Re: nmap root vs user question

[ToddAndMargo <ToddAndMargo () zoho com>]

On 10/07/2013 07:39 AM, Rob wrote:
> Is anybody else somewhat worried about this person doing penetration 
testing
> and PCI compliance auditing?
>
> No offense dude, but this is not something that can be learned from a
> security basics mailing list.
>
> I do want to help, and I do want you to learn, but not at the expense 
of a
> client's security.


Hi Rob,

We all have to learn sometime.  And, the customer is fully
aware that I have to learn first.  I was specifically asked
by them to do so.  I am well aware of my current limitations.

Also, I break down questions to their lowest dimension.
Don't let it throw you off.   I am the guy you remember
in college that asked all the questions, while others
in the back of the class groaned.  I got the "A's" and
they got the "C's".  Remember that you do not know
my credentials, my background, my years of experience,
etc..  You do not know me.

Now, as far as this group, it is specifically designed
for beginners:

     A high-volume list which permits people to ask
     "stupid questions" without being derided as "n00bs".
     I recommend this list to network security newbies.

So I am right were I need to be.

Also, don't get too high on this PCI stuff. Some of it
is legit, but most of it is lawyers trying to worm
out of liability.  I would not want to be in the
shoes of someone who pencil whipped the forms when
they get in trouble.  The lawyers will eat them
for lunch.

And, the major threats are not going to come up the
wire looking for open ports.  They are going to come
through IE, Java scrips, PDF's.  Open ports
are a minor threat (yes, you still have to take it
seriously).  Installing that exe inside that zip file
that is suppose to help you find your lost package...

As I said, some good stuff and a lot of paper chase
(flaming hoops).   Although, I do adore having a diagram
of the network.  The human factor is the major threat.

My client is and will be fine.

-T

Had a client a year back who had an employee surf
the porn sites on swing shift on the client's
computer.  He had EVERYTHING!  Oh my that was
fun to fix when his hard drive failed and he
needed his data off it.  His plethora of "Abandon
Ware" was the most challenge.  (Love Live CD's.)
It is the human factor to be most frightened of.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> --- Begin Message ---
>
>
> From: ToddAndMargo <ToddAndMargo () zoho com>
>
> Date: Mon, 07 Oct 2013 13:22:59 -0700
>
> On 10/07/2013 07:39 AM, Rob wrote:
> > Is anybody else somewhat worried about this person doing penetration testing
> > and PCI compliance auditing?
> >
> > No offense dude, but this is not something that can be learned from a
> > security basics mailing list.
> >
> > I do want to help, and I do want you to learn, but not at the expense of a
> > client's security.
>
>
> Hi Rob,
>
> We all have to learn sometime.  And, the customer is fully
> aware that I have to learn first.  I was specifically asked
> by them to do so.  I am well aware of my current limitations.
>
> Also, I break down questions to their lowest dimension.
> Don't let it throw you off.   I am the guy you remember
> in college that asked all the questions, while others
> in the back of the class groaned.  I got the "A's" and
> they got the "C's".  Remember that you do not know
> my credentials, my background, my years of experience,
> etc..  You do not know me.
>
> Now, as far as this group, it is specifically designed
> for beginners:
>
>      A high-volume list which permits people to ask
>      "stupid questions" without being derided as "n00bs".
>      I recommend this list to network security newbies.
>
> So I am right were I need to be.
>
> Also, don't get too high on this PCI stuff. Some of it
> is legit, but most of it is lawyers trying to worm
> out of liability.  I would not want to be in the
> shoes of someone who pencil whipped the forms when
> they get in trouble.  The lawyers will eat them
> for lunch.
>
> And, the major threats are not going to come up the
> wire looking for open ports.  They are going to come
> through IE, Java scrips, PDF's.  Open ports
> are a minor threat (yes, you still have to take it
> seriously).  Installing that exe inside that zip file
> that is suppose to help you find your lost package...
>
> As I said, some good stuff and a lot of paper chase
> (flaming hoops).   Although, I do adore having a diagram
> of the network.  The human factor is the major threat.
>
> My client is and will be fine.
>
> -T
>
> Had a client a year back who had an employee surf
> the porn sites on swing shift on the client's
> computer.  He had EVERYTHING!  Oh my that was
> fun to fix when his hard drive failed and he
> needed his data off it.  His plethora of "Abandon
> Ware" was the most challenge.  (Love Live CD's.)
> It is the human factor to be most frightened of.
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Computers are like air conditioners.
> They malfunction when you open windows
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
>
> --- End Message ---
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------