Damn. So we encourage these things now...?!

At first glance, I thought it said "die" on the board behind the dude in the picture.

Nothing makes me want to vote Ron Paul like spam.

Leonid: His page does have his contact information. Could be an interesting conversation...

I didn't know they compiled shiat that high, Private Numbnutz!

You code like old people fark!

Heh. He's a consultant in "penetration testing". The pay is low, but the benefits balance it all out.

This is about teach IT professionals on how an evil hacker will get into a computer system. Wait, we don't want people to know how to write secure code do we?!

Juggy bank? Wonder if they have tellers that jump on trampolines?

Eh...all the Internet needs are more script-kiddies...

/Hackers keep me in business.
//Bless their little live-in-their-moms-basement-never-seen-a-girl-naked hearts.

a/s/cc#?

I'm going to say Jack31081 wins.

Does this go with the kid yesterday that got arrested for proving a point by breaking into his school's network, after warning them about it?

About. Freaking. Time.

Nothing new about this. When I went for my MSCE (NT 4.0) this was common. In fact people passed tons of hacker code & tricks all over the place. It did teach us to how to keep people from cracking our systems.

heh, I could give a good Google search that would leave you wondering.

I had a course similar to this for my job. It was both scary and very envigorating to see just how simply some sites could be hacked. It really does make people think about security when programming, too.

7863 3453 9870 8872
2423 1231 8009 3223
8750 8797 0098 6532
8303 0012 2879 8744
7910 8970 1773 9728
7009 7696 0988 9821
9278 8773 9867 8870
9778 2897 0789 4389
9187 1623 7659 1319
9087 2837 2384 9871
1230 2870 1589 9386
9208 9808 2342 8754
2870 9834 0988 2439
2348 9803 9808 6584
3857 3879 6843 2132
2347 8676 3128 2348
3654 9687 2344 2433
8671 3748 3899 9243
6843 2313 8778 3213
9873 6351 4877 3153

jake_lex: You code like old people fark!

Hehehe.

/burned out developer

Having courses like this is a good thing.

Now if they could make all developers take these courses as part of their jobs, our lives would be much easier!

Seriously, as someone who works in Information Security, I have to work with developers who have never had any type of security education whatsoever.

Showing developers that there are really nefarious and yet simple ways to mess with their code will really encourage them to code using safer languages (not PHP - Java, ASP.NET, or Perl), better programming/performance techniques (using proper parameterized database queries instead of free-form SQL, and Stored Procedures or compiled middleware libraries for business logic that shouldn't be in web pages), and with locking down their applications in mind (ASP.NET Runtime Security Policies and Code Signing).

This article has the sensationalism that you'd expect, but is more practical for developers than anyone else.

but do they teach you how to hack the Gibson?
\obscure?
\\an angelina jolie classic

goldschlager16

Welp, I'm gonna have to go with the only hacking movie Angelina Jolie's been in; Hackers.

/D'uh, don't tell me it's obscure and give everyone a hint!
//Will be really embarassed if it's not Hackers.

Developers:

http://www.youtube.com/watch?v=KMU0tzLwhbE

I've actually taken one of these courses, by the company who's logo is in the background - EC-Council. Pretty interesting course. Had tons of tools and the "how to", not just script kiddie stuff. Test was hard as Hell though.

/Not a represenative, just a former customer

I have a co-worker who is barely computer literate, lacks the 'hacker mind', yet wants to land his dream job of being a netadmin in charge of security because it pays the big bucks. Trouble is, in the past month alone, I have busted him no less than five times logging in as an administrator in a crowded classroom to work on a machine and then walking away from it without logging out or locking it in order to get better reception on his cell phone or to work on another machine at the same time. He also never looks around to see if he is being shoulder surfed.

Last Friday, a student or students launched a small pskill attack on a lab he was in using local admin rights. Since he and I work in seperate buildings and he and I are the only ones (well, not any more, obviously) with those 'keys' and the attack was launched in and on his building, I think that boot camp or no, we can sum up the biggest computer vulnerability in one phrase, using my co-worker as an example:

"The weakest link in the security chain is the human one."

After that, friends, comes the software, IMHO.

I started a new job and the servers were being attacked DAILY by botnets in China, Korea, Taiwan, etc. They were running scripts trying to guess user-names and passwords via ssh.

"So, I'm seeing a lot of legitimate traffic over telnet and ftp, do you guys use ssh for anything?"

"What's ssh?"

"OK, nevermind."

Checked out the log files, found the only people trying to access ssh were foreign IP addresses.

service ssh stop

Problem solved.

I started a new job and the servers were being attacked DAILY by botnets in China, Korea, Taiwan, etc. They were running scripts trying to guess user-names and passwords via ssh.

"So, I'm seeing a lot of legitimate traffic over telnet and ftp, do you guys use ssh for anything?"

"What's ssh?"

"OK, nevermind."

Checked out the log files, found the only people trying to access ssh were foreign IP addresses.

service ssh stop

Problem solved.


nice.....way to ditch a secure protocol and instead use freaking clear text ftp and telnet.....sniff you very much.

you know firewalls have things called access lists. unless its just all hanging on the interwebs.....in which case I weep for you.

btw CEH was a joke... Test was silly also,(if you have really been into it for any length of time).. whatever you do don't mention your CEH at DefCon...

cabal08


Eh...all the Internet needs are more script-kiddies...

/Hackers keep me in business.
//Bless their little live-in-their-moms-basement-never-seen-a-girl-naked hearts.


and my guess is that you have never encountered a real hacker....atleast never found out about it....

funny, I've been to Tokyo, Amsterdam, and DC in the last 6months all for being a "little" hacker.

leddown00

"and my guess is that you have never encountered a real hacker....atleast never found out about it....

funny, I've been to Tokyo, Amsterdam, and DC in the last 6months all for being a "little" hacker."

And your guess is absolutely positively wrong but thanks for playing along anyway...

/Most so called "hackers" are just plain ole pesky with more software than skill.
//Know the difference between a "hacker" and a "cracker".

Jordan_Lund

I started a new job and the servers were being attacked DAILY by botnets in China, Korea, Taiwan, etc. They were running scripts trying to guess user-names and passwords via ssh.

"So, I'm seeing a lot of legitimate traffic over telnet and ftp, do you guys use ssh for anything?"

"What's ssh?"

"OK, nevermind."

Checked out the log files, found the only people trying to access ssh were foreign IP addresses.

service ssh stop

Problem solved.

Weeelll...

You may want to try tunnelling your FTP and Telnet traffic through SSH (after you change the default port #) and use an SSH client that supports public/private keys.

/Hey I'm just saying is all...

I love it when someone gets spanked and then starts crying about semantics.

cabal08

"//Know the difference between a "hacker" and a "cracker"."

ha.....your funny...in a sad way.

to even talk like that....ehhh...