I installed it on my test box at work, using the iso and VirtualBox. It works pretty smooth. I haven't seen any slowness issues at all. 10 gig hard drive, 512m of mem, and only 1 processor.

I might not be the best person to make comments on this (don't know anything about their program and rarely take cert classes), but I'm a little dubious of site. The "product" page appears to have 2 quotes on it, but neither one are attributed to anyone. No idea who said them, or what their backgrounds are.

The CEO's page has CEH / QEH and CHFI / QFI listed. I'd be interested in finding out if she really has the CEH and CHFI. I'm sure there is a way to check someone's claim of being a CEH (I've never looked into that, and think it would be fairly easy to do so).  That might go a long way towards telling you some information. Having her own certs makes me wonder about things too.

From their page, to me anyway, it sounds like they used to do CEH training and have decided to break away and do their own thing.

Equix3n

I think you've got it below. Reconnaissance would be information gathering, and footprinting would be one of the ways to gain the information.

I wish language was better suited to creating new terms. Borrowing existing terms to mean new things makes it hard to know what you mean.

I've always took footprint to mean, electronics footprint. How many computers, telephones, faxes, alarm systems, autonomous robots, etc... Anything they have to plug into the wall, and may have access to a communications system (cable or wireless).

Don

Depends on who the contract was written. The place I work at now, I started as a contractor. I was a 1099, but a contract house dealt with finding the job and doing the billing (for their cut of course).

Shady, but when you're desperate for a job, then you take what you can get.

It's really a matter of your own tastes. You're re-branding yourself, and creating the identity you'll be known as in the EH community. It has to be something you're happy with.

I've gone by both chrisj and rattis since the 90s, I have a few I use when I'm trying to hide it's me, but actually changing something i've been using so long would seem strange to me

I'd offer, but I'm a slow reader (between 200 and 300 words a minute, back to pre-speed reading course levels) and have a lot of time constraints right now.

*Edit*

Actually, I really would like to review the book. But it'll probably take me 2 weeks to get through it if that's okay.

*end edit*

I remember last Augaust, there was a thread on the Forensic Puzzle that Internet Storm Centerhad it's handler Diary.

The thread on here

Earlier this week (Monday I think) I came across Network Forensics Puzzle Contest. Which is more of the same, 2 more challenges involving the Ann character from the first one.

I just thought I'd share if people were interested.

Version 3 is out now, I'm curious if anyone else has read it yet. I just got my copy today, but haven't have had time to make it past the table of contents. I've read version 2 via Safari Books, but got 3 to have a physical book on my shelf.

I was a little surprised to see NetWare still in the table of contents.

I'm wondering what other surprises await.

But how do they do that when they throw a curve at you Don? I applied for one position, but the company wants to talk to me about another one, and I know nothing about it.

That does sound like a good idea if you have the time to pull it off. I'm going to have to remember that.

Maybe I'm wrong, but wouldn't this be something that is Digg worthy?

BillV,

Isn't it kind of accepted that you look for as much public information on a company before the interview? It shows an actual interest in the company? I think the information showing the vulnerabilities would be more useful your first week of work.

However remember what we think of a security culture isn't what all businesses think of as a security culture. Some places, it means actually protecting the data, and others it means not letting the users put the work related data on facebook.

Like Andrew and Ketchup said, it depends on the provider. Some of them, if you call them may tell you you'll have to to have a business account or static ip address.

When I had Wide Open West (WOW), I could do pretty much anything. That included running Nmap on the external IP address of my external facing servers at work.

I currently have AT&T, and have to use their Residential Gateway. When ever I try running Nmap from home now it fails, and the Residential Gateway locks everything down, (including the tv) wanting to put my laptop into the DMZ like area with no ports blocked.

I had to call and get smpt open (which you need a static ip for, and I have), because they block traffic going to port 25 from your box. It made trying to trouble shoot work's email servers a real pain. I couldn't telnet to port 25 to see if it was an open relay, or if the servers were taking requests from the internet for regular mail.

The down side, even if you call and they say it can be done, you might have problems getting it done. Like my static IP address with AT&T. No one knew how to set it up for a u-verse residential customer.

I use passwordsafe at work, and keepass at home. Both programs are nice, later this year, I might start migrating work to Keepass (unlike passwordsafe it works on every OS we use).

I would keep the passwords to the safe copied down somewhere. I've lost some passwords because I couldn't remember the password I used for the safe. I recommend your wallet, firesafe, or a safety deposit box depending on how paranoid you are.

As Data_Raid said, if they get the file, they might be able to brute force it.

Something else you might do, to spread the pain of a compromise, is to use different safes (files) with passwords to different things in them.

I liked Bruce Schneier's take on this at Wired.

He says the commands to the things have always been encrypted, it's the video they have to share with multiple people that's not.