* Posts by matt

2 posts • joined 23 Jan 2008

UK teen is world's youngest certified ethical hacker (maybe)



A cert does not equal experience.

I have been security testing for 4-5 years for proper ethical security companies and met a number of people with these so called "degrees" and "courses" under their belt. It becomes apparent very quickly that in fact they have no idea and believe its a tools paradise when it is not.

This kid however is aware that he has no experience and instead of applying to Brum uni for IT work should be applying to pen-test companies to build experience.

Crest and Check is the way forward.

A company should be employing a security company with experience.


M @ MRS Sec

Heathrow PC security probe launched


Why they are never security checked?

It never surprises me anymore that companies like this do not have these public terminal services checked from a security perspective.

Any decent ethical security firm will supply desktop build reviews and pick up on issues like this and document them fully.

Might cost a couple of grand but will highlight any issues like the above!

Next time PWDUMP, LSACache and cachedump!

It's surprising how many domain admin credentials can be picked up from these public terminals which would be still valid on the suppliers domain/external network/OWA.

Matt@MRS Sec


Biting the hand that feeds IT © 1998–2022