.. or you could just join these guys! Don't forget the "Informant Tip Line"! :p

Hey if anyone feels that they can learn a lot between now and Defcon, and at Defcon, feel free to get famous by writing an article on computer security for these guys.

Due in December, lots of time to write!

In my mind a large percent of security problems come from three sources. This applys mostly to a corporate model and involves both the tech and administrative sides. Ignorace - not learning about security. Laziness - not caring about security. Greed - knowing that your servers are not secure, but not wanting to spend the time and/or money involved to fix them. Think about all those people that could have avoided nimba, or this ne MsSQL worm by patching thier computers months earlier.

This also parralles quit well with what is wrong with the world. (Ignorance, Laziness, Greed, and Sex)

--simple3

Hmm.. how about having admins that have a fucking clue on how to use the servers they are getting paid to admin? Face it.. the days of the knowledgeable sysadmin are slowly rotting. Now, it goes like this:

- Usermonkey in accounting is really good with a spreadsheet.

- Managermonkey notices this, realizes he can save money by canning the IT guy and letting the Usermonkey run the IT circut too, (network admin duties can't be much harder than a spreadsheet, right?), because he never hears anything from the IT guy anyway. (Hmmm.. maybe because the current admin has a clue..)

-Mannagermonkey adds system admin duty to Usermonkey's job, w/o pay increase or training or experence. Throws a couple MCSE study guides, and expects the best.

-Shit hits fan, worms go wild, and network goes to hell in a handbasket. Consultant is called in, cornholes the budget to fix the mess.

Think that never happens? Happened at my job last week, and several other places in the area. At least that translates to some business trips for me when they fuck up the network beyond all repair.. Sux for the poor IT guy there, who really knew his shit, but had a clueless boss..

does that say "zeroCool?!

I really hope you don't mean the hacker community... since a fundamental ideal of hackerism is decentralization. There are no representatives, other than those de facto.

Responsibility to the Responsible... of course this is left to all those with piled higher and deepers... if you wish to be there, get one... we can only give warnings, it is up to them to take heed... by design they will never converge.

There isn't a BEST... since each type would suit for different circumstances... the KeyKatcher is a general well rounded one: http://keystroke-loggers.staticusers...re-keykatcher/

what's the best keylogger of all?

POLITICS
Get the politics out of the Net Admins face. There are several things that should be done to a network that sometimes are not done to enhance security in general.
1. No matter who completes the net admin role keep the training up to date. (put them on contract to keep from losing them)
2. Train your end users. The funds dispersed on both issues will quickly pay for themselves.
3. Lets face it, most companies use M$ products. In that case, patch, patch, patch...
4. Encryption, encryption, encryption
5. Run a security audit.

The cDc? Are you serious? With the exception of getting up on stage, parading around like idiots, and throwing meat into the crowd, they haven't done a damn thing since the release of BO2K. That 'group' has pretty much devolved into a half-dozen competent people and 900,000 hangers-on. These are not people that I want representing either myself or this community in the capacity that you're suggesting.

@stake... At least they make *some* effort. I do miss the l0pht, though. A lot of good stuff came out of them.

cDc


just clarifying...:)

There is no such thing as a neutral corporation. It is there job to separate people and their money. There may be a few who are actually interested in benefiting humankind, but the majority just want your $$.

--simple3

resistance is futile

the reasons wifi is insecure:

• there are no visual boundaries (not out of the box)
  most people do not rtfm.
  most people do not apply if they did rtfm.
  it is most difficult to control what you can't see what you are sending and who you are sending it to.

... on top of the already underlying security that WLANS, WAPS use such as Remote Access Dialin User Service (RADIUS) and implementations of RADIUS, in store for 802.11i is the temporal key integrity protocol (TKIP), and the Advanced Encryption Standard (AES) protocol.

... you can throw all the crypto you want at it, someone will be able to punch a hole due to some vulnerability in who it was written, what had been forgotten, what had been undocumented, etc... it isn't the crypto that people need to worry about, it is the application of the crypto that will fuck the most perfect transaction.

Without following my initial comments there can be nothing created that will not be broken almost as soon as it is out in the wild. This is why tranparency must exist, and this puts most of the work on the hardware and the design and engineering of the security widget... which puts pressure on those who end up writing the code, and making sure that it is checking for buffer overflows, throwing the correct exceptions, avoiding undocumented features, etc.

you can think up of a few hundred things to make in a good brainstorming session but without thinking them all the way through they would all be worthless by the time they left the door.

Relax Kelvin.....

Just looking to post a topic that would stimulate interesting dialog.
Don't worry you are not doing someone else's work!

Back to the topic at hand, I agree with C0nv3r9 I think security is going to converge in the WiFi sector.
Specifically, perhaps a WiFi protected Access standard?

this sounds a lot like the sssca/wtfataun (whatever the fuck acronym they are using now). Everything encrypted with their keys... or like MS palladium almost everything encrypted and you must get permission from them to run anything on your computer

ok maybe not quite the same

--simple3