a response.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
-
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
time to create this
remote DoS than it would cause the victim in lost time. IMHO Outlook Express
would be a much less time consuming vector.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
-
If you spend more on coffee than
Roman Drahtmueller wrote:
snip
Evolution - just as everything else in the Open Source world,
is subject to permanent development, improvement and
evolution.
snip
Maybe that's why they call it Evolution ;)
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
. Multiply my waisted 10 seconds by 10, and you will see what
a service you are doing for the world.
Sorry for the rant.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
-
If you spend more on coffee than on IT security, you
Maximillian Dornseif wrote:
A group of students at our lab called RedTeam found an
information disclosure vulnerability in CitrusDB which can
result in disclosure of credit card information.
snip
Nice job. Congrats to your students.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information
Loptr Chaote wrote:
snip
Who ever the authors,
they should never have been put in front of a developer environment..
snip
No, they should have been put in front of a fireing squad...
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
. If so, it must then be rejected.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
-
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity
vulnerablities that can be
exploited, but the fact that administrator can be bruteforced (6 attempts
followed by reconnect) and that it is screaming its existence on port 3889.
If you use it, definitely change the port in the registry.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP
snip
Been a long time since I read Mentor's words. Good luck to you starwars, I
hope you start something. I'd join the effort, but am currently working on
my masters in IS and get little sleep as it is.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
. The only BS I don't like on this
list is when those kiddies are stupid enough to open their mouth instead of
lurking and learning like I did on the BBS's and newsgroups of my younger
days.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
to keep me busy for months. Well worth
the money.
My .02
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former
. It's the
wild west in 1800 and there is no law. If you want to survive, you better
have a hired gun and we go for $300/hour these days. At least those of us
who have met the black hat on main street at 50 paces at high noon and
walked away to tell about it.
Curt Purdy CISSP, GSEC, MCSE+I, CNE
re-election).
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
-
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke
ANYTHING try's to install, is just one more example of FireFox's focus
on security.
And as for those sites that use ActiveX, I pass them by since they don't
have the good since to stick with web standards.
FireFox ROX!
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP
the first thing I would do when I got home was scan their
network.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
-
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former
everything from stopping split-tunneling to quarantine users to a VLAN and
performs remediation on them until they are policy compliant.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
-
If you spend more on coffee than on IT security
, when I have to run windows (rarely), I start a VMWare session under
SuSE, do what I need, and close it out as quickly as possibe, after checking
for patches of course ;)
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
a very lame trick against me. =)
I'm guessing the latter.Although story scraping would be
possible, intellegent naming of the .exe would not be. Most likely a
friend... or enemy.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDAInformation
Security EngineerDP
Solutions
Abilash Praveen wrote:
whats this about?
- Original Message -
From: g0bb13s [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 25, 2004 12:58 PM
Subject: [Full-Disclosure] Cry For help
Good sirs and madames,
It's a 491 scam parody.
Curt Purdy CISSP, GSEC, MCSE+I
] (EAX=0). So at first glance this doesn't seem to be
trivially
exploitable, but I'm not a win32 expert, and intuition
suggests that there
must be a way.
One possible exploit is to simply place the file on your desktop.
explorer.exe goes to 100% cpu.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
programmers
don't trust user-supplied data?? (H -- does it also fail on
W2K3??)
No, in W2K3 you get Cannot query the properties for this program. There may
not be enough memory available. blah blah as opposed to 100% cpu in 2K.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security
can click. Also a few of
the extensions are real productivity improvers, although FireSomething does
steal a few seconds every day ;)
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than
to install
adware on users' systems, security researchers warn. Other exploits -
include computer viruses - based on the same techniques of tricking users
into visiting a maliciously constructed website housing malign script could
follow.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security
and pocs extremely valuable in my pen-testing/auditing work.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked
only cause the network device to fragment the packet
which would fail since there would be no bits beyond the true length to
fragment.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than
(notifying me of a virus getting
through the gateway filter or being able to access something they know they
shouldn't). I have found that my time spent has paid me back in a user base
(at least part of it) that has become an asset not a liability, as we often
think of them.
