I'm a little late to the game but finally setup my GrrCon travel a couple of weeks ago.  Anyone want to try to and plan an informal EH.net meet and greet at the @night event?

BH/defcon

I'll be out there from 24th-29th and am willing to pickup my share of a bar tab for anyone wanting to get together.

So what's the story guys?  Anyone trying to do an EthicalHacker network meetup at some point?

I bought this for myself as an early Xmas present.  Pretty happy with it so far in regards to being functional and portable.  I can sync it with my ipad or my droid phone.  Makes it a lot easier to use either one as a ssh platform into the actual testing server.

http://www.amazon.com/Verbatim-97537-Wireless-Bluetooth-Keyboard/dp/B004L9LT2E

For most activities involved in general pen testing a tablet or smartphone would be my last choice of platform.  Yes, some folks have done full BT installs on them but that is more for amusement than anything else.  Just not enough horsepower to do it directly from the mobile device.  That being said, I use an ipad in the field to do some quick remote access into a server I use for pen testing.  iSSH into the box to fire of nmap scans, msfcli, etc.  That's cheating as the tablet isn't really doing any of the testing, just giving me quick access to the box that is.  Some of the droid platforms can be used to do some wireless testing, but you're obviously going to be limited by antennas, injection capabilities, etc.  You're also not going to be doing much WEP or WPA cracking on the mobile, but you might be able to pass it off to another system for the actual cracking.  You can also find apps like droidsheep and others that are fun to play with, but still, more fun than functional. 

I doubt the US would pull the trigger on a full blown cyber war except for very specialty, tactical operations.  Even then they'd go out of their way to prevent escalating with an entity like China that has a fully operational cyber warfare capability.  Remember, the US is in an awkward position.  We have possibly (probably) the most powerful cyber weapon platforms in the world, but we are also, by far, the most susceptible to cyber attacks.  China would be thrilled to go toe-to-toe with us in a cyber war because at the end of the day the majority of their population can still walk out the front door and farm.  The US is the exact opposite. If a cyber strike took out power, supply chains, etc then the majority of our population would die of starvation in a week.  It is asymmetric warfare in spades.

Think about it in regards to what the certs actually mean.  The GCFA and others like it are meant to show that you're very familiar with the process of forensics and generally familiar with a variety of tools.  The EnCE and others like it are meant to show that you're very familiar with one tool and generally familiar with the overall process of forensics. 

If you're focusing on traditional forensics and face a lot of time on the witness stand, a tool based cert (eg. EnCE) will go far since the opposing lawyers will spend a lot of effort trying to find weaknesses in the various tools and processes you use as well as your experience with each.  If you have a cert in a well known, vetted product like EnCase and you follow your checklists to the letter it is hard to get yourself in trouble and hard for them to portray you as being unskilled/unfamiliar with your tools.

If you're focusing on non-traditional forensics (more incident response focused and less litigation focused) then the general certs will probably go farther as they suggest that your skillset is broad versus deep. (familiar with a lot of tools and platforms rather than being an expert witness in one specific tool)  You can also specialize with additional certs like the GREM for malware, network forensics, etc.  Please note that I'm implying that much of this is about appearances.  I know folks that are skilled in both areas, but many people will eventually choose to favor one path over the other.

All the above info is dandy but I'd recommend stepping back for second and taking time to get the big picture.  As soon as you can find out what your new organization's regulatory picture looks like.  All of the above comments focus on technical points and doing security for the sake of security.  The dirty little secret of most organizations is they do security for the sake of auditors and regulators.  Find out if your security team mates have already put together a requirements document showing what you're legally required to monitor and start with that before you start doing anything else.  Keep yourself and your company out of legal/regulatory trouble first, then go after all of the other (probably very important) stuff next.  If a requirements document like this doesn't exist yet find out if you can talk to your internal audit/compliance folks to see if they have anything on hand to help out.  The side benefit to taking this approach is that you can use it to justify budget for stuff you need to do more robust monitoring as management will react much differently to "we need to do this to be PCI/FFIEC/GLBA/[xyz] compliant" rather than "ZOMG haxxors are everywhere!".  Treat your work as being focused on keeping the company out of the regulatory penalty-box and you'll be amazed how much more support and $ you can get.

The only really significant problem we run into with the "outside" APs is proving that they are "outside".  If you're looking for rogue access points it can get really difficult to figure out what might actually be on the client network and what is actually sitting at the law firm the floor above or the hedge fund the floor below.  The secondary risk for finding open access points outside of the client network is that employees might connect to it so that they can visit internet sites that are blocked by the corporate network.  They can get infected and then reconnect to the corporate network and cause a breach. 

See them all the time.  If we're doing a wireless assessment and the client is in a dense area (tall building, office park, etc) we'll find at least half a dozen WEP APs from various other companies that share the facility.  Heaven help you if the client's building is downtown near apartments.  Not only do you have to bust out the directionals in order to make sure those APs are not inside the client's area, you also need to explain to them why the raw outputs you include in your work papers show AP names like "I [blanked] your sister" and "I have a giraffe [male genitalia]". 

I'll make this one brief and you can reach out to me for details if you want more info.  I just changed consulting firms and the one I moved to does not currently have a forensic practice.  I have gotten a full business plan approved to rectify this regrettable situation.  I've got budget for a new lab, training, new hires, etc.  The only catch for the moment is that I need to get the lab and other infrastructure up and running first before I start hiring nationally.  For various reasons I'm putting the lab in the Chicago area.  I'm looking for a relatively senior forensic resource (or two) to help me get everything together, and we'll probably be hiring en masse next year.  If you are a forensicator in the Chicago area please reach out to me and lets chat.

conch,
   Being new has nothing to do with the validity of your points.  You just happened to match the profile of a common tactic on a variety of forums.  When one of the interested parties wants to influence the conversation they create a new profile for the sake of posting comments.  It has become so common that it is assumed to be the case until shown otherwise.  If you're a new participant on EH.net and are in for the long hall then welcome.  If not, well, so be it.

infoseci,
   My prior comment wasn't meant to suggest that we go on a snipe hunt, just pointing out to folks on both sides of the issue that it is fairly easy to spot someone that is coming on to the forum for the sole reason of trying to influence this conversation.  I think some of the prior posts have accurately reflect the mood regarding the idea of exposing someone, though.
   As for your latest blog posting, my personal opinion is that it appears that both sides are sorting through this and the process should run its course.  In general many folks in the community were upset because we saw no movement at all.  That seems to have been fixed.  However, folks need to calm down a bit at this point.  You can't expect this flip to the other extreme so that you can watch every step.  A lot of this will be confidential (I'm sure lawyers from both sides are having their say about what goes public and what doesn't) and we have no right to expect to be cc'ed on every email.  Everyone go have a frosty adult beverage of your choice and chill out for a bit.

Bill, I don't know how much time I'll have to spare but I can take a look.  Hit me up on my personal.