Menu
▾
▴
isecom-hackerhigh-discuss — Hacker Highschool Project - Discussion List
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(4) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|
|
From: Rick T. <ri...@is...> - 2006-09-18 16:31:02
|
It would be great if you help me by reply this mail to ry...@kt... (Teresa Ryberg) and answer the questions in the survey. If there are any questions you don't want to answer just skip them, but it would be helpful if you write an explanation why. This survey is for purely scientific purposes at The Royal Institute of Technology in Stockholm. All participants are anonymnous. ............................................ About You: Age: Gender: Profession: Nationality: Describe yourself from an outside point of view: .............................................. About You and Computer: Tell me about your first contact with a computer!: Were your parents or childhood friends in to computers? How much time did you put in to learning the computers? What motivated you to learn? Did/do you work alone or in group? Tell me about the first time you ”crossed the line” and illigaly cracked a system! (Why did you do it? Did you do it alone or with others? Was it a thrill?): Have you ever felt hacking/cracking been an adiction for you? Did/Do you have an mentor? If yes, how did you get in contact the first time? Do you socialize with other hackers? If Yes: How/Where do you meet? Is the friendship mainly about sharing information? Do you think its necessary to have good social skills to be a good hacker? Other Comments: ................................................ About Politics and Ethics: What is your purpose when hacking? Do you use your computer skills to “make your voice heard”? If Yes, How? Are you happy about the society we live in? Do you describe yourself as an ethical hacker? Other comments: .............................................. About Elementary School: Did you like school? If Yes, Why? If No, Why not? How was your grades, were you a good student? How were your teachers? Were you social in school? Did the school encourage your computer interest? Did you continue study after elementary school? Other comments: .................................. The End. Thanks so much!!!!!!!! |
|
From: Rick T. <ri...@is...> - 2006-06-26 21:03:58
|
Not sure what happened here, but neither of the posts below are showing up in the archive. I'm resubmitting them for anyone who didn't get them. Rick -- Rick Tucker - HHS Project Manager - ri...@is... ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org ------------------------------------------------------------------- ISECOM is the OSSTMM Professional Security Tester (OPST) and OSSTMM Professional Security Analyst (OPSA) certification authority. Stacey Bryden has posted a revision of the Chapter 8 lesson summary on the HHS discussion list. Please give her your comments and feedback. If you haven't signed up for the discussion list, you can do so on the HHS site. -------- Original Message -------- Subject: Re: [ISECOM-HACKERHIGH-DISCUSS] Chapter 8 summary review from Rick Tucker Date: Wed, 21 Jun 2006 11:38:14 -0700 (PDT) From: im 414345 <im4...@ya...> Reply-To: Discussion list for the Hackerhighschool Project <ise...@li...> To: ise...@li... I want to thank everyone for the feedback provided to me on my first draft efforts. I have attempted to meet all the comments and expand the summary as needed. Here is the modified version for your review. Stacey Summary: Forensics has expanded to include all types of digital devices such as mobile phones, PDA?s and more. While the scope of the field continues to expand there are key elements that remain constant. Maintaining a structured approach to the process and ensuring adequate records are created is a cornerstone to all investigations. Failure to maintain proper documentation and chain of custody of evidence will have a negative impact on the outcome of a case. While forensics primarily focus on retrieval of information from hard drives, CD?s, and other digital media there are other key sources such as firewall and IDS logs that are often included in the context of an investigation for event correlation. Linux has become a primary operating system for performing forensic discovery for a variety of reasons including the ability to recognize various file system types. Linux is widely accepted within commercial and law enforcement fields as the leading platform in forensic cases. This largely stems from the ability of Linux to understand and mount a wide variety of file system types as well as its protective abilities by providing the ability to mount various media in read-only mode without requiring hardware intervention (such as jumper settings on hard drives that can be easily forgotten). This is not to say that Windows based forensic tools are not utilized for many organizations will at times use both system types. This can be to provide for corroboration of evidence and also to provide for the technical knowledge of the investigators involved or organizational preference. The National Institute of Standards and Technology (NIST) has the Computer Forensic Tool Testing Project to independently test and evaluate the performance for write block tools and devices and disk imaging tools providing a level of standards to assist investigators. There are several issues that can be encountered in a forensic investigation. When the suspect has made attempts at avoiding recovery, encryption is often used to guard data however recovery can be possible through efforts such as brute force, dictionary attacks, and attempts with previously used passwords. Other common issues involve maintaining: proper procedures for seizure, the chain of custody, and proper documentation. Without standard procedures and appropriate documentation presenting evidence that could stand up in a court of law becomes difficult. Forensics is a constantly expanding field with more digital evidence being collected to provide additional support on cases as varied as murder, harassment, hacking and more. With the growing dependency on technology more data is being generated providing for more detailed assessments of events and supporting