Lambda | 130 Posted February 11, 2020 Share Posted February 11, 2020 (edited) Hey all, First: I want to say thanks to @Gloves and all other staff members for rebuilding this community. They’ve done a stellar job! **applause** Second: I wanted to share something with the community that I think many will find important at a personal level. For those who don’t remember me from NA, (I was only there for a couple of years before GC stepped in) I am generally new here. I run a company called Lambda Technology Inc. Our goal is to provide specialty IT services to a range of industries. We’ve worked with Architectural firms, Mom and Pops, Aerospace, and our largest focus is Wall St. We are often hired to create thoughtful solutions for problems they face: whether that be Web Master, Website/Intranet Builds, VPN installs, Secure/Hardened System Builds etc., there is little we can’t handle. Another part of our business entails penetration and vulnerability testing for our clients. I’ve been coding (and hacking) for 15+ yrs, personally and my employees are very knowledgeable. I’ve had some small conversations with Gloves and we went ahead and offered an external vulnerability test to VGS as a “Thank You!” For all of the hard work put in here, entirely free. My team was on board and offered to do the work themselves at no cost, and for them I give a huge thanks. We gave Gloves the scope of our test and what we’d be looking for and he gave my team his blessing/go-ahead. We were primarily testing for information leaks (user,admin,root access, etc.) as well as server error handling. I’m excited to report that VGS has passed this test with FLYING COLORS! At any point that we were able to bypass site specific error handling, the server itself stopped us in our tracks and wouldn’t budge. The team here has a lot to be proud of. They’ve done a fantastic job at building a safe and secure community that we can all put trust in. I recall, in earnest, reading several posts about NA users being upset that NA never even had an SSL cert. I can say at this time, that VGS has very strongly protected User Data from prying eyes. All users should take a bit of comfort in this. TL;DR: User Data (PWs, User info, Admin Creds, etc.) are all very well secured. A bit of note that I give to all of my clients on regular basis: (Everyone should read this part). 1) A Vulnerability Test is an examination from the outside to check for common security holes that can be patched with relative ease. Think about this in the sense of a military Recon mission to scope the landscape. A Penetration Test is not just a scan of vulnerabilities, but a full blown engagement, with the intent to break into a system and compromise the target even if it means creating new exploits. This would be akin to a full blown military campaign, going far beyond Recon. The test we performed was a Vulnerability Test, not a full blown Penetration Test. 2) Just because we perfomed a VulnTest and found nothing, doesn’t mean you cannot fall victim to an attack YOURSELF. Be vigilant. Don’t open emails that you don’t recognize, Dont reuse or give out passwords, Be aware of site clones, etc. I think if we all heed these words and practice General Sec Consideration, we will all be safe here. Anybody in InfoSec will tell you: 100% Security is a pipe dream... it simply does not exist. The goal of any sec worker is to make the system so difficult to break into that the engagement is no longer worth the attackers time... and causes them to move on to lower hanging fruit. That being said, this is a big 1-Up for the community here compared to many others. Thanks for reading. All the Best -Lambda Tech Inc. Edited February 11, 2020 by Lambda 12 1 Link to comment Share on other sites More sharing options...
Hammerfestus | 3,824 Posted February 11, 2020 Share Posted February 11, 2020 2 Link to comment Share on other sites More sharing options...
guillavoie | 1,208 Events Team · Posted February 11, 2020 Share Posted February 11, 2020 That's awesome news to hear the site is secure! Also, I'm giving you and your team a big thanks for performing this vulnerability for free, that's incredibly nice of you and I'm sure all members appreciate it. You rock! 1 1 Link to comment Share on other sites More sharing options...
RH | 4,897 Posted February 11, 2020 Share Posted February 11, 2020 Thanks @Lambda and big thanks @Gloves 1 Link to comment Share on other sites More sharing options...
Jeevan | 8,909 Events Helper · Posted February 11, 2020 Share Posted February 11, 2020 thanks for the free test @Lambda and thank u staff! 1 Link to comment Share on other sites More sharing options...
captmorgandrinker | 1,649 Administrator · Posted February 11, 2020 Share Posted February 11, 2020 Mmmmmmmmm.....penetration testing.... 3 Link to comment Share on other sites More sharing options...
TylerBarnes | 184 Posted February 11, 2020 Share Posted February 11, 2020 That is a very cool thing to even offer the community. Thank you for this! 1 Link to comment Share on other sites More sharing options...
Splain | 2,560 Editorials Team · Posted February 11, 2020 Share Posted February 11, 2020 Awesome, thanks for that service and thanks @Gloves for the site. Security became a major concern toward the end of NA. 1 Link to comment Share on other sites More sharing options...
Pendragonx | 117 Posted February 11, 2020 Share Posted February 11, 2020 Wow! that's great to hear.. Thanks for all your work! 1 Link to comment Share on other sites More sharing options...
jonebone | 1,307 Posted February 12, 2020 Share Posted February 12, 2020 Time for a security party! 1 Link to comment Share on other sites More sharing options...
TheBiRD | 137 Posted February 12, 2020 Share Posted February 12, 2020 1 Link to comment Share on other sites More sharing options...
Hammerfestus | 3,824 Posted February 12, 2020 Share Posted February 12, 2020 4 hours ago, captmorgandrinker said: Mmmmmmmmm.....penetration testing.... #metwo 1 Link to comment Share on other sites More sharing options...
SuperJimtendo | 1,116 Posted February 12, 2020 Share Posted February 12, 2020 1 1 Link to comment Share on other sites More sharing options...
ninjistar | 517 Posted February 13, 2020 Share Posted February 13, 2020 On 2/11/2020 at 12:13 PM, captmorgandrinker said: Mmmmmmmmm.....penetration testing.... It's a dirty job, but somebody has to do it (giggity) 1 Link to comment Share on other sites More sharing options...
ninjistar | 517 Posted February 13, 2020 Share Posted February 13, 2020 What people think you do when you tell them you're a pen tester: 1 Link to comment Share on other sites More sharing options...
Lambda | 130 Posted February 13, 2020 Author Share Posted February 13, 2020 33 minutes ago, ninjistar said: What people think you do when you tell them you're a pen tester: @ninjistar This... this is what I do... I test BICs for accurate ball point placement on a 24/7 basis. It’s a thankless job, but someone has to do it... Link to comment Share on other sites More sharing options...
Lambda | 130 Posted February 13, 2020 Author Share Posted February 13, 2020 In all seriousness. Thanks for all who responded. I hope this brings the community a small bit of comfort as we all move forward Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now