Hi Isabell,

It is more than likely your driver which is not properly supported by Ubuntu. I know as I had the same issue with my netbook which uses a realtek wireless card.

Go this link for help and more info on how to resolve the issue specific to your model: https://wiki.ubuntu.com/HardwareSupport/Machines/Netbooks

Hope it resolves your problem.

C

I have read the post and its comments with much interest.

BillV is correct you need a blueprint before embarking on a 'project' involving more than one person. It is the foundation of any good 'team' and that is what was intended… or am I missing the fact that this was a post to propose a team of sorts? How else would you get everyone on the same page and facing the same direction so to speak? The old saying, 'Failing to plan is planning to fail' rings true and I have personally seen it in many projects IT and other that I have been involved in.

I commend the OP on his passion for the subject but believe he should take heed of some good advice and not take comments so personally. It was a good idea... so let’s hear your plan? I doubt anyone wanted a dissertation and presentation just some bullet points of what your goals, objectives and strategy was and how you saw this coming together.

http://www.cnn.com/2009/TECH/12/21/cyber.challenge.hackers/index.html

I was wondering if any of the EH.Net elite took part in this?

GoDaddy have what they call a (Unified Communications Certificate) UCC certificate which they claim can be used to:
 *  Secure up to 100 domain names on one certificate.
 * Save money because the cost of one Multiple Domain Certificate, with additional domain names, is less than the cost of individual certificates for each unique domain name.
 * Compatible with Microsoft Exchange Server 2007 and Microsoft Communications Server.
 * Simplifies the process of managing multiple certificates with varying expiration dates.

Check them out here: http://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979

Thank you for the advice.

Much appreciated!

Hi All,

I need some advice please.

I have conducted a vulnerability assessment on a client's external network and have discovered an open VNC port (both client and web) which one can conect to from any IP on the Internet.

I know that the vulnerability related to VNC is that you can sniff the credentials as they are by default sent in open text (the client is not tunnelling this through SSH).

As far as I know, to sniff the password you would need to either have access to a router between two connections or else interpose yourself in a 'man-in -the-middle'. You would also be able to sniff the traffic if you were plugged into a hub (or switch with promiscuity set accordingly) with either of the end points.

Taking these scenarios into account it would be a highly unlikely that the password could be sniffed if these vectors were suitably protected. Am I missing something here which makes the risk of password sniffing very likely of occuring?

The client does not need to comply to SOX so I cannot use that as leverage in getting him to close this down. I can only plead to his common sense.

Any advice or insight would be much appreciated.

Thanks

Chris

Hi All,

From SANS:

We are aware of a new 0-day exploit that was posted on Milw0rm today.
According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module.
Also according it, it affects IIS 6.0 with stack cookie protection.
The latest on this is that HDMoore is porting it to the MetaSploit framework.
We will update this diary with more info as we get it.

From US-CERT:

Microsoft Internet Information Services (IIS) FTP Service Vulnerability
added August 31, 2009 at 04:27 pm

Microsoft Internet Information Services (IIS) FTP Service Vulnerability

US-CERT is aware of a public report of a vulnerability affecting the Microsoft Internet Information Services (IIS) FTP service. This vulnerability may allow a remote attacker to execute arbitrary code.

US-CERT encourages administrators to disable anonymous write access to the FTP server to help mitigate the vulnerability, although a proper impact analysis should be performed prior to taking defensive measures.
 
US-CERT will provide additional information as it becomes available.

Thanks Don 

A really great site to pass some time on and get other perspectives on the topics.

Chris

I personally have a love / hate relationship with ISA.

I am particularly not fond of web-publishing rules but once they are up they are up.

I agree that it is expensive but post ISA 2006 SP1 MS now supports it on a virtual platform. I have recently successfully deployed a L2TP IPSec VPN between two ISA VM's running on Hyper-V... yes you guessed it they are are VERY big MS Shop.

Hope this helps your contact and I hope I have not posted too late.

Regards

Chris

PS. Here is a pretty good whitepaper on the Virtualisation of ISA and how to secure the host environment it is running on: http://technet.microsoft.com/en-us/library/cc891502.aspx

Hi All,

I can also recommend VMWare as the standard.

I am however a little less repulsed with Virtual PC Beta which is now imbeded in the new Windows 7 after a windows update  . It finally has USB support but the integration feature is still a little buggy.

I am also a big user of Sun's Virtualbox which does pretty much all I need for a desktop and I would rank it above VPC but below VMWare.

C

No it has a very slooow 160GB drive... definitely not SSD but in theory an SSD should be quicker that's assuming MSFT have put the correct drivers in the OS

Install Windows 7 RC... it is after all Vista (release 2) and runs better than Vista SP1 and SP2. No more networking issues when moving between networks in sleep / hibernate mode is my favourite feature.

I am even running it on a low performance netbook and it works better than the ubuntu 9.04 netbook remix.

Hi All,

Received this in my mail this morning... some good news for the CEH's out there.


EC-Council Courseware certified to have met the CNSS Standards by the United States National Security Agency (NSA) and the Committee on National Security Systems (CNSS)
 
 
 
Seattle, WA, June 5, 2009 - EC-Council, the world's leading e-business and information security certification body, was honored at the 13th Colloquium for Information Systems Security Education (CISSE) by the United States National Security Agency (NSA) and the Committee on National Security Systems (CNSS) when its Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI), Disaster Recovery Professional (E|DRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (L|PT) courseware was certified to have met the 4012 (Senior System Managers), 4013A (System Administrators), 4014 (Information Systems Security Officers), 4015 (Systems Certifiers) and 4016 (Information Security Risk Analyst) training standards for information security professionals in the federal government. The CNSS is a federal government entity under the U.S. Department of Defense that provides procedures and guidance for the protection of national security systems. Dave Garza, Vice President of EC-Council| Press; Steve Helba, Executive Editor of EC-Council| Press; and Eric Coffin, Senior Marketing Manager of EC-Council| Press were present at the Colloquium to receive the awards on behalf of EC-Council President, Jay Bavisi.
 
Candidates who complete the EC-Council Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI), Disaster Recovery Professional (E|DRP), Certified Security Analyst (E|CSA) or Licensed Penetration Tester (L|PT) certification will receive the respective CNSS credential as part of the training. This will be indicated in all new certifications earned for these programs.

Being certified, EC-Council has joined the ranks of prestigious institutes and organizations such as the United States Air Force Academy, US Military Academy, Naval Postgraduate School, John Hopkins University, Boston University, Cisco, and Microsoft, amongst others, that have met the CNSS training standards. Said EC-Council's President, Jay Bavisi, "We are proud to be the recipient of these certifications and join other world class institutes and organizations that have met the CNSS training standards. This is in keeping with our mission of delivering high quality education solutions and certifications across the Information Security spectrum globally."
 
For more information on EC-Council Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI), Disaster Recovery Professional (E|DRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (L|PT) certification, please visit http://www.eccouncil.org/certification.htm


EC-Council
Dawne Chin
Marketing Manager
dawne@eccouncil.org[/b][/b][/b]

   

Hi All,

Another site dealing with security has been launched... go check out http://www.securitytube.net

I received this link via a Group Membership from Google Groups... the little blurb that came with it says the following,

"a community driven videos website for
computer networking and security related fields. Though there are many
video sharing websites available online, SecurityTube.Net is strictly
focussed on hosting computer networking and security videos only."

I have not really gone through all the content but it seems pretty decent with some interesting stuff for those trying to get to grips with some the terms and technologies.

Regards

Chris

Absolutely recommend this to everyone... the first one was great and I have used it to test the use of default passwords on a domain I was pen-testing