One more thing to keep in mind: Mold. The heat from the computer plus the humidity in a crawlspace can cause mold. We once housed a server in a small room with a previously unknown leak in the wall. The heat from the server caused so much mold, that everyone in the bottom floor of our office had to be moved until the mold was contained.
This is excellent advice. Contract out the service to professional penetration testers. It takes years of practice to become a good penetration tester (I've been doing it off and on for nearly 12 years).
In the mean time, this will get you pointed in the right direction:
http://www.pentest-standard.or...
Also, make sure you understand the difference between:
* Vulnerability assessments.
* Penetration tests.
* Security audits.
The goal of a vulnerability assessment is to identify all vulnerabilities (or as many as possible). It will typically include a vulnerability scan (with a tool like Nessus) of a sample of the network. Make sure you interpret the results of the vulnerability scan into something meaningful for the customer.
The goal of a penetration test should be to provide the organization with an understanding of how (and how easy) the organization can be compromised. In this scenario, you are playing the bad guy. The goal isn't to identify all vulnerabilities, but to gain access. It is typically segmented into external, internal, phishing, social engineering, and physical tests (just follow an employee into the office when they come back from lunch. They will hold the door open for you).
A security audit will be based on the standards that the customer is interested in. Typically, there are a standard set of questions that you have to ask the customer. The customer will then need to explain what they are doing to address the question and show proof. To demonstrate proof that they are following the standards, they can provide evidence. Additionally, you will select a sample of the systems, and have the customer show that the security control is implemented on your randomly selected sample.
Good luck on your new career
Commits can get messy, here is an excellent article on how to successfully use GIT:
http://nvie.com/posts/a-successful-git-branching-model/
Personally, I would like see one of two things happening:
1. Break up Comcast and make the new pieces share infrastructure (so they would have to compete with each other).
2. Allow the merger, but with the stipulation that laws would be put in place to spur competition. Such as allowing municipalities to bulid their own network (like Chatanooga).
While few people actually have a choice, I'm still left wishing I didn't have to choose between AT&T & Comcast.
What I was trying to communicate was let's not think of it in terms of "if it saves one life", but in terms
of "if it saves the life of someone I know" (which would have been our case).
I think the argument would have been much different
if we were trying to ban cars rather than changing something small to make it a little safer.
Hopefully Intelligent Transportation Systems (https://en.wikipedia.org/wiki/Intelligent_transportation_system) will be mature enough to reduce those accidents/deaths as well. But for now, we will have to be content with 15 - 30 lives.
On a personal note, a close friend of ours lost their child to an accident that could have been avoided with a rear-view camera. Seeing all the pain that they went through, it makes me wish this existed back then.
Apparently, there is some manual work that needs to be done before one can run Oracle DB modules in Metasploit under Kali Linux. This is because of proprietary libraries from our dear Oracle.
Here are the instructions that worked for me:
http://blog.infosecsee.com/2013/08/how-to-get-oracle-support-in-metasploit.html
So I followed the instructions here:
http://www.minipwner.com/
to create a minipwner box using a TP-Link mini router.
However, using an older openwrt image would break the ones with the 1.7 firmware.
Here is the fix:
Unbrick wr703n wifi router
http://forums.openpilot.org/blog/52/entry-92-unbrick-wr703n-wifi-router/
+1 to the parent. I used to work at SGI and, as you said, this is old news. One small note, unless rackspace is also doing something different, I believe you are talking about Rackable Systems intead of Rackspace.
This might be the first time Intel is doing it with their HW though. If I recall correctly, SGI did it with their MIPS systems.
One advantage of changing your default SSID a vanilla install is that it makes it harder to crack.
The SSID is used as salt in the encryption mechanism.
Here is an article that describes it in more detail:
http://netsecurity.about.com/od/secureyourwifinetwork/a/WPA2-Crack.htm
Plus... having a goofy SSID is fun
Wrote my first snort rule! It detects if someone is trying to capture credentials via the auxiliary/server/capture/smb module.
More information about this type of attack is here:
http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html;
Why don't you release a 'not for commercial use' copy w/o the spying. That will prevent it from being distributed on P2P sites. The added benefit is that people would learn to use and love your software. Eventually, they can be your marketing arm and help convince management to purchase the software for business use.
Also, as you might be aware, developing DRM is very costly. The cost of DRM is expected to reach $9bln this year: http://drm.info/node/93
The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford
