a plan based on that goal.

Do you want to focus on networking, system security or coding? All 3 are important to ethical hacking but it is highly unlikely that you will be a guru in all 3.

I took Infosec Institutes Online ethical hacking class.

Their recently updated material done by Keatron Evans is pretty good. Way better than the course material I had when I took the class.

Whilst it is not like a bootcamp and therefore there are some limitations you do get to study at your own pace. They have always been great to deal with as well. After having done their online training you qualify to take the exam as if you have done the bootcamp.

If you are really keen on self study give that a try and see whether EC-Council will approve it. You got nothing to lose.

I may just be lucky.

I've never had anyone find my skills weird or suspicious.

Maybe there are a few rules I live by.

1) Don't flex your security skills. If you want to use it for good use it appropriately.

2) Tell people about what you know in a comfortable social setting. I usually do it when I feel they are ready to know and I am building rapport with them. In those times they usually go "Wow!" (only if not to offend me maybe lol).

3) I try not to be a nazi paranoid schitzo security dude at work. If I see something as insecure I may make a suggestion to fix it but I won't go in and just tell people that its bad.

Basically it all comes down to this, you want your friends, colleagues, school mates etc on your side. It makes your entire life easier, they understand your better, their information technology risk decreases and everyone benefits from your expertise and mutual co-operation.

What?? why?

From what I know of the SSCP it is a subset of the CISSP material.

GSEC is probably worth more to you if you are still starting out.

Although I would have to say that your choice of certs is not exactly the best choices for getting technical.

CEH is probably the most technical of the bunch and I would say that the amount of labs in CEH disappointed me.

I would heartily recommend OSCP if you are relatively proficient in areas of linux, scripting and networking. If you have those key basics down pat then OSCP will give you the maximum return on your money for learning hacking techniques.

Thats if you want to learn "Offensive Security" I assume you do because you are on an ethical hacking site. Rather than defensive measures like hardening, firewalls etc.

There is an exe portion to tor, you run the exe and have a plugin for firefox... but you don't have to run the exe on the same computer as the plugin. Nor do you need to run the plugin either really....

Anyways fighting tor is basically an arms race. I think doing things like scanning for their proxy list and such isn't a very good long term strat. Need to fight it closer to the problem.

Letting users install software or make modifications to your software environment is a recipe for disaster I have found.

Ketchup's suggestion to use group policy should be standard in a windows environment. I'm not 100% sure how you would lock down plugins though.

The simplest and easiest fix IMO for anonymous tor traffic would be to do this.

1) Have an acceptable use policy where any surfing done at work is susceptible to monitoring. Users are there to perform work not to perform personal matters.

2) Implement a proxy server. All surfing is done through the proxy server.

3) Either purchase a blue coat proxy which does MITM of SSL or implement your own whitebox setup with sslstrip/sslsniff etc etc so that you can scan the https traffic going through your network.

4) ?

5) Profit.