spinlock

Members
  • Content count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About spinlock

  • Rank
    I broke 10 posts and all I got was this lousy title!

Contact Methods

  • ICQ
    0
  1. I'm not sure I'm helping much, but I thought this sounded interesting enough to do a little research myself, so I figure I'd share what I found. Over at SANS is a white paper called Risk Analysis for HIPAA Compliancy (PDF). It describes a real world configuration intended to meet the HIPAA standard. It also mentions using nmap to take an inventory of system assets, as well as using Nessus for vulnerability assessment. It has an interesting mention of wireless LANs: "Current policy dictates that wireless LANs are not used by GIAC Health. Any access points detected on the GIAC Health network are in violation of policy." It's a tad ambiguous as to whether that is the company's own policy or in HIPAA's policies. It mentions using Net Stumbler to find rogue APs on the network. A far more in-depth document seems to be HIPAA Security Implementation, a publication of SANS Press. It looks like it covers actual hardware and software configurations that meet HIPAA standard, but it's not free and is quite expensive. HIPAA and PDAs (PDF) - Slides from a presentation, so there's not much real information in there. I found it amusing that one of the slides is actually a screen capture from one of the Matrix movies. The link for info on the presentation is here, though it's mostly schedule and speaker information. That's about all I could find so far, at least as far as real implementations that meet HIPAA guidelines. Just from my nosing about and the lack of (free) information about specific hardware and software leads me to think that the HIPAA might not actually specify specific hardware, protocols, encryption algorithms, etc but rather just policies that enforce "good" security practices with respect to the sensitive information involved, and intended to be used in environments that perhaps meet some other technological standard. But that's just my guess, and I could be off the mark. Good luck on finding out more, hope I helped a little bit. :-)
  2. You've already got disassemblers, and were pointed to a popular debugger and crackmes to try them out on. Check out Randall Hyde's site for plenty of documentation (including the classic Art of Assembly Language) and you can google for tutorials if you need them. Really, you've already got everything you need to get started, so the rest is up to you. Good luck...
  3. The best wargames I remember were from the mid-90s or so, but have long since died out. The signal-to-noise ratio for these types of sites is a lot worse than it used to be, but there's certainly plenty of good ones out there. Many of the newer sites' challenges are specific security problems rather than wargames anyway, which I think is for the better.
  4. Cool, that's similar to what I use. Classic Orinoco gold, only I have a 12 dBi and running Kismet on an old Compaq laptop I bought for cheap. Range was pretty good, I was picking up APs from roughly a mile away -- of course, this will depend on line of sight, landscape, buildings, etc. I haven't actually been wardriving in a while heh, I can pick up quite a bit of interesting stuff just mounting the antenna outside the window of my upstairs apartment.
  5. I was cleaning out my bookmarks and came across this little gem: hackergames.net I did a search on the Linkz section and was surprised when it returned 0 results. The site is basically a directory of "hacker challenge" websites that provide logic games, simulations, and other challenges covering all sorts of topics: logic, networking, programming, debugging, encryption, etc. It typically involves downloading a program, some code, an encrypted file or whatnot and cracking it, writing exploit code, determining an encryption scheme, etc. Some sites even hosted wargames where teams (or solos like me) had to take over real systems ("real" meaning not simulated, some used virtual machines also) and received points for how long they could maintain control of it before another team could take it from them. I haven't done these in a long time, and some may no longer be around, but they were a ton of fun. Sure there were some lame ones, but some were very good and you can't beat hands-on hacking when it comes to learning. Some of my favorites that are still around: Hack Quest Mod-X Hackits Sadly, some of the older ones I remember don't exist anymore. I don't know if I'll get back into these again myself, but I figure I'd pass it along in case some people here haven't tried them. PS The real systems used in the various wargames and challenges were set up specifically for the game. You were not just given a random target on the internet of course. Many were locked down tight, and it was a helluva job getting into them... good times.
  6. Yep, the B130. Sorry, I completely forgot to mention what model. :-P
  7. As far as ebay goes, I bought a cheap used laptop myself a good while back and it worked pretty well. My brother bought two, and on one of them the display went flaky within a couple weeks while the other is still running okay. Buying from ebay obviously has its risks. There is a computer swap meet not too far from here that takes place every now and again. Something like that would be another place to look, and you can examine what you are interested in. Not only that, but you might be able to trade for it rather than spend any money. Not sure what kind of price tag you are aiming for, but Dell has a seemingly nice one (1.5GHz, 512MB memory, 60GB hard drive, 802.11b/g, etc) for $499 which sounds awful cheap compared to what I paid for mine heh. I'll probably get one myself, but I'll have to check on hardware support for Linux.