timmedin

lorddicranius replied to the topic Anyone read your InfoSec books on Kindle? in the forum Book Reviews 9 years, 10 months ago

@timmedin wrote:

Ironic, books on technology fail miserably when viewed on the latest technology.

lol 😛

I was just listening to the Wireshark University certification video this morning and the issue with images, tables, etc is exactly why the Wireshark Network Analysis book wasn’t made into an electronic version.

I’ve never used a handheld…[Read more]
lorddicranius replied to the topic The inside story of the HBGary hack in the forum Ethical Hacktivism 10 years ago

@timmedin wrote:

If they ever recovery its going to be a while and no steak is going to remove that black eye.

They are dead. My understanding is that they have two employees left.

Aaron Barr has finally resigned. When you say only 2 employees left, is that just HBGary Federal, or HBGary? Reading the chat logs from when Penny Leavy was p…[Read more]
unsupported replied to the topic Does use on NMAP and other port scanners illigal ..? in the forum Tools 11 years, 2 months ago

@timmedin wrote:

If you are scanning your internal systems, GET WRITTEN PERMISSION!

The tool isn’t illegal, except maybe in Germany. Anyone know the details of the German law?

I have not verified this, but it is my understanding that German laws have been rewritten to include a ban on EVIL and that it is not illegal to use hacking tools for research.
Ignatius replied to the topic Hacked E-Mails Fuel Global Warming Debate in the forum Malware 11 years, 3 months ago

@timmedin wrote:

I read a bunch of this attack, but I never saw this evidence released. Seems pretty damning. Funny, I haven’t really seen it on the news.

Yes, I’ve seen it mentioned on several fora but nada in the UK news. *IF* it’s all a big conspiracy (hmm, where have I read about conspiracy theories before?), maybe the news organisations…[Read more]
jason replied to the topic Internet Explorer 8 Best at Stopping Malware, Phishing in the forum Malware 11 years, 4 months ago

@timmedin wrote:

But how many of your family members just click the “Allow All Scripts on this Page” button every time they go to a page?

None! This results in considerable hand slapping and birthday removal. For the most technically challenged of them, I just went through their list of common pages and trained noscript for them. They generally…[Read more]
timmedin replied to the topic Corporate AV Solution in the forum Other 11 years, 4 months ago

@Dengar13 wrote:

@timmedin wrote:

Pretty much everywhere I’ve been we have used Symantec. I’ve liked it until the latest version. I HATE it now.

Why do you hate SEP as opposed to 10.x and earlier? I felt the exact opposite. The only ones who complain are the developers who I think would whine over anything. They say that it pegs their hard dr…

[Read more]
Dengar13 replied to the topic Corporate AV Solution in the forum Other 11 years, 4 months ago

@timmedin wrote:

Pretty much everywhere I’ve been we have used Symantec. I’ve liked it until the latest version. I HATE it now.

Why do you hate SEP as opposed to 10.x and earlier? I felt the exact opposite. The only ones who complain are the developers who I think would whine over anything. They say that it pegs their hard dr…[Read more]
eternal_security replied to the topic CTP aka Cracking The Perimeter Live Online June 3 2009 in the forum OSCP – Offensive Security Certified Professional 11 years, 7 months ago

@timmedin wrote:

I’m a little wary of the cert with the word “expert” in it.

If you knew the pain muts puts you through in the courses he develops, you would understand that, by the time you finish, and if you can pass the challenge, you will have expert-level skills.
Vedder replied to the topic openssh 0day rumors in the forum Malware 11 years, 7 months ago

@timmedin wrote:

All you probably know by now, but it was a hoax.

They have hit Imageshack over the weekend, looks like its another ssh exploit.

I thought it was a hoax at first as well, now I am not so sure.
W3bWarl0cK replied to the topic Web Hosting Services and Web Site / Web Application Vulnerability in the forum Other 11 years, 9 months ago

@timmedin wrote:

I agree jimbob.

Assuming the client wrote the website, then the vulnerability is theirs and they would (should) fix it.

Generally, this is how it would work. The HSP is responsible for nothing more than the hosting, anything that’s done with the applications that are run on the server is the responsibility of the client.

