Jump to content

User Data - Secured! VGS Passes Vuln Test


Recommended Posts

Hey all,

First: I want to say thanks to @Gloves and all other staff members for rebuilding this community. They’ve done a stellar job! **applause**
Second: I wanted to share something with the community that I think many will find important at a personal level.

For those who don’t remember me from NA, (I was only there for a couple of years before GC stepped in) I am generally new here.

I run a company called Lambda Technology Inc. Our goal is to provide specialty IT services to a range of industries. We’ve worked with Architectural firms, Mom and Pops, Aerospace, and our largest focus is Wall St. We are often hired to create thoughtful solutions for problems they face: whether that be Web Master, Website/Intranet Builds, VPN installs, Secure/Hardened System Builds etc., there is little we can’t handle.

Another part of our business entails penetration and vulnerability testing for our clients. I’ve been coding (and hacking) for 15+ yrs, personally and my employees are very knowledgeable. 

I’ve had some small conversations with Gloves and we went ahead and offered an external vulnerability test to VGS as a “Thank You!” For all of the hard work put in here, entirely free. My team was on board and offered to do the work themselves at no cost, and for them I give a huge thanks. 
We gave Gloves the scope of our test and what we’d be looking for and he gave my team his blessing/go-ahead.

We were primarily testing for information leaks (user,admin,root access, etc.) as well as server error handling. 

I’m excited to report that VGS has passed this test with FLYING COLORS!

At any point that we were able to bypass site specific error handling, the server itself stopped us in our tracks and wouldn’t budge.

The team here has a lot to be proud of. They’ve done a fantastic job at building a safe and secure community that we can all put trust in. I recall, in earnest, reading several posts about NA users being upset that NA never even had an SSL cert. I can say at this time, that VGS has very strongly protected User Data from prying eyes. All users should take a bit of comfort in this.

TL;DR: User Data (PWs, User info, Admin Creds, etc.) are all very well secured.


A bit of note that I give to all of my clients on regular basis: (Everyone should read this part).

1) A Vulnerability Test is an examination from the outside to check for common security holes that can be patched with relative ease. Think about this in the sense of a military Recon mission to scope the landscape.

A Penetration Test is not just a scan of vulnerabilities, but a full blown engagement, with the intent to break into a system and compromise the target even if it means creating new exploits. This would be akin to a full blown military campaign, going far beyond Recon. 
The test we performed was a Vulnerability Test, not a full blown Penetration Test.

2) Just because we perfomed a VulnTest and found nothing, doesn’t mean you cannot fall victim to an attack YOURSELF. Be vigilant. Don’t open emails that you don’t recognize, Dont reuse or give out passwords, Be aware of site clones, etc. I think if we all heed these words and practice General Sec Consideration, we will all be safe here. Anybody in InfoSec will tell you: 100% Security is a pipe dream... it simply does not exist. The goal of any sec worker is to make the system so difficult to break into that the engagement is no longer worth the attackers time... and causes them to move on to lower hanging fruit.

That being said, this is a big 1-Up for the community here compared to many others.

Thanks for reading.

All the Best

-Lambda Tech Inc.

Edited by Lambda
  • Like 12
  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...