Stevie

Thanks for info. Well this is where it gets interesting :) because we have spoken to Ricoh and they don't know why it's happening. Nuance own Equitrac printing and Sharescan, so it's Nuances software on the MFDs. Ricoh keep saying they can't get engineers to us in the time we need them, so I'm trying to learn what I need to do, so instead of wasting time waiting for them, look at stuff myself. So far I've learnt a lot from the last Ricoh software engineer that comes to install all the software. I now know how to install equitrac and sharescan to a new, fresh MFD that has come in and doesn't have it installed. I can then add it to the print queue, convert it to a equitrac port so the print goes via equitrac. Then add the MFD to sharescan so they can scan. Your suggestion sounds like something they'd mentioned. Because they noticed all the times were out on the MFDs and weren't set properly (I never did this, the original Ricoh engineers did this when they were originally setup the MFDs) because the hardware engineers just install them and make sure they print, they don't seem to do anything with the management of them via their web consoles. So I set all the timers as requested on all the MFDs (they were going to send one of the software engineers to do it, but that was pointless, it's a simple change I knew how to do and wasn't going to wait for them to arrive). They've checked and confirmed the settings are OK but still, the MFDs will suddenly all drop connection to the Sharescan server. It's odd.

Just having a thought, I'm assuming I just run wireshark on the server then filter out the IPs of the MFDs that talk to it. I'll have a look tomorrow.

Having real issues with Ricoh's Sharescan (well it's Nuance's officially but Ricoh use it on their MFDs). Have about 14 MFDs all working fine with PCC (follow me printing) but Sharescan works for about 30-40mins, then randomly they all lose connection to Sharescan which runs on a server. The server appears fine, everything else on the network appears fine. If you then restart ShareScan Manager it pings all the MFDs and they all start to talk to the server again. I want to take one MFD and do a wireshark trace on it. Not sure where to start though. Not using wireshark much, how do I take a trace from the MFD to the server, so when they lose connection I can see what is going on?

And this is the problem. Some policies, although sound fine and good, aren't workable. Like the 1 minute screen saver madness. We tried this, which I've never agreed with, and it's unworkable. People do sit and read at times on their screen, or compare figures on screen to print outs. The screen saver kicking in every 1 min was driving people nuts and just isn't productive. Same with draconian group policies which even prevent us, the IT staff from fixing a problem in 5mins, having to spend 20 mins instead, fighting with group policy. I don't have a ducky to test, but I wonder if Lumension would work to block this. It's what we use to restrict access to USB ports. You can plug a USB stick in, but it won't let you write to it because Lumension requires it be encrypted first with the Lumension encryption.

Problem I'm having is although IT is my life, I enjoy my work and it's also my hobby and I've never got bored of it, so where's the problem? Gaming. I'm also a bit of a gamer and my motivation or discipline is shit. I have Vivek's WIFI book that he released in the hopes to learn at least the basics of one area, but I've never forced myself to sit and go through it all. I always end up on a game instead of studying more. I have another powerful PC which is my lab machine with ESXi etc on it. I set it up then end up on a game again so neglect it for months. Need to sort that out if I want to learn more and progress.

That's where it's annoying as I'd considering it "Tough tits. You found the stick in the office car park. Instead of handing it in at reception you decided to take it home, maybe hoping for a free memory stick. But no, you've been infected instead, but again, tough tits for not being honest" :)

What about that guy recently that report an exploit that got told "It's not a bug". Then he got onto Zimmerman's page to prove it. They than admitted it was a bug but they know won't pay him because of that & are trying to back track claiming he never gave them enough info. Yet they appeared to have enough info to claim to him "It's not a bug".

Looks good but I don't think it's been released yet.

Some good points and interesting to hear from the Pen Testing side. I maybe vague here in case someone I know reads these. I have been lucky in my current role as the engineers I work with are all nice and helpful which is rare. I can't stand IT Engineers who hold information and aren't helpful. Anyone new, I try to help as much as I can. My old manager also drummed into us in my old company about "single points of failure". So I try to document everything & the fixes I come across. So if I'm not in or have left, someone else can fix the issue. We did have an engineer who was an arsehole but knew quite a lot in my past company. Once you worked out how to play him, he was easier to deal with but really surprised he wasn't given the boot because he'd even be rude to the customers. But then senior management there were arseholes (I can think of a stronger word but can't say that here) I feel one of the issues we currently have is our IT management panics when the pen test reports come in. They actually respect them and so they should. But I've explained that I've always been lead to believe they are suggestions & it's up to the company to decide if the fixes should be applied or not. If the suggested restrictions are to much, are currently unworkable and will hamper support, then they can wait and be changed later. I would like to be more open here, but fear of people reading this, can't. It would explain why we have issues. But some of the suggests we feel they bring up, aren't as serve as they claim. We have some good people that know what they are doing & they've even said some of the issues don't make sense. One of the issues they claimed was serve was our WIFI SSID name. For staff and clearly named so. They've said this will make it a bigger target and needs to be changed. 3 of us gave the argument, in private, why this was a none issue. We've changed it to conform but I explained what's the point. If I use Airmon-ng, you'd sit there and monitor the WIFI in the area and see what you can see. Anything with an obscure name will look interesting. You'll monitor this obscure name, see loads of devices connecting and disconnecting and know it's a business, so target it. Another point was that, if it was me, I'd just check every one I see in the area, again, the one with the most devices popping off and on, I'd assume was a business so again, target it. So I don't see how the SSID name is such an issue and changing it to something obscure, won't stop an attack on it. It's good to see the point from the pen testing side though. The IT Team midnitesnake came across though seem like arseholes and I'd never like to work for a team like that.

