Free security "audit" for your website

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • iBOUNCER
    Confirmed User
    • Nov 2004
    • 214

    #1

    Free security "audit" for your website

    http://www.iBOUNCER.com is giving away a free security "audit" of your website to the 25th and 50th poster in this thread. Post your URL now.

    Have fun!
    Last edited by iBOUNCER; 11-18-2004, 05:36 AM.
    Secure PHP Programming - Secure E-Commerce Design
    Site & Server Security Reviews - Code Reviews

    The new and improved iBOUNCER. Give us a try.

    ICQ: 201971159 or http://www.iBOUNCER.com
  • iBOUNCER
    Confirmed User
    • Nov 2004
    • 214

    #2
    Ok- no posts so far so I'm changing this.. A free security "audit" will be given to a "randomly chosen" poster in this thread tomorrow morning at 9AM EST.

    Post your URL, you could win.
    Secure PHP Programming - Secure E-Commerce Design
    Site & Server Security Reviews - Code Reviews

    The new and improved iBOUNCER. Give us a try.

    ICQ: 201971159 or http://www.iBOUNCER.com

    Comment

    • Love Sex
      Confirmed User
      • Nov 2004
      • 1905

      #3
      Good article but I think your site should say more of what your do during the testing.

      LoveSexFuck.com

      Comment

      • iBOUNCER
        Confirmed User
        • Nov 2004
        • 214

        #4
        Good point. The short short version is that we run numerous tools, some commercial, some open source, and some home-built to test about 2,000 different vulnerabilities that could exist in your systems. Then we perform some manual testing on top of that for things that software just is not good at (e.g. exploting cookies and hidden form fields, etc.).

        If everything passes, you get the "PASSED" logo for your website.
        Secure PHP Programming - Secure E-Commerce Design
        Site & Server Security Reviews - Code Reviews

        The new and improved iBOUNCER. Give us a try.

        ICQ: 201971159 or http://www.iBOUNCER.com

        Comment

        • pornguy
          Too lazy to set a custom title
          • Mar 2003
          • 62912

          #5
          ok, here is my post, hoping to be the randomly selected poster
          PornGuy skype me pornguy_epic

          AmateurDough The Hottes Shemales online!
          TChicks.com | Angeles Cid | Mariana Cordoba | MAILERS WELCOME!

          Comment

          • iBOUNCER
            Confirmed User
            • Nov 2004
            • 214

            #6
            Being that there are only two of you that posted so far, any objections to letting this go until Sunday night?
            Secure PHP Programming - Secure E-Commerce Design
            Site & Server Security Reviews - Code Reviews

            The new and improved iBOUNCER. Give us a try.

            ICQ: 201971159 or http://www.iBOUNCER.com

            Comment

            • SinSational
              Confirmed User
              • Oct 2004
              • 1723

              #7
              i'm in.

              ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
              Virtual from $14.95/month, Dedicated from $149.95/month
              Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

              Comment

              • Cavello
                Confirmed User
                • Nov 2004
                • 213

                #8
                in , but don't have the full site up yet.

                URL see sig.
                donated for science and a pack of smokes.

                ICQ [258664191]

                Comment

                • dodger21
                  Confirmed User
                  • Jan 2003
                  • 2680

                  #9
                  Im in
                  icq: 237055440

                  Comment

                  • wes
                    Confirmed User
                    • Apr 2002
                    • 3150

                    #10
                    sounds good.

                    Hot Mom Blog : Tempting Teens : Spicy Tacos : Smutx Free Porn

                    Comment

                    • sean416
                      Confirmed User
                      • Feb 2004
                      • 3633

                      #11
                      Originally posted by iBOUNCER
                      Good point. The short short version is that we run numerous tools, some commercial, some open source, and some home-built to test about 2,000 different vulnerabilities that could exist in your systems. Then we perform some manual testing on top of that for things that software just is not good at (e.g. exploting cookies and hidden form fields, etc.).

                      If everything passes, you get the "PASSED" logo for your website.
                      lol. you sound like a politician. I dont mean to knock your 'free service' but from your website and your posts here I'm not impresed at all. Anybody who knows anything about adult web site security could regurgitate this info and you give out false info in your article on YNOT (You get hacked and thousands of credit card numbers are stolen.). Prove yourself.

                      ServerProvider.com

                      Comment

                      • xenophobic
                        Confirmed User
                        • Mar 2004
                        • 874

                        #12
                        Originally posted by sean416
                        lol. you sound like a politician. I dont mean to knock your 'free service' but from your website and your posts here I'm not impresed at all. Anybody who knows anything about adult web site security could regurgitate this info and you give out false info in your article on YNOT (You get hacked and thousands of credit card numbers are stolen.). Prove yourself.
                        Actually, do you heckle Magicians to show how their tricks are done?
                        Penetration testing / system auditing usually uses quite a few publically available tools, a few homegrown scripts and manual auditing for configuration problems, and a manual check of results to weed out false / positives. You heckle this guy? I recently had a customer pay $700.00 to get audited by Nessus, the string Nessus use to identify itself were all changed to the company name in question - least this guy is honest.