Curt Purdy CISSP, GSEC, MCSE
process can touch it, making it
extremely fast and efficient with no noticble impact in performance, even on
slow boxes. My $.02
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than
Feher from Hungary.
Actually Tamas, that is one of the best short critiques I have seen on the
AV market and I agree with almost every point. Factual and without bias.
Maybe you should write that book.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
of the little
built-in omnis) you could not get near 7 miles. My estimation is that
considering the walls in the building, you would be doing good to pick up
anything 100 yards from the building edge, even with a yagi.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP
legal power limits.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard
some1 eles states as it may not be
true. I have
Don't know where you get off including me in your list, but I have
personally setup Cisco units up to 20 miles with parabolics and Adaptive
Broadband up to 35 miles.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
. If the packets/hashes can be accessed it can be compromised.
Unbreakable has been touted from the 48-bit Netscape encryption that took
USC's distributed network a week to crack, to Oracle 9i that took one day to
compromise, I believe.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP
are in a different class of certs that apply to technologies, not
products, i.e. information security, auditing, and even in the case of CEH
(which I would not touch with a 10-foot pole), hacking.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
rebuilding the
system and not getting paid for it because the client knows the bluescreen
was caused by us, is not fun.
We have never once had this happen on a *NIX or Netware box.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
n30 wrote:
Any good links/pointers to ROSI (Return on security investment)?
Here's what I've got:
ROSI
A classic argument is that there is similarly no clear return on life
insurance, but that doesn't stop most of us from buying it; still,
attempting to formulate operational-security ROI may
of this. Obviously Ms. Meinel has
pissed off a few people in the past. Actually I have been around long and
have the grey hair to prove it. Just never participated in the chat room
underground, too busy learning to build tcp packets from scratch ;)
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
the rec or unrec as the
case may be.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity
Carolyn Meinel
wrote:
Stories in the New York
Times and Vanity Fair quoted the FBI
saying Martin was wrong, but what
does the FBI know? Jay Dyson
tells you to believe, so believe
you must, because it is cool.
I don't intend to get in the middle of
the crossfire here, but I just wanted
from a security
standpoint.)
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity
the oldest of the security certs and now requiring a bachelors degree
as a pre-requisite.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you
. I have only had one person so far, answer all correctly.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked
close links to crypto, they are different. Where
crypto hides data behind encryption, stego hides it in plain site.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you
for analyzing non-text files as
well as many other tools from SysInternals.
Curt Purdy CISSP, GSEC, MCSE+I, CNE,
CCDA Information Security
Engineer DP Solutions
If you spend more on coffee than on IT
security, you will be hacked. What's
more, you deserve
of their engines (they have 3) operates at
the very lowest level of I/O, immediately scanning a file as it comes off
the disk, before it enters memory or interacts with OS. This makes it very
fast and very efficient.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
them at a huge amount of work, you ARE way
off-base. There is no malware I know of that would even know what the
packets were, muchless re-assemble them into the original document, insert
itself, and pass it on. Maybe by 2104...
Curt Purdy CISSP, GSEC, MCSE+I, CNE,
CCDA Information Security
day. I patch my Netware servers a couple of times a year.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked
) Don't ever put your cc info into any site you did not directly go to and
trust.
3) nslookup 218.62.43.30 - Non-existent domain
nslookup paypal.com - 64.4.241.16
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you
it on a seperate box if you wanted to.
Another sign of the total cluelessness of MS on security.
--
Curt Purdy CISSP MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's
on this course, at least encrypt it with PGP or S/MIME.
--
Curt Purdy CISSP MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- Former White House
last MS product.
BTW, I love the way SuSe updates online during install, before the first
boot off the hard drive. Those guys know security.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee
outbreak. The peaceful sleep alone is proof of it's usefullness.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked
of the
same protiens your brain is made of, and goog for your heart too. And also
the reason human ancestors that were coastal dwellers beat out Neanderthals
that were hunters).
