POLITICS
Get the politics out of the Net Admins face. There are several things that should be done to a network that sometimes are not done to enhance security in general.
1. No matter who completes the net admin role keep the training up to date. (put them on contract to keep from losing them)
2. Train your end users. The funds dispersed on both issues will quickly pay for themselves.
3. Lets face it, most companies use M$ products. In that case, patch, patch, patch...
4. Encryption, encryption, encryption
5. Run a security audit.

what's the best keylogger of all?

There isn't a BEST... since each type would suit for different circumstances... the KeyKatcher is a general well rounded one: http://keystroke-loggers.staticusers...re-keykatcher/

I really hope you don't mean the hacker community... since a fundamental ideal of hackerism is decentralization. There are no representatives, other than those de facto.

Responsibility to the Responsible... of course this is left to all those with piled higher and deepers... if you wish to be there, get one... we can only give warnings, it is up to them to take heed... by design they will never converge.

does that say "zeroCool?!

Hmm.. how about having admins that have a fucking clue on how to use the servers they are getting paid to admin? Face it.. the days of the knowledgeable sysadmin are slowly rotting. Now, it goes like this:

- Usermonkey in accounting is really good with a spreadsheet.

- Managermonkey notices this, realizes he can save money by canning the IT guy and letting the Usermonkey run the IT circut too, (network admin duties can't be much harder than a spreadsheet, right?), because he never hears anything from the IT guy anyway. (Hmmm.. maybe because the current admin has a clue..)

-Mannagermonkey adds system admin duty to Usermonkey's job, w/o pay increase or training or experence. Throws a couple MCSE study guides, and expects the best.

-Shit hits fan, worms go wild, and network goes to hell in a handbasket. Consultant is called in, cornholes the budget to fix the mess.

Think that never happens? Happened at my job last week, and several other places in the area. At least that translates to some business trips for me when they fuck up the network beyond all repair.. Sux for the poor IT guy there, who really knew his shit, but had a clueless boss..

In my mind a large percent of security problems come from three sources. This applys mostly to a corporate model and involves both the tech and administrative sides. Ignorace - not learning about security. Laziness - not caring about security. Greed - knowing that your servers are not secure, but not wanting to spend the time and/or money involved to fix them. Think about all those people that could have avoided nimba, or this ne MsSQL worm by patching thier computers months earlier.

This also parralles quit well with what is wrong with the world. (Ignorance, Laziness, Greed, and Sex)

--simple3

Hey if anyone feels that they can learn a lot between now and Defcon, and at Defcon, feel free to get famous by writing an article on computer security for these guys.

Due in December, lots of time to write!

.. or you could just join these guys! Don't forget the "Informant Tip Line"! :p