And you thought the UUENCODE bug was limited to URL hacks? Nah.
Warning: Some systems will let you SET passwords using characters which
are unrecognized by the system to gain access, resulting in you locking
yourself out. It pays to know field separators, for instance. Things
like " " (the
Meidinger Chris wrote:
>
> Hi Sayo,
>
> if people flame you for asking newbie questions, it's usually because they
> have no idea themselves what they are talking about, just ignore them.
This IS "security-basics", so ask away!
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (4
GIAC is more technical than CISSP, which is more managerial.
For a fuller descriptions on GIAG, check http://www.giac.org/
For a fuller description of the CISSP, check
https://www.isc2.org/cgi/content.cgi?category=19
Jim
Jarrod Loidl wrote:
>
> Whats the difference between the different securi
As a couple of untried thoughts, is 'ps' itself corrupted? Will you get
the reight thing with full-path specification? And you may want to
(briefly - it is a space hog) turn on process accounting and take a look
at that.
BTW: What does "hidden from ps" mean?
Jim
Vlady wrote:
>
> Hi,
> One of
A bank is outsourcing? yeah. There may well be privacy and
treasury guidance that restricts what they can do. I recommend
checking.
Jim
pablo gietz wrote:
>
> Sr.
>
> I am the Security administrator of that Bank, and the "management"
> wants to give hosting to some ISP (friend of them)
Good morning!
I knew that much. In fact, I've already asked ISC2 - starting at the
President (I know Jim) and working my way down. I was hoping for a bit
more than "well". I have the study guide from the web site,
but, like I said, I'm hoping for a bit more.
Jim
JM wrote:
>
> It's on
What have people heard about the ISSMP certification?
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
---
What do you think has keep James Bond in martini cash all of these
years? Espionage has a long, long history.
Welcome to physical security.
[EMAIL PROTECTED] wrote:
>
> What if someone breaks into their site and steals your information? Might
> you sue them? I think they, as a business, need to
Check the terms of your contract. You may void warranty on the firewall
software by operating anything else on that system.
Ansgar Wiechers wrote:
> > I have the following questions:
> > is there some problems from hosting webserver on the firewall?
>
> Yes. Do not run servers on firewalls. Jus
Note: Not just code, but the filestructure it exists in anhd accesses.
I recommend caution.
Jim
wong chuin hun wrote:
>
> Hi,
> if u afraid of people stealing your code,what u can do is compile all ur code into a
> dll. Then register the dll into your server registry.
>
> And done ...all ur
That is not necessarily always the case. Do not maintain a sense of
security based around it being so.
Jim
skate wrote:
>
> no-one can read your asp code without having ftp (or similar) access to the
> directory, the web server will run anything that it determines is asp, and
> only transmit th
Use to (back when I did such things but I do not know right now) you
could 'force' updates at any time for promuligation across the network.
Jim
CHRIS GRABENSTEIN wrote:
>
> I'm not sure, but I'd imagine that when a host is having traffic directed
> towards it, the next DNS change(s) is already
n control. Again, provided you know how and where
> to check, use tools that will alert you of any files that have their sum's
> changed, dates, etc. and monitor the system, you would know if you're been
> compromised.
> --
> Regards,
> Tim Greer [EMAIL PROTECTED]
&g
's configured, or just don't use software/services that are
> vulnerable to them--or you just aren't targeted, it's not really
> unreasonable to hear.
> --
> Regards,
> Tim Greer [EMAIL PROTECTED]
> Server administration, security, programming, consulting.
&g
Recommended modification: "Do not know ever been hacked." You very well
may have been but do not know that you have been. Only the inept get
caught.
Jim
"Erik !" wrote:
>
> Tim,
> 1. I'm glad you have never been hacked ... 8)
>
> 2. ever hear of:
>
> a. social engineering, and
> b. zero-day
Anything with the word "remote" in the name of the product...
Kim Guldberg wrote:
>
> A couple more could be
>
> Remote access programs such as PCanywhere
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
-
And if you want to use it again. Ever...
Brad Bemis wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> That largely depends on the media in question.
>
> - - Brad Bemis
>
> - -Original Message-
> From: Stephen Eaton [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 03, 2003
I hope that you are kidding. That has been trivial for a long, long
time...
