toslap

<---Begin Rant---> Not to be a d!ck but if your not an experienced coder maybe letting webusers run commands that require elevated privleges on your box isn't the best idea. If this is a company you work for I'd suggest hiring a pro. If this is a company you are starting which it sounds like it is maybe some you should gain more experience before you start charging for professional level services like Penetration testing and PCI compliance testing. If your offering a service to customers who already use your penetration and compliance scanning why not just create a live cd for them with nmap, nessus, and some report generating software on it. This way they can run the scans on a weekly, monthly basis and provide you with reports for real penetration tests. Again I'm not trying to be a prick but if you can't write a php script to safely run nmap scans how do you expect people to pay you. If you can't write a secure web app how can you tell them their web apps are secure? Just cause wa3f says so? You see what I mean. Any profesional penetration tester normally has at least a few years of network administration experience under there belt and probably know a few programming laguages both scripting (python,perl,ruby) and compiled (c,c#,asm) Sorry to rant but I've been seeing alot of so called penetration testers who are charging for a bunch of automated tool scans that aren't properly configured or executed and there giving clients a false sense of security. <---End Rant--->

Its not that important, just curious. But if I was to make a separate partition then wouldn't the key be stored on the non-encrypted accessible partition? I was just wondering if this is a good way to secure my laptop from physical access. Where are the keys stored, is there something with the MBR that loads PGP before windows? I figured if anyone knew the answers it might be someone here. Thanks

I've locked my laptop harddrive with PGP Desktop, how secure is this? It loads before windows and asks for the password, when I try to find the drive using tools in BackTrack, Auditor, or Hirens Boot Disk (DOS) it either doesn't show up or isn't accessible. Is there anyway for somebody to get the key without logging in. I'm sure there is a way to get the key once logged on, but should I feel relatively secure leaving my notebook around turned off? Thanks John