I was going to start by visiting high schools and try to talk to IT teachers and try to get some ideas from them to. They know their students after all...

Then I could do a little presentation to push the interest. I will probably have to write a letter to parents, school directors, etc.

Then we can start a web site, find a place to gather, do a few presentations and demos to really get the interest going. Then as you said Equix3n, have a workshop and organize a competition.

And you are right ETHICAL would be the keyword here...

So I guess you are both right. If my ISP doesn't care about me scanning servers, then I would be fine.

I will read their policies if I do scan servers in the future.

Is Hayabusa the only one warned or blocked by their ISP?

Thanks Hayabusa,

I will keep you posted for sure. Meanwhile, I am just starting...

Hey,

I would really like to start a competition in the high schools around where I live. I have been a teacher years ago and I also did some volunteer work in on high school, etc.

I think teenagers interested in InfoSec are often left learning tools by themselves and if not guided properly, can start hacking networks everywhere without permissions...

Finally, I am a French Canadian and there is close to no resource in French in this field.

So, I would like to create some kind of a club among different high schools in my city where we could meet once a month or something like that and organize a CTF among them. I really, really want to focus on the legal aspect of it. I want them to be White Hats, not the opposite...

Do you guys think it would be a good idea? Have anyone done that before?

Thanks for your advice!

Hi everyone,

A friend of mine (actually, a co-worker) want to play a little game with me: we both want to set up a web server at home and try to hack each other. Since we are both web app developers, we think it would be a good exercise for us to learn both the defense and the attack of such servers.

We will install a VPN so we can do our stuff without alerting/disturbing anyone else. However, we plan to secure our servers as much as we can so having them face the internet (instead of using a VPN) wouldn't be a big worry for us.

Finally, we will give each other written permissions before we start doing anything.

My question is: If we wouldn't use a VPN and our server would be serving web pages on the internet, could our scans, brute force attacks, etc disturb other people?

Here I think more of our respective ISP (and possibly others?). What could we do to mitigate the risk of getting into troubles instead of using the VPN? Maybe it doesn't make any difference?

I want to add that I will use a VPN regardless of the answers and we both have no malicious intention whatsoever. We want to compete, that's all!! 

On the same train of thought, I once wrote a funny comment in the source code of a web application, complaining on how bad the language was at that time.

2 years after, I received a phone call from a developer doing some maintenance on my old code. He was laughing so much! My joke wasn't that funny, but when you spend months going through somebody else' code, anything is funny.

From that point on, I have always added a joke or two in each of my applications (But I am still waiting for other phone calls...).

Life is too short to be taken seriously!!

Ahhh! Great article Dark_Knight.

We need more of these!!!

I haven't seen the ad. What is the book title?

For me, I have always been amazed by what "real hackers" could do to compromise a system. By far the number one reason why I am now working in this field is the ingenuity of other people. I admire how people could think outside the box and come up with these ways of hacking systems.

So for me, it was just plain curiosity until I allowed myself to start studying.

And now, my goal is to find a clever idea to! 

http://www.computerworld.com/s/article/9175936/1.5M_stolen_Facebook_IDs_up_for_sale

Question: How can an hacker sell stolen information like that without getting cut?

I just get amazed that someone can say: "Hey, I have hacked into a system, stole 700 000 accounts and they are all for sale" and not get cut. So how can they sell this kind of information without getting cut?

I know they can:

• Use a "mule"
• Play online poker games and "lose" to a friend
• Get cash money
• ?!?

To add to what j0rDy mentioned, your system could also get compromised by surfing to malicious web sites (cross-site scripting).

I think everyone goes through something similar after spending about 10 years working in a field. I when through this last year after a decade as a web application developer (that's why I am moving toward security now!).

By reading his post, it is obvious that he knows what he is talking about, but only in his field. Like mentioned above, he could maybe learn about webapps security and get interesting challenges this way.

Also, he mentioned that all he has to do is install and configure tools. He may have forgotten how long it took him to learn about all attack vectors, protocols, security tools, etc. So it is still a difficult job, he is just used to it.

They were faster than Adobe and Microsoft recently...

I like Sun too!!!

Interesting...

I have been using javaws on one of my server, but it's Solaris 10!

But internally, we do have it installed on many WinXP workstations...
Thanks Anquilas!

Thanks everyone for the feedback and sorry for replying so late, I had a rather touch weekend...

I will definitively keep my fingers out of this box. I have already told my boss in person and in an email. He forwarded is concerned to the sysadmin boss and we are getting a new server next week.

I am still a rookie security analyst, so your advice were very welcomed!