Announcement

Collapse
No announcement yet.

Security

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gadsden
    replied
    Originally posted by astcell
    Hey if anyone feels that they can learn a lot between now and Defcon, and at Defcon, feel free to get famous by writing an article on computer security for these guys.

    Due in December, lots of time to write!
    .. or you could just join these guys! Don't forget the "Informant Tip Line"! :p

    Leave a comment:


  • astcell
    replied
    Hey if anyone feels that they can learn a lot between now and Defcon, and at Defcon, feel free to get famous by writing an article on computer security for these guys.

    Due in December, lots of time to write!

    Leave a comment:


  • simple3
    replied
    In my mind a large percent of security problems come from three sources. This applys mostly to a corporate model and involves both the tech and administrative sides. Ignorace - not learning about security. Laziness - not caring about security. Greed - knowing that your servers are not secure, but not wanting to spend the time and/or money involved to fix them. Think about all those people that could have avoided nimba, or this ne MsSQL worm by patching thier computers months earlier.

    This also parralles quit well with what is wrong with the world. (Ignorance, Laziness, Greed, and Sex)

    --simple3

    Leave a comment:


  • Gadsden
    replied
    Hmm.. how about having admins that have a fucking clue on how to use the servers they are getting paid to admin? Face it.. the days of the knowledgeable sysadmin are slowly rotting. Now, it goes like this:

    - Usermonkey in accounting is really good with a spreadsheet.

    - Managermonkey notices this, realizes he can save money by canning the IT guy and letting the Usermonkey run the IT circut too, (network admin duties can't be much harder than a spreadsheet, right?), because he never hears anything from the IT guy anyway. (Hmmm.. maybe because the current admin has a clue..)

    -Mannagermonkey adds system admin duty to Usermonkey's job, w/o pay increase or training or experence. Throws a couple MCSE study guides, and expects the best.

    -Shit hits fan, worms go wild, and network goes to hell in a handbasket. Consultant is called in, cornholes the budget to fix the mess.

    Think that never happens? Happened at my job last week, and several other places in the area. At least that translates to some business trips for me when they fuck up the network beyond all repair.. Sux for the poor IT guy there, who really knew his shit, but had a clueless boss..

    Leave a comment:


  • KeLviN
    replied
    Originally posted by zerocool
    what's the best keylogger of all?

    does that say "zeroCool?!

    Leave a comment:


  • blackwave
    replied
    Originally posted by 0versight
    Then who do you recommend to represent our community?
    I really hope you don't mean the hacker community... since a fundamental ideal of hackerism is decentralization. There are no representatives, other than those de facto.

    Originally posted by 0versight
    If it ever were to happen that Washington started taking advice about what laws to make for Computer Security?
    Responsibility to the Responsible... of course this is left to all those with piled higher and deepers... if you wish to be there, get one... we can only give warnings, it is up to them to take heed... by design they will never converge.

    Leave a comment:


  • blackwave
    replied
    Originally posted by zerocool
    what's the best keylogger of all?
    There isn't a BEST... since each type would suit for different circumstances... the KeyKatcher is a general well rounded one: http://keystroke-loggers.staticusers...re-keykatcher/

    Leave a comment:


  • zerocool
    replied
    what's the best keylogger of all?

    Leave a comment:


  • pezz
    replied
    POLITICS
    Get the politics out of the Net Admins face. There are several things that should be done to a network that sometimes are not done to enhance security in general.
    1. No matter who completes the net admin role keep the training up to date. (put them on contract to keep from losing them)
    2. Train your end users. The funds dispersed on both issues will quickly pay for themselves.
    3. Lets face it, most companies use M$ products. In that case, patch, patch, patch...
    4. Encryption, encryption, encryption
    5. Run a security audit.

    Leave a comment:


  • skroo
    replied
    Originally posted by 0versight
    Thats true, but maybe a few groups that should give their opinions are, @stake, CdC, and the like.....
    The cDc? Are you serious? With the exception of getting up on stage, parading around like idiots, and throwing meat into the crowd, they haven't done a damn thing since the release of BO2K. That 'group' has pretty much devolved into a half-dozen competent people and 900,000 hangers-on. These are not people that I want representing either myself or this community in the capacity that you're suggesting.

    @stake... At least they make *some* effort. I do miss the l0pht, though. A lot of good stuff came out of them.
    Last edited by skroo; February 1, 2003, 17:12.

    Leave a comment:


  • KeLviN
    replied
    Originally posted by 0versight
    Thats true, but maybe a few groups that should give their opinions are, @stake, CdC, and the like.....
    cDc


    just clarifying...:)

    Leave a comment:


  • simple3
    replied
    There is no such thing as a neutral corporation. It is there job to separate people and their money. There may be a few who are actually interested in benefiting humankind, but the majority just want your $$.

    --simple3

    Leave a comment:


  • blackwave
    replied
    resistance is futile

    the reasons wifi is insecure:
    • there are no visual boundaries (not out of the box)
      most people do not rtfm.
      most people do not apply if they did rtfm.
      it is most difficult to control what you can't see what you are sending and who you are sending it to.


    ... on top of the already underlying security that WLANS, WAPS use such as Remote Access Dialin User Service (RADIUS) and implementations of RADIUS, in store for 802.11i is the temporal key integrity protocol (TKIP), and the Advanced Encryption Standard (AES) protocol.

    ... you can throw all the crypto you want at it, someone will be able to punch a hole due to some vulnerability in who it was written, what had been forgotten, what had been undocumented, etc... it isn't the crypto that people need to worry about, it is the application of the crypto that will fuck the most perfect transaction.

    Without following my initial comments there can be nothing created that will not be broken almost as soon as it is out in the wild. This is why tranparency must exist, and this puts most of the work on the hardware and the design and engineering of the security widget... which puts pressure on those who end up writing the code, and making sure that it is checking for buffer overflows, throwing the correct exceptions, avoiding undocumented features, etc.

    you can think up of a few hundred things to make in a good brainstorming session but without thinking them all the way through they would all be worthless by the time they left the door.

    Leave a comment:


  • Moenapper
    replied
    Relax Kelvin.....

    Just looking to post a topic that would stimulate interesting dialog.
    Don't worry you are not doing someone else's work!

    Back to the topic at hand, I agree with C0nv3r9 I think security is going to converge in the WiFi sector.
    Specifically, perhaps a WiFi protected Access standard?

    Leave a comment:


  • simple3
    replied
    Originally posted by 0versight
    Make it a standard that everything must include some type of encryption would be a good idea. You CAN do it yourself, but the common general public do not do this, and what I mean by common public, people who aren't deeply interested in computers like us.
    this sounds a lot like the sssca/wtfataun (whatever the fuck acronym they are using now). Everything encrypted with their keys... or like MS palladium almost everything encrypted and you must get permission from them to run anything on your computer

    ok maybe not quite the same

    --simple3

    Leave a comment:

Working...
X