shasdf

Members
  • Content count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About shasdf

  • Rank
    Will I break 10 posts?

Recent Profile Visitors

380 profile views
  1. Is the best way to "test" whats listening on the other end (of your own network of course) by using old school telnet to see if anything comes up, like a mail server? otherwise i suppose you could look up what those ports are and see if there is a program that uses it and devise a way to connect to it from there. of course if you are attacking someone else's network, things like an IPS/IDS could come into play and the only tool I've heard of to fool them, but will still set off false positives is fragroute. Somebody pick apart my post! learning is good!
  2. Well I think problems like this can be easily be cured with user training. We techie folks are always focused on the technical side but i am not going to run around desks and start flipping out on people. Users are the biggest threat to an organization because they can invite so much bad things in without common knowledge. They dont care that the AD structure is using IP-sec for secure communication, they just want to do their job. To mitigate poor passwords of increments or barely meeting standards, Encourage them to write it down BUT keep it somewhere safe. I cant remember half of my passwords because i cant remember $%k3sL@1aks. Its so easy to start slacking on simple security when it becomes tedious and half the time impossible without forgetting something else. Users dont understand why poop23 is a bad password, how easy it is to guess, and what could happen because it was guessed. I am a firm believer that if users understood the dangers, they would help you more than undermine you/sec policies.
  3. ok, thought FC6 translated directly to rh enterprise server 6. good to know
  4. I was listening to something from one of Microsoft's security folks, and he had said something like, "Turn off account lockout policy, all it does is generate help desk calls to unlock accounts." I imagine that his thought process is that most hackers arent going to brute force a user account and would rather just attack an exploit. I also assume that he is referring to controlling a windows box at system level and having close to direct access to the password hashes as well. Whats your opinion? Is plain old brute forcing dead? Are there any other useless policies that generate more administration than necessary?
  5. Sorry, should have posted this in BinRev Meetings.
  6. Thanks for the info! Have to install it tonight for a clueless user.
  7. isnt redhat server side up to RH7?
  8. Looking to either find a current group of hacker meetings or find more people to start one. I am looking for people in the Green Bay/fox cities area to start projects/learn from/hang out with. Post back or Email me back @ virtual(dot)shasdf(at)gmail(dot)com and we can see if we cant start something up here. From what I have seen the nearests meetings seem to be in Madison(2600 meetings). It is difficult for anyone around here to make it there especially if they work until 5 on fridays. -Shasdf