Jump to content
Lambda

User Data - Secured! VGS Passes Vuln Test

Recommended Posts

Hey all,

First: I want to say thanks to @Gloves and all other staff members for rebuilding this community. They’ve done a stellar job! **applause**
Second: I wanted to share something with the community that I think many will find important at a personal level.

For those who don’t remember me from NA, (I was only there for a couple of years before GC stepped in) I am generally new here.

I run a company called Lambda Technology Inc. Our goal is to provide specialty IT services to a range of industries. We’ve worked with Architectural firms, Mom and Pops, Aerospace, and our largest focus is Wall St. We are often hired to create thoughtful solutions for problems they face: whether that be Web Master, Website/Intranet Builds, VPN installs, Secure/Hardened System Builds etc., there is little we can’t handle.

Another part of our business entails penetration and vulnerability testing for our clients. I’ve been coding (and hacking) for 15+ yrs, personally and my employees are very knowledgeable. 
 

I’ve had some small conversations with Gloves and we went ahead and offered an external vulnerability test to VGS as a “Thank You!” For all of the hard work put in here, entirely free. My team was on board and offered to do the work themselves at no cost, and for them I give a huge thanks. 
We gave Gloves the scope of our test and what we’d be looking for and he gave my team his blessing/go-ahead.

We were primarily testing for information leaks (user,admin,root access, etc.) as well as server error handling. 
 

I’m excited to report that VGS has passed this test with FLYING COLORS!

At any point that we were able to bypass site specific error handling, the server itself stopped us in our tracks and wouldn’t budge.

The team here has a lot to be proud of. They’ve done a fantastic job at building a safe and secure community that we can all put trust in. I recall, in earnest, reading several posts about NA users being upset that NA never even had an SSL cert. I can say at this time, that VGS has very strongly protected User Data from prying eyes. All users should take a bit of comfort in this.

TL;DR: User Data (PWs, User info, Admin Creds, etc.) are all very well secured.

 

A bit of note that I give to all of my clients on regular basis: (Everyone should read this part).

1) A Vulnerability Test is an examination from the outside to check for common security holes that can be patched with relative ease. Think about this in the sense of a military Recon mission to scope the landscape.

A Penetration Test is not just a scan of vulnerabilities, but a full blown engagement, with the intent to break into a system and compromise the target even if it means creating new exploits. This would be akin to a full blown military campaign, going far beyond Recon. 
The test we performed was a Vulnerability Test, not a full blown Penetration Test.

2) Just because we perfomed a VulnTest and found nothing, doesn’t mean you cannot fall victim to an attack YOURSELF. Be vigilant. Don’t open emails that you don’t recognize, Dont reuse or give out passwords, Be aware of site clones, etc. I think if we all heed these words and practice General Sec Consideration, we will all be safe here. Anybody in InfoSec will tell you: 100% Security is a pipe dream... it simply does not exist. The goal of any sec worker is to make the system so difficult to break into that the engagement is no longer worth the attackers time... and causes them to move on to lower hanging fruit.

That being said, this is a big 1-Up for the community here compared to many others.

Thanks for reading.

All the Best

-Lambda Tech Inc.

Edited by Lambda
  • Like 12
  • Thanks 1

Share this post


Link to post
Share on other sites

That's awesome news to hear the site is secure!

Also, I'm giving you and your team a big thanks for performing this vulnerability for free, that's incredibly nice of you and I'm sure all members appreciate it. You rock!

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
On 2/11/2020 at 12:13 PM, captmorgandrinker said:

Mmmmmmmmm.....penetration testing....

It's a dirty job, but somebody has to do it (giggity)

  • Haha 1

Share this post


Link to post
Share on other sites
33 minutes ago, ninjistar said:

What people think you do when you tell them you're a pen tester:

bicpentester.jpg

@ninjistar

This... this is what I do... I test BICs for accurate ball point placement on a 24/7 basis. It’s a thankless job, but someone has to do it...

😂

Share this post


Link to post
Share on other sites

In all seriousness. Thanks for all who responded. I hope this brings the community a small bit of comfort as we all move forward 👍

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...