Agree with ChrisG.

Practice tests are a good guide to focus on exam test areas, but U need to read/research further and find answers. That way u will gain lot of knowledge and pass the exam too

Never solely depend on the answers given by them.

I can remember when I was studying for CEH that one of the CEH documents said that Netstumbler doesnt support 11g. It was probably talking about a earlier version of Netstumbler .

So could this question be a practice test question coming form this era ?

Hi

Since Firefox has been in the news in few different posts, I am posting some extensions which have been used for a long time by me.  These are not hacker related extensions but useful for a safe browsing while taking the best out of FF. Somebody new to FF may find it useful.

If you are looking for hacker related extensions see the threads http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1155.0/ or http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1139.0/

Adblock Plus  (https://addons.mozilla.org/firefox/1865/)
Very useful  extension to block ad sites. U can customize this to allow ads from certain sites (white list).  Adblock Filterset.G Updater (https://addons.mozilla.org/firefox/1136/) is a companion to adblock plus but the folks at the adblock plus specifically tells not to use this extension as a companion to adblock plus as this may considerably slow down your browser. 

All-in-one Side Bar (https://addons.mozilla.org/firefox/1027/ )
Great tool to consolidate all the small tool windows in to a side bar. If u are a Opera fan you would love it. This tool simulates what opera does.  Lot of customization possible

Faster Fox  (https://addons.mozilla.org/firefox/1269/)
Tweaks some FF parameters to render/download pages fast.  U can do it manually in the config file, but you need to know the parameters you are looking at.

IE Tabs (https://addons.mozilla.org/firefox/1419/)
A must have for even Firefox die hards. Invariably u will come across sites which do not render properly in Firefox. With one click u can open a IE session on a FF tab. Also useful if u develop web pages.  Pages can be tested on both FF and IE with a click.

McAfee Site Advisor  ( http://www.siteadvisor.com/)
A useful tool if u enjoy downloading stuff. Once u install this every time u do a search from a search engine like yahoo or Google, it will add a icon to tell u whether the site is safe. Click on the icon and it will give more details of the site.

No Script (https://addons.mozilla.org/firefox/722/)
Disables JavaScript, Java and other executable content being executed automatically.  U can allow scripts only from websites you know to be safe.

Paste and Go (https://addons.mozilla.org/firefox/3035/)
Another dearly loved feature of Opera brought on to the FF platform. Paste and Go  lets you Paste Text and Load/Search It Immediately.  Search text box gives the additional option of “paste and search” and the URL box give the additional option “paste and go”

PDF Download (https://addons.mozilla.org/firefox/636/)
Extremely useful feature to stop the browser opening pdf file with the adobe plug-in. U control what u want to do when u click on a PDF link. Also I would advise u to try the free foxit pdf reader (http://www.foxitsoftware.com/) it is a single exe which loads incredibly fast. Rendering is not as good as Acrobat Reader but if u want to glace through a PDF and u want to load it quickly, this is the best.

Scrapbook (https://addons.mozilla.org/firefox/427/)
Save pages/websites and create collections on the hard disk. U can even add notes and delete sections u of pages u don’t need.

Tab Mix Plus (https://addons.mozilla.org/firefox/1122/)
Gives added functionality to the tabs.  Also includes a session manager.  FF 2 has a built in session manager but I have disabled it and still stuck to this.

CookieSwap (https://addons.mozilla.org/firefox/3255/)
Provides ability to maintains multiple profiles. Useful if u have multiple email account with the same site like Gmail or yahoo. Main drawback is the profile swap changes is browser wide NOT tab wide. This would be a great tool if it was possible to maintain different profiles in different tabs.

ImgLikeOpera (https://addons.mozilla.org/firefox/1672/)
As the name implies, another great Opera feature brought on to Firefox. But unfortunately this seems be broken after FF 2.

flashgot plugin is actually a sort of a download manager. It will not rip flash files.

I don't think there is a FF extension to do this.

Hi CadillacGolfer

What a timely discussion. One of our guys is just starting to test our apps in a local adminless enviorenment. Management is not going to be a issue for me. But the problem is going to be applications and users.

So why dont you share some problems you faced and how you got around  them.

