Good going!  I hope you enjoy the course.

I also agree with BillV and vijay2 the actual exam is a bit more challenging then the practice.

I'll caveat this answer saying that web app security is not my expertise but...if your running your own web app that you are trying to ban people from (i.e. a forum) then you can keep "non-techie" people out by using a cookie or a token of some sort that indicates a ban status.  Obviously since this would have to be stored on their PC they could get rid of the token and be back in business but you might keep out some people that way.

Aha, in that case you are looking at a long list LOL!  Here are a few off the top of my head.
- Insecure passwords
- Forgetting or delaying security patching
- Installing VNC/LogMeIn/GoToMyPC for convenient remote access
- Using a domain admin account for routine access (this is especially bad when combined with local caching of passwords)
- Giving users local administrator rights on PC's
- Not using an anti-virus or not updating anti-virus

I hope these help.

So far I have taken two GIAC exams.  On both exams I scored within 2%-5% of what I had previously scored on the practice exams.  The practice exams cover all of the same material as the real exams and they have a similar structure.  I never ran into any questions that were EXACTLY the same from the practice tests but quite a few looked very familiar.  I thought the practice tests were well worth the money.  Of course getting the two freebies with a challenge is just great!  I hope that answers your questions and good luck!

Sweet!  Congrats Chris!  I hope everything goes well for you.

I've got one possible suggestion for you.  With your clearance and experience it would be fairly easy to pick up a overseas military contracting job.  That market has cooled off a little but there is still a lot of work out there.  It's a little tough for someone with a family but if your hard up for money it's a good option.  If you can put up with being away from your family for six months or a year you can make a lot of money and possibly even get IT experience at the same time.  Iraq and Afghanistan are the obvious choices but even working for oil companies in Africa is really good money.  I don't know if this is something you would be interested in but I thought I would throw out the suggestion.  Welcome to EH-Net and Good Luck!

I agree with shednik it's probably not worth your time to try and recover from the virus.  Just reinstall and get your anti-virus put on a CD so you can install it before connecting to the Internet.

It sound interesting to me.  I am setting the DVR right now.  Thanks Don!

I really enjoy this one Incident Response and Computer Forensics, Second Edition.  I am rereading it right now to prepare for GCFA.  Another "Hacking" book I love reading is Nightwork: A History of Hacks and Pranks at MIT.  Nightwork isn't technical at all but it has some great stories.  If anyone is interested you can read about a lot of the hacks here.

We've been running Pointsec Media Encryption and so far we haven't had any problems with our solid state usb drives.

I totally support Don's very complete and eloquent answer but here is a short and sweet one.  Try this link it lists every tool a beginning hacker will need.  Fyodor rocks!

http://sectools.org/

P.S. CEH covers a lot more then this but these are the best.

I agree with Apollo an IDS rule that triggers on posts would be the easiest and cheapest method.  You might also want to combine that with a string search based on your company name and variations.  That should give you a lot less false positives.

Wow!  I agree with you NickFnord that's kinda crappy of Microsoft to possibly be targeting a single format.  And to be aggressive enough to affect even files stored on share drives is a bit over the top.  I am definitely going to have to play around with this little "feature".

I just wanted to also add that while I don't really like the EC-Council's new continuing education system that you have to use to keep your CEH up to date it really isn't any worse then the CISSP.  I just wish EC-Council would make all their requirements exactly like ISC2 so I don't have to worry about if this education qualifies for CISSP but not CEH and then trying to make up the difference.  That is kinda a pain but the EC-Council's requirements for upkeep of their certifications are quite fair.