|
Ethical Hacker Community Forums
|
|
November 22, 2008, 05:29:14 AM
|
|
183
|
Resources / News from the Outside World / Stupid user tricks
|
on: June 16, 2008, 04:20:41 PM
|
Hi All, Cracking article from InfoWorld with 10 stupid user stories. Not all security related but all good for a laugh. I had tried to pick my favourite, but that changed with every story I read. See what you think, and if you can beat them feel free to share  RR |
|
|
|
|
184
|
Ethical Hacking Discussions and Related Certifications / Hardware / Re: Killer Hack
|
on: June 15, 2008, 03:32:33 PM
|
An old professor of mine told me... "If you want a secure computer, make sure it's not plugged into ethernet.... and fill the room with cement."
I can't vouch for the authenticity as I'm too young (thank god) but apparently that's how M$ got NT4 through it's security standards: removed network cables, floppy drives, any IO device (keyboard/mouse/etc.) and locked the door. 100% secure... |
|
|
|
|
185
|
Resources / News from the Outside World / Re: Congress Hacked
|
on: June 13, 2008, 02:34:32 AM
|
Looks like the media are starting to report real-life rather than FUD for a change However, computer security experts said that the evidence that the two congressmen provided to back up their claims simply does not prove that the Chinese government, or even Chinese nationals, were involved.
"It's so very hard to conclude that something came from someplace if all you're going from is an IP address," said Marcus Sachs, director of the SANS Internet Storm Center, a volunteer-run effort that tracks emerging computer threats. "Those of us who have done this for a living, we know that you can't prove that it was a Chinese person on the keyboard if you have a Chinese IP address," he said. "Without making some of the evidence public … you leave everybody else guessing." Full article here |
|
|
|
|
187
|
Resources / News from the Outside World / Re: Congress Hacked
|
on: June 12, 2008, 09:54:23 AM
|
I've read a few differing stories about this incident. One of the figures I've heard quoted is that US systems get scanned or attempted compromises 300million times a day, that's a lot of background noise to pick through to find the right answer. Whilst it is entirely possible that all of these (this and recent) attacks are coming from China, if I (UK citizen) wanted to hit the US systems I might just find myself an unpatched XP machine on a Chinese IP for a jumping point. 'yup, it's the Chinese again, incident closed?My question from reading this story that I haven't found an answer to so far is, is there evidence to suspect the Chinese in this incident of is it merely Wold's believe due to his aiding of Chinese dissidents? "following one of the attacks, a car with license plates belonging to Chinese officials went to the home of a Chinese dissident in the Washington suburbs and took photographs of it."
the full story here[/b][/url]
Of course there is no other way the Chinese officials coud have found out who was living there.... China is becoming a very handy scapegoat at the moment, until there is any evidence one way or another I'd suggest that the attacks are a side-effect of being connected to the internet... |
|
|
|
|
188
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Ethics of government sponsored hacking
|
on: June 11, 2008, 06:44:52 AM
|
I don't think it would be un-ethical for the US to flip some crap back. It might by not be unexpected, but from an ethical viewpoint this could be a small step down a slippery slope. "look...it's right there in the logs. Lets get that IP address off line...." IMO, the only truely ethical solution to these kinds of attacks is to get your defenses and security to a level where the attacks have no impact. Once your defenses are tight enough that there is no impact then the attackers might just get bored and go home (only in a perfect world I know....). Two wrongs don't make a right |
|
|
|
|
189
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: what do you prefer???
|
on: June 11, 2008, 06:34:08 AM
|
Depends what I'm doing. If I'm 'working' I try to stick to CLI, makes simple things look harder and more 1337 so the boss will keep paying the cheques GUI's can be good when feeling lazy or playing with a new tool as it is often easier to find different switches/features than my scrolling through a few hundred lines of man output looking for 'interesting' options. |
|
|
|
|
193
|
Resources / Career Central / Re: Need some career advice
|
on: June 05, 2008, 09:44:22 AM
|
Congratulations. I wish I had the balls to go out on my own.
Seconded  From my experience small firms (in any field, not just security) tend to work quite well whilst they remain small. Often the 'good' small firms get taken over/merged with a bigger player, whilst the 'poorer' small firms tend to get bored to too-big-for-their-boots. Reading your post I'd say you fall into the first category, and if you can take oneeyedcarmen's advice and grow your business you shouldn't go far wrong. Hopefully you'll get a response from someone with experience of going it alone to get a concrete answer. Good luck |
|
|
|
|
194
|
Ethical Hacking Discussions and Related Certifications / Forensics / Re: Track someone using thr MAC/Physical Address?
|
on: June 05, 2008, 07:16:34 AM
|
well day by day it seems that internet security is getting tighter.Few years back we can easily get ip.host names withe use of cmd in windows,but nowdays its just noway. I just want to ask is there any way nowdays available for getting ip over global network??
Rok, I don't want to sound rude as I could be missing something (been working for last 28hrs straight  ) but isn't IP over a global network called the internet? Can you elaborate further as I'm sure I must be missing something obvious... |
|
|
|
|
195
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Top 2008 Security Threats
|
on: June 04, 2008, 03:00:52 AM
|
Don, overall I would agree with your analysis of #10 and it should definitely be addressed in a DR plan. However it is human nature to be more helpful to return full service following a disaster and this can come in the form of reducing security checks to increase speed of operation. If your working environment requires stringent security controls you must ensure that they are enforced at all times to protect against an opportunist strike during a vulnerable moment. In line with the DR theme, a client of mine recently finished an internal risk assessment. The results suggested that there is a 20% of a plane hitting my facility (despite us not being near an airport or under a flight path), think I need to claim danger money |
|
|
|
|
Loading...
|
Forum 
Show Posts
Programming : Using Assembly to access locked files
