kickarse

Well, that's a great idea but we all know how users are, they'll forget the questions/answers they created and they won't be created with the security in mind. I wonder if it'd be more appropriate to create a set of questions for them, like banks do. Perhaps five questions and randomize them when they call in as suggested. Store it in AD and create a script/program to query the list.

So I've got this dilemma in trying to figure out a policy on how to verify users over the phone for resetting and unlocking them from various network resources. I'm curious on what others do. We already have their last 4 of their social and figure that's probably good enough. Any thoughts?

Anyone see this yet? I'm just watching it now. But so far its a good insight into the community. http://www.hackersarepeopletoo.com/

Its not illegal as long as he's not using the same copy of the install in a different place at the same time. And I think the license even stipulates 3 installs.

A drop down would be nice or maybe a roll over tip of some sort stating the variables. Because you know someones going to put in something stupid with a period.

I would have fileinstall install files with different names that way it can fool some of the virus scanners. Other than that fairly good. You could also adapt this script i wrote to capture what's installed Dim $strComputer, $objWMIService Const $wbemFlagReturnImmediately = 0x10 Const $wbemFlagForwardOnly = 0x20 $strComputer = "." $objWMIService = ObjGet("winmgmts:{(RemoteShutdown)}//" & $strComputer & "\root\CIMV2") _Read_Products() Exit Func _Read_Products() Local $colItems = "" $colItems = $objWMIService.ExecQuery("Select * from Win32_Product") For $objItem in $colItems ;$ProductName = $objItem.Name Select Case stringinstr($objItem.Name,'Microsoft .NET Framework');and StringLeft($objItem.Version,'3')="3.5" msgbox(0,"Found",$objItem.Name & @CRLF & $objItem.Version) ;Return 1 EndSelect Next EndFunc How come you use EnvGet and don't use @computername or @systemdir? _Filewritelog will give you the time and date on each line.

Also just got this error... Seems as though there was an issue with fiddler and the profile in pandora. --------------------------- Sorry, you may have found a bug... --------------------------- Fiddler has encountered an unexpected problem. If you believe this is a bug in Fiddler, please copy this message by hitting CTRL+C, and submit a bug report using the Help | Send Feedback menu. Index and length must refer to a location within the string. Parameter name: length at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy) at System.String.Substring(Int32 startIndex, Int32 length) at Saver.AutoTamperResponseAfter(Session oSession) in C:\Documents and Settings\Keith\Desktop\PandoraSaver\PandoraSaver\Saver.cs:line 198 at Fiddler.FiddlerExtensions.DoAutoTamperResponseAfter(Session oSession) at Fiddler.Session.Execute(Object objThreadstate) at System.Threading._ThreadPoolWaitCallback.WaitCallback_Context(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPool WaitCallback tpWaitCallBack) at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state) mscorlib Fiddler v2.2.0.5 [.NET 2.0.50727.1433 on Microsoft Windows NT 5.1.2600 Service Pack 2] --------------------------- OK ---------------------------

Wow this is working excellently! Just loaded it up in IE 7 using version 1.0.0.2, using flash 9, if that even matters. How would we be able to use FF instead? What are the available rates for Mp3 conversion? Thanks so much!

This thread turned interesting very fast.

I need to find a UT99 game somewhere... ehm...

2003 Saturn L200 (Saab 9-5 to the UK)

nice OT threadadge

Found another option possibly http://code.google.com/p/superf4/downloads/list

I second the changing of the service to manual instead of disable. It's least likely to create an alert. However, it will still probably create an alert lol. From what I remember there's a couple sys files that can be deleted that'll kill Symantec. You'll have to do it in safe mode though.

Talk about a pot calling the Kettle black. You only voted for McCain because you have some silly loyalty to a certain party. Do you even care about the issues at hand?? And yet you talk about people who voted for certain other candidates because of a gender bias. OMGWTFBBQ?!!?! It's Sarah Palin, not Patin, but I knew you knew that already. And I didn't know that when you voted you had an option to vote against a candidate. I wonder what those polls showed! And most people probably didn't realize all of the other parties that actually ran; libertarian, etc. And only really saw them while they were inking in their chosen candidate. How is that even a fair race? The issue with the bailout is that when you give companies, extremely large companies, money it won't trickle to the little people in time for it to be of use. The much better way of handling that would have been to give almost every man, woman and child a percentage of that. Give nothing to those in high society or those averaging over a certain amount of family income a year. Whether it be through actually giving money to people or reducing taxation. Similar to what Dvorak was stating on his blog. It's not like most people would horde it. It would have been spent on things that were of need, like food, shelter and clothing. I think that would have bolstered the economy much more. These banks should have been allowed to crash. They won't learn their lessons and we have to pay for it.

Here at where I work there are three of us Sr guys. I'm the Senior Network Security Coordinator, then the Senior Network Specialist and another Senior Network Specialist. However we all seem to have similar roles. One guy is more workstation support and frontend, and me and another guy do mostly the backend server stuff. I don't have any certs or a university education. I'm 25 and have just been fortunate to have gotten where I have. It's by no means the rule, more the exception.

I'll let someone else click on the links to something called bsodmizer.com, since I'm at work and you have 3 posts :) But it's sounds interesting, however impractical.

It's also possible to create a fake inf to load registry entries. Perhaps the AV software won't catch it because it's not a direct reg add call. Something to kill the service on next load.

I just kind of figured most people would conclude that themselves. Just simple logic. An almost unstated rule, like don't break into a Police Station.

There's a difference between a responsible hacker and a irresponsible hacker. This kid seemed to be of the latter. The responsible hacker tests his shit and double checks everything to make sure he won't get caught some how, for instance using a personal email account and logging into an email account with a home ip address. He knows that if he gets caught he's screwed. And understands the depth of the penalty. An irresponsible hacker know next to nothing and doesn't take into account the extreme reality of what could happen to him if he's caught. He is the one to use his personal email address and home internet to log in to it with. He's the one to do it in his own class or brag to others using both a personal name and his alter(forum) ego. Some are more cautious than others. It's obvious that he either has nothing to loose or he's got everything to loose and was/is desperate.

AutoIT has the function ProcessClose() that you could write a program to do it. Each program could be created with different hashes and names and it'd be hard for an AV software to catch it. You could also try and use AFS with this.

Interesting that you'd be posting something about that with only 3 posts. Seeing the potential that a security guru somehow get's your USB key and decides to stick it in a locked off machine with some scanning/testing utilities. He finds out what you've done. He alerts ebay, ebay alerts the authorities and you get busted.

So at my work we have a program, that shall rename nameless, that allows only mice and keyboards by default on the machines. Has anyone looked into ways of changing the stick to tell windows it's a keyboard or mouse? And then once it's loaded it'll allow it to be attached as a drive? I just thought it might be a helpful topic to brain swap about.

Pixel Perfect has interesting information however to be honest Burt Monroe isn't the best presenter in the world. And bluntly I hated Web Drifter and Internet Superstar. Martin Sergeant is the most annoying man on earth. To me at least. Lane just didn't seem to have a function except for having had history with Kevin, Alex and Martin. I mean really, Pop Siren? It's just a mix of everything already on Rev3. However, I am surprised that they laid off Hippie Glen.

Yeah! I won the software fight!