Security Basics mailing list archives
Re: nmap root vs user question
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Sat, 12 Oct 2013 14:01:18 -0700
On 10/07/2013 07:39 AM, Rob wrote:> Is anybody else somewhat worried about this person doing penetration testing
> and PCI compliance auditing? > > No offense dude, but this is not something that can be learned from a > security basics mailing list. >> I do want to help, and I do want you to learn, but not at the expense of a
> client's security. Hi Rob, We all have to learn sometime. And, the customer is fully aware that I have to learn first. I was specifically asked by them to do so. I am well aware of my current limitations. Also, I break down questions to their lowest dimension. Don't let it throw you off. I am the guy you remember in college that asked all the questions, while others in the back of the class groaned. I got the "A's" and they got the "C's". Remember that you do not know my credentials, my background, my years of experience, etc.. You do not know me. Now, as far as this group, it is specifically designed for beginners: A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies. So I am right were I need to be. Also, don't get too high on this PCI stuff. Some of it is legit, but most of it is lawyers trying to worm out of liability. I would not want to be in the shoes of someone who pencil whipped the forms when they get in trouble. The lawyers will eat them for lunch. And, the major threats are not going to come up the wire looking for open ports. They are going to come through IE, Java scrips, PDF's. Open ports are a minor threat (yes, you still have to take it seriously). Installing that exe inside that zip file that is suppose to help you find your lost package... As I said, some good stuff and a lot of paper chase (flaming hoops). Although, I do adore having a diagram of the network. The human factor is the major threat. My client is and will be fine. -T Had a client a year back who had an employee surf the porn sites on swing shift on the client's computer. He had EVERYTHING! Oh my that was fun to fix when his hard drive failed and he needed his data off it. His plethora of "Abandon Ware" was the most challenge. (Love Live CD's.) It is the human factor to be most frightened of. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- Begin Message --- From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 07 Oct 2013 13:22:59 -0700
On 10/07/2013 07:39 AM, Rob wrote:Is anybody else somewhat worried about this person doing penetration testing and PCI compliance auditing? No offense dude, but this is not something that can be learned from a security basics mailing list. I do want to help, and I do want you to learn, but not at the expense of a client's security.Hi Rob, We all have to learn sometime. And, the customer is fully aware that I have to learn first. I was specifically asked by them to do so. I am well aware of my current limitations. Also, I break down questions to their lowest dimension. Don't let it throw you off. I am the guy you remember in college that asked all the questions, while others in the back of the class groaned. I got the "A's" and they got the "C's". Remember that you do not know my credentials, my background, my years of experience, etc.. You do not know me. Now, as far as this group, it is specifically designed for beginners: A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies. So I am right were I need to be. Also, don't get too high on this PCI stuff. Some of it is legit, but most of it is lawyers trying to worm out of liability. I would not want to be in the shoes of someone who pencil whipped the forms when they get in trouble. The lawyers will eat them for lunch. And, the major threats are not going to come up the wire looking for open ports. They are going to come through IE, Java scrips, PDF's. Open ports are a minor threat (yes, you still have to take it seriously). Installing that exe inside that zip file that is suppose to help you find your lost package... As I said, some good stuff and a lot of paper chase (flaming hoops). Although, I do adore having a diagram of the network. The human factor is the major threat. My client is and will be fine. -T Had a client a year back who had an employee surf the porn sites on swing shift on the client's computer. He had EVERYTHING! Oh my that was fun to fix when his hard drive failed and he needed his data off it. His plethora of "Abandon Ware" was the most challenge. (Love Live CD's.) It is the human factor to be most frightened of. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- End Message ---
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- nmap root vs user question ToddAndMargo (Oct 07)
- Re: nmap root vs user question Jason Hellenthal (Oct 07)
- Re: nmap root vs user question Robert Larsen (Oct 07)
- RE: nmap root vs user question Jeff Fears (Oct 07)
- RE: nmap root vs user question Rob (Oct 07)
- <Possible follow-ups>
- Re: nmap root vs user question ToddAndMargo (Oct 14)
- Re: nmap root vs user question ToddAndMargo (Oct 15)
- Message not available
- Re: nmap root vs user question ToddAndMargo (Oct 16)
- 3G & 4G security Fabio Alceu Fernandes (Oct 17)
- Message not available
- Re: nmap root vs user question ToddAndMargo (Oct 15)
- Re: nmap root vs user question ToddAndMargo (Oct 28)