lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: id3nt at hush.com (id3nt@...h.com)
Subject: Training & Certifications

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Letters after a name are just that, letters. Anybody can take tests,
spend countless hours in a classroom but at the end of the day not retain
a single thread of information.

We'll use Curt as the example here as he seems to have a lot of letters.

Curt, you didn't define the case scenario for the first thing you do
on a windows box.

One would hate to reboot a box and lose any valuable evidence of an intruder
or otherwise incriminating material.

Depending on the circumstances:

One might, make a complete copy of the the system
Unplug it from the network


Curt, it sounds like you come from an extensive background in computer
building and repair. Just look at the letters after your name, MCSE+I,
 CNE, CCDA ....


While I've never actually attempted the following "only because the guys
in the company don't give me the authority to do so"


Setup a system with vulnerabilites known to you only. When interviewing
potential Security Experts, Hackers or thiefs ask them to either

A. Penatrate the box
B. Secure the Box
C. Perform Digital Forensics
D. Throw it out the window

Don't limit interviews to an hour or two when hiring for the above mentioned
positions.


And finally, try

networksthatknow.com
fuckcisco.com


This has been a public service announcement from your friendly .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................




>Like the ones behind my name ;)  Actually the one I've always wanted,

> CCIE,
>I'll likely never get because of the time and resources you need
>to dedicate
>to it.
>
>> "What is the
>> > first thing you do with a Windows box and the last
>> > thing you do with a *NIX
>> > box when you have trouble?" Answer: reboot.
>>
>> In the real world, rebooting a Windows
>> box isn't the first thing you should be doing.
>
>Oh contraire, the first thing we do when we go onsite to work on
>windows box
>is ask my client to reboot it first, particularly if it is a server,

> as
>occassionally they they do not come back up, and we do not want
>to be blamed
>just because the OS is unstable (we have never had a problem with
>*NIX or
>Netware, or AS/400 for that matter).  Also 90% of the time, that
>simple
>rebooting fixes the problem they had (again attributal to a flaky
>OS).  Of
>course if this is a production that is still online and working,
> we arrange
>to do this off-hours. This is the reason all our in-house servers
>are UNIX
>and Netware and 90% of our desktops are Linux (I prefer SuSe from
>a security
>standpoint.)
>
>Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
>Information Security Engineer
>DP Solutions
>
>----------------------------------------
>
>If you spend more on coffee than on IT security, you will be hacked.
>What's more, you deserve to be hacked.
>-- White House cybersecurity adviser Richard Clarke
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkBwUiQACgkQIgPmhDwqbfQkJACgmYTbaC+WW4rrAtqSTBBQDIEDdYMA
oI/p64QT6hWvt1/07cCwjRZFvCYn
=WU3X
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