timmedin

[timmedin]

I find it funny that a university is having him come speak. In higher ed one of the most egregious sins is to plagiarize, and there is so much proof of him doing so (one example in his book is a rip of Chris Gate’s work and even has “cgates” in the text).

The guy is an absolute Charlatan. His felony fraud charges clearly prove it.

[timmedin]

More context and description (probably audio) would make this a useful learning tool. Right now it just shows what happened, without explaining why it happened or why you want step X to happen.

[timmedin]

I totally agree with everyone here. If you are just reading, then it works fine, but pictures, illustrations, and such are not displayed will on these devices. A tablet of some kinds works the best, but the battery life and back light are somewhat limiting.

Ironic, books on technology fail miserably when viewed on the latest technology.

[timmedin]

@WCNA wrote:

Exactly. That was my point- feel. Get a cutaway where you can change the pins to make it “progressive”.

I got this one:
http://www.lockpickshop.com/EZPLX.html

It is great and I can swap out pins so I can teach someone with two pins, but change them out so I practice with 6 pins with 1 or 2 being spool pins.

[timmedin]

The cutaways are super nice for explaining lock picking to people who don’t understand it. Once they can see what is going on inside the lock it the whole process makes more sense. Plus, newbies can see what they are doing when first starting out.

[timmedin]

I use Ubuntu x64 and have no problems Pen Testing from it. If I did, I’d fire up a VM.

[timmedin]

It’s not just that, there is more too it. I you type http://www.paypal.com into your browser you will go to paypal and be redirected to https. SSLStrip will negotiate the secure traffic with the server, but then rewrite it so the user is never sent to the SSL site. No need to see any cert errors on the client side.

I don’t believe it is implemented yet, but since you are in the middle of the connection you can mess with the nline Certificate Status Protocol (OCSP). “Applications are required to check for revocation of the certificate before accepting it. The application should support both CRL and OCSP, although OCSP is clearly the wave of the future and the only scalable approach.
(In his presentation Marlinspike suggests a method for bypassing OCSP by returning a “Try again later” code, in which case the application typically gives up and authenticates. The EV rules state: “If the application cannot obtain a response using one service, then it should try all available alternative services.” This precludes the lazy behavior described by Marlinspike.)”
(ref: http://extendedvalidationsslcertificates.com/)

The “Try again later” code is the only response from the server that is not encrypted. If I remember correctly, most of the browsers will continue to the site if they can’t get a good OCSP response, but you might want to double check.

[timmedin]

Someone asked for my changes. Here they are, but they may invalidate support, cause other problems, kill puppies, or cause bad breath. Proceed at your own risk.

Edit /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata/postgresql.conf
Line 61, change max_connections from 100 to 50

Line 104, change shared_buffers from 32MB to 16MB

The combination of these two settings reduces memory consumption by 75%.

[timmedin]

@digitalsecurity4u wrote:

Making yourself the poster child of how not to run a security company, nice.

I actually appreciate someone trying to take on Anonymous. Whether you support the cause that Anonymous stands for, what they are doing *is* illegal. And we supporting an “ends justify the means” approach is very dangerous.

If they ever recovery its going to be a while and no steak is going to remove that black eye.

They are dead. My understanding is that they have two employees left.

The using of the same password accross domains (company and internet) really kills me.

Yeah, not a great idea, but I can guarantee they they aren’t the only security company doing it.

[timmedin]

@kagyu wrote:

The test is cake if you took the SANS class.  My suggestion would be to improve the index in each book to allow you to find things easier if you want to double-check before you answer the questions.

If you didn’t take the SANS class and are challenging the test, that may be more challenging.

I totally agree with kagyu. If you have taken the class and you have the books the test isn’t hard to pass. You have plenty of time to look stuff up, so do it. They aren’t breaking any new ground here, so look in the books.

[timmedin]

I use Nessus and NeXpose regularly. I really like NeXpose’s UI (Nessus’s sucks) and its web checks. The pretty export formats are nice, but the down and dirty csv and xml formats leave much to be desired.

NeXpose is also a memory pig! So buy some more ram. Support won’t even talk to you if you don’t have 4Gb available. After making a few [unsupported] tweaks to the db config it doesn’t pound my testing lappy when I run it.

They also have a few false positives (MS09-001), but otherwise it is quite accurate.

The biggest pain point is it licensing model. You have to pay by the number of IPs it can scan, which is counter to Nessus’s scan the planet method.

I know I sound like I’m dogging on NeXpose, but I actually quite like it. The UI is something I really like. Also, if you run it internally, you can compare scans which is a big plus!

[timmedin]

Python, if for no other reason than Scapy.

[timmedin]

Microsoft did a great study on passwords, rotation, and complexity.
http://research.microsoft.com/apps/pubs/?id=74164

In short, the more often a password was rotated, the less complexity users employed. My push has been to require much more complex [s:3qt3c6j4]passwords[/s:3qt3c6j4] passphrases and rotate them yearly (not every 90 days).

As for service accounts and other non-user accounts. Always keep them at least 15 characters. That way it prevents the cryptographic weakness in Windows Lan Manager from even being an issue.

[timmedin]

There have a number of security companies pwned in the last few years. I’d be shocked if a number of the bigger companies wouldn’t also be pwnable, especially when you count the SE attacks. The SE attacks aren’t a pass/fail, its a question of what percentage of the people will fall for it.

[timmedin]

Those guys have been cranking out releases recently.

[Author]

Posts