Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.






Lost Password?
No account yet? Register
Who's Online
We have 20 guests and 1 member online
EH-Net Donations

Enter Amount:
$

Google Ads
ChicagoCon 2008s
chicagocon2008s_125x200.jpg
ChicagoCon 2008s
EH-Net News Feeds
Latest Additions
Book Recommendations





 
Advertisement

You are here: Home arrow Forum
Ethical Hacker Community Forums
July 04, 2008, 03:26:40 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Podcasts and slide decks from ChicagoCon 2008s talks coming soon! Visit www.chicagocon.com.
 
  Home Help Calendar Login Register  
  Show Posts
Pages: 1 2 [3] 4 5 ... 21
31  Resources / News from the Outside World / Stupid user tricks on: June 16, 2008, 04:20:41 PM
Hi All,

Cracking article from InfoWorld with 10 stupid user stories. Not all security related but all good for a laugh.

I had tried to pick my favourite, but that changed with every story I read.

See what you think, and if you can beat them feel free to share Wink

RR
32  General Discussions and Related Certifications / Hardware / Re: Killer Hack on: June 15, 2008, 03:32:33 PM
An old professor of mine told me... "If you want a secure computer, make sure it's not plugged into ethernet.... and fill the room with cement." 

I can't vouch for the authenticity as I'm too young (thank god) but apparently that's how M$ got NT4 through it's security standards: removed network cables, floppy drives, any IO device (keyboard/mouse/etc.) and locked the door. 100% secure...
33  Resources / News from the Outside World / Re: Congress Hacked on: June 13, 2008, 02:34:32 AM
Looks like the media are starting to report real-life rather than FUD for a change

Quote
However, computer security experts said that the evidence that the two congressmen provided to back up their claims simply does not prove that the Chinese government, or even Chinese nationals, were involved.

"It's so very hard to conclude that something came from someplace if all you're going from is an IP address," said Marcus Sachs, director of the SANS Internet Storm Center, a volunteer-run effort that tracks emerging computer threats. "Those of us who have done this for a living, we know that you can't prove that it was a Chinese person on the keyboard if you have a Chinese IP address," he said. "Without making some of the evidence public … you leave everybody else guessing."

Full article here
34  General Discussions and Related Certifications / Malware / Re: Blackmail Trojan on: June 12, 2008, 10:02:41 AM
Seems like a variation on a theme, if you've got backups then you shouldn't have a problem (you do have backups don't you).

IMO this should be an easy one for authorities, follow the money.
35  Resources / News from the Outside World / Re: Congress Hacked on: June 12, 2008, 09:54:23 AM
I've read a few differing stories about this incident.

One of the figures I've heard quoted is that US systems get scanned or attempted compromises 300million times a day, that's a lot of background noise to pick through to find the right answer.

Whilst it is entirely possible that all of these (this and recent) attacks are coming from China, if I (UK citizen) wanted to hit the US systems I might just find myself an unpatched XP machine on a Chinese IP for a jumping point. 'yup, it's the Chinese again, incident closed?

My question from reading this story that I haven't found an answer to so far is, is there evidence to suspect the Chinese in this incident of is it merely Wold's believe due to his aiding of Chinese dissidents?

"following one of the attacks, a car with license plates belonging to Chinese officials went to the home of a Chinese dissident in the Washington suburbs and took photographs of it."
 the full story here[/b][/url]

Of course there is no other way the Chinese officials coud have found out who was living there....

China is becoming a very handy scapegoat at the moment, until there is any evidence one way or another I'd suggest that the attacks are a side-effect of being connected to the internet...
36  General Discussions and Related Certifications / Ethical Hacking / Re: Ethics of government sponsored hacking on: June 11, 2008, 06:44:52 AM
I don't think it would be un-ethical for the US to flip some crap back.  Wink

It might by not be unexpected, but from an ethical viewpoint this could be a small step down a slippery slope.

"look...it's right there in the logs. Lets get that IP address off line...."

IMO, the only truely ethical solution to these kinds of attacks is to get your defenses and security to a level where the attacks have no impact. Once your defenses are tight enough that there is no impact then the attackers might just get bored and go home (only in a perfect world I know....).

