General discussion

Locked

Welcome To My Pad

By octopuseize ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

My Result on "IT Managers: How Well Do You Communicate?"

by octopuseize In reply to Welcome To My Pad

Look it is the tool that did affirmative response. Below is the result I got from the "<a href="5138-10878-5428923.html">IT Managers: How well do you communicate?</a>" posted by <a href="http://www.techrepublic.com/">TechRepublic.</a><br />
<br />
"Interpreting your Communication Score.<br />
If your score is 32 - 23:<br />
<br />
You
are an excellent communicator. You have a ?listening presence?. People
feel heard when communicating with you. You ?fill up a room?, even when
you are doing more listening than talking. This is a top leadership
skill to further build upon and leverage. Take advantage of
opportunities to develop this talent, including seeking out high-level
speaking engagements, meeting facilitation and cross-departmental and
global communication challenges. Share your knowledge: In addition to
modeling what it means to be a great communicator, actively coach and
mentor direct reports with specific, practical feedback and strategies
for becoming more skilled in their interchanges with those on their
team and across departments."<br />
<br />
Try it yourself and find out how
well do you handle your organizations IT department. If you are just
above the rank and file and handling supervisory position, this may
also help. Excellent! It did reveals the real me.

Collapse -

Cisco IOS is Windows XP of the Internet?

by octopuseize In reply to Welcome To My Pad

ISS researcher quits job to detail Cisco flaws
'IOS is the Windows XP of the Internet,' says ISS research analyst Michael Lynn<br />
<br />
Internet Security Systems Inc.
(ISS) research analyst Michael Lynn quit his job to provide information
on a serious Cisco Systems Inc. router vulnerability at this week's
Black Hat USA conference, after his company decided not to give a
presentation on the flaw. <p>Lynn felt compelled to quit his job Wednesday morning so that he
could give the talk, because the Cisco security issues are of vital
importance to the Internet's health. "This is the right thing to do,"
he said, speaking to Black Hat attendees, who punctuated his talk with
applause. "When you attack the router, you gain control of the
network."
</p>Original message <a href="http://www.computerworld.com/securitytopics/security/holes/story/0,10801,103515,00.html?source=NLT_AM&nid=103515">here</a>.<br />

Collapse -

Cisco IOS is Windows XP of the Internet?

by skooboy In reply to Cisco IOS is Windows XP o ...

<p>Mr. Lynn is to be commended for his bravery in exposing this flaw.  I thank him very much for stirring the pot, exposing the flaw, and for revealing Cisco's imperfections and mistakes. On a daily basis, we sysadmins are inundated with ads for products, conferences, demos, services and papers that irresponsibly and loosely promise reliability, scalability, ease of use, blah, blah, blah.  We read about companies that defend their need to replace us with foreigners, who they want us to believe are the "best and the brightest", and the sewage continues unabated, day in and day out.</p>
<p>Well, it seems that Cisco is not so "best & bright" after all.  I have a suggestion for Cisco: park your traveling VOIP demo trucks in some yard for a year, and work on fixing this router vulnerability.  Stop telling me about your security products, and start making your products secure.  Don't direct retribution at this brave soul who revealed your mistakes, and instead thank him kindly, lower your head, accept your humility, and FIX THE PROBLEM!</p>

Collapse -

The Widespread Danger of Internet Infrastructure

by octopuseize In reply to Welcome To My Pad

It was all started at BlackHat Conference. Michael Lynn has really been
audacious to reveal the truth behind the devices that powers up the
Internet backbone. Government, corporations, IT industries and
professionals that depends on the Internet might be loosing many
things, importants are profits, communications, transactions and jobs.
<br />
<br />
That flaws would have been fixed right then to prevent possible huge
disruption of interconnected computing devices.

Attackers or cyber terrorists might have been playing around those
vulnerable devices since after Lynn's presentation. Might be even
before the presentation. He claims he just got some of his research
from the chinese hackers site.<br />
<br />
If Cisco has a monopoly of devices over the Internet then they have
been doing their very best to thwart possible attacks, of course, with
the help of one of their share holders. It is ISS work though, they
monitor cyber criminals and attacks to the Internet backbone but to
their limited jurisdiction only, not all over the world's network of
computers.

<br />
<br />
The best crack of this issue is that neither ISS nor Cisco should not
be an undercover of their own products. Dissemination and prompt
solution is the best answer not conniving one party to another.

Collapse -

Hackers Handle, Real and Fake Images Used Over The Internet

by octopuseize In reply to Welcome To My Pad

These are hackers favorite images, the real picture of them when
transacting legal business that needs their own true identity and the
anime fake is what they usually use in all security or hacker forums.
Regularly use it everywhere on the net. Reason? Nothing! Neither
one can save them from hiding their own identity. If they did something
wrong
(e.g. either said unethical hacking or cyber terrorising) the fake
picture would not help from making them obscure over the Internet. Even
they
use more than one images or handles, the same thing goes.