I…[Read more]
unsupported replied to the topic firewalking ? in the forum Network Pen Testing 11 years, 9 months ago

@timmedin wrote:

As an aside, the countermeasure for this is to disable outbound ICMP_TIME_EXCEEDED or just icmp in general.

If you disable the outbound ICMP you would also effect the internal users wanting to get out. Is it an option to disable the inbound ICMP? Granted, this would still allow an attacker internally from firewalking from an i…[Read more]
Anonymous replied to the topic file access from a webserver – obscuring enough? in the forum Web Applications 11 years, 10 months ago

@timmedin wrote:

This would bump up the security a bit, but not totally prevent unauthorized access. If you edited your .htaccess file on the file server an only allowed access if the refferer was your other site.

One thing to remember is that the referrer header is sent by the client i.e. the web browser. It therefore cannot be trusted as a…[Read more]
Data_Raid replied to the topic Abuse proceed? in the forum Incident Response 11 years, 10 months ago

@RoleReversal wrote:

@Ketchup wrote:

I think that the answer is to hack them back ;D

hadn’t thought of that, where’d I leave db_autopwn?….. 😉

@timmedin wrote:

I tried so many times to contact people and I have given up. I was Gung Ho when I first started and wanted to help save the world, sadly, the world doesn’t care or is full of peons or…

[Read more]
RoleReversal replied to the topic Abuse proceed? in the forum Incident Response 11 years, 10 months ago

@Ketchup wrote:

I think that the answer is to hack them back ;D

hadn’t thought of that, where’d I leave db_autopwn?….. 😉

@timmedin wrote:

I tried so many times to contact people and I have given up. I was Gung Ho when I first started and wanted to help save the world, sadly, the world doesn’t care or is full of peons or bureaucracy and no…

[Read more]
jason replied to the topic German armed forces gearing up for cyber war in the forum News from the Outside World 11 years, 10 months ago

@timmedin wrote:

I listened to Marcus J. Ranum (CEO of Tenable, makers of Nessus) Hack in the Box talk about Cyberwar is Bullsh*t (google for details, it is NSFW so I won’t post a link). Where he made case that it is not a viable attack mechanism.

Hrmm I don’t agree with that either. Neither, it seems, do many governments and a heck of alot of…[Read more]
RoleReversal replied to the topic Booby-trapped javascript in the forum Malware 11 years, 11 months ago

@timmedin wrote:

How does javascript (in the browser?) detect that it is in a VM?

Sorry, bit ambiguous there. I meant that I don’t think anyone will be surprised that Javascript is starting to take steps to mess with an analysts toys, I used malware/VMware detection as a comparison, not a specific ability of the javascript.

I’m not aware of any…[Read more]
Jhaddix replied to the topic Sharpening the Saw in the forum Other 11 years, 11 months ago

@timmedin wrote:

@Jhaddix wrote:

1) Well, 30 blogs is good, but there are many more. I have a custom OPML file which includes mine, most of my instructors from SANS, the security bloggers network, and tons of other feeds.

Mind sharing the OPML?

i did! =P
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3492.msg16190/#msg16190
Dark_Knight replied to the topic Sharpening the Saw in the forum Other 11 years, 11 months ago

@Jhaddix wrote:

@timmedin wrote:

@Manu Zacharia (-M-) wrote:

Come here daily and interact in the forums / posts :).

Well duh… ;D
but what else do you guys do? I listen to 30 podcasts and follow a bunch of blogs. What else do you guys do?

1) Well, 30 blogs is good, but there are many more. I have a custom OPML file which includes mine, most…

[Read more]
Dark_Knight replied to the topic CCNA Opinions in the forum General Certification 11 years, 11 months ago

@timmedin wrote:

I came up through networking so it helped me a bunch. Now working on the security side it helps when assessing network devices. I would say it wouldn’t hurt, but it depends on your career goal. What are you wanting to do?

Thanks all for the responses there are much appreciated. The goal is to be a well rounded security…[Read more]
Jhaddix replied to the topic Contributing to the Community in the forum Other 11 years, 11 months ago

@timmedin wrote:

Besides the obvious contributing to EH.net, what are some ways that you guys contribute?

I believe that one of the best ways to learn is to teach. I also want to contribute to the community from which I have gleaned so much. I’m looking for some input and I thought it may benefit others and the community in general.

Hey…[Read more]
Load More