Author: Andrew Hay
Expanding my horizons in 2007
I’ve decided that 2007 is going to be the year that I expand my horizons and diversify my knowledge. I’m going to get away from product-centric studies and take a more agnostic approach to my continuous learning. To give you some examples, here are some of the things I will be doing in 2007:
- Learning How To Program…Again.
- Attain The CISSP Designation
- Learn Arabic and Travel to Egypt
When I was younger I was never able to focus on programming as it bored me. I’m going to take another crack at learning the art of programming by starting with Head First Java, Second Edition by Kathy Sierra, Bert Bates.
Book Description:
Head First Java delivers a highly interactive, multi-sensory learning experience that lets new programmers pick up the fundamentals of the Java language quickly. Through mind-stretching exercises, memorable analogies, humorous pictures, and casual language, Head First Java encourages readers to think like a Java programmer. This revised second edition focuses on Java 5.0, the latest version of the Java development platform.
I am hoping this will take my knowledge of security to the next level by understanding how virus, worms, and bots function at the code level.
I’ve been talking about getting the CISSP since 2003 and I figure I’ve completely run out of excuses for not getting it. So far I have the following books to study from:
Official (ISC)2 Guide to the CISSP-ISSEP CBK (Hardcover) by Susan Hansche (Author)
Book Description:
Official (ISC)2® Guide to the CISSP-ISSEP® CBK® provides an inclusive analysis of all of the topics covered on the newly created ISSEP Exam. The first fully comprehensive guide to the test, this book promotes understanding of the four ISSEP domains. This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process. It also details key points of more than 50 U.S. government policies and procedures, which need to be understood in order to gain ISSEP certification.
Book Description
More and more frequently, corporations are requiring that their employees provide professional certifications to prove that they possess the core competencies to do their technical jobs. The Certified Information Systems Security Professional examination (CISSP) is the industry standard test for IT security professionals administered by ISC2. CISSP-exam experts, Ronald Krutz and Russell Dean Vines, have updated and improved their bestselling The CISSP Prep Guide, complete with inside tips and information on how to master the CISSP certification test.
I am going to a wedding in Cairo, Egypt in August of this year. This is going to be a once in a life time experience and I see it as an opportunity to learn a language which has always interested me. I figure I’m going to start by purchasing an audio package from iTunes so that I can learn while I’m at the gym. I’ve also picked up an Arabic phrase book which should help me look like a tourist quite nicely.
Those are the goals for now but for anyone who knows me, these could change by tomorrow morning 🙂
Rainbow Table – LM All 1-7 120GB Download
The Hak5 RainbowTables project has finished generating the 120GB LM All tableset, and they are now available for public download via Bittorrent.
Technical Details
Charset: all (ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|:;”’,.?/)
Plaintext Length Range: 1-7
Key Space: 68^1 + 68^2 + 68^3 + 68^4 + 68^5 + 68^6 + 68^7 = 6823331935124
Disk Usage: 120GB
Success Rate: 1 – (1 – calc_success_prob(6823331935124, 9000, 8000000000/8)) ^ 8 = 0.9990
Mean/Max cryptanalysis time: 197.0106s/915.2542s*
Max Disk Access Time: 3802.2s*
Typical 666MHz CPU
The Torrent download is available here: hak5_rtables_lm_all_1-7.torrent
What is a Rainbow Table?
A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible. Salt is often employed with hashed passwords to avoid this attack.
A full description can be found here: http://en.wikipedia.org/wiki/Rainbow_table
Attained the GIAC Incident Handler Designation!
Well I finally did it, I passed both of my GIAC Certified Incident Handler (GCIH) exams with 89% on each!
This was the first time I had a chance to use the SANS OnDemand training method and I have some mixed feelings about it:
Pros
- Very Portable – while out of the office, I was able to access the material when I needed it. This was very handy while waiting for my Red-eye flights back from California to the East Coast.
- MP3’s For Download – SANS makes the MP3’s available for download which makes flights go by quickly and allows me to learn while in cramped quarters (In case you don’t know I’m 6″4 and don’t travel well on Airplanes designed for 1950’s sized passengers).
- End of Section Tests – each section ends with a test to ensure that you know the content prior to moving on. This really prevents you from blowing through topics that you THINK you know.
Cons
- No Dead Trees – I am the kind of person who like to be able to have the material printed out and in hand. I tend to absorb it better when reading old fashioned printed books. I wish that they’d include them in the cost of the On Demand course.
- Presentation – I know for a fact that these On Demand sessions are SANS’ first crack at self-paced training. They are quite rough around the edges and do require some added bells and whistles to keep my interest. Perhaps they should invest in a different Web Based Training package that doesn’t look like it’s optimized for Netscape 4
- Accuracy – not of the content but the way it is presented to the user. There was one section that was not covered and I would not have been able to pass the test at the end of the section had I not ordered the books (and used them as reference). I emailed in, as per their process, and it was fixed several days later. Had I not had the books I would not have been able to progress to the next section and 7 days would have felt like an eternity.
Anyone else have similar experiences with this method from SANS?