Sorry for rambling.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
docco wrote:
What Curt Purdy is saying looks to me like a
great_pain_in_the_ass_solution.
In case the supersecret extension would get leaked or
compromised, which I
beleive would be absolutely not hard to achieve (by means of social
engineering, sniffing or just brute force - combinations
renames it. A little trouble yes, but it virtually
eliminates email propagated viruses from the corporation.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you
without the need for scanning. Quite a simple, yet
elegant solution, if I do say so myself.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's
,
past/present/future without any further interaction by IT dramatically
improve the virus/worm situation across the board.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security
as easy to tell senders to rename
the file as to zip it.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked
took a
day of school or boot camp.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House
, but highly unlikely as long as
everyone who implements this strategy don't use the same extension. If you
pick a relatively random sequence, a.k.a as in .dps for my company, you
would not be the target of a virus, whose purpose is to infect as many
systems as possible.
Curt Purdy CISSP, GSEC, MCSE+I, CNE
on my networks and am
slowly replacing as many of my W2K desktops with SuSe Linux as I can. My
servers are already majority UNIX and Netware.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee
that, but I have always suspected the reason for the close
follow-up releasing exploits after patch release is because the value of the
0-day that had been used for whatever purposes the writer wanted was now
null. At that point, her pride takes over and she releases her work for the
world to see.
Curt
Mark Fagan wrote:
you could always attend the CBK review seminar, I think it
cost me the guts of
3K Euro and takes one week, its probably cheaper in the UK.
I found the CISSP Study Guide Gold Edition to be all the material I needed
and a lot cheaper than 3k.
Curt Purdy CISSP, GSEC, MCSE+I
Puneet wrote:
snip
and after 10 seconds when an applet loaded...first IE hanged
and then the
system got hanged.What's that which causes the system to halt
Try FireFox a.k.a. FireBird at mozilla.org - awesome.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP
Rabourdin Clement wrote:
Crashed MozillaFirebird on FreeBSD 4.9 STABLE, too :(
The applet is working but Mozilla goes down... But no system crash
snip
Simply comes up with a couple of pics on Firebird 7.1 and FireFox 8.0 on
W2K.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security
by the moderator. They have a nasty
habit of doing that.
Curt Purdy CISSP, GSEC, MCSE+I, CNE,
CCDA Information Security
Engineer DP Solutions
If you spend more on coffee than on IT
security, you will be hacked. What's more, you deserve to be hacked
drop the source for
MyDoom.A on you're box.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House
, technically correct input.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser
contributing to the redmond bottom line of their big buck,
cause most
those PC's come pre-installed with a M$ OS underneath.
The cheapest PC HP/Compaq carries is a box running Linux. Again the market.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
. The combination of
the most secure OS around with an experienced, quality support staff, fully
integrated with Linux is a driving force. Novell has finally got it right
and their growing market share in the enterprise will reflect that.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security
in multiple domain sites
requiring either finding the server with the least corruption and making it
authoritative, or restoring from a known good backup. No way to run an
enterprise. Again, whenever a problem has shown up in NDS, a simple
DSREPAIR has always fixed everything, without fail.
Curt
, the
biggest pile of dog doo since 3.1 and telling customers they can't get 2K
even if they prefer it.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked
to several securityfocus lists, but have not submitted
for some time as I kept getting returned rejects even though they were
on-topic valid points. A real shame but not unusual for big-$ corporate
America to get their grubby little fingers on something good and run it into
the ground.
Curt Purdy
just hit a grand slam.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser
are more researched
and discovered because it so prevalent. Without a total re-architecture and
re-write of Windows code, if and when (hopefully) Windows OS's become a
minority, they will still be getting the vast majority of discovered and
exploited holes. Lay a dollar to a dime on that.