physical evidence in cases. Assignment: If you were given a case, where would you start? What evidence would you ?tag and bag?? What procedures would you follow? What would you log? Consider the potential for going to trial on the case. How would this affect the type of evidence gathered and the methods used? Would a trial affect the types of logs and the detail of the records that were kept? In the event of a trial appearance, would you be able to defend your work and discovery process with ease? Six months after the investigation has ended and you have worked other cases? A year? Would you be able to provide credible testimony with the records and detail level that were kept? If not what additional efforts could be made to facilitate this effectively? ------------------------------------------------------------------------ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail Beta. <http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.yahoo.com/handraisers> |
|
From: im 4. <im4...@ya...> - 2006-06-21 18:38:20
|
I want to thank everyone for the feedback provided to me on my first draft efforts. I have attempted to meet all the comments and expand the summary as needed. Here is the modified version for your review. Stacey Summary: Forensics has expanded to include all types of digital devices such as mobile phones, PDAs and more. While the scope of the field continues to expand there are key elements that remain constant. Maintaining a structured approach to the process and ensuring adequate records are created is a cornerstone to all investigations. Failure to maintain proper documentation and chain of custody of evidence will have a negative impact on the outcome of a case. While forensics primarily focus on retrieval of information from hard drives, CDs, and other digital media there are other key sources such as firewall and IDS logs that are often included in the context of an investigation for event correlation. Linux has become a primary operating system for performing forensic discovery for a variety of reasons including the ability to recognize various file system types. Linux is widely accepted within commercial and law enforcement fields as the leading platform in forensic cases. This largely stems from the ability of Linux to understand and mount a wide variety of file system types as well as its protective abilities by providing the ability to mount various media in read-only mode without requiring hardware intervention (such as jumper settings on hard drives that can be easily forgotten). This is not to say that Windows based forensic tools are not utilized for many organizations will at times use both system types. This can be to provide for corroboration of evidence and also to provide for the technical knowledge of the investigators involved or organizational preference. The National Institute of Standards and Technology (NIST) has the Computer Forensic Tool Testing Project to independently test and evaluate the performance for write block tools and devices and disk imaging tools providing a level of standards to assist investigators. There are several issues that can be encountered in a forensic investigation. When the suspect has made attempts at avoiding recovery, encryption is often used to guard data however recovery can be possible through efforts such as brute force, dictionary attacks, and attempts with previously used passwords. Other common issues involve maintaining: proper procedures for seizure, the chain of custody, and proper documentation. Without standard procedures and appropriate documentation presenting evidence that could stand up in a court of law becomes difficult. Forensics is a constantly expanding field with more digital evidence being collected to provide additional support on cases as varied as murder, harassment, hacking and more. With the growing dependency on technology more data is being generated providing for more detailed assessments of events and supporting physical evidence in cases. Assignment: If you were given a case, where would you start? What evidence would you tag and bag? What procedures would you follow? What would you log? Consider the potential for going to trial on the case. How would this affect the type of evidence gathered and the methods used? Would a trial affect the types of logs and the detail of the records that were kept? In the event of a trial appearance, would you be able to defend your work and discovery process with ease? Six months after the investigation has ended and you have worked other cases? A year? Would you be able to provide credible testimony with the records and detail level that were kept? If not what additional efforts could be made to facilitate this effectively? --------------------------------- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail Beta. |
|
From: Mandy G. <man...@ya...> - 2006-06-07 00:32:35
|
Hi Khee Wei,
My name is Mandy Galante, also new to the discussion list. I teach high school students in New Jersey, USA. We are using the CompTIA Security+ certification test as a curriculum outline. We do incorporate some hands on labs, but I find my students are not getting enough practical experience, especially in troubleshooting.
I have recently been introduced to the concept of PBLs and would be very interested in hearing how you have used this in teaching Information Technology. I visited your website, but the link to the PBL information was password protected. (...To find out more about the PBL experience at RP, please visit the CED website....)
Would you be willing to share some examples of PBLs that you have used?
Regards - Mandy Galante
Teacher of Technology
Red Bank Regional High School
Little Silver, NJ
Seow Khee Wei <seo...@rp...> wrote:
st1\:*{behavior:url(#default#ieooui) } Hi all,
My name is Khee Wei Seow. Im new to the discussion list. A little bit about myself.
Im primarily an academic staff with Republic Polytechnic (http://www.rp.edu.sg/ ) , School of Infocom Technology in Singapore. More on what my school does can be found here : http://www.rp.sg/schoolscentres/sit.asp
I went through the course content of HHS and would like to suggest that *maybe* PBL pedagogy can be introduced?
