Well I don't know about that.  I mean, if he *is* a h4x0r, he *might* come to my house, what with those m4d rm -rf ski11z and all!

That scares the living crap out of me.  I can't imagine the increase in attack traffic if the legal deterrent disappears.  We all become practice targets for the "ethical" hackers.  If your intentions were maliscious?  Just *say* you were ethically hacking, trying to be a good netizen.

That and kiss your IDP systems goodbye, or be prepared to hire a dozen full-timers to wade through the increased traffic.

Yeah... yuck.  Much yuck.

deltree is a windows command, rm is a linux/unix command.  Lack of basic file manipulation command knowledge says you're out of your league.  And just because you can pass an exam doesn't necessarily mean you're qualified.  I mean, you admittedly executed a command you have *no* knowledge about... that's a huge no-no, even just in every-day computing.  That's how viruses start propagating, and rootkis get installed. 

I'm sorry, I don't want to be harsh, but I wouldn't plan on holding this job of yours for too long.  Doing something like this is going to show pretty blatant incompetence, and I'd bet a paycheck or two that your boss is going to quickly realize that you're not the best qualified candidate they interviewed.

Again, sorry to be so harsh, but reality is what it is.

Not to rehash anything that anyone has said, but I don't know if it's clearly been stated, but the command rm -rf / *will* attempt to erase every file on the server, without confirmation.

If you had the privlege to run the "rm" command, and it took, then chances are pretty high that you completely toasted their server.

And not to sound like a jerk, but if you're running around on servers (that you don't own or manage) executing commands you don't know about at will, you should probably take a step back from a penetration specialist role and get some more basic experience under your belt.

There's new exploit code floating around for what appears to be an unpublished zero-day for MS Works.  Looks like it just crashes Works, the code is pretty simple.

Code is available at milworm or packerstorm.

To add on to what apollo said...

Bonjour is Apple's version of UPnP for the network.  iTunes uses, as does iChat (which is nice if you're on a large LAN, you can see who else is on, without having to add people to a "buddy" list).  Other application use it as well, like subethaedit, which gives users a collaborative document writing, coding platform, and you can see live edits and such.

There's even a windows bonjour client, so you can see printers hanging off a Mac, and so forth.

`sploit code has been posted to milw0rm.

Also, SANS ISC has a matrix showing more and more `sploiting going on for the latest round of patches... including 021, 022, 023, and 025.  Info here: http://isc.sans.org/diary.html?storyid=4264

I recently snagged a cool domain name, stormthe.net.  I wanted to do something computer security related with it, but didn't know exactly what.

Last week, however, I found myself trying to scour up web sites that i hadn't visited for a while, from bookmarks across several computers, and having to search for some completely from scratch.

So, I was thinking about a portal of links, sorted by categories, such as Tools, Advisories, Blogs, Exploit Code, News, etc...

User submitted content, ranked links, etc...

Wondering if people would be interested in such a thing before I started writing code.  Please, let me know your thoughts.  Thanks!

I didn't know it was a competition.  In a manner of speaking, you're comparing apples to oranges.  The Air is an ultra-portable, where the XPS is, well, not.  My main criteria for a laptop at this point is compact and lightweight, with sufficient performance to do work related tasks; which the Air definitely meets.

On top of that, the XPS comes with Windows.  Yuck!

I'd manually try the obvious things first; password, document, 12345, qwerty, etc.

Failing that, you'll probably have to look at a commercial brute forcer.

I think Don's gone in and modified his post count, what with being 20% of that 10,000 posts and all. 

(Congrats on the milestone!)

The SANS ISC reports that PoC code for the MS08-023 vulnerability has been posted publicly (although, I've yet to find it).

Also, just checked the milw0rm and packerstorm exploit code databases, and it doesn't appear that this code has reached full disclosure... yet.

Update: The Full Disclosure list also has nothing at this point.

It doesn't appear succesful, yet, but give it time.


Read more:  http://www.symantec.com/security_response/threatcon/index.jsp

I totally think so.  I'd be more worried with a Macbook (plastic enclosure) as opposed to the aluminum enclosure of the Air.  Despite it's small footprint and light-weightedness, I don't notice any flimsyness in the device at all.  I think, overall, it should hold up quite well.