Hadn't come across those yet, should stop me from being bored tonight, cheers.

Cheers Don,

it's nice to see a story where no evidence of foul play was found after investigation and that additional pre-emptive changes have been made to improve the environment anyway.

If we could get more 'good news' stories like this it might make companies worry less about PR effects of a breach and not try to cover up any potential issues, which should improve security as a whole. Might even stop suits and beancounters from seeing security as a necessary cost/evil .... (pinch me, I'm dreaming )

HonorTech,

I agree with the theory, however I don't imagine that this will become too common. As it stands there are easier ways to remain anonymous (unsecured/poorly secured wireless) without commiting a real-world offence and leaving physical evidence.

I'll agree with the general consensus so far, I've found EH-Net to be a great source of information and debate (cheers Don, keep blushin').

I did take a look at HoH and it may have some potential if the top bloke (Petko Petkov, I think) can manage to keep in on track, however only time will tell if it manages to stay legal/professional/ethical for long or if it will attract any knowledgable top contributors.

As for why we need anything else with EH-Net around, if the only place you look for information is EH-Net then you may find yourself falling behind as no single resource can cover every topic to full depth, especially in such a diverse and rapidly evolving field. It never hurts to have a seperate source of information (or to keep an eye of the 'bad guys' if the site goes that way).

I've just taken a closer look at the site and think it could be really useful for anyone starting out as a kid.

The section that really caught my attention was 'For Parents'. It could make a lot a people's lives easier if they had some way of explaining to on non-technical parent what it really means to be a hacker. From my perspective I was lucky, my mother read the first few chapters of 'A complete hacker's handbook' by Dr-K (at least until the binary and TCP/IP stuff confused her), after that I got no more complaints (and a few more books for christmas).

However, after I recently moved in with my girlfriend I still get od comments from friends/relatives when the read the titles on my bookshelf. This sort of information, if it gets wide exposure, could increase the number of talented individuals able to enter the profession and possibly increase the level of awareness and funding available from other parts of the business if the suits and beancounters can better understand what they are paying for.

Easy, I can answer that one from personal experience. After watching Hackers and reading Mentor's Manifesto, I wanted to be a hacker. But I really didn't want to hear 'pass the soap' after doing something stupid, hence security professional.

Cheers Don,

I'm about to do some work in the windows domain so I'll add the updated version to my toolbox.

In countries that don't allow encryption (or believe anything encrypted must be illegal; 'nothing to hide.....etc.). Then I would recommend leaving your data at home and accessing it remotely over a secure (ssh/vpn/etc.) channel once inside the countries borders. Obviously this only works depending on the size of the files you need and the performance of an available network pipe.


Read this article earlier and it is worrying me as I need to travel stateside toward the end of the year. From these new changes they'll be a fresh OS installed on my laptop with no data.

Two proposals that regularly turn up in commentaries to this is to either release your own 'music', then call in RIAA or place an 'interestingly' named folder on the desktop and fill it with every piece of malware you can find. But they would be unethical....... (or justified depending on your take on state sponsored corporate espionage....)

Rok,

apologises if you think I'm giving you grief due to an unrelated issue (think I may need to step away from the keyboard).

I was merely suggesting that bumping your own topic due to a lack of response may not be advisable. From what I've seen from this site (haven't been a long-term member, possible someone of longer standing can be more exact) if people are able/willing to provide assistance they will.

(as Vijay2 just has whilst I preview this, all is good with the world again )

Rok,

we did. If you aren't getting specific answers I'm guessing no one has an in depth knowledge of Orkut (never come across it myself) or is unable/willing to provide further info.

As you are now looking at a specific target you are unlikely to get specifics from this site. If you have permission to test your thoery (access other people's session before cookie expires) then don't expect others to do your work for you.

If assistance dries up you may have hit the wall for a particular topic. Begging and bugging for assistance is not going to help

Servercrash,

I was going to make this suggestion but oneeyedcarmen beat me to it. I'm not sure of your level of study as I don't know where you are studying but if you have 2 days to get the initial proposal in and you are needing information like this you may want to look at a less technical area, where research material will be easier to find and readily available.

As already stated when I completed my dissertation (UK BSc) my project was built on a technology that I had over one year's real world experience implementing, and still found it hard going.

Therefore I would ask one final question, 'Why have you chosen this project over any other?'

Either way, whatever your final topic as has been expressed by other posters you will get more respect, learn more information and ultimately complete a better project if you can fully understand and research the basics for yourself.

Good Luck.

Servercrash,

chill out. Vijay2 was trying to offer assistance, as he has said Google is your friend. But from my experience I know that Google can be daunting and unhelpful if you don't know what to search for, hence why I have given additional pointers.

If you don't agree with/appreciate someones input that's fine, but don't flame them, this isn't that kind of place.

Regardless, remember that Vijay2 did try to offer you assistance. That was on his time and his choice. I think you may have just stopped him (and possibly others) providing further assistance.

RR

No thanks, just got out of that game. I've just got used to sleeping again

Makes sense to me if you could link your tester to a nessus/nmap/etc. scan output then you're getting more automated


Not entirely true, DoS attacks can be the simplest form of assault on a system (other than SE ). But if a system isn't running the service/application you are attacking it is just going to ignore you.

More basically, if you are trying to DoS a system using the apache2 attack you mentioned for example. If the system isn't running apache2 to server web documents then there is no service for you to deny...

Same way you don't need to bring a web server to it's knees to effectively stop it serving web content. Again, I'd recommend that you make sure that you have a well defined scope so that you can effectively prove you have achieved the targets of your project, thus getting the most marks for your project (which I'm assuming is your true goal )

My response to your new post/thread.


Why create a new post then continue the existing one with same content?