                        And you think 'thousands of credit cards stolen' in unrealistic?
                        http://www.msnbc.msn.com/id/6030057/

                        But close to 350,000 credit card numbers were stolen that same month from music site CD Universe and posted online. A hacker going by the name "Maxus" claimed he had the numbers and tried to extort $100,000 from the Web site. The FBI shut down the site where the credit card numbers had been posted.

                        http://news.com.com/2100-1017-237553.html?legacy=cnet

                        Comment

                        • MBS Auto
                          Confirmed User
                          • Oct 2004
                          • 1725

                          #13
                          am I 25 or 50????
                          Shoes and Boot

                          Comment

                          • sean416
                            Confirmed User
                            • Feb 2004
                            • 3633

                            #14
                            Originally posted by xenophobic
                            Actually, do you heckle Magicians to show how their tricks are done?
                            Penetration testing / system auditing usually uses quite a few publically available tools, a few homegrown scripts and manual auditing for configuration problems, and a manual check of results to weed out false / positives. You heckle this guy? I recently had a customer pay $700.00 to get audited by Nessus, the string Nessus use to identify itself were all changed to the company name in question - least this guy is honest.

                            And you think 'thousands of credit cards stolen' in unrealistic?
                            http://www.msnbc.msn.com/id/6030057/

                            But close to 350,000 credit card numbers were stolen that same month from music site CD Universe and posted online. A hacker going by the name "Maxus" claimed he had the numbers and tried to extort $100,000 from the Web site. The FBI shut down the site where the credit card numbers had been posted.

                            http://news.com.com/2100-1017-237553.html?legacy=cnet
                            Well if you consider web site security a magic act, then heh.. I wont even argue my point.

                            But if I was going to hire someone to 'secure' my website. He better know more then what he read in an article.

                            He says he does adult site security. ALL adult websites have third party processors. IBILL, CCBILL, etc. Therefor the owner of the website never sees any CC numbers, and they are never stored on the server. So yeah, I think it's impossible for a hacker to hack a porn site and end up with 1000's of CC numbers unless this hero is offering security checks for CCBILL & EPOCH, etc.

                            ServerProvider.com

                            Comment

                            • xenophobic
                              Confirmed User
                              • Mar 2004
                              • 874

                              #15
                              Originally posted by sean416
                              Well if you consider web site security a magic act, then heh.. I wont even argue my point.

                              But if I was going to hire someone to 'secure' my website. He better know more then what he read in an article.

                              He says he does adult site security. ALL adult websites have third party processors. IBILL, CCBILL, etc. Therefor the owner of the website never sees any CC numbers, and they are never stored on the server. So yeah, I think it's impossible for a hacker to hack a porn site and end up with 1000's of CC numbers unless this hero is offering security checks for CCBILL & EPOCH, etc.
                              You do not need to argue your point, because I already know what goes on under a standard security audit, or a penetration test, I do not have to ask.
                              The point was no auditor is going to explain to you all of the tools, or all of their methods because not all of the information is public, or is not for their disclosure.

                              The facet of the Adult business you're familiar with is the only one that's effected? There is no Adult Ecommerce shopping carts selling items for example? do all of these shopping carts go through EPOCH/CCBILL? what about if the site has already been compromised and the attacker redirects new signups to a fake page?

                              What do you base the fact that he doesn't know what he's doing? It is evident to me that iBouncer.com is a new business, that doesn't mean he's an amateur.

                              Comment

                              • sean416
                                Confirmed User
                                • Feb 2004
                                • 3633

                                #16
                                Originally posted by xenophobic
                                What do you base the fact that he doesn't know what he's doing?
                                Lack of information.

                                I'm not going to go back and forth with you about how you think im out of line for questioning how much someone really knows about the service they're offering. It wasn't the point of this thread, it wasn't the point of my initial reply and it isn't why I come to this board. I had every right to ask him to explain his expertise and he still hasn't stepped up to the plate. Now get off my dick.

                                ServerProvider.com

                                Comment

                                • xenophobic
                                  Confirmed User
                                  • Mar 2004
                                  • 874

                                  #17
                                  Originally posted by sean416
                                  Lack of information.