Jim
Hanuska Ivo wrote:
>
> I have question which does not make me sleep:
>
> Is it possible to forge my IP address? Imagine situation that I am connected with
> some sort of link (not Ethernet like device, there is an
scanned how? There are different ways to scan, but the basic
"sequential ports, fast" (does anybody still do this?) shows up big time
in the logs and sets off lights and alarms in almost (?) every intrusion
detection system there is.
Now, a slow, irregular, half-sync scan...
Jim
Thom Larner wro
Hence the DCID 6/3 specification that disks may only be used after
"cleaning" at the classification they were used on or above. The "bad
sector" problem with disks thwarts many of the erase procedures. There
may be data written in those sectors that tools (all tools, to my
understanding) do not o
You forgot the SANS top ten list regularily put out. It specifies
software and the specific vulnerabilities within them, both NT & Unix,
not to mention the list is regularily updated.
Jim
Andre Hall wrote:
>
> You forgot Microsoft's ActiveX, Word and Excel - vulnerable
>
> On Sat, 28 Jun 2003
What kind of system are we talking about?
You could always lock one - it nobody complains, it isn't used. ;-)
Jim
sjm wrote:
>
> Does anyone know of a way to find out which system accounts are not in use and
> can be deleted? RedHat installs alot of them like 'games' some of which I know
> ar
James Fields wrote:
>
> It's not a matter of Nessus or any other tool being "good enough" - the
> point goes back to what you friend said about being too busy. I have a
> limited number of hours per weeks. I manage 8 firewalls, numerous IDS
> sensors and maintain about 50 VPNs for my company.
Have you tried eith the Information Systems Audit and Control
(http://www.isaca.org/) web site, or even the information systems
auditors mailing list ([EMAIL PROTECTED])?
Not wanting to re-invent the wheel is a good thing...
Jim
Jennifer Fountain wrote:
>
> I have been asked to do a site audit
Or who has the prettiest ad in a magazine that "the Boss" just saw...
*sob* If only the way you said was what usually happened...
Jim
[EMAIL PROTECTED] wrote:
>
> Ok guys, enought with this thread already.
>
> Usually the the choice of firewall is often dictated by the management in
> terms o
Concur. I distrust them to the extent that I never see them. Hence,
the vote for inline.
Jim
Chris Berry wrote:
>
> >From: Frank Barton <[EMAIL PROTECTED]>
> >I was wondering what people's feelings are here as to the best way to
> >digitally sign a message.
> >mutt for example creates the di
Sure would like to see what you come up with.
I assume that you mean other than the definitions Given in table 3-7 of
the NIST Risk Management Guide for Information Technology Systems (NIST
Special Publication 800-30).
Jim
Andres Martinez wrote:
>
> I need a good definition for the levels of
Wait until a few in senior management get arrested. ;-)
(note: Check appendix of industrial espionage act)
Jim
Chris Berry wrote:
>
> >From: Harris Samuel W PORT <[EMAIL PROTECTED]>
> >I disagree. Security is everybody's problem. The user can be a big
> >help in notifying the IT department of
Actually, that is an excellent quote for security. If it works, nobody
notices. When it doesn't, jail time is a very real alternative. ;-)
Jim
Simon Taplin wrote:
> Quote of the day:
> Systems Administration is the kind of job that nobody notices if you're
> doing it well. People only take no
Harris Samuel W PORT wrote:
>
> I disagree. Security is everybody's problem. The user can be a big help in
> notifying the IT department of things going on that might have escaped their
> eyes. The more eyes, the better.
Yup. How many folks actually read their "last login" banner when they
log
Be very, very careful. Not only do some businesses "not like", but it
is occasionally grounds for dismissal.
"Shaw, Kevin" wrote:
> However; don't do anything illegal in that process! Nobody
> takes kindly to having hacker tools running on their network.
--
James W. Meritt CISSP, CISA
Booz |
Beware of macro viruses in some of those common document formats. Even
Microsoft Word uses system template documents to open RTF files, and
I've even seen maleware exploit that.
Jim
m0use wrote:
>
> On Mon, 2003-01-13 at 12:18, Meritt James wrote:
> > I have seen some. Hav
I have seen some. Having a pdf trigger something "bad" is hard, but can
be done. I would not lose any sleep over it.
Jim
m0use wrote:
>
> > Juan Mejia wrote:
> > >
> > > Hello guys,
> > > Tired of users who refuse to think twice before running an
> > > attachment,
>
> I just b
I would be interested if you manage to solve a social problem through
technological means.