Regrads
Skel

HI plik

I would recomend u to download the windows version of OCS and install it on a PC and  try the agent on few test PCs. Installation takes only few clicks and u are up and running.

They have agents for following. (from their site)   
    *  Microsoft Windows 95/98/Me/NT4/2000/XP/2003,
    * Linux,
    * *BSD,
    * Mac OS X,
    * Sun Solaris,
    * IBM AIX
    * HP-UX.

I tried the agent on 4 XP PCs and I didn't have a issue with those. But for me anything was a improvement as currently we don't have any way of inventorying PCs. As with GLPI my only experience is their demo site.

My plan is to get one department on the OCS server and run it for few weeks and if satisfied role it out to others. Once I role it out to a department and if I find any issues will post them here. But it will take some time for me. My only worry is the excessive disk access of the agent.

You can also check the discussion forums http://sourceforge.net/forum/forum.php?forum_id=196389 for issues raised by others.

If you find any issues please let me know too.

regards

Hi RichM

Thanks for the information on spice works. Recently I read through few Free IT inventory and management software and finally decided to give a go at OCS inventory NG (http://ocsinventory.sourceforge.net/) which is a open source software.

I installed the server component on my Win XP PC in 5 minutes and it was up and running.

Then you need to install the client agent on each PC which runs as a service. You can install the agent remotely if u are on a directory service. The outcome was very impressive.

The agent updates the server at pre scheduled time intervals. The info collected by agent is stored in both the PC and the server. The advantage of this is even if your server crashes, u can re install the server from scratch. And the next time the agents connects to the server it will re-populate the database with all the info from the local file. So no information is lost. This is specially useful if you decide to use a old obsolete PC without any support or redundancy for the server 

This software does inventory but custom reporting and such additional facilities are minimum. But there is another Open source software built on OCS inventory called GLPI (http://www.glpi-project.org/spip.php?lang=en) which uses the data collected from the OCS and facilitates complete asset management. I haven't installed this product yet for reasons I will explain later. GLPI has a compete demo site at http://www.glpi-project.org/spip.php?article47 for you see the power of it.

IMO These two Open Source applications together will compete with any thousand dollar IT asset management application without any problem.

I was so impressed with the results I decided to put at least OCS inventory on live environment. For this I tried to install the server on a CENTOS ( http://www.centos.org/ ) This is a free alternative to Red Hat Enterprise Linux server. And I tried... and I tried... and I tried ... for almost 2 days.

The difference between the Linux version and the Windows version is that the windows version bundles MySQL, Apache Web server, and all related apps (incliding the XAMPP contol pannel) in to one installer and everything gets installed initially. But with Linux version only the app binaries are included. It requires MySQL, Apache and lot of other packages to be installed before installing the application. As a Linux newbie I just couldn't get though this phase. So temporarily stopped the project untill I get some free time again. This is obvioulsy why I dint get to trying out GLPI.

But if things fail, I will just install the windows version and try to install Linux version leisurely. (becuase I will not not loose the collected data by replacing the server)

To summerise

Pros
1. Almost all the info u need on a PC is collected and well presented
2. Web interface for view and admin
3. Agent communicates with the server on port 80. So its easy on the firewalls
4. OCS includes package deployment feature on client computers
5. Unlike Spiceworks, the applications does not not need connection to the internet so there is no risk of any information leaking to the software vendor or any other person. 

Cons
1. Both french based products. So english help is limited
2. The agent updates the "seconds remianing for next update" in local ini file every second (cant see any reason for this). So this could be a issue on old PCs though I didn't feel a performance issue with the few PCs I tested. The documentation states this will be corrected and the ini file update frequency will be configarable in the next agent release.

Please set me know your comments if you have already have tried this or if you try this.
 
Regards

Hi

Thanks for the guys who commented and voted on the poll. The reason why I did post this was my own experience which shocked me.

I didnt think that you could get through a exam using just brain dumps. But few weeks ago I was toled by one of my colleges that two checkpoint certification vouchers he had was expiring next day and he didn't want to use it. I didn't like to go 300 bucks wasted so I registered myself with one voucher and scheduled the exam for the next day. 

I had work with Checkpoint 4.1  until about 1 year ago but as my duties changed I dint have time to play with it after that. I am also certified CCSE 2000. We also upgraded this firewall to NGX but didn't have time to get involved in the implementation. So my knowledge of NGX was not very high. 