Two wrongs don't make a right
37  General Discussions and Related Certifications / Ethical Hacking / Re: what do you prefer??? on: June 11, 2008, 06:34:08 AM
Depends what I'm doing.

If I'm 'working' I try to stick to CLI, makes simple things look harder and more 1337 so the boss will keep paying the cheques Wink

GUI's can be good when feeling lazy or playing with a new tool as it is often easier to find different switches/features than my scrolling through a few hundred lines of man output looking for 'interesting' options.
38  General Discussions and Related Certifications / Ethical Hacking / Re: Ethical Hackers >>>> Solid definition Needed on: June 11, 2008, 06:29:45 AM
those deathly affraid of going up the river to a "Burrito in the 4ss" jail cell but wanting to learn to hack... you know, things like that.

Yup, explains why I'm not in the 'black' camp Cheesy
39  General Discussions and Related Certifications / Ethical Hacking / Re: Ethical Hackers >>>> Solid definition Needed on: June 09, 2008, 06:09:17 AM
How about we forget all the hats, and simply use terms with no ambiguity:

Criminal
Professional
Hobbyist

Let the debate begin...  Grin

Don

Don,

that might be the first sensible naming convention I've come across, if nothing else should remove the debate (at least until someone starts arguing the criminal/morality points).
40  Resources / Tutorials / Re: How to hack through port 80 on: June 05, 2008, 09:46:16 AM
BillV?...... tut tut  Roll Eyes
41  Resources / Career Central / Re: Need some career advice on: June 05, 2008, 09:44:22 AM
Congratulations.  I wish I had the balls to go out on my own.

Seconded Cheesy

From my experience small firms (in any field, not just security) tend to work quite well whilst they remain small. Often the 'good' small firms get taken over/merged with a bigger player, whilst the 'poorer' small firms tend to get bored to too-big-for-their-boots. Reading your post I'd say you fall into the first category, and if you can take oneeyedcarmen's advice and grow your business you shouldn't go far wrong.

Hopefully you'll get a response from someone with experience of going it alone to get a concrete answer. Good luck
42  General Discussions and Related Certifications / Forensics / Re: Track someone using thr MAC/Physical Address? on: June 05, 2008, 07:16:34 AM
well day by day it seems that internet security is getting tighter.Few years back we can easily get ip.host names withe use of cmd in windows,but nowdays its just noway. I just want to ask is there any way nowdays available for getting ip over global network??

Rok,

I don't want to sound rude as I could be missing something (been working for last 28hrs straight Sad ) but isn't IP over a global network called the internet? Can you elaborate further as I'm sure I must be missing something obvious...
43  General Discussions and Related Certifications / Other / Re: Top 2008 Security Threats on: June 04, 2008, 03:00:52 AM
Don,

overall I would agree with your analysis of #10 and it should definitely be addressed in a DR plan.

However it is human nature to be more helpful to return full service following a disaster and this can come in the form of reducing security checks to increase speed of operation. If your working environment requires stringent security controls you must ensure that they are enforced at all times to protect against an opportunist strike during a vulnerable moment.

In line with the DR theme, a client of mine recently finished an internal risk assessment. The results suggested that there is a 20% of a plane hitting my facility (despite us not being near an airport or under a flight path), think I need to claim danger money Wink
44  General Discussions and Related Certifications / Certification / Re: I need some opinions. on: June 03, 2008, 04:15:05 AM
(wish me luck)

Good luck Cheesy
45  General Discussions and Related Certifications / Ethical Hacking / Re: An Ethical Hacker must have these skills... on: June 02, 2008, 12:18:06 AM
check out GNS3 - http://www.gns3.net/

Rob,

cheers for the link. Haven't come across this in the past, I've used (and paid for) Boson Netsim which is decent. I'm downloading now, hopefully should be good (and hopefully the Win Binaries will run under Vista Wink ).

RR
Pages: 1 2 [3] 4 5 ... 21
Powered by MySQL Powered by PHP Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!
Page created in 0.055 seconds with 21 queries.
 
BackTrack2 VM w/ MSF3

Get it here NOW!

Polls
Best for daily desktop use:
 
Support EH-Net
chicagocon2008s_125x200.jpg
ChicagoCon 2008s


Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008s_125x200.jpg
ChicagoCon 2008s
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.