Slackram,

looks like a Grub issue 

try booting off a live CD (like the Backtrack CD you've dropped on the harddrive) and edit the Grub configuration (Google is your friend).

Alternatively try the install again, I've come a across this before and a second install fixed it without issue, don't know why.

Bojan,

do you have any specifics in mind?
How do you want to fool the firewall?

• Spoofed source?
• connect through port tunnel?
• ...?

for testing firewall configs try firewalk[er?] or create the required packets for using hping[2].

What exactly are you trying to achieve?

alien8predator,

good advice when starting out is to read everything you can get your hads on. This site can be a good starting point, with links off to various other good sources.

Unless your Linux skills are great to start with you may want to download BackTrack to get some working tools. De-ice.net also have some nice virtual machines that you can use as target machines when starting to get your feet wet.

Welcome to EH-net, happy hunting

Don,

thanks for providing the interview. As I'm currently undecided which cert to aim for it's nice to be able to get a feel for where one of the potential certs are heading.

I was glad that the stance of the C|EH was questioned, particularly the focus on specific tools and the certification path between EC-Council's various certs. From this I am starting to feel that the C|EH possibly isn't the cert for me; from my experience the the policy issues and methodologies form are an important aspect of allowing a security professional to add value to a business rather than just exploit vulnerable systems.

Thanks again for the insight.

Thanks oleDB,

another book to add to my wish-list.

My bad 

Any chance of some instructions for pulling this off for the uninitiated? Might make for a good tutorial...

iSmith,

I'm no expert on NTFS (or other filesystems for that matter), but isn't a filesystem meant to allow access to files? Think I must be missing a trick somewhere...

Ouch! sorry man, that sounds nasty. I'm guesing you may have already read them but I've just finished Daemon, and am nearly finished Snow Crash. Both great.

I'm currently on the lookout for something once I'm done, id I come across anything I'll let you know.

SRI have a new (according to ISC, can't say either way personally) site detailing all manor of malware related activity. (http://mtc.sri.com/).

I haven't had a chance to search through the site in it's entirety (work, life etc.) but it looks like it is a good resource for those of us trying to protect against the latest threats.

It's definitely going in my bookmarks, if your interested in the area could be well worth a look.

Guys,

ISC has a story about a new 'click-the-link' email scam with a twist. It appears to be targetted at company CEOs claiming they have been issued a subpoena to give evidence in court. (Story here)

These sort of attacks appear to be gaining in popularity. From my experience this could be a scary trend as CEOs (and other director type roles) are often the least technically savvy in an organisation, along with often the worst security and patch level. I can't help thinking these are targets are going to be successful, and likely becoming less of a rarity.

<Update>
Forgot to mention, as is often the case AV covereage is poor 3/32 on VirusTotal
</update>

Who fancies interrupting a round of golf to ask the top man not to click the pretty links?  (me neither...)

Kev,

thanks for the info regarding signal strength of internal chipsets, might just answer some issues I've been having. Just got my hands on an Atheros chipset capable of injection (as it happens in an Acer).

Might need to go back to the piggybank for an external unit and antenna ,cheers.

Rance,

nice domain

Wish I'd thought of that, as it happens I'm currently in a similar state; just got infosanity.co.uk (watch this space). Not sure I want to go down the portal route, just looking for somewhere to host my own stuff. Actually working on my servers as I type

Let me know when you get something put together and I'll take a look.

To answer your question, I'm not sure the world needs another security portal, but I always like finding good security sites (like this one.....)

<update> nice hedgehog btw </update>

iSmith,

not sure I want to be in the middle of this but here goes. Just checked the Dell site for the M1530, looks like a nice machine.

Rance already stated the reasoning for purchasing an Air, an as your Dell machine weighs in at 5.78 lbs8 (2.62 kg) (according to Dell's technical specs) the M1530 doesn't fit the bill.

 From my point of view, I wouldn't fancy holding >2Kg of laptop one handed whilst working on a remote site for example. As I've said previously, you need the right tool for the right job.

Enjoy taking delivery

Yep, but most of them involve blunt, rusty objects so I'll hold my piece.

Only ethical thing I could suggest is going down the trademark type route in court etc. Not sure how quick/successful this could be (I'm guessting , 'not very') especially as I'm guessing the domains are registered by parties 'over-seas'.

Unfortunately, I think this is likely to be something that just 'happens', at least until user training/awareness is at a level that people spot these sites, realise they are in the wrong place and re-type the URL. At which point the commercial gain from running the sites should take a hit.

None of this is likely to help your particular situation any time soon though, sorry. From similiar experiences I find these are 'grin and bear it' moments. Hopefully you can prove me wrong...

Chris,

just read the interview (after registering, nice ploy to drum up membership btw   ). Made for a good read, the list and order of things to potentially learn when starting in the web security field was especially interesting and should be a good resource for the 'where should I start?' type questions.