|
El33tsamurai
|
 |
« Reply #30 on: June 25, 2011, 08:14:52 AM » |
|
You're absolutely right. But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai. I don't think he intended it quite the way you took it. By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'
That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.
I agree with you and sorry did not mean for it to come off so harsh just working with people that don't know this stuff I know how sometimes it can be frustrating for them if its forced on them. The biggest problem before this happened I would say is companies did not want to give that much money to the info sec department because they thought well who's going to hack us. Now I think more money will be put towards info sec I hope. |
|
|
|
|
Logged
|
CCENT, A+, Network+, Security+
|
|
|
|
El33tsamurai
|
|
« Reply #31 on: June 25, 2011, 08:23:19 AM » |
|
You're absolutely right. But I think you're a bit harsh on the rebuttal, towards j0rDy, El33tsamurai. I don't think he intended it quite the way you took it. By enforce it, I'm certain he meant having systems and policies, in place, to not allow 'weak passwords'
That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in's and out's of 'real' security.
you are right hayabusa, thats exactly how i mean it. a security awareness training once a year wont hurt anyone, and by implementing policies and guidelines along with applications that just dont allow weak passwords (when you enter one you will get a message that the password is too weak and you have to choose another one) might be considered annoying, but giving the news items lately it has become mandatory to do so. if you look at recent developments on password cracking, depending on the cracking and hashing method, an eight character password containing all possible characters takes about a day if you have "just" a high end workstation. after that it becomes significant longer (nine takes about a week and ten takes 20 years or something), so if you want to protect valuable information, i think you know what to do. Hey man I am sorry if I came off harsh, also on this note I think security awareness should be going on all the time. Should have posters made and put up all over the place ie: http://www.infosecuritylab.com/index.php?page=9This will make people smile as they walk by and more likely to remember the message. Have the positions changes once a month so the same people are looking at different posters all the time. Have a security intranet website or newsletter where the people can go and get updates about info sec. Give away things like pens, mugs, mouse pads, ect if the budge allows for it to people that are security conscience. Then have trainings once every 6 months or year, but make it fun so people will want to come not just a power point and lecture. The more fun you make it the more people will want to do it. |
|
|
|
|
Logged
|
CCENT, A+, Network+, Security+
|
|
|
|
j0rDy
|
|
« Reply #32 on: June 26, 2011, 08:53:43 AM » |
|
Is it truly the end of Lulzsec??? http://pastebin.com/1znEGmHaPerhaps it is for the best, statement is made, the whole IT market is on its toes again and we are getting more work then ever... |
|
|
|
|
Logged
|
ISC2 Associate, CEH, ECSA, OSCP, OSWP
earning my stripes appears to be a road i must travel alone...with a little help of EH.net
|
|
|
|
El33tsamurai
|
|
« Reply #33 on: June 27, 2011, 09:31:12 AM » |
|
Looks like they are quitting before they all get caught, wonder if this will help them. The people looking for them I fell will probably find them with all the sorceress at there disposal.
|
|
|
|
|
Logged
|
CCENT, A+, Network+, Security+
|
|
|
|
|
|
El33tsamurai
|
|
« Reply #35 on: June 27, 2011, 09:52:26 AM » |
|
|
|
|
|
|
Logged
|
CCENT, A+, Network+, Security+
|
|
|
|
j0rDy
|
|
« Reply #36 on: June 28, 2011, 02:12:15 AM » |
|
hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected...guess we will never know...
|
|
|
|
|
Logged
|
ISC2 Associate, CEH, ECSA, OSCP, OSWP
earning my stripes appears to be a road i must travel alone...with a little help of EH.net
|
|
|
|
lorddicranius
|
|
« Reply #37 on: June 28, 2011, 08:15:08 AM » |
|
|
|
|
|
« Last Edit: June 28, 2011, 10:16:19 AM by lorddicranius »
|
Logged
|
GSEC, eCPPT, Sec+
|
|
|
|
El33tsamurai
|
|
« Reply #38 on: June 28, 2011, 10:12:45 AM » |
|
hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected...guess we will never know...
Come on man oldest trick in the book. Trojan horse ring a bell, lol? |
|
|
|
|
Logged
|
CCENT, A+, Network+, Security+
|
|
|
|
|
|
j0rDy
|
|
« Reply #40 on: June 29, 2011, 05:50:22 AM » |
|
hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected...guess we will never know...
Come on man oldest trick in the book. Trojan horse ring a bell, lol? odds are (were actually) they put it in themselves, but if they just copy files from a system, chances are they copy (without knowing about it) an infected file with it...but the pirated WinRar story is great! |
|
|
|
|
Logged
|
ISC2 Associate, CEH, ECSA, OSCP, OSWP
earning my stripes appears to be a road i must travel alone...with a little help of EH.net
|
|
|
|