"It is hard to make something foolproof because fools are so ingenious."
Jim
Juan Mejia wrote:
>
> Hello guys,
> Tired of users who refuse to think twice before running an
> attachment, I
Yes. See:
The Infrastructure Forum of the U.K. has warned that "out of office"
auto-replies are used by thieves to target empty houses. The thieves
purchase lists of e-mail addresses and mass-mail the list, hoping to
receive "out of office" responses. Criminals then cross-reference the
e-mail add
For the first two, yes. For CISSP you have to find another CISSP who is
willing to place his name next to yours on a recommendation and you have
to say that you have had it. For the second, you have to get people
that knew you were in those positions to furnish documentation to that
effect (HR, a
I happen to have sitting around (some of these links may now be bad,
there has been stuff that I have not added):
CISSP articles
1. "Testing Your Mettle: The Six-Hour, 250-Question CISSP Exam" at
http://certcities.com/editorial/exams/story.asp?EditorialsID=25
2. "Secure With Your Secur
You may very well be out of luck. Due to the dynamic nature of all the
IPs (and the associated administrative difficulties - it was a real paid
a decade and a half or so ago when we had to do that!) and the immense
number of systems, we shifted to name servers years ago. You may wish
to try:
htt
What we did at another location was to run the network inside of piping
and the pipes were then pressurized. Then monitor the pressure.
Tapping the 'net without causing a drop in pressure was not trivial...
;-) YOu didn't mention the run.
Jim
Nick Iglehart wrote:
>
>
> -BEGIN PGP SIGNE
Sorta concur - CISSP is NOT a technical certification and only the
unknowing will treat it as such.
Michael Boman wrote:
>
> On Fri, Dec 20, 2002 at 06:45:57PM -0600, * KAPIL * wrote:
> > IMHO, your current job and future career goals have a lot to do with
> > what certifications your acquire a
Concur. Two reasons, off-hand.
1. Neat way to DDoS site is the hit a few thousand sites with a spoofed
return address. All thousand sites then go back to one box - which then
dies. Works with superping nicely.
2. Infinite loop. Consider the old 'finger' situation. 'nuff said?
Jim
Byrne Gha
The Infrastructure Forum of the U.K. has warned that "out of office"
auto-replies are used by thieves to target empty houses. The thieves
purchase lists of e-mail addresses and mass-mail the list, hoping to
receive "out of office" responses. Criminals then cross-reference the
e-mail address to onli
Alas, normal situations usually ARE ridiculous. :-(
H C wrote:
[snip]
> Your situation isn't so much ridiculous as it is
> pretty normal...
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
As the sole protection. Think "defense in depth".
Jim
Margles Singleton wrote:
>
> I wouldn't advise excel password protection - that's very easy to break
> - and it's not encryption, it's just password protection.
>
> mas
>
> >>> "Rick Darsey" <[EMAIL PROTECTED]> 11/26/02 08:03AM >>>
> What
Steel cages are cheap, already manufactured, and well ventilated as well
as similarly used...
Jim
"Mark (fat)" wrote:
>
> Not that I have heard of. Physical access is root access and all that.
>
> What about a vented steel box with a key? Depending on your reasons
> (untrusted employees or if i
on't know the source IP ? ?
>
> On Fri, 15 Nov 2002, Meritt James wrote:
>
> > Such is not the case. I've done otherwise.
> >
> > Bill Hamel wrote:
> > >
> > > Unless I am missing something in the question, no matter what you do,
> > &g
Only after flipping to the proper configuration:
BRAIN on
"Sergey B. Kamyanov" wrote:
>
> Best UNIX management tool is /dev/hands :)
>
> Regards,
>
> Sergey Kamyanov
>
> System Administrator
> R.I.S.K. Co
> http://www.risk.az
>
> > -Original Message-
> > From: Chuck Spafford [mail
s so that they can
> find their way back ;)
>
> -b
>
> On Thu, 14 Nov 2002, Meritt James wrote:
>
> > Proxy. Spoofing.
> >
> > Bill Hamel wrote:
> > >
> > > Unless I am missing something in the question, no matter what you do,
> > > wh
-bh
>
> On Wed, 13 Nov 2002, Meritt James wrote:
>
> > "an" IP Address - not necessarily the originating individual. There are
> > a LOT of ways around that.
> >
> > Jim
> >
> > [EMAIL PROTECTED] wrote:
> >
> > > There is nothi
Proxy. Spoofing.