<br />
<br />
The real message
is that the Internet regulation should broaden and lapidate their
policies to get rid of these activities. One of the worst thing that
may happen is the flooding of the Internet backbone itself not as
temporary basis but a permanent one. Need to replace it physically to
get back on a normal operation. See if that can be done by some strange
hackers? Think of what they did to AT&T some decades ago. Hackers
now even more intelligible and can use sophisticated tools than the
government existing infrastructure and security. They might even cause
the traffic to become very slow and packets tend to cast off. Example
is people who usually uses the Internet for financial transaction
preferred to just visit the bank letting them to process everything. If
something anomalous happened it is the bank's responsibility.<br />
<br />
"Defenders barely defeats the offenders, Why?" What if doing it wayward this time a little more professional? Think.<br />
<br />

Collapse -

Applied Computer and Internet Security Guidelines

by octopuseize In reply to Welcome To My Pad

For someone who is trying to uncover the security behind any of the
systems running the Internet, first is to learn how to circumvent an
undated OS. This setup might give how attacks can be applied to some of
the existing infrastructure found any where on the web.<br />
<br />
This
applied security guidelines neither state that someone can attack any
host found on the Internet nor escape the accountability and damages
made during such activity. <br />
<br />
If you are located in the U.S or in
Europe there are several laws that will catch you for doing such
computer and Internet anomalies/crimes/fraud etc. To learn more about
the laws that governed the legalities of computer usage in the U.S. and
Europe buy the book of Spindler and B?rner, ?Ecommerce Law in Europe
and the U.S.A. In the Philippines there is an e-Commerce law, and so
with the other countries too.<br />
<br />
To portray an attack use your own
computer. Simulate how does attacks will prosper. Do not attack any of
the host in the Internet! Get a virtual machine and install it in your
computer. Now you?ve got at least two OS working, one from your base
system and a virtual machine. One may ask what a virtual machine looks
like, and where to get the installer (can be done using MS virtual pc
and Vmware, choose GSX server ? there is usually a 30-day trial for
this)?<br />
<br />
When all things are properly working to start your
strange motive, run nmap, nessus, any version of packet sniffer
available around, then compromise the other computer (in your VM or
base). Remember you have to learn how to configure a service (LDAP/ADS,
DNS, mail, web, file server ? samba) also. If you do not have these
things in your computer what else do you have to attack it? Of course
there are available but few and limited exploits to be used like
password cracking, crashing it locally but not using format command,
buffer overflow, tcp attacks and congestion of computer resources such
as memory (and many more use your imagination).<br />
<br />
Start out with a
pre-written exploit from http://www.insecure.org/sploits.html, Fyodor
(the king of insecure.org and one of the authors of the hacking fiction
book: how to own a continent) is very kind to compile these for us,
there are lots of it. The older version of OS you have the more
exploits you can use from there. You will be using your skills in
programming, C to name one of the few languages used. These<br />
exploits
has a little variations when used to a newer version of OS. After using
a pre-written exploit, compiled and brute force the proper offset, now
its time to break in again, use different technique and apply your own
exploit.<br />
<br />
Another thing to consider is to understand network
traffic by the use of any network monitor/sniffer during both
exploitation and normal network operation. Install NIDS (best one is
snort) in a suppose victim-machine and watch the activities during
attacks. Execute an active MITM attack (using dsniff) on an SSH and SSL
connection between two of your computers. Try out the top 75 security
tools at http://www.insecure.org/tools.html.<br />
<br />
Of course,
malicious attacks can be thwarted with Richard Clarke (famed as the
former counterterrorism czar for Bill Clinton and George W. Bush--ended
his government career as the White House advisor to the President on
Cyberspace Security. He is now bringing that expertise to the IT world)
listed 10 steps for enterprises to follow: <br />
<br />
1. Establish
automatic monitoring of compliance and auditing capabilities of
networks. "Every day you can see if you're secure," he said.<br />
<br />
2.
Acquire a patch-management system and service. Noting that 50 or 60
patches are issued each week by software providers, Clarke called
patching "the number one headache of CIOs."<br />
<br />
3. Set up an
identity-access-management system, preferably a two-factor password-ID
system. He noted that, today, "almost any password can be broken" by
programs easily available on the Internet.<br />
<br />
4. Data should be
encrypted in sensitive areas. He said proposed California legislation
calls for many IT organizations to encrypt data.<br />
<br />
5. Participate in an early-warning system, preferably with an organization with a set of detect sensors.<br />
<br />
6.
Establish rigorous security-oriented service-level agreements (SLAs)
with ISPs. Clarke indicated that the FCC is considering making this
provision mandatory for certain IT users.<br />
<br />
7. Institute an IT
security-awareness program, a sort of catch-all program that would
educate staff on widespread security aspects of their networks. <br />
<br />
8.
Software should be systematically tested--and not just Microsoft
software. He noted that buffer-overflow problems have been cited for
years, but little has been done to correct the problem. He said there
is a need for "software products that test software."<br />
<br />
9. Secure the physical part the IT organization to make sure that intruders can't just walk in and violate security. <br />
<br />
10.
Address "the road-warrior problem," as illustrated by network users
logging in from remote locations, who unknowingly have infected
software, typically on laptops.<br />
<br />
Click here for Clarke's security <a href="http://www.techweb.com/wire/networking/45000007">measures</a>.