With my office/home  work I had only about 2 hours to spare, So I got a brain dump and read it once. I didn't expect to get through the exam but I thought I will at least get a taste of the questions.

I sat for the exam and got though it with a big margin. I just couldn't believe it. If I had prepared for this exam, I would have taken at least 1 month to go though all the documentation.

So thats my story.

And Don was right on target. The voucher was money going to waste anyway. So I dint run any risk even if I had failed. If it was my money, I would have never taken this risk. Now I will have my go at the CCSE in NGX and you can be assured that I will spent at least one month in preparation.

Its a totally new ball game when you are spending your own money . 
 

Hi

I did post a comment on FF2 on the discussion http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,751.0/

As a addendum to that post I did install FF2 on my laptop few weeks ago.

Compared to 1.5.x there is basically nothing new in FF2 expect the built in Spell checker. I had the same facilities with FF 1.5 and few plug ins. But now I can spell check my posts to this forum 

The only thing which FF2 did to me was it broke some of the plug ins which I was depending upon. But they should be fixed by now.

In IMO FF2 is really a face lift to FF1.5.x  But on the other hand there is no reason why u shouldn't upgrade either.

You dont know much about the subject area. You dont have time or you re too lazy to read the books and documentation. U have only one day  for the exam. So you get a braindump like testking or actual test and read the questions and sit for the certification exam.

Do you think u can get through ?

I have been using Kerio for the past few years and installed Comodo just few minutes ago after seeing this post.

It certainly looks very promising

Agree with Kev about how dependable an  anonymous blog is. But this thread has raised some interesting questions and proper answers have not been forthcoming. ( I agree that the Staff of the EC Council cannot be replying to every blog entry)

Looks to me like EC Council has its own dark corners and has not come clean out of them.

Eg : While the reply by Jay Bavisi states that

See the following press release - last Para http://www.eccouncil.org/pressroom/ecc-gk-press-release.htm


This blog also talks about the quality of the official text and I commented on this copy-paste style text book on a previous post just after completing my exam. http://www.ethicalhacker.net/component/option,com_smf/Itemid,49/topic,702.0/
Even before seeing this blog I felt this text books  were far  below the standard expected by a professional body.

My two cents on the topics is , A professional body which promotes ethics has practice ethical standards above all. It seems that EC Council has not done that.

Since there is worldwide recognition of EC Council now, they should cleanup the act at least now

Thanks Don

Its nice to feel appreciated.

Regards

Skel

OOOps

I just realized I received my certificate in 2 1/2 months. WOW !!!!!!!   

and I sent my first letter to EC Council after 6 weeks - not 8 weeks

Regards

Hi guys

This is a membership update on my certificate. Hope it will be useful for any guy who is waiting for the pack.

I passed my exam on 16th Sept and received the certificate on 2nd Dec. About 3 1/2 months after. But this was no piece of cake.

I sent a mail to EC council right after 8 weeks of passing the exams and the reply was quick. The lady assigned asked for my passing details and about 8 mails passed between me and the ECC.

Think they only got activated after my first mail but they actually got around posting it after about 3 or 4 mails from me.

So my advise to anybody is to fire up a mail as soon as 8 weeks pass and request for the status. They will quickly reply to your mail requesting certain information. With this mail you will have a name to talk to. (The first mail was to the general email address in the ECC web site). Then keep sending a mail about once a 7-10 days requesting updated status of the certificate mailing process. After few mails up and down, the shipping department will send you a confirmation confirming the DHL tracking number. Then you know the document is actually on the way. 

My certificate arrived just 3 days after this confirmation.

The document was a docket containing a
1. Welcome letter form EC council
2. The certificate
3. A fairly large windshield sticker which says "Certified Ethical Hacker" - I am sure people will move out let me pass in a traffic situation now
4. A visiting card size CD with bootable Linux which says CEH membership card.

I know some members have waited much longer than 3 1/2 months to receive this document. So I am happy to receive it within this time. Also I have to say the person who contacted me was quite prompt in replying to mail. So, despite the time it took to get the pack, I am quite happy at the way they handled my issue.

Good luck to all