Bill Hamel wrote:
>
> Unless I am missing something in the question, no matter what you do,
> what/whoever you connect to through a firewall will always know the IP
> address of the the trusted interface of the firewall.
>
> -bh
>
> On Wed, 13 Nov
"an" IP Address - not necessarily the originating individual. There are
a LOT of ways around that.
Jim
[EMAIL PROTECTED] wrote:
> There is nothing new about finding your IP Address and display it on the web page.
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
Consider espionage. The information goes out.
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
It is one thing to "fool" the sensor, but remember that the thing is
comparing the data it scans to a all-too-hackable database and that THAT
part is oft just as open as any other check e.g. wide.
No matter how tricky the key, if the door is left open the lock is
pretty much irrelevant...
Jim
Jo
Melting - an interesting concept. Once the magnetic material passes its
curie point, what would remain? Personally, I still like the way the
plastic substrate vaporizes when it burns...
Jim
[EMAIL PROTECTED] wrote:
>
> John, actually, we beat this topic to death about a year ago. Your good
> k
The only thing that I would add is that total physical destruction works
real, real well and is preferred if you don't plan on using it again. A
furnace works really well and has other uses. (Plastic burns good)
Jim
Dan Darden wrote:
>
> I have never seen the process done, however have heard s
I would not assert "anything" for a single - or even thirty -
overwrites.
Jim
"Nero, Nick" wrote:
>
> Well, the NSA standard I believe is that zero-filling a drive (writing
> all 0's to the platter) will make the data impossible to recover, but I
> am sure there are some instances when this isn'
What would happen if someone sent a 5 gig or so email to your company?
In particular, what would be the impact on the use of that DNS and, say,
web browsing?
Jim
Naman Latif wrote:
>
> Hi,
> Are there any security issues involved if we run DNS Server (BIND 9.2.1)
> and Mail Server (Sendmail 11.
Jesse James said much the same thing, but he was referring to Banks.
Differentiate between "dirty money" and the rest.
theft is theft is theft.
Orion Robillard wrote:
>
> You know some people do want to give away their wireless service. If I go
> down to my local internet coffee shop and get
IMHO: A real good START.
Chris Berry wrote:
>
> This is not a flame. I recommend www.google.com as the best way to find out
> just about anything about anything.
>
> >From: baba ali <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: running process
> >Date: 26 Sep 2002 04:13:36 -
>
I go to the following URLs for computer security news pretty much
daily. Anyone have any place else that I could look for that specific
type of news (I have other general news sites, but they are not
generally specific enough).
http://www.atstake.com/security_news/
http://www.securityfocus.com/n
Why not grab the IP and just look in your own notebook for where your
own machines are? Now, if it were someone ELSE'S machine, then things
would get interesting!
Jim
Jonas M Luster wrote:
>
> Quoting Blaxes ([EMAIL PROTECTED]):
>
> > Is there any ip management software that logs dhcp assignm
You may find the paper on risk management at
http://www.auditnet.org/docs/riskmgmt.PDF useful. Perhaps the one at
http://www.auditnet.org/docs/riskmeth.PDF.
BTW: Be very, very careful with the canned tools - I have observed a
tendency for there to be some very "odd" assumptions behind those
cur
Think "physical security"
Jim
Toby Rider wrote:
>
> What about cracking a machine with the network cable unplugged. Anyone
> ever encounter that :-)
>
> Meritt James wrote:
> > See also "social engineering".
> >
> > Entertaining m
Doesn't everyone? Why would one put a untested patch on an operational
system? See also "configuration control."
Jim
Chris Santerre wrote:
>
> We all know that keeping up to date on patches is vital, and a royal
> P.I.T.A. when you have lots of systems. I'm curious as to how many admins
> use
See also "social engineering".
Entertaining material. All problems, as well as all solutions, are not
technical.
Jim
Ferry van Steen wrote:
>
> Hey there,
>
> I was just wondering. I know the rule is everything can be cracked. But can
> anyone point me to info on how to crack something with
Why not just wardial all numbers in their business exchange after hours
(with the appropriate permissions, timing, numbers,... of course)?
Jim
"Ogden, Earl" wrote:
>
> Good Afternoon,
>
> Checking with the PBX admins is an excellent start. Another step would
> be to ask them for the numb
At 1025016954s since epoch (06/25/02 12:55:54 -0400 UTC), Mark G.
Spencer wrote:
> Is it possible to MD5 all the items in a directory tree using Linux?
Forgive me for asking, but if you are finding it so difficult to get in
the first place I wonder what you plan to do with it...
Jim
--
James W
BINGO! "security-basics" list. If this was an advanced list, wouldn't
say "basics". Newbies gotta start someplace!
Jim
Jim
Peter Hamilton wrote:
>
> In a previous message Jay Woody [mailto:[EMAIL PROTECTED]] was rumoured to
> have said:
>
> >You guys trip me out. Go to Yahoo and put in
>
"Jay D. Dyson" wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Wed, 12 Jun 2002, Meritt James wrote:
>
> > > What is generally considered to be the "most secure" (or securable)
> > > Unix/Linux package/vers
One still disassembled and still in the box.
"Robert M. Judy" wrote:
>
> What is generally considered to be the "most secure" (or securable)
> Unix/Linux package/version?
>
> Thanks in advance,
>
> rmj
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
Nah. Simplest thing is to turn it off when you are not using it. It is
right beside her, right?
[EMAIL PROTECTED] wrote:
>
> You're making this more complicated than it needs to be. The simplest and
> most secure method is to use a callback system
--
James W. Meritt CISSP, CISA
Booz | Allen
Again, do not get a false feeling of security if you do this. It is WAY
better than nothing, but we've had phone phreaks longer than computer
crackers...
Jim
Tim V - DZ wrote:
>
> In addition to the personal firewall consider a "Call-Back." Where the
> users home phone is statically entered a
Is the modem sitting by her? Sounds like it. Uss the on/off relay for
when she isn't using it...
Jim
Jonathan Strine wrote:
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> First, I am assuming that your user is using the modem on her PC to
> *make* the call to the legacy billing s
"Jay D. Dyson" wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, 4 Jun 2002, Muhammad Faisal Rauf Danka wrote:
>
> > I'd go with the idea, Security through obscurity, Isn't such a bad idea,
> > I mean drop down all around the corner what exactly security is, the on
> > goin
Nice filter to keep out the harmless...
"Jay D. Dyson" wrote:
> ...but be advised: banner obfuscation provides no real security
> benefit. Security through obscurity ain't.
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
BINGO!
"Jay D. Dyson" wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, 4 Jun 2002, Meritt James wrote:
>
> > > ...but be advised: banner obfuscation provides no real security
> > > benefit. Security through obscurity ain
Good shot - and not just for a startup, but for ANY vulnerability
analysis! Should be done often!
Jim
Bennett Todd wrote:
>
> 2002-05-21-09:55:30 Meritt James:
> > [ start with ] review of the security plans, policies and
> > procedures in existence with the 'modific
Ah, an effective "self denial of service attack". How clever!
Ken Pfeil wrote:
>
> Not always. It is entirely possible to fool the reader, but still have the
> request fail in the biometric subsystem.
>
> > -Original Message-
> > From: Meritt James [
It is not necessary to fool "the whole package". It is only necessary
to fool the weakest part. Which very well may not be the reader.
Ken Pfeil wrote:
[snip]
> Fooling a reader is one thing, fooling the whole package is another.
[snip]
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilto
There is another consideration, think of the security of the database
the reference data resides on, as well as the security of the process
doing the comparison. Don't restrict your care to one and only one
component of the system.
Daymon McCartney wrote:
>
> Be careful though; you can't genera
An increasing number of sites are actually starting an IS security
program/department/whatever (yay!).
In my opinion, to get the most "bang for your buck" (largest security
yield for minimum cost) as well as providing the foundation that almost
everything later will be built on is a review of the
Well, Cliff sorta set up one (kinda, sorta...). (see Cockoos Egg)
Jim
Steve Vawter wrote:
>
> One suggestion that I recall from a very old paper (either "There Be
> Dragons" by Steven M. Bellovin 1992 or "An Evening with Berferd ..." by Bill
> Cheswick 1991 (likely *the* original honey pot!)) t
Got a unix box around? /usr/dict/words. BRUTUS has a nice collection.
Somewhere around I stacked together a pile from the RTM worm, Phreak,
and a few other "interesting" places. But not what you are looking
for...
Jim
Craig Strait wrote:
>
> Hello All,
> I'm looking for a English di
If the thing were high energy enough to leave a smoldering crater, then
OK. If it leaves the media, we very careful and do NOT trust it for
100% destruction of sensitive (especially classified!) material.
