:: A Not So New Reality

A student of mine (thanks Michael!) sent me a link to the Linux Reality podcast, which I want to share w/all of you Linux noobs (you know who you are; don’t be ashamed).

This podcast was created by Chess Griffin with the new Linux user in mind. A general survey of topics includes:

  • what free software is/means
  • an overview of the various distributions
  • the Linux filesystem hierarchy
  • Version numbering
  • wireless networking basics
  • an introduction to vi
  • basics of shell scripting, and
  • lots, lots, more

Although Chess is no longer developing new podcasts, he’s planning on hosting the ones he does have up indefinitely.

Hats off to Chess for this excellent resource and happy trails!

:: CO


:: Must Have Security-Related Books

I know, textbooks are so 80s, but IMHO, no security professional/student should be w/o the following books in their library (these are in no particular order):

:: Hacking Exposed Series by McGraw-Hill:

:: Counter Hack Reloaded

:: Hacking: The Art of Exploitation, Second Edition

:: Google Hacking for Penetration Testers, Vol. 2

:: Hacker’s Challenge 2: Test Your Network Security and Forensic Skills

:: Hacker’s Challenge 3: 20 Brand New Forensic Scenarios and Solutions

:: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

:: Dragon Bytes: Chinese Information War Theory and Practice – check your local library for copies (tough to find online)

:: The Art of War

:: Wi-Foo II: The Secrets of Wireless Hacking

:: Network Intrusion Detection, Third Edition

:: Intrusion Signatures and Analysis

:: The Tao of Network Security Monitoring: Beyond Intrusion Detection

:: Real Digital Forensics: Computer Security and Incident Response

:: Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition

:: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes

:: The Database Hacker’s Handbook: Defending Database Servers

:: The Web Application Hacker s Handbook: Discovering and Exploiting Security Flaws

:: TCP/IP Illustrated, Volume 1: The Protocols

:: Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture, Fourth Edition

:: Modern Operating Systems, Third Edition

:: Pitt Wins 4th Mid-Atlantic Regional Collegiate Cyber Defense Competition (CCDC)

The student team from the University of Pittsburgh won, what was by far, the most challenging Mid-Atlantic Regional CCDC to-date, besting teams from George Washington University, James Madison University, and last year’s Regional winner, the Community College of Baltimore County. With the win, the Pitt team will represent the Mid-Atlantic Region at the National CCDC, April 17-19 in San Antonio, TX.

Working as IT staff for the fictitious company, TrainerCorp., the student teams assumed operational responsibility of a network that included:

  • SCADA-controlled systems (purpose-built especially for the competition)
  • VoIP/GSM-integrated system with 2 IP phones and 1 team captain cell phone
  • 13 physical systems running: Windows Server 2008 (Active Directory w/10,000 user accounts and Primary DNS), Windows Server 2003 (Exchange w/10,000 paired mailboxes), Windows 2000 Server (Legacy telnet server), Windows Vista (user desktops), Debian 4.0 (Team Dashboard), Fedora Core 7 (Nagios) and 10 (Moodle Server and Moodle DB), Red Hat 7.2 (Secondary DNS), FreeBSD 6.2 (FreeNAS), and CentOS 4.3 (Asterisk)
  • Cisco ASA 5505 firewall, 2801 router, and 2950 switch

In addition to keeping the TrainerCorp. network running, the student teams had to protect their networks from some of the best hackers in the industry: Seth Fogie, Rob Fuller (AKA mubix), Paul Asadoorian (AKA PaulDotCom) – just to name 3 of the 13 that participated on the Red Team.

Congratulations to all the teams for a great weekend and a huge thanks to all involved (you know who you are). Here’s rooting for Pitt in the finals.