Manu,

not sure about AkamaiGhost, I know Akamai are a web-host cluster for major sites in the UK (possibly international, I don't know). http://www.akamai.com/

From my limited encounters with Akamai I believe that AkamaiGhost is a proprietory HTTP(S) server, so getting access to the application may be difficult.

isosoft,

that is one seriously open-ended question.

Standard advice of google applies (It always does....)

OnLAMP is a good resource, of specific interest will be articles in the security section.

As for a checklist, there is only one universal rule:
Good luck out there.

I think it's called Vista...

Don,

good luck, plenty of people behind you. Just remember to enjoy it

Nervous?

Glad to hear you got BT3 working nicely, puts the Aspire One back on my possibles lists (of course need to find the finance first....)

Let me know how you get on with USB-ising Helix, I've used to CD several times so a USB version could come in handy.

(And I'll get IM installed soon promise....One hell of week....)

Dale,

I've not tried specifically with the Helix distro, but all USB setups I've played with I've found PenDriveLinux to have some good guides and advice.

With similar distros I've created a bootstrapped USB drive and copied the directories over from the Live install. Hasn't failed me so far.

btw, how you finding the Aspire One now? (Laptop died horribly and haven't gotten MSN reinstalled yet....)

RR

I'm thinking some people have too much money. I struggle to afford my kit in the first place, nevermind replace kit I forget to pick up when my brain stops working

Cheers Dale, had just loaded the site in a new tab to see what postage would set me back. Guess you just saved me a few clicks for RSI

Roll on pay-day....

I've used Nikto in the past with varying levels of success. However I haven't done much in this field so don't have much to compare it to.

As mentioned in sectools list referenced by KrisTeason it is often behind the curve when it comes to bleedingedge threats, but the chances are if your developers have left old, well known vulnerabilities about the place it could be a safe bet that your vulnerable to the newer stuff regardless of what your audit tool tells you.

Well, I was about to reply to Don's question saying something similar but I don't think I can put it better than that

As many have said, the dismissal may have issues depending on the actual policy in place. But I know most places I've worked have had a general policy that states (paraphasing):
So they may have him on a broad do stupid things, get sacked basis.

OleDB,

thanks for the write-up. Wish I could have been then, I'll need to try harder for next year.

Sounds like you had a blast.

iSmith, what make/model are these NICs?

(want to make sure I avoid them...)

Not the same thing I'd expect from an 'auto-sensing' port from they looks of it

I think the first problem is why he was able to have so much data transfered to his machine? Surely there have been enough high-profile precedents (especially in the UK) that should have made people at least think twice about leakage vector.


Even if the manager in question had a legitmate reason for requiring the data (possible), and on a mobile device (less likely but still possible). What reason did he have for taking the data to a different country, over 400 miles away whilst on holiday?

It is ashame that this guy is going to take the fall for what is commonly a non-issue, just using the UK as an example several high-ranking government and security services personnel have been in similar situations with nothing other a slapped wrist.

Regardless, it is nice to see an organisation taking tough action to lacking security controls, whether or not the hospital had sufficient procedures/policies in place to make the dismal fair is another matter.

Either way it will hopefully increase general awareness of the problem which can only be a good thing of those of us having to protect against and clean up after end-users get their hands on shiny toys.

Think Jimbob put it best
RR

Just read this on El Reg that I thought I'd share.


Perhaps threat of unemployment might make employees take more care with client data. Don't fancy filling in his next job application form: Reason for leaving previuos position?....