Curt Purdy
of Linux, it is still referred to as a New Technology Release basically
synonymous with beta. There Production release is 4.8 that I have on some
of our servers (not running a gui). I have 5.1 as well as Linux on
workstations.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP
be that he is referring to an exe packer as used to attach a trojan
to a legitimate exe aka whackamole.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you
a comprehenive
vullnerability assessment and patching and remediation program that turned
the hostile penetration rate from over 20% to less than 1% in a year.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you
policies, as described in KB
828026.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity
with Swen, I am blushing, but I have
also just finished a month-long security audit for a HIPAA client and have
not kept up like I should have.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than
Debates over
the validity of an infosec-related point are useful and constructive;
character assassination and personal attacks are not.
Thank you madsaxon. Love the handle.
Curt
___
Full-Disclosure - We believe in it.
Charter:
on www.kievonline.org site? thread and is trolling for addresses. I
got it at an address I never use for this or any other list as well this
address. Thank God for PopFile!
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you
patch out. Or are they thinking, "Send this out so all the
stupid people will click on this before they click on a real
trojan?
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions [EMAIL PROTECTED]
If you spend more
to
the network. Also in that vein is Adrian Lamo, an underground hero of the
highest caliber who has just been arrested for helping many large
corporations like GE clean up their act.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
can only imagine
how many thousands of bots were deployed before blaster hit, as the kiddies
were hitting their keyboards just as fast as their little fingers could
type.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
;)
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke
The jumbled letters at the end don't fool PopFile. I think it actually
marks those as I haven't had one in months.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Senior Systems Engineer
Information Security Engineer
DP Solutions
[EMAIL PROTECTED]
936.637.7977 ext. 121
actually
less upset at Microsoft's presure (what else would you expect from Uncle
Bill) as I am at @Stake selling out. What ever happened to that great crew
at L0pht Heavy Industries? Personally, I will never purchase another @Stake
product or service again.
Curt Purdy CISSP, GSEC, MCSE+I, CNE
, while
I observe Uncle Bill's guinea-pigs.
One of the things I love about *NIX is the stability. FreeBSD 5.1 (I run on
my desktop) is more stable than any Microsoft .1 product ever hoped to be,
but the FreeBSD crew is still classifying 4.8 the production version (I run
on my servers).
Curt Purdy
It's one thing to sell-out for commerce, it's quite another to give up your
humanity by selling your soul to the devil, and basically that is what they
have done by throwing one of their own to the wolves.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
When we get this far off-topic, how about putting up a new subject line with
a was:
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you
and see that Microsoft is the central
planner here and Bill Gates is Big Brother.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve
Tower of Babel that could all come crashing down at the
displacement of a single foundation stone.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked
He did not say, though, how legislators would
determine the difference between malicious information and that used for
legitimate security research, or whether such a law might compromise freedom of
speech."
Curt Purdy CISSP,
GSEC, MCSE+I, CNE, CCDA Information Security En
Actually, failure to achieve compliance with HIPAA could find hospital
executives and physicians facing fines of up to $25,000. Certain criminal
violations could cost individuals and organizations $250,000 and up to 10
years in jail. This is quoted out of more than one reference.
Curt Purdy
crackers. That's my .02 of
bandwidth usage.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White
applicable to the optical media we now use, with one person
responsible for handling and storage with a reliable witness.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more on coffee than on IT security, you
Actually the traditionally accepted court evidence is real-time printouts of
data received by the syslog server. We ran out of room to store the paper
and went to write-once cd's. We are looking at going to DVD to cut down on
disk changes.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information
and are finding attacks that they would not have even guessed at a year
ago. By law they must keep their logs three years, plenty of time for even
scumbag lawyers to find it. If you have done due diligence, you will be a
sitting duck.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security
the
same restriction. Although I am not familiar with this hardware, most law
inforcement I know use Encase, a $30K dd with a few analysis tools thrown
in.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
If you spend more
field) dictates you make an immediate initial dd copy for the court. Then
make as many working dd's as neccessary for forensics.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Senior Systems Engineer
Information Security Engineer
DP Solutions
[EMAIL PROTECTED]
936.637.7977 ext. 121
1 - 100 of 115 matches
Mail list logo