RE: Winning Hearts and Minds

From: Andy Cuff (lists@securitywizardry.com)
Date: Fri May 04 2007 - 15:15:01 EDT

• Next message: John Babio: "RE: Password Auditing"
• Previous message: Brungardt, Jill: "RE: Password Auditing"
• Maybe in reply to: Andy Cuff: "Winning Hearts and Minds"
• Next in thread: Dave Patterson: "Re: Winning Hearts and Minds"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just to clarify, as was pointed out on by another subscriber, the use of a
privileged account alongside an online service may require some precautions
to be taken or a great deal of trust ;)

Regards
Andy Cuff
Managing Director / CEO
Computer Network Defence Ltd
www.SecurityWizardry.com

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of Andy Cuff
> Sent: 04 May 2007 20:01
> To: pen-test@securityfocus.com
> Subject: Winning Hearts and Minds
>
> Afternoon,
> The discussion on USB devices on the basics list, prompted me
> to report on GFI's FREE Online USB scanner
> http://www.securitywizardry.com/endpoint.htm#freegfi
>
> Back in the 90's I found that a quick squirt using l0phtcrack
> was a great way to win the hearts and minds of system owners
> to Information Security and open their ears. Obviously these
> days enabling password complexity is trivial and cracking
> complex passwords pointless (mostly), therefore password
> cracking doesn't have the same effect. VA tools tend to
> switch off interest, therefore what do we do? I saw the
> above scanner as another Hearts and Minds tool, in that it
> will show the owner what USB devices have ever been on a
> given system from Mass Storage to iPods, I'm sure it can be
> defeated however it wakes them up.
>
> What other Hearts and Minds tools do Pen Testers use for
> grabbing attention??
>
> Regards
> Andy Cuff
> Managing Director / CEO
> Computer Network Defence Ltd
> www.SecurityWizardry.com
>
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic See HOW Now with
> our 20/20 program!
>
> http://www.cenzic.com/c/2020
> --------------------------------------------------------------
> ----------
>
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: John Babio: "RE: Password Auditing"
• Previous message: Brungardt, Jill: "RE: Password Auditing"
• Maybe in reply to: Andy Cuff: "Winning Hearts and Minds"
• Next in thread: Dave Patterson: "Re: Winning Hearts and Minds"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:46 EDT