Comments for Security for a day

Comment on “Don’t need AV, we have a firewall” by michael

michael — Wed, 14 Jul 2010 04:25:46 +0000

I work with a few semi-pro gamers who refuse to install AV ‘cos they claim it slows down their computers. They do, however, have the router firewall configured and turned on. Will they be protected from websites and such hosting malware? Most probably not.
But I’m pretty sure one could successfully navigate the World Wild Web without AV for a month or more on a Windows computer without getting infected with malware. And likewise, one can have an “up to date” AV and still be infected. Many are.

Would I recommend installing Microsoft Security Essentials or similar product? YES.
Should one not use the Internet because AV does not exist on the computer? NO.

I think we should be educating people more on sensible surfing/computing.

Comment on “Don’t need AV, we have a firewall” by ash

ash — Mon, 12 Jul 2010 22:54:36 +0000

This is an interesting post. I used to work with a VERY smart network guy, and his rationale was that he also didnt need AV because he was NAT’d behind his firewall. The idea of drive-by malware and such was foreign to him! He was safe because he only downloaded his torrents from known reputable sources

It was only a matter of a week or so later that he asked me what a good AV product was for him and his children. I guess the children must have gotten his network infected at home. Damn those pesky kids!! *shakes fist*

Comment on From SANS 709: brute-forcing Address Space Layout Randomization (ASLR) on Linux by Wesley McGrew

Wesley McGrew — Mon, 28 Jun 2010 14:25:33 +0000

Nice find. Really enjoyed those videos and makes me look forward to the class even more now.

Comment on Regaining reputation after defacement by Mohan

Mohan — Wed, 23 Jun 2010 07:40:05 +0000

Well, when you get an email like this you can’t help but feel:

A) Sorry
B) Wondering what actually happen
C) Disbelief
D) Overpowering sense of hysterical amusement
E) bleh, another day in IT
F) Happy it didn’t happen to you

___________________________________________________________________
IMPORTANT NOTICE

Dear Customers,

Customer Outage – Resolved, 22 June 2010

Unfortunately we have been experiencing some packet loss of both our primary and secondary data links. This affected most of the network, client websites/services, including our support phone and email systems. This outage meant we could not provide a prompt notice, either directly or via our website.

This issue has since been resolved and safe guards been put in place to prevent future reoccurrence.

We sincerely apologise for the inconvenience this would have caused.

Comment on Regaining reputation after defacement by ash

ash — Wed, 23 Jun 2010 05:36:16 +0000

Of course, none of this helps if your ISP dissapears into a blackhole for a while

At least you’re back in action now Chris!

Comment on From China with Love by ash

ash — Sun, 20 Jun 2010 23:22:27 +0000

HAHAHAHAAHAH I love it!!

It’s a shame you didn’t get an iPed (the awesome iPad knock-off) from China

Comment on GSE Exam in SANS Network Security 2010 by Wesley McGrew

Wesley McGrew — Thu, 17 Jun 2010 02:09:14 +0000

Hi Chris! I was just googling around for other folks reviewing and talking about the 709 course, and I was happy to come across this one. Then, I scroll down, and notice it: you even gave me shoutout!

Looking forward to seeing you in and out of class. Sounds like we’ll be learning some ninja skills, and Vegas is a *lot* of fun.

Comment on How to fail the Offensive Security 101 Exam by junkh3ap

junkh3ap — Fri, 19 Feb 2010 17:32:50 +0000

I found the time constraint to be the biggest hurdle, as I had gotten a 5-hour late start. I work pretty well without a schedule, so I just pummeled through until I couldn’t see straight, took a 2 1/2 hour nap and then continued until the time ran out.

I agree that the class material gives you all of the “tools” (i.e. skills) to be successful on the test and that it’s the creative application of those skills/tools that allow you to succeed. I was sure I failed my first time, but got a nice “present” on Christmas Eve in the form of an email saying that I had passed – so hang in and Good luck!

Comment on How to fail the Offensive Security 101 Exam by Chris Mohan

Chris Mohan — Sun, 07 Feb 2010 05:24:29 +0000

Hello 7son7son,

Annoyingly enough, as long as you’ve worked through the labs, had a good go at the extra mile challenges and feel you understand and can apply the skills learnt from the training videos and pdf; you can pass the exam.

The exam test the ability to put those skills together use them creatively while under a time pressure.
One of the biggest mistakes I made was believing the hype of how hard this was going to be and got locked in to a tunnel vision mode of thinking. If I’d gone into it with an open mind (and re-read my notes) I feel I would have done much better the first time.

Good luck and don’t forget to log in the the IRC channel – the folks in there are really supportive and that does make a difference during the exam.

Comment on How to fail the Offensive Security 101 Exam by 7son7son

7son7son — Sat, 06 Feb 2010 17:43:39 +0000

I will be taking this exam this month thanks for sharing your experience. I am not sure if I will ever feel prepared for this exam.

later