Well done that man!

As I'm coming to the end of my labtime (~1 week to go) it's nice to see some flying through the exam. I don't want to discuss details or provide spoilers in a public forum, but did you manage to defeat all of the challange servers?

Currently I've rooted 30%, and am around 90% through another 30%. Having difficulties with two of them, but I'd guess you know which two I'm talking about

I'm considering extending my lab time for another 30 days just to complete the challanges. Is this something you'd recommend or should I aim for the exam and get on with it?

Thanks in advance, and congrats again.
RR

If you are running Vista then you need to run the cmd.exe as an administrator (right-click->Run as Administrator). If not, the modifications will fail but not in anyway the BackTrack script recognises so claims it was successful.

Apologises if I'm stating the obvious but I've seen people make similar mistakes when following tutorials and videos for things that are new to them; is your USB drive assigned to L: ?

Finally have you set you BIOS to boot from USB first? Also try different USB ports, some machines are configured to only boot from some of the available ports.

Hope this is of some help, good luck

check your inbox

I think I'm confused. just received this advice in an email from Mircosoft:

How does moving from a culture of blindly clicking on links to blindly cut&pasting said links help protect against phishing??? Oh, and the 'as described above? is a long and confusing URL....

Please help, my head hurts....

why?


Unless I'm missing something the guy walked through poor security, including default, null or simple passwords. and still managed to get caught by the sysadmins that managed the poorly secured systems.

I'm sure this has been said before, 'the greatest hackers are the ones you don't hear about' (terminology and exeptions that prove the rule aside...)

I'd read the same thing (can't find the article, think it was on El Reg) and I think this was one of his complaints with the US extradation guys not playing fair.

Whilst I think the chance of the guy getting a fair hearing given all the publicity is slim, he did access government systems without authorisation. I think the authorities may come down on him harder than he might deserves, but as Chris says, they can't afford to let him off the hook, else he may end up creating the 'ET defense'

One thing that is bugging me with his defence is that I have been following the case for a few years and have only just heard mentioned that he may have a mild form of aspergers. If he was competent enough to slide through government security (despite it supposedly being wide open) he should be competent enough to know he shouldn't be doing it, to bring this up at the 11th hour smells like gamesmanship from his lawyers to me...

cool, wish I could have made that. Especially like the idea of walking home with a drive full of VMware lab machines to target.

Nicely done, congrats Shakuni

Shakuni,

think I'm somewhere in the middle here. The key to any training is, as Dale says, getting as much knowledge as you can. Certifications are secondary. However I still intend to get as many certifications as I can get my hands on.

Having the cert may get you the interview, while lack of knowledge gets you the door. But in some cases lack of the certs means you won't get the interview to prove you know your stuff.

Bottom line is (AFAIK, not C|EH qualified yet) the exam is relatively cheap compared to other certs. If you believe that you already have all the required knowledge making it a simple and quick process for you to gain the cert then I'd recommend going for it.

Granted, you may find that having the cert provides no benefit due to your exhisting experience/skillset, but having it should have a detrimental effect either. Plus it never hurts to flex you little grey-cells every now and then

Just my £0.02...

Personally I think very slim. If that was me and I'd been given a punishment like that I'd be back out doing more illegal stuff than ever. After all, what's the harm?

Agree 100%, just had some 'run-ins' with the criminal element of society thhis week which I think left me a bit jaded. Hopefully the usually jolly, law-abiding me will resurface shortly

Dale,

meant to reply to this sooner, just had a bad couple of weeks so I've been out of it for a while.


guess you've seen my previous ideas here? Should be obvious I'm not going to be much help in this area

Hell yeah Been thinking of trying the same thing once I've managed to shift some of my workload. Birmingham seems fairly central, so should be fairly accessible to most of us in the UK. Not sure how good the transport/airlines are around that part of the country for potential international attendees though, could be worth considering. Personally I'd head anywhere in the UK for a decent conference, outside of M25 would be preferable to try and keep accomadation costs etc. down.

Hopefully life should get back normal and get me fully back in the game. I'll try to hit you up next week.

Just read this over at Dark Reading. Subject says it all.

Why do I work 60+ hour weeks trying to be one of the good guys?

Cheers for the links BillV,

saves me hunting through my old emails for some bank holiday weekend fun
(I need a life, I know....)

Simon,

great post, I'm with Chris in that it's going to take a while to digest everything as most of what you discuss is fairly new to me (and I'm late to the web app game as a whole).

Really interesting read.
RR

Think I read something about this a while back (possibly on ec-council' site). Assuming my memory is working this early in the morning that plan was to use the pool of C|EH certified techies as resources to deal with local issues in their area as a consultancy/contract type basis. I can't find anything about this in the linked page so they may have changed their minds and gone internal.

Does anyone have any more info regarding this? Specifically I'd be interested to know the terms being offered to those accredited, may memory recalls something about being available to do the work is a requirement of staying accredited, but I could have dreamt that part.

Hopefully someone can aid my poor and confused memory as I can't find my original source.