                                  I'm not going to go back and forth with you about how you think im out of line for questioning how much someone really knows about the service they're offering. It wasn't the point of this thread, it wasn't the point of my initial reply and it isn't why I come to this board. I had every right to ask him to explain his expertise and he still hasn't stepped up to the plate. Now get off my dick.
                                  Yes, the point of the thread was to offer a FREE security audit, so why the fuck would you care if you're not paying nor evidently terribly interested in the service offered.

                                  Do you do that a lot, post in random topics and question the expertise of the people posting, a hobby perhaps?

                                  Comment

                                  • fris
                                    Too lazy to set a custom title
                                    • Aug 2002
                                    • 55679

                                    #18
                                    our site explains more, and we were in LA

                                    www.protectadult.com
                                    Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                                    Comment

                                    • sean416
                                      Confirmed User
                                      • Feb 2004
                                      • 3633

                                      #19
                                      Originally posted by xenophobic
                                      so why the fuck would you care if you're not paying nor evidently terribly interested in the service offered.
                                      Look, I have every right to question someones expertise. The reason I felt the need to question his expertise was because this is a post in the NEWBIE section, it seemed to me perhaps he was planning on taking advantage of people who dont know any better then to ask questions. I didnt accuse him of that because it could very well be that he does know what hes doing. So instead I asked him to prove himself. He has not responded since and I have seen him make posts in other threads in this section offering his services.


                                      Now like I said, GET OFF MY DICK.

                                      ServerProvider.com

                                      Comment

                                      • iBOUNCER
                                        Confirmed User
                                        • Nov 2004
                                        • 214

                                        #20
                                        I've been watching this thread, but I generally don't respond to flames or haters.

                                        Security and risk management is all I've done for 10 years. iBOUNCER is a new company that we started focused entirely on the adult industry. Anyone who wants to know more can hit me up on ICQ or meet me in Vegas for a drink, or both.
                                        Secure PHP Programming - Secure E-Commerce Design
                                        Site & Server Security Reviews - Code Reviews

                                        The new and improved iBOUNCER. Give us a try.

                                        ICQ: 201971159 or http://www.iBOUNCER.com

                                        Comment

                                        • fris
                                          Too lazy to set a custom title
                                          • Aug 2002
                                          • 55679

                                          #21
                                          Originally posted by iBOUNCER
                                          I've been watching this thread, but I generally don't respond to flames or haters.

                                          Security and risk management is all I've done for 10 years. iBOUNCER is a new company that we started focused entirely on the adult industry. Anyone who wants to know more can hit me up on ICQ or meet me in Vegas for a drink, or both.
                                          what do you use for testing weak security in billing systems?
                                          Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                                          Comment

                                          • iBOUNCER
                                            Confirmed User
                                            • Nov 2004
                                            • 214

                                            #22
                                            Experience.
                                            Secure PHP Programming - Secure E-Commerce Design
                                            Site & Server Security Reviews - Code Reviews

                                            The new and improved iBOUNCER. Give us a try.

                                            ICQ: 201971159 or http://www.iBOUNCER.com

                                            Comment

                                            • sean416
                                              Confirmed User
                                              • Feb 2004
                                              • 3633

                                              #23
                                              Originally posted by iBOUNCER
                                              Experience.
                                              why do people have to contact you privately to get any kind of explanation as to what 'experience' means? We're not looking for all your tricks and trades, just tell us what you've done for the past 10 years. If its confidential who you worked for.. then tell us briefly what you did and what your responsibilities were. Do you have any formal education or are you self taught?

                                              This "talk to me on icq" seems silly.

                                              ServerProvider.com

                                              Comment

                                              • Hinc
                                                Confirmed User
                                                • Oct 2004
                                                • 2577

                                                #24
                                                So...in principle, you´re doing what a regular hacker/exploiter would be doing (without doing any damage of course), and using just about the same set of tools that are more or less publicly available ?.
                                                webmaster @ adultlist. com

                                                AdultList.com - Directory Listings, Advertisements, Hardlinks

                                                Loasex.com - Directory and old school TGP - taking submits

                                                A few sales/opportunities:
                                                High Quality Guest Posts For Sale

                                                Network of Aged sites for sales. Get in touch on the email above for info.

                                                Comment

                                                • xenophobic
                                                  Confirmed User
                                                  • Mar 2004
                                                  • 874

                                                  #25
                                                  *BUMP*
                                                  Next person to post will be the 25th

                                                  Comment

                                                  • AdServicesNW
                                                    Confirmed User
                                                    • Nov 2004
                                                    • 4628

                                                    #26
                                                    We will need one soon over at AdFrontier.com ...we are an auction site for ad space....or sig space if you want ....its on a different server right now, but when we move it to the domain and have it all in place i'd be interested....

                                                    My icq is down below

                                                    Comment

                                                    Working...