Collapse -

Authentication Capabilities of Kerberos vs. LDAP

by octopuseize In reply to Welcome To My Pad

The SASL/GSS (Simple Authentication Security Layer/Generic Security
Service) mechanism supported by the LDAP server is used to securely
access the directory. Using SASL/GSS and LDAP does not help
authenticate a user so he/she can use an application which then
presents the users identity to another application components in a
secure manner - this is one of the many requirements for application
security which Kerberos is idealy suited.<br />
<br />
I think we need to
compare the LDAP directory and Kerberos protocol in order to answer the
original question asked. Admitedly, if SASL/GSS is used to securely
access a directory so that a password can be read and compared, then
LDAP can be used to authenticate a user.<br />
<br />
I have provided a short
list of some differences, not necessarily a complete list so maybe
others on this email discussion can add comments and think of other
important differences.<br />
<br />
LDAP server for user authentication<br />
- can be used to store password + other information about users.<br />
- useful for simple user authentication requirements where checking of password is all that is required.<br />
<br />
Kerberos for user authentication<br />
- uses security credentials which have a lifetime - LDAP does not have this capability<br />
-
built in prevention from network replay attacks and protect against
other network security concerns - LDAP does not protect against these
issues<br />
- removes the need to pass any form of password across a network - LDAP requires password transmission<br />
-
A protocol that alows support for userid/password, token card, smart
card authentication and other forms of user authentication - LDAP is
only suited to userid/password<br />
- works well in a client/server and multi-tier environment especially when using credential delegation or impersonation<br />
- can be used to setup a security context between application components on the network - LDAP cannot be used for this.<br />
- provide mutual authentication, integrity, confidentiality services - LDAP does not do any of these<br />
-
makes single signon easy, especially since Microsoft Active Directory
does the Kerberos authentication when a user logs onto a MS network<br />
- works well in a heterogeneous environment<br />
- supported and utilised by a growing number of application vendors and standards<br />
-
a strategic protocol in many ways because of having many uses - it can
even be used very effectively to allow an unattended application to
authenticate itself to another application (e.g. ftp -> ftpd).<br />
<br />
Original message <a href="http://mailman.mit.edu/pipermail/kerberos/2004-January/004420.html">here.</a><br />

Collapse -

Status on Government's Computing and Communications

by octopuseize In reply to Welcome To My Pad

It may or may not be true. Just an arbitrary eyeshots. <br />
<br />
Governments
"in general" might be on the process -the others might have been done
and even implemented it a long time ago "time to review"- of studying
intensively their computing and communications infrastructure. <br />
<br />
There
are lots of ciphers around from WW1 up to the present. Others are
vulnerable to attack mainly brute force. Few have been tested of their
reliability to handle data securely. <br />
<br />
If you notice your
goverment is employing one these susceptible to attacks ciphers to
secure your data, please consult any one of your lawmakers. They may be
securing the data but really did use it for purposes of passive
attacks, reading and tracking all conversations either from the
opposition or from the administration itself. <br />
<br />
The following ciphers are vulnerable to such attacks:<br />
<br />
1. Transposition<br />
2. Substitution<br />
3. Ceasar<br />
4. Multiplication<br />
5. Linear<br />
6. Polyalphabetic<br />
7. <a href="http://www.securitydocs.com/library/3258">DES</a> <br />
8. <a href="http://cr.yp.to/antiforgery/cachetiming-20050414.pdf">AES</a> <br />
9. <a href="http://kingkong.me.berkeley.edu/%7Ekenneth/courses/sims250/des.html">3DES</a> <br />
10. <a href="http://www.kb.cert.org/vuls/id/315308">IDEA</a> <br />
11. <a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2248">Diffie-Helman</a> <br />
<br />
there might be other that are not mentioned here.<br />
<br />
And the ciphers that are rock-steady are the following:<br />
<br />
1. RSA<br />
2. Blowfish<br />
3. Twofish<br />
<br />
there might be other that are not mentioned here.<br />
<br />
The
primary purpose of employing ciphers is to protect all data crossing
the Internet. No one should see the message or data unless the shared
key for symmetric ciphers or the private key for asymmetric ciphers has
been stolen. Most ciphers have become vulnerable to different attacks
because of their weak mathematical functions.<br />
<br />
Beware, it is time
to know and learn the secrets of your government's computing and
infrastructure. Secure your data and your conversation. Be not a victim
of terroristic acts.