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
Just a minor nit - that particular method is nowhere near "assured".
That has been the topic of espionage for a few thousand years.
"Information Systems" security is a LOT more complex than merely
"Information Technology" security.
Think "spies", don't think "computers"...
Jim
"Jay D. Dyson"
When I used NetMeeting, we set up the server on the same side of the
firewall as all the clients (e.g. everything was inside)
This did not address internal security, but it kept outside from
peeking!
Jim
Mark Spencer wrote:
>
> Following up on the thread with a response re: using MS Netmeeting
This was a while back, but "A Simple System and Network Monitor"
referenced in http://www.sysadminmag.com/articles/1997/9707/9707toc.htm
was written for log analysis on Solaris boxes and then emailing results.
Jim
Jason Steiner wrote:
>
> What tools exist for analyzing log files on Solaris?
> I
Concur. Before taking any action, check the vendor agreements that you
already have. SOME vendors use this as (the only) method for
distribution of notifications, update dissemination,... You may be
turning off something your business really needs.
Sumit Dhar wrote:
>
> On Wed, 10 Apr 2002 [E
I have trouble when any all-encompassing term like "security" is used.
I have a tendency to think of the tradeoff between operational
requirements and security risks. And so forth. It is NEVER a simple
question!
Jim
Mike Dawg wrote:
>
> I really dislike the term "out-of-box security". If yo
Until you plug them in, they appear roughly equivalent out of the box.
;-)
Justin Kremer wrote:
>
> Just curious what you all think about the new Mac OS X. Which is more
> secure out-of-box; Windows XP or Mac OS X?
>
> -Justin
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (
There are a number of IS security lawyers in existence.
Radoslav Dejanoviæ wrote:
>
> On Monday 25 March 2002 20:25, [EMAIL PROTECTED] wrote:
> > Could anyone on this list possibly provide me with any links to this
> > type of legal document templates, policies, laws and anything else that
> > w
As contradictory as this intuitively seems, is anyone aware of anything
that even ADVERTISES itself as a secure mobile device? I've been asked
about a 'secure' (whatever that means) mobile (say, wear on belt size, 6
oz or so) unit. Haven't been able to find out if voice, IP or what. So
far, I'm
CERT® Incident Note IN-2002-03
Social Engineering Attacks via IRC and Instant Messaging
Systems Affected
Systems running Internet Relay Chat (IRC) or Instant Messaging (IM)
clients
Overview
The CERT/CC has received reports of social engineering
attacks on users of Internet
>the one by Kreutz and Vines, a whole boatload of RFCs printed out, etc).
>
> To me, the Harris book is better.
>
> Just my opinion...
>
> Jeremy (hopefully CISSP in April)
>
> -Original Message-
> From: Meritt James [mailto:[EMAIL PROTECTED]]
> Sen
Insufficient data about the SSCP.
CISSP articles
1. "Testing Your Mettle: The Six-Hour, 250-Question CISSP Exam" at
http://certcities.com/editorial/exams/story.asp?EditorialsID=25
2. "Secure With Your Security Pros' at
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO48432,00.ht
I'm hearing a lot of good stuff about _The_CISSP_Prep_Guide_ by Krutz &
Vines.
A bit of bad stuff, too, but what the hey...
V/R
Jim
Billy D Walls wrote:
>
> I was wondering, what is the best study guide for a CISSP. I'm browsing
> amazon.com right now, and with all my projects eating all my
If you are posting anonymously and taking precautions in your post, it
shouldn't point back to your own, or any specific, network. That would
be less-than-brilliant. Otherwise, how else to learn?
"Starks, Michael" wrote:
>
> What is the consensus in regards to anonymously posting to security
Do you really want your passphrase stored someplace?
[EMAIL PROTECTED] wrote:
>
> Every time I send an email I have to type in my
> passphrase. How do I configure PGP so it
> automatically does this?
>
> thanks
>
> dp
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6
Concur and wish to stress ALL said: knowing where you stand is the
major start point for any journey. Figure out exactly where you are
THEN take appropriate action. Otherwise you may be simply whistling in
the wind.
V/R
Jim'
H Carvey wrote:
>
> In-Reply-To: <[EMAIL PROTECTED]>
>
> Jim,
>
Sorta depends if you ever want to use it again.
If not, a blowtorch would probably work nicely.
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
1 - 100 of 166 matches
Mail list logo