These are just random thought, I'm just making a discussion from what I've watched and seen. I know this is in all walks of life and not everyone is like this. But I've watched a few "cons" and am beginning to feel more and more there either appears to be or I'm just not understanding their personality, a lot of arrogance in the pen testing community. I admire their work, the holes they find I find interested, the way they get around security but some just seem to come across as arrogant. As an IT Engineer and not in the same league, maybe I feel inferior so maybe, wrongly, see it as arrogance, that they are looking down on me. I've always been interested in security, but this is what puts me off attempting to get into the field. Where did this come from? The recent Pen Test done on our company. I'm not involved but some of the finds in the reports just seem a little off to me. But that's another story. I was watching one of the old "cons" recently, Defcon 19, with the panel and Jericho was on it. He seemed to come across really hostile and arrogant. I could be totally wrong, he's probably a decent guy but, I totally don't agree with his comment 14mins in to the talk. That when you work 40-80 hours a week banging your head against a wall but being paid for it. Pen testing for 15 years, going back every 6 months to re-test and nothings changed, companies still not patching holes they've been warned about. Maybe it's time they were bent over and fisted. You'll need to watch the video for the full quote. But I just feel. You're a pen tester, you're hired to come into a company like ours and test and give us a report. Nothing more. Pen testers aren't the law or police. It's then up to that company to decide if it wants to act on those holes. Yes, they'd be stupid not to, but it's the companies decision at the end of the day. It's not the right of the pen tester to feel he/she, then has the right to "fist" the company after, because they gave them plenty of warning. The whole talk just felt uncomfortable to me. The other speakers I've enjoyed though are Dan Kaminsky and Zoz's talk at DefCon 18 when he had his Apple stolen :) (the Apple being stolen wasn't funny, how he got it back was) and also Jason Scott's talk "You're stealing it wrong" This is why I'm crap at explaining what I'm thinking, because these talks show the industry isn't full of arrogance and so does Hak5, hence all those years ago when I found Hak5, I've ended up still here. I'll get my coat.

In Firefox. Just brings up code EDIT- I should of said, this is on the forum. You just get this : { "error": { "message": "Error validating application. Application has been deleted.", "type": "OAuthException", "code": 101 } }

Security Essentials, since MS purchased them, is shockingly shit at detecting anything. Try Comodo AV a lot better in tests at detecting more nasties.

NewSID was retired a while ago because SID issues were deemed a myth so you can't download it anymore (although just realised you haven't actually said use it). Mark has a good blog on the subject http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx Having said that, NewSID still seemingly appeared to fix some issues we had at my old place. Still available to download at my site if you wish http://stevenwhiting.com/blog/?p=316 According to Mark having two SIDs on the network is fine and won't cause an issue and AD won't reject them.

This is all on a test lab so the VMs aren't up all the time. Just for when I'm messing, then get turned off later. This is my lab setup at home so nothing on the AD of interest. Problem with all the suggests is my lack of knowledge of Linux, hence wanted the drag and drop options. Got it working in Kali Linux but can't find the HASH crack tool that the guy used in the vid. Will keep looking.

So just found pen testers had done hash dumps of our AD at work and got some accounts. Wondered how it was done so looked around and think I found a video that explains it. Anyway. So booted up my test domain VM and copied the SAM, Security etc files. As VMWare Tools is already on the AD box, it was easy dragging and dropping these to my main Windows 7 machine that runs all my VMWare VMs. VMWare Tools being on the virtual machine allows me to drag from the VM straight to the physical Windows 7 machine. Getting it into the virtual BackTrack 5 is the pain. I think I've managed, with the help of videos, to install VMWare Tools into backtrack, are they running? I don't know as new to Linux & I still don't believe it's user friendly so problems working out what is going on. So now I need to get the folder on my Windows 7 desktop to the VMware Backtrack 5 VM. But can't do the drag and drop that I can with my Windows VMs that all have VMware tools installed and running fine. Any help would be appreciated thanks.

I have used Camtasia to record Time Team off 4OD. Breaks their licence agreement granted, but it's for personal use and they won't release each series and each episode on DVD because, I assume, they believe their is no market for it. If that's the case, then sorry, the only option for me is to pirate as I can't afford to stream it all the time (limited bandwidth). It does require me to watch the show at the same time though and I then can't use the PC. It's the only other way, if the above doesn't work (I like digip's suggestions) I can think of, but then you'd have to buy Camtasia as well.