I've heard that google labs has a defense feature already in testing to protect the address book from the worm's attack.

 

hayabusa,

Actually that does help some. Hope to get a larger sampling still, of other people's views.

While I'm an open source advocate in general, I also believe in using the best tool for the job.

My testing has been limited (still learning) and usually I'm just looking for boxes on the network I maintain that are not supposed to be there, services that shouldn't be on, and the like. The tools I use most are nmap, look@lan, and Backtrack, but BT is mostly for learning purposes.

While reading Hacking for Dummies (both 2nd and 3rd editions), I've noticed that Kevin Beaver (the author) tends to have a commercial tool bias. Going so far as to implying on page 56 that most of the good tools require buying.

I'm wondering what peoples experiences are here. Do they agree that the best tools are the commercial ones?

The closest I found on this topic was a thread from 2006, called Linux Vs Windows.

One thing I have to say about the book after just over 3 weeks is that I'm surprised it isn't holding up better.

I have several books I have to carry around for work right now (mostly reference guides), so I carry them all in the same box (printer paper style box). All 4 of the outer corners (furthest from the spine) have separated and I've taken to gluing them back down. I noticed the first one yesterday. I've spotted the other three corners today doing the same thing.

I know I'm rough on things but the 2 note books, 2 Cisco books, Sec + book, Hacking the Next Generation, magazines, and shell scripting book aren't having any issues.

Same here, but I'd really prefer a 90 day option too. I've been trying to read a book for the last 3 weeks and only made it to chapter 2 so far. I can only imagine what it would be like if I tried to do the OSCP course with the way things are at work and home right now (too much to do, not enough hours in the day to do it, and adding new things to do all the time).

Billv that was great.

However I'm starting to wonder about the original poster. He's asked about "recovering" his lost RAR password, and now his firefox password... And he wanted to know how to find someone's ip address.

I know I'm paranoid, but he's starting to trip my sensors.

I don't think having to work in the public sector for the same amount of time as study is a bad thing, as long as:

1) there is a job there for you to fullfil
2) the work you do in the pub sector, becomes public information (doesn't get locked away as secret or copy rigthted or anything like that).

You've got a long list of people there. I think the next step would be to figure out what each author can bring to the table, as well if that is what they want to write about.

From there start looking at a very very rough outline, and then compare it to other books on the market.

With that list of contributors I can easily see that coming in around 1000 pages maybe think about breaking up into groups with sub focuses, which could end up as stand alone books.

Maybe have one group writing on Certifications, and the pros and cons of each. Another group doing programing in pen-testing (I know I'd like to see a gray hat like programming books), how a system administrator can do a quick audit (all pen-tests really are) without a lot of additional training, and another section on writing programs to run though system logs looking for problems (I know I'm getting tired of stumbling through grep and awk scripts, and there has to be a better way).

The college down the road from me has a newer IA program. I've thought about taking it and finally getting a 4 year degree. However I haven't been too impressed with the students I've met from the program so far. I can definitely see the IA degree mindset there.

Not saying it'd be a bad program, just from what I've seen, I'd want to see more before I went out and played with them. I'm a noob and know it. But I've already played as a network engineer and system admin.

Looking through the archives could answer your question. Or are you looking for how the members feel they are helping through the site?

I'm more interested in the whole of the paper. What kind of class is it, what level of education is it for, what do they mean by "Internet Society".

I haven't used the program, but if it's not liking the .pcap, what about extracting the stream you want out of the file, and then running rainbow on that?

I haven't done it on the infosec side, but in IT, I'm happier in a techical role.

I've done customer support / tech support / NOC Tech, project management, programming, user documentation, user training, some light Quality Assurance / alpha-beta testing, but I'm happiest making the network and linux boxes work.

I enjoy the documentation and training, but don't think I'd be able to do it as a full time living.

Sorry, not much help, but how would a key logger be useful? Are you looking to capture what they do on the box after they get into it?

Depends, I've worked with people, all they want to do is the entry level stuff. They're happy doing help desk (which includes building the PCs and such) and don't want to do more. They actually push back when trying to get them to do more.

Then there are the people that work at the small mom and pop (I know their fading but I have a few around me that have lasted) computer shops doing custom builds and repair. One guy has been at one since I started going to it in the 90s.

It's not so much a lack of 10 years experience, they could have been doing it for 10 years. They could be really good at it. However keeping up with hardware is a full time job in itself now days.

I do have to agree with Data_Raid, I'd probably let the cert laps (like I did my CCNA) because of the fee.

I don't know. I remember when the Cisco Certs didn't expire. You'd get people that'd pass the cert, not touch a cisco box for a while, and not know the new things in the product (like VLANS), yet they were still certified.

I think continued education is a good thing, I don't like the thought of a fee, but it's better than having to take the test again every 3 years.