Alternative Knoppix Bootable CD Distros
July 22nd, 2005
Some lesser known knoppix bootable linux cds. Give them a try!
Auditor
WarLinux
Knoppix MAME
Elive
Are all listed and described.
Also try WHAX/Whoppix
Archive for July, 2005
How to pick a lock
July 22nd, 2005
ever wondered how to pick a lock…well now you can know. i have tried
the pin column lock explanation they gave and it was open with no
problem
U.S. Patriot Act Extended
July 22nd, 2005
Your lack of privacy has been extended: “In the wake of today's London
bombings.. this revision includes 10 year extensions to two other
provisions set to expire on December 31, one allowing roving wiretaps
and another allowing searches of library and medical records.”
This is a very popular and controversial subject. There many digg comments on it.
Here is what I have to say about it:
Privacy is over rated anyway.. AMERICA FUCK YEAH!!
Listen folks.. freedom is not free, it is relative. Now think about that.
We are only ever truly FREE in our own minds and I suspect that even
that will be up for public record before Generation X expires. Happy
hanukkah, bitches. (see freedom of speech.. thats why I love America)
*******************************************
Do your really think the Patriot Act will go away?
How many times has the Federal government relaxed some of its power? The Patriot Act is here to stay.
Fear will continue to justify the loss of privacy and certain freedoms.
I think if people knew the what certain levels of the intel world knows
they would give up those freedoms willingly.
It seems like national karma. The policies and interests that the U.S.
and its allies have supported to aggressively protect their freedoms
have stepped on some toes (i.e. training Taliban and Osama to fight
Russia). Now the enemies of our enemies have turned on us (just like
Suddam and the Bath Party did). And the very freedoms we were trying to
protect are threatend by and ideology that is even worse for capitalism
than communism.
Its as if we paid Satan to get rid of Hitler and expected the Prince of Darkness to be our homie after the job was finished.
******************************************
Complaining about it is useless.
VOTE! Write your congress person and/or reps–> http://www.house.gov/writerep/
Here is what your representatives did:
October 25, 2001: Senate Passes H.R. 3162, the USA PATRIOT Act. The
vote was 98-1 with Senator Russ Feingold the only member voting against
passage of the bill.
Eventually even Russ Feingold folds:
http://feingold.senate.gov/~feingold/statements/05/07/2005721526.html
Official Longhorn Name is Windows Vista
July 22nd, 2005
The official new name for the Longhorn operating system is Microsoft Windows Vista.
I'm excited about Vista inspite of myself. I'm not fond of
Microsoft's relentless business practices, but I think they've got
pretty solid products (excluding Windows ME and other disasters).
They have the resources and skills to adjust to the ever changing tech
climate.
I.E is not one of my favorite browsers, its just leaves me too exposed,
but Windows has evolved quite nicely. All that is left is for
them to copy UNIX like OSX did and they will be untouchable like Eliot
Ness!
They should be releasing IE7 with Vista.
Store Passwords in a Secure Password Safe
July 21st, 2005
KeePass is a free/open-source password manager or safe to help you
manage your passwords in a secure way. Put all your passwords in one
database, which is locked with one master key or a key-disk. The
databases are encrypted using the best and most secure encryption
algorithms currently known (AES and Twofish).
Is The Security+ Still Worth It?
July 21st, 2005
I took the Security+ test a few weeks ago. I think the process of learning all of the security nuaces in preparation for the test is a really good start of begining security professionals and IT folks wanting to round out their resume. If you prepare for the test it is easy.. I don't think that it is a walkin' off the street type test but it is not that hard.
How relevant is it? Just do as Michelle Rowton did and do a search for it on Monster or Dice.. compare those results to other certs that employers are looking for.
I was taking the Security+ to prepare for the CISSP. As I've been studying for the CISSP the Security+ seems to have been a drop in the ocean. While I was able to draw on my years of experience to pass the Security+ (and not study as much) the CISSP is spread so thin over so MANY domains that it requires much more dedication.
Comment from DIGG:
In my opinion the Security+ certification is over-rated and is no more than another logo and a cert on the wall. Several people probably take the test as a stepping stone to the CISSP, or they take it for the simple fact that it?s a cheap certification that they never have to renew.
My Top 10 Tips For Preparing and Passing the CISSP Exam
July 21st, 2005
Compared with most other technical certification exams, the CISSP exam is quite long. Passing the test requires not only the prerequisite knowledge to answer the questions correctly, but the stamina and mental fortitude to get through the six-hour, 250-question paper-based exam.
CertCitie's Tony Bradley nails down his Top 10 tips to passing the CISSP exam. I've been doing most of them.
Using VNC & SSH
July 21st, 2005
How to use VNC along with SSH to remotely and securely access your computer desktop by way of tunneling.
VNC is a huge vulnerability on a network without encryption. Particularly on medium to large networks with lots of users. I use it at home but don't see the need for encryption there.
Use Google To Find Passwords
July 21st, 2005
Google hackers have been doing this for a while now. Here is a tutorial on finding passwords using google. This could be used to secure your own web server.
Security Professionals charged with protecting IT infrastrutures would do well to become the most aggressive hacker of their own networks. This would help them to proactively seek out new exploits on their network, webserver, or IS they protect.
Top 75 Security tools
July 21st, 2005
Like the title says; Insecure.org's top seventy five security tools. All the usual suspects (Nmap, Nessus, Ethereal, Snort, etc.) plus some nice ones that never came up on my radar before. Though Yl33tMMV
Many of these tools can be found on the KNOPPIX STD live CD and WHAX/Whoppix. Great tools for network security assessments and/or pentests. I just wonder why there are no Google Hacker tools in there.