Collapse -

Job Security in Computer and Information era: Jack-of-all-trades

by octopuseize In reply to Welcome To My Pad

Recalling the Industrial era<br />
<br />
Prior to the current working age,
it is important to know how does things evolved into where people are
now experiencing, computer and information era. According to the
workers of the industrial era, workers'life and their work in 1833 in
factories spent fifteen hours working. They had only two hours to eat
potatoes and bread and they didn't have enough strength. It was a
working-day for one worker and it was very hard [001]. This is common
that some of our ancestors were able to experience that hard life. <br />
<br />
Many
workers were very tired because they worked a lot. They didn't have
enough money to get some proper food. They worked in very dirty places
with much noise and pollution. It was very dangerous because they could
cut hands. Accidents happened a lot. When workers were too tired, they
lost their work. They didn't go on strike. So much for the 18th
century. People today might imagine how hard really the way of life to
survive was. <br />
<br />
A mature industrial era<br />
<br />
Workers were
called as a specialist, one who concentrate one's efforts in a special
activity, field, or practice [002]. One example is a building
constraction where the civil engineer has to concentrate on the
structures and design. The others like carpenter will work on laying
out necessary materials to fit in based on the structures and design. <br />
<br />
Information era<br />
<br />
In
industrial era people/workers tend to concentrate on their
specialization, focus is there to finish the project perfectly. The
present information era has a different and several type of
responsibilities. Most people have heard of the word "IT Professional",
it is the start of the jack-of-all-trade. In IT several skill has
evolved such as <br />
<br />
technical support, for what? network cabling,
computer HW and SW troubleshooting, telephone lines, slight carpentry
work and line man are few of the works being assigned to this position<br />
<br />
systems/network
administrator sometimes take the responsibilities of the tehnical
support and vice-versa. the good thing for network administrator is
that they can work without the supervision of the IT manager. so to
make themselves easy go lucky, instead of working the job really at
their level, they will designate it to the technical support or to
someone under their supervision. <br />
<br />
systems analysts, developer,
and programmers are almost having the same context of work and
responsibilities. they only happened to have different name-positions
but in the real word they really have to work as what the bosses tell
them to do no matter what. in other areas they would also work as a
technical support. <br />
<br />
This type of work occurs usually to
somebody who is really new to its career, who are just starting to
experience the work in IT. Most of these IT professionals were able to
escape jack-of-all-trade by choosing what would be the next level of
their work. One factor to do this is to get certified. One who would
like to focus in security has to get a certification (CISSP) related to
this, one of the best is that you should be able to learn the corporate
strategy not just the technical skills. It is like mapping of technical
to management skills that can be applied to your organization. One who
would like to work using MS application should get MCSE certification,
or at least MCSA far better than MCP (which is still considered at the
technical support level). Open source certification? Lots of them has
been around like RHCE (i almost forget, is Linux still on the
principles of the free softwares? i think they are getting on the MS
principles already.). Same thing with SuSE been acquired by Novell. The
best certification in open source is the skills you have got. Practice
all the essential skills to get the best career in the open source
arena, somebody can be a developer, computer and Internet security
professional, systems/network administrator, and even better skills,
having a solid foundation to whoever wanted to be a technical support.
I strong recommend the number one advocacy of the free software (all
source code made available to the public at no cost), the OpenBSD
project which includes OpenBSD operating system, OpenBGPD, OpenNTPD,
redundancy firewall in combination of PF, pfsync and common address
redundancy protocol) CARP. <br />
<br />
With lots of hints being
thrown, now its your turn to secure your job in computer and
information era. Beware everything goes temporary. Update skills,
better if you can get them in advance. It is time to use these for
letter word, "RTFM", what is this? You have got to find it.<br />

Collapse -

Job Security in Computer and Information era: Jack-of-all-trades

by cway1979 In reply to Job Security in Computer ...

The sentence structure and verb-tense errors in this article are below
third grade level. Please spend a LOT more time studying the
english language before you submit something like this again. I
would be embarrased to have other people read it; delete it from
the archive if you can. <br />

Back to After Hours Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums