Last 10 posts

Last 10 posts http://www.governmentsecurity.org/forum/index.php Thu, 19 Nov 2009 16:15:26 +0000 1 Guest Post - Https Data Exposure - Get Vs Post http://www.governmentsecurity.org/forum/index.php?showtopic=32266

URL arguments refer to arguments in the URL for GET or POST (e.g. foo.com?arg1=something).
Body arguments refer to data communicated via POST paramaters in the HTTP request body.

NOTE: This chart does not address client side caching of temporary files. Caching is a separate issue from the protocol selection and should be addressed with appropriate cache-control headers.

A quick conclusion: The secure choice for transmission of any sensitive data is to use POST statements over SSL/TLS. Any other option will expose data at some point in the communication.

Full post
http://www.shortinfosec.net/2009/11/https-data-exposure-get-vs-post.html]]> Thu, 19 Nov 2009 16:15:26 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32266 Is There A Feature To View All New Posts Since Last Login? http://www.governmentsecurity.org/forum/index.php?showtopic=32265
Is this feature still available? Can't seem to find it.

Cheers.]]> Thu, 19 Nov 2009 07:10:42 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32265 5 Important Things To Know About The A Plus Certification http://www.governmentsecurity.org/forum/index.php?showtopic=32264 1. The A plus is what most people start with
Comptia (the vendor offering this certification) got it right with the A+ certification. It's extremely popular and no wonder why. The A+ is the very first step in our career ladder and a very important one. Studying for this cert we get down to the basics of what computers are - hardware and software - and in depth learn everything that is important about them. This is what the A+ gives you - an extremely important foundation to work on. Nearly nobody stops at the A+ - it's our very first step towards obtaining other higher certs which gives us higher positions and more money in our pockets.
2. How to study for it [this is important]
New people into the Industry feel unsure on how to best take this first step in their career ladders. Getting your first certification is like getting your first kiss - you always remember more details about it than any other cert you will be getting after that. Always opt to self study, unless your employer is willing to pay for a training school or boot camp. The truth is, entry certifications build a foundation to work on. They do not land you in the big bucks. That comes later. Spending lots of money on training for entry certs doesn't make money sense.
3. There are 4 exams you can choose. Which ones do you do?
The A+ essentials (exam 220-601) is the first one you must pass. After that, you have the choice of:
IT Technician (220-602)
Remote Support Technician (220-603)
Depot Technician (220-604)
Most people do the IT Technician one as it gives you a more rounded knowledge. The other two, specialize so to speak, you should choice either one of these two only if your job requires it.
4. Where can you book the exam?
All comptia exams are booked through Prometric or Vue. Once you finished studying, go to either website and choose your nearest testing center. Pay the fee and book the exam on your choice of date. Now you are all set. When you go to the training center, arrive 30 minutes beforehand and don't forget to bring 2 forms of ID with you.
5. How long does it take for the certification to arrive?
When you complete your exam at the training center and you pass, they will give you a piece of paper stating you have passed the exam. You can use that on your resume for the moment to show employers you are now A+ certified. The actual certification will be posted to you from Comptia and this take around 2 to 6 weeks.
more certification information you can check passcert]]> Thu, 19 Nov 2009 03:18:34 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32264 Files Download http://www.governmentsecurity.org/forum/index.php?showtopic=32263 So when can i download files as it will not alow me to.. Thu, 19 Nov 2009 02:15:59 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32263 Vpn Anonym http://www.governmentsecurity.org/forum/index.php?showtopic=32261
I just wanna know if i send and email och surf on the internet , for example site while i am already connected to vpn , is it possible to find out my real ip ? i mean the site owner or the mail reciever ! if yes i wonder how !]]> Wed, 18 Nov 2009 12:20:42 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32261 How We Can Change Symbol In Password Field In Javascript? http://www.governmentsecurity.org/forum/index.php?showtopic=32260 Wed, 18 Nov 2009 11:13:00 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32260 How To Trust Cloud Computing http://www.governmentsecurity.org/forum/index.php?showtopic=32257
Here are the mechanisms by which we can approach the level of trust that we have in our infrastructure for the cloud. But bear in mind, that each approach can have it's own pitfall!

Full Story
http://www.shortinfosec.net/2009/11/how-to-trust-cloud-computing.html]]> Tue, 17 Nov 2009 21:09:43 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32257 Guest Post - It Risks Vs. Information Risks http://www.governmentsecurity.org/forum/index.php?showtopic=32256
Here are my high level definitions:

IT Risks - The probability that a vulnerability of an information technology solution or asset will be exploited and the likely damage from the exploitation.
Information Risks - The probability that information/data can be exploited and the likely damage from the exploitation.

While these may seem similar to the layman, they should clearly be viewed and positioned differently by the Information Security professional. Here's why:

IT Risks should have a focus on technology, while
Information Risks should not have a focus on technology

This is a guest post by Mark Brooks, a consultant and leader in the field of global information risk, security, and compliance.

Full story http://www.shortinfosec.net/2009/11/it-risks-vs-information-risks.html]]> Mon, 16 Nov 2009 19:45:01 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32256 Offensive Security Has A Milw0Rm Replacement http://www.governmentsecurity.org/forum/index.php?showtopic=32255
/http://exploits.offensive-security.com/]]> Mon, 16 Nov 2009 17:39:40 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32255 Ipsec Debugging http://www.governmentsecurity.org/forum/index.php?showtopic=32254
I have to do a brown bag at work going over IPSec debugging...specifically ASA's and PIX. Whenever I look around for information on IPSec debug i am only able to find debug output and then the answer on what the problem is. Any ideas as to where to find actual white paper or other documentation on how to decipher alot of the information given on a debug?

Appreciate your help,

-Lex]]> Sun, 15 Nov 2009 19:27:45 +0000 http://www.governmentsecurity.org/forum/index.php?showtopic=32254