Sorry I was on vacation, but thanks for the great replies.  I'm thinking I will start with 1and1, and maybe eventually move to a VPS.

Like the title says.  I would like to start a blog, but I was wondering what is the preferred host of fellow EH'ers?

If it makes a difference, I'm not looking to break the bank and I live in the US.

Added those to my bookmarks, thanks!

Pretty interesting R3B005t, thanks for sharing.  On the second page of the article (looks like you got cut off), Juniper and Sonicwall have options which are disabled by default, but protect against this. 

I think the article is a little bit of FUD mixed with a side of mis-configurations.  But, I wouldn't be surprised to hear some of the other admins in my office say: "See, I told you companyA and companyB suck!".  Where I don't really feel it should turn into finger pointing, but an nudge to go through those firewall configs and a thorough check for possible breaches if your firewall is vulnerable/mis-configured. 

Your best bet would be to turn the information over to the proper authorities.  Unfortunately, they may not be able to help you, but that is the correct approach.  Not to mention, the legality and ethics of counter-hacking is questionable. 

A friendly suggestion, it might also be a good idea to evaluate your companies procedures to prevent this sort of thing from happening in the future.  I know it sucks to be ripped off, but you could take something positive from the situation. 

Very nice write-up sil.  I've been following your Cyberwarfare writes, and have to say, I've enjoyed them all.

Stuck on the PDF... still... trying to BF it, but can't figure out what I'm missing.

skitch, in your post you are talking about a Junior Pentest role, but have you considered also looking internships?  An internship, still counts as experience, and could serve as some decent experience for you.  Maybe this anecdote will help clairify: at my current employer, I have seen 3 interns get promoted into full-time positions in the last year.  These persons came into the company as recently graduated interns, proved they know a thing or two, and in return were offered permanent positions (not pentesters, but other tech roles).  Now, lets get one thing straigt, I'm NOT saying intership=job, but I am saying, it could help you get a foot in the door which could result in a job.

Me personally, I have been working as the corporate IT / help desk person at said company for about a year.  I manage the VOIP, user workstations, windows servers, and parts of the corp network.  For the most part, I can do my job in my sleep.  But, I'm working on building my skills and knowledge in my off-time (no one said I can't read an article or two while watching progress bars right) .  A couple of the admins will ask me questions, for example: the other day one of the guys was asking me if they should be using RSA or DSA for SSH signing.  

Point of this, if you read the link from sil, he talks about his back ground and how he got into security.  From the sounds of it, sil didn't start out as the security guru he is.  H1t M0nk3y has recently started to transition into security (from being a developer if memory serves (see H1t, I read your posts)).  So, it won't hurt trying to get a pentesting gig, but it might also be a good idea to look for something else (developer, sys admin, etc).  What is the worst thing that could happen when applying for a job?  But, it isn't a bad idea to have a "plan B".

When I saw the screenshots and realized I don't have to go turnoff the transparent menus I was like 

This an awesome challenge, and I appreciate the challenge.  But, I'm stuck on the PDF (probably overlooked something).

Two pennies incoming....

I think practicing what you want to say to management could go a long way in this situation.  Practicing while commuting to work (good) or in front of a mirror (best), will help you remain focused and calm while saying what you need to say.  And remember, say what you are going to say, talking points, say what you said.

I have learned the hard way that not being prepared for a conversation that pertains to money (raises, equipment, etc), can go horribly wrong and usually results in less than desirable results (no raise, no new toys).

Edited for clarity

You are absolutely correct.  And, yes, 3 for 1 is way better!  I was super tired when I read that and got really excited excited!

Here is a link for the info on Comptia's site: http://www.comptia.org/certifications/listed/linux.aspx

And here is the info on Novell: http://www.novell.com/training/certinfo/cla/

From what I understand, you take Linux+ (which is the same as LPIC-1), and you get both certs.  Then you apply for NCLA, at no additional cost.

I have to say, I love EH and everyone who helps make this site what it is!  I was just wondering, what/if any Linux certs would look best on a resume for my current/potential employer.  Low and behold, I find this post that lets me know I can get 2 for the price of 1!  Since, I'm paying for my furthering education, training, and "DIY Career in EH", anywhere I can cut costs is a god send.

I wonder if Susan Collins and the HSGAC have heard of the Bill of Rights or the Constitution; just wondering.

Congrats!


Yes, please share.  It is always nice to hear what worked for other people.