pseud0

Odd. I thought it was about the same, and several people thought it was more packed than usual. Guess it all depends on where you were. There definitely seemed to be better “flow” in the hallways getting from one session to another.

I’ll be there tues-Sunday. BH and defcon.

I’m a little late to the game but finally setup my GrrCon travel a couple of weeks ago.  Anyone want to try to and plan an informal EH.net meet and greet at the @night event?

BH/defcon

I’ll be out there from 24th-29th and am willing to pickup my share of a bar tab for anyone wanting to get together.

So what’s the story guys?  Anyone trying to do an EthicalHacker network meetup at some point?

I bought this for myself as an early Xmas present.  Pretty happy with it so far in regards to being functional and portable.  I can sync it with my ipad or my droid phone.  Makes it a lot easier to use either one as a ssh platform into the actual testing server.

http://www.amazon.com/Verbatim-97537-Wireless-Bluetooth-Keyboard/dp/B004L9LT2E

For most activities involved in general pen testing a tablet or smartphone would be my last choice of platform.  Yes, some folks have done full BT installs on them but that is more for amusement than anything else.  Just not enough horsepower to do it directly from the mobile device.  That being said, I use an ipad in the field to do some quick re…[Read more]

I doubt the US would pull the trigger on a full blown cyber war except for very specialty, tactical operations.  Even then they’d go out of their way to prevent escalating with an entity like China that has a fully operational cyber warfare capability.  Remember, the US is in an awkward position.  We have possibly (probably) the most powerful cy…[Read more]

Think about it in regards to what the certs actually mean.  The GCFA and others like it are meant to show that you’re very familiar with the process of forensics and generally familiar with a variety of tools.  The EnCE and others like it are meant to show that you’re very familiar with one tool and generally familiar with the overall process of f…[Read more]

All the above info is dandy but I’d recommend stepping back for second and taking time to get the big picture.  As soon as you can find out what your new organization’s regulatory picture looks like.  All of the above comments focus on technical points and doing security for the sake of security.  The dirty little secret of most organizations is…[Read more]

The only really significant problem we run into with the “outside” APs is proving that they are “outside”.  If you’re looking for rogue access points it can get really difficult to figure out what might actually be on the client network and what is actually sitting at the law firm the floor above or the hedge fund the floor below.  The secondary r…[Read more]

See them all the time.  If we’re doing a wireless assessment and the client is in a dense area (tall building, office park, etc) we’ll find at least half a dozen WEP APs from various other companies that share the facility.  Heaven help you if the client’s building is downtown near apartments.  Not only do you have to bust out the directionals in…[Read more]

conch,
  Being new has nothing to do with the validity of your points.  You just happened to match the profile of a common tactic on a variety of forums.  When one of the interested parties wants to influence the conversation they create a new profile for the sake of posting comments.  It has become so common that it is assumed to be the case unt…[Read more]

infoseci,
  My prior comment wasn’t meant to suggest that we go on a snipe hunt, just pointing out to folks on both sides of the issue that it is fairly easy to spot someone that is coming on to the forum for the sole reason of trying to influence this conversation.  I think some of the prior posts have accurately reflect the mood regarding the i…[Read more]

Bill, I don’t know how much time I’ll have to spare but I can take a look.  Hit me up on my personal.

Hey, cool, another interested individual that registered today just so they could make this post.  Seems to be a trend on this subject. 

Hey Barrett? Barret Brown?  Meet me at camera 3.

How many names on that list were helping the Zetas because they had no choice?  You know, the entire “you’ll help us or we’ll kidnap your wife and daughter and put them through torture that hasn’t been seen since the Spanish Inquisition” sort of motivation.  It’s great that Anonymous is made up of…[Read more]

Funny timing.  I just got done speaking at FinCLOUD.  According to all the cloud vendors their environments would put the NSA to shame and there are no, and never will be, any security issues.  My quick points:

-don’t fall for the entire “the cloud” concept where everything is treated the same.  Find out exactly is going on.  Is it a public clou…[Read more]

I’ve got a sample of it on a usb drive in the lab.  It has a ball of duct tape the size of a soft ball wrapped around the body of it with skulls drawn on it because every time someone wanted to move files they’d grab that drive every time. We’d have 50 usb drives sitting on the table and this one would be hidden under a box and still someone…[Read more]