Email headers are a simple thing, but when you’re in a bind and needing to read one or more, they can sometimes be such an annoyance. This paper is a fullblown discussion on email headers and what they mean. Quite a nice read, to be honest.
Blue Pill and Red Pill are part of some new research into hardware abstraction and virtualization where a system can be fully controlled by an attacker if he/she can get an abstraction layer between the OS and the hardware…well, then it’s game over. Thankfully, this is not easy and does require physical access. Nonetheless, cutting-edge creativity is quite interesting.
Wow, I never thought I would see an article on CNN.com that had some technical merit! CNN questions laptop security and why exactly is sensitive data finding its way to mobile devices in the first place? Excellent question!
One of my favorite blogs, Security Monkey (or A Day in the Life of an Information Security Investigator), made a post about how to increases your chances of getting into the lucrative and fun field of penetration testing. The comments are nearly as good as the post itself and I definitely wanted to keep this around.
You can also use iptables to monitor bandwidth.
Want to become a Chief Espionage Officer?
This link I have not tried recently, but I believe these are still free study guides for the cissp and should still be pretty informative. I read one or two about a year or more ago, and file away the link for a time when I could more fully pursue the cissp. I believe these are from Shon Harris and hosted by this site as a sponsor.
Of note, Shon Harris also has CISSP training that you can pay for and attend.
Link to pictures of the CDC 2005 event at Iowa State University. The CDC is the CyberDefense Competition held at ISU where teams of students attempt to defend their networks against a team of attackers (usually area professionals) over the course of an entire weekend. The event is reminiscent of Defcon’s Capture the Flag, but with a much more instructive mentality. I wish we had this much stuff in this field at ISU back when I was a student! A version of this is also being held annually where high school teams are the defenders and college students are the attackers.
There are scripts and various automatic ways of hardening a Linux system, but nothing is more informative and instructive than doing many of the tweaks and settings manually. I liked this post because it really delved into a few of the particulars and exactly what is going on.
This paper is very advanced using a lot of different skills, but it does demonstrate how to abuse SNMP on a Cisco router to get its configuration file, and then have some fun with Generic Routing Encapsulation (GRE).
Information Overload. Kind of hard to admit that I am nearing that point, since I completely love learning things and absorbing knowledge. But the IT, techie, world has been doing that to me lately…really kicking my ass. I want to learn so much, catch up on things over the years that I missed because I wasn’t a packet geek or into coding as a child (yeah, right!). I have an entire different part of this site dedicated to postings and news and links and tidbits of knowledge that I have happened across in the past few years (I keep these separate because, well, it’s just for me). I have a huge list of bookmarks in my web browser that are “pending” things to check out, usually tools, large sites, or long papers that I didn’t have time to fully deal with back when I was made aware of them. I have dozens upon dozens of books that are half-started or not yet read…as if just owning them means I can somehow claim the knowledge locked away.
I don’t have enough hours in my day, enough days in my life, to learn all this stuff like I want to learn it. That’s frustrating beyond belief.
Couple this with my recent soul-searching about my career. I love my career to date and where it is going, but I’ve had some thoughts that maybe specializing a bit more would be beneficial.
Now that I was working on “that other” part of my site that will remain mysteriously locked away, I have realized that my categorizing of information is almost manic at this point. It is still a mess and I’m not happy with having all this knowledge in front of me and just not having the time to get to it. Maybe I should specialize that too?
It kinda makes sense, but while I am happier to do this with my young career, I’ll likely not adopt that quite too soon with my thirst for knowledge…but I certainly need to slow down and instead of blitzing this realm, to sit back, clear off the desk, and focus on a few things at a time and truly enjoy and experience them.