As always (and expected)... yet ANOTHER great writeup, sil.

Thanks (these are useful, not only for OUR learning, but for easily proving points, to those whom we're trying to persuade, regarding security practices and postures. 

Sil you are a mad genius, if this is what you get into when your bored I can only imagine what your capable of when properly motivated 

Very interesting article.

I would like to see more like this one on the net. Also, I would be curious whom are you following (blogs, twitter...)

YES!

I was following the first one, but had no ideea about the others. I put them on my list and I will try to read them as much as possible.

About twitter... well, I tried it once to use it, didn't get the idea and I decided that it is not for me. So... no twitter for me. Actually, lately I only follow security related websites and news (I know I am not paranoic, and I enjoy doing this).

Besides security I read a couple of books about nutrition (I recommend all of you Can We Live 150 Years?: Your Body Maintenance Handbook by Mikhail Tombak ), and other books about motivation and psychology (in order to keep myself sane )

Thanks agains, and I really like your posts.

There is nothing special that I can do that no one else can't. I know systems really well and I know networking very well... Security is the hobby part of the equation. I tend to think in the following terms:

1) I am in a game that I need to win
2) I need to NEVER get caught
3) I need to be aware that the admin is better than me
4) How would I DEFEND this trget system on an impenetrable scale if possible?
5) Now how do I break those defenses?
6) How do I do so with as little noise as possible.

Offense believe it or not is somewhat easy. It's delivery that becomes tough. I can almost guarantee you that even in the most compartmentalized networks and systems, there is always error. Its understanding the errors, knowing what to look for.

When I do things I almost always lab things up for my sanity and do my best to understand what my opponent can possibly see. I then try to figure out ways to minimize that. Here is a kicker for you... Tiger... Tiger is a Unix auditing tool. In the early mid 90's I would love finding it on clients' machines... Because Tiger was almost often misconfigured, I would gladly run Tiger on a machine I compromised This enabled me to see the flaws I needed to find. The admins? They thought all was gravy, after all, Tiger was auditing their system.