HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 15 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
ChicagoCon 2008f
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow EH-Netarrow News Items and General Discussion About EH-Netarrow Another new member intro
Ethical Hacker Community Forums
October 12, 2008, 04:29:28 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Registration Now Open for ChicagoCon 2008f Oct 27 - Nov 2! Visit www.chicagocon.com.
 
   Home   Help Calendar Login Register  
Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: Another new member intro  (Read 5063 times)
0 Members and 1 Guest are viewing this topic.
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 205

Klaatu, Borada,Necktie?


View Profile
« Reply #15 on: August 08, 2008, 08:19:35 AM »
Quote from: BillV on August 07, 2008, 09:00:53 PM
It's a much more well-rounded certification than it used to be Smiley

That may be the case, but until it loses its stigma with hiring managers, is it really worth anything?  (understanding that any training/education is obviously good for you)
Logged
MCP, Security+, Associate (ISC)2
BillV
Hero Member
*****
Offline Offline

Posts: 804


View Profile
« Reply #16 on: August 08, 2008, 01:53:23 PM »
Quote from: oneeyedcarmen
That may be the case, but until it loses its stigma with hiring managers, is it really worth anything?  (understanding that any training/education is obviously good for you)

Yeah, I see where you're coming from. I guess we have to hope CompTIA does their part of promoting it properly Undecided Seeing as how the [new] objectives are now 2 years old, I'm not sure how far it'll make it.
Logged
$w33p3R
Newbie
*
Offline Offline

Posts: 29


View Profile
« Reply #17 on: August 09, 2008, 01:07:35 AM »
Quote from: BillV on August 01, 2008, 02:57:46 PM
Nope, you certainly don't need to be an "enterprise developer" in any language. More so like you have stated... that you can look at the code and understand it well enough to determine what's going on and where the security holes are.

So, for the PHP example, when you see something like...

Code:
<form action="" method="post">
<input type="text" name="username"><br />
<input type="password" name="pass"><br />
<input type="submit" value="Login">
</form>
<?php
if ($_POST[submit]) {
 $sql "SELECT * FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
}
?>

You would know that we quite obviously have a problem. I also don't mean that you need to know 'every' language either.

Also, going along with your 'studying for A+' idea and wanting to get into something... you may also want to have a look at the Microsoft MCDST (Desktop Support Technician). You can study for the exam for FREE directly though Microsoft with their E-Learning site...

https://www.microsoftelearning.com/eLearning/offerDetail.aspx?offerPriceId=54989

Good luck Smiley

BillV

Just wanted to say that this is very great advise for anybody wanting in the security field.  I work in the profession and several months back I was contacted by our programming department when their website was a victim of SQL Injection.

First, they didn't realize how it happened and secondly wanted to know how to fix it.  The site was built with ASP and I was asked to look at the code and help them find the security hole.

So, to the OP, if you plan on working in the profession, you kind of have to be a jack of all trades when it comes to security.  If you plan on Freelancing, you can specialize in certain fields of security, but in most cases, an employer expects you know how to fix any security problem once you get CEH, ECSA, LPT or some other security cert by your name.  Just be prepared for that.
Logged
MCP, CEH
RoleReversal
Sr. Member
****
Offline Offline

Posts: 436


View Profile WWW
« Reply #18 on: August 09, 2008, 03:53:58 AM »
Quote from: $w33p3R on August 09, 2008, 01:07:35 AM
First, they didn't realize how it happened

Unfortunately I'm seeing this far too often lately with developers.

A site (or several) get hit with an (often automated) SQL injection attack and the 'fix' is to roll the database back to a clean state. Then get confused when the same thing happens less than a week later (lather, rinse, repeat...). People seem intent on fixing the symptom rather than the cause where web-site infecction is involved.

I've also seen cases of otherwise secure coders cut&pasting code from another source without checking it cuts mustard from a security perspective
Logged
A little bit of sanity:
http://www.infosanity.co.uk
sgt_mjc
Full Member
***
Offline Offline

Posts: 141


View Profile
« Reply #19 on: August 11, 2008, 09:55:35 AM »
Nothing wrong with finding a DB vulnerable to this. The problem is that they (DBA, SA, NA) don't know that they don't know how to fix it. So instead of asking the question, it's easier to just roll back to the last backup. Which as RR pointed out, leaves them open for round 2. got to love the admins....
Logged
Mike Conway
CompTia Security +
C|EH
Cheap5.0
Newbie
*
Offline Offline

Posts: 9


View Profile
« Reply #20 on: August 13, 2008, 01:02:49 PM »
Thanks again for all the help with this guys, but i am having some trouble finding info about setting up a hack box/what kind of things i could do with one. 

I am slowly buying parts to rebuild my computer (getting stuff as 24 hour sales pop up, waiting for price drops, etc...) and i am thinking i will turn my current computer into a hack box.  Can someone link me to anything useful?
« Last Edit: August 13, 2008, 01:04:21 PM by Cheap5.0 » Logged
Cheap5.0
Newbie
*
Offline Offline

Posts: 9


View Profile
« Reply #21 on: August 25, 2008, 03:54:36 PM »
Anyone want to lend a hand here?  What should i be looking to accomplish when building a hack box?  Should i just throw some spare parts together, put *nix on it and network into everything else at home?  Then what? 

Sorry if it seems like a 'duh' question, but i really do mean whats next?
Logged
dalepearson
Full Member
***
Offline Offline

Posts: 145


View Profile
« Reply #22 on: August 25, 2008, 04:26:19 PM »
Any box can be a hackbox really.
As Linux is not really hungry on resources, it doesnt ask for to much, but I prefer to have a reasonable amount of memory for number crunching.
Logged
:: Security Active ::
sgt_mjc
Full Member
***
Offline Offline

Posts: 141


View Profile
« Reply #23 on: August 26, 2008, 11:42:28 AM »
A good processor and a decent amount of memory will help. All of our boxes here run on Linux. As dale pointed out, Linux runs light freeing more system resources for what you want to do. there are also many tools out there written just for just for Linux. Aircrack -ng for instance can be compiled to run on Windows, but the developer basically said that you are on your own for the required drivers for Windows. Good luck and happy hunting.
Logged
Mike Conway
CompTia Security +
C|EH
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.052 seconds with 23 queries.
 
Polls
Why a Career in Ethical Hacking:
 
Support EH-Net
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.