Bill,

You got that on the board quick.  I was just reading through the email message when the Ethical Hacker Forum notified me of this porting.  I would like to tell everyone that if you have never had a class with Ed Skoudis it truly is a pleasure.  In addition this webcast is FREE!  Ya can't beat free. 

-jack

Rance while you are correct in your explanations of HTML and SQL I think you missed the point.   I think the assertion is that with so many dynamic web sites pulling from back end databases SQL information is replacing flat HTML web page development.  If I got your point wrong Kabal let me know.

At first looking at this I thought they might be breaking Federal Wire Tap laws.  But after further investigation  http://www.securityfocus.com/news/9978 I found that the wiretap law was thrown out by this judge in a keylogger ruling. 

So next would come down to ownership and who owned the system and provided access to it.  If it is a non-martial relationship and the girlfriend granted access to the computer that belonged to the boyfriend I believe that then there would be laws being broken.

Being new here I haven't chimed in much.  I think JimBob has hit the concept that should be followed on the head.  In a capitalistic environment people should be compensated for their effort. Ultimately there should be a granting mechanism utilized to support research into these areas.  The problem I believe is that if software vendors realize that this mechanism exists what is the incentive to insure the start reducing the vulnerabilities in their software?  There would be no economic reason for someone to halt the release of software because of a flaw.

Now if the government or some independent party could take this on and enforce some type of a fine system for incidents found that would help the funding system.  Additionally, this would stimulate a few more independents to report the exploits as there would be a financial stimulant behind it.

Of course this will NEVER happen.

-Jack

Shoot if you think roommates are bad try a household of Teenagers (4).  Even with AV. anti-spyware, etc I reformat their machines almost quarterly.  Needless to say they are a completely separate network with an independent firewall from all I do.  They would be the complete opposite of a "Trusted Network".  LOL

-Jack

Another nice little paper to reference is at http://www.radarhack.com/dir/papers/MetaSploit_for_dummiesl.pdf

Best of luck to you.
-Jack

So what happens if you go in after you have logged on in this way and manually reset the password?  Can you replicate this?  I guess it is time to download a Mandriva ISO and set up a VM session.  Has anyone else tested this out?

-Jack

Hi Don,

The link for your CISSP write up seems to be a black hole now.  Can you resurrect that article on here?

Thanks,
Jack

Hi Galaril,

I took the on demand course which was ran by Ed Skoduis and it was great.  Very informative and it was nice to have the lectures as MP3 files.  I loaded these onto my iPod and listened to them during my daily commute.

cheers
-Jack

Hi,

I would strongly recommend the GCIH exam and class structure over the CEH.  With limited study you can complete the CEH after the GCIH class you couldn't pass the GCIH after a CEH. At least not with limited effort.

-Jack

Hi sgt_mjc,

Well don't be discouraged by not passing the CEH it has such a wide breadth of information to cover that it is hard to ensure that you know everything.  I just passed the exam last week and I would strongly recommend the following books for some self study though:

CEH: Official Certified Ethical Hacker Review Guide: Exam 312-50  (kimberly graves)
If you only buy one book this is a great nutshell of what is covered.  It was the only book I read cover to cover.  It is short.

Certified Ethical Hacker Exam Prep (Exam Prep 2 (Que Publishing))
This book is very good for filling in the cracks on areas you really need more information on.

I also though the TestKing practice test are good.  I used them as a guide to see what I needed to read up on more.  They do a very good job of grading you on individual areas.  So when I bombed a section on the practice exam I would go to the Exam Prep book and read up on that area.

I hope that this helps. Remember you can't know NMAP, TCPdump and your Snort logs to well.

Cheers,
Jack

Hi All,

Well I passed the CEH exam with an 82% not great but I spent about 8 hours studying for the test after passing my GCIH.  It is funny though the previous write up on the forum with the CEH study guide made it sound like I had the same exam.  THOUGHTS:

About 1/4 of the test was log reviews. Snort/tcpdump/etc.
NMAP and all the associated switches was huge maybe 15 questions
I used the CEH exam study guide (condensed book) and Testking practice tests and about 25 questions were exact duplicates on the test.

Over all I felt cheated some what by the test.  It has a sense of almost being something valuable, it has a good breadth of knowledge but it is such a patchwork that it doesn't really seem to accomplish anything.  Pretty much what most have said here on the forum.  Since I had already scheduled the test before finding this forum, I didn't put much effort into studying for the test.

Now onto completing my paper for the GCIH gold and trying to run through the GCFA material.

Cheers,
Jack

Thanks alot for the post.  I have the NMAP flags down, I am having a hard time memorizing all the freakin' ports associated with the various trojans and DOS tools.

I have to say I really enjoy the way that SANS lays their testing out.  If you don't know the material you won't make it through the exams cold with just the books.  Very similar to a real world event happening.  I am constantly going back to other resources that I know about to help during an incident.

Thanks Again,
Jack

Hi All,

This is my first post on here and I am getting ready to schedule the CEH exam.  I have my GCIH from SANS and I was wondering if anyone could compare the two exams for me and how much more I might need to study for the CEH?

Cheers,
Jack