Im not sure if you are familiar with PBL
in RP, we are 100% PBL, i.e. we do not have any lectures and tutorials. Instead, all our modules are presented as problems for students to solve. Along the way, picking up relevant knowledge.
Let me know your thoughts.
Regards
Khee Wei
---------------------------------
Republic Polytechnic, 9 Woodlands Avenue 9, Singapore 738964 (Near Woodlands MRT/Interchange)
. www.rp.sg . Fax: +65 6415-1310 .
Republic Polytechnic, the first Institute of Higher Learning to fully adopt the Problem-Based Learning approach in Singapore, continues to strive towards best practices and maintain excellence in service standards with the following certifications: Singapore Innovation Class (SIC), Singapore Quality Class (SQC), People Developer Standards and QEHS (ISO 9001, 14001 and OHSAS 18001)
---------------------------------
CONFIDENTIALITY CAUTION: This message is intended only for the use of the individual or entity to whom it is addressed and contains information that is privileged and confidential. If you, the reader of this message, are not the intended recipient, you should not disseminate, distribute or copy this communication. If you have received this communication in error, please notify us immediately by return email and delete the original message. Thank you.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com |
|
From: Rick T. <ri...@is...> - 2006-06-02 20:55:05
|
Stacey, I think you've got a good start on it. I'm reviewing it primarily from a readability and usability perspective. A few things I'll mention... 1. In the 3rd paragraph give more specific reasons for using open source software in the summary itself, rather than directing readers to an outside source with little or no information to use as a base of knowledge. I'd say always give at least 2-3 examples of whatever topic your covering, then refer to outside sources and perhaps give readers a taste for what they're going to see. Give them a compelling reason to go there. 2. The topic of encryption seems to come of the blue and ends just as abruptly. Create a smoother transition to the topic and flesh it out a bit. 3. I like the assignment. It definitely gives students a lot to think about. The 3rd paragraph of the assignment is all yes/no questions, though. Reword those, or just simply add, "If not, why?" or "If not, what would you do to be able to defend your work and discovery process with ease?" ...6 months later? ...a year later? I just read the chapter and it's a bit choppy in places. I think it still needs work overall, but we can work that out as we go. Right now, I'm just concerned about the summary and questions. We will invariably leave out material. We can make that up in subsequent revisions of the lessons. This process is not going to be easy. We may edit the summaries for each lesson several times. Thanks for your help on this. Let me know if there is anything I can do to make your job easier. rick -- Rick Tucker - HHS Project Manager - ri...@is... ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org ------------------------------------------------------------------- ISECOM is the OSSTMM Professional Security Tester (OPST) and OSSTMM Professional Security Analyst (OPSA) certification authority. |
|
From: Seow K. W. <seo...@rp...> - 2006-05-29 02:26:58
|
Hi all, =20 My name is Khee Wei Seow. I'm new to the discussion list. A little bit about myself. =20 I'm primarily an academic staff with Republic Polytechnic (http://www.rp.edu.sg/ ) , School of Infocom Technology in Singapore. More on what my school does can be found here : http://www.rp.sg/schoolscentres/sit.asp =20 I went through the course content of HHS and would like to suggest that *maybe* PBL pedagogy can be introduced?=20 I'm not sure if you are familiar with PBL... in RP, we are 100% PBL, i.e. we do not have any lectures and tutorials. Instead, all our modules are presented as problems for students to solve. Along the way, picking up relevant knowledge. =20 Let me know your thoughts. =20 Regards Khee Wei =20 =20 Republic Polytechnic, 9 Woodlands Avenue 9, Singapore 738964 (Near = Woodlands MRT/Interchange) . www.rp.sg . Fax: +65 6415-1310 .=20 Republic Polytechnic, the first Institute of Higher Learning to fully = adopt the Problem-Based Learning approach in Singapore, continues to = strive towards best practices and maintain excellence in service = standards with the following certifications: Singapore Innovation Class = (SIC), Singapore Quality Class (SQC), People Developer Standards and = QEHS (ISO 9001, 14001 and OHSAS 18001) -------------------------------------------------------------------------= ------- CONFIDENTIALITY CAUTION: This message is intended only for the use of = the individual or entity to whom it is addressed and contains = information that is privileged and confidential. If you, the reader of = this message, are not the intended recipient, you should not = disseminate, distribute or copy this communication. If you have received = this communication in error, please notify us immediately by return = email and delete the original message. Thank you. =20 |
|
From: Rick T. <ri...@is...> - 2006-05-24 19:55:16
|
