putosusio

The more secure sites stay in https, for example banking and e commerce sites. Usually social networking, some email sites, and forums don’t because security isn’t a concern. A good way to protect yourself is to use different passwords for different sites, even if they’re off by just a character or two.

Whatever you do, don’t act too quickly. There may be an APT in your organization.  A blog post on Mandiant’s website explains it better: http://blog.mandiant.com/archives/1525

reformat and be done with it.

simple and effective.

p.s. if your dad was a NSA cracker, you’re screwed.

Is this a home VOIP solution or an enterprise VOIP?

@Grendel wrote:

I hate programming as well. Over time I have found that (unfortunately) understanding programming becomes more important in more advanced skills, especially reverse engineering. It’s just one of the essentials that cannot be avoided.  >:-/ I wish it could be – I started out as a perl jockey since that was the most that was…

[Read more]

See if this helps answer your questions, http://www.schneier.com/blog/archives/2010/10/firesheep.html

If not, how about you do a write up about it for the EH community answering the questions you posted. I know I’d be interested to know more.

@infoseci wrote:

Coming soon we will demonstrate how to perform a MitM attack against SSL encrypted sessions.

… do I smell SSLStrip?

If you’re going to get into security, you might as well learn now; Security (the 8 mix character requirement) is not easy. If it was, everybody would be doing it and we would be out of a job.

Getting past the interview will be the issue.  The CISSP or any other cert will do you no good if you can’t do what it says your suppose to be able to do. There is no substitute for experience.

facsimil3 are you just starting your computer education or are you already taking classes?

Another good way to learn is to build yourself a computer lab. One machine with VMs will do just fine.

kaizen:

I didn’t mean to suggest that the Chinese government are responsible. I mentioned the chinese because most of the domains that were resolved were .cn domains.

The webistes I visited were from well know companies, i.e. Microsoft, VMware, Citrix, etc.  If I was infected by malware it had to have come from such a website. I would just…[Read more]

MaXe:

I do have wireshark and know how to follow the tcp stream. That’s what I was thinking about doing.  I haven’t used Snort before, but do know about it.  Learning a new tool is always a good thing anyway. I’m planning on disconnecting my modem and seeing where the malware is trying to call home to.

However, that won’t tell me where this t…[Read more]

make it easy, create and account for your roomate with no privledges.

Unfortunately, I may need to this soon.

Curse you chinese hackers … well thank you in a sort of twisted way.  At least the malware is on a test system.

I plan on taking the CISSP in Dec this year. Get a one year credit for having the Sec+ cert is definitely a plus.

One word on the topic of this thread, Certs only mean you passed a test, it doesn’t mean you can apply the material in the “real world”. Focus should be placed equally on gaining experience. After all, if you don’t get hired in the…[Read more]

Konboot and Cain and Abel are both great tools. I’ve used them with plenty of success many of times. 

Cain and Abel will need admin access when used over the network to access the admin$ share. Since he doesn’t have it, it will not help.

Another way to go about getting the current admin password is to use metasploit to exploit a vulnerability…[Read more]

check the nmap forums.  there are ways to bypass firewalls.  also, the nmap book is a great resource.

get metasploit, best of all its free.

Try what awesec has suggested.  A google search will get you all the info you need.

I like webgoat because its more than just a book that teaches you theory, it actually has hands on labs that will reinforce the lessons.