Ok- no posts so far so I'm changing this.. A free security "audit" will be given to a "randomly chosen" poster in this thread tomorrow morning at 9AM EST.
Post your URL, you could win.
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews
Good point. The short short version is that we run numerous tools, some commercial, some open source, and some home-built to test about 2,000 different vulnerabilities that could exist in your systems. Then we perform some manual testing on top of that for things that software just is not good at (e.g. exploting cookies and hidden form fields, etc.).
If everything passes, you get the "PASSED" logo for your website.
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews
Originally posted by iBOUNCER Good point. The short short version is that we run numerous tools, some commercial, some open source, and some home-built to test about 2,000 different vulnerabilities that could exist in your systems. Then we perform some manual testing on top of that for things that software just is not good at (e.g. exploting cookies and hidden form fields, etc.).
If everything passes, you get the "PASSED" logo for your website.
lol. you sound like a politician. I dont mean to knock your 'free service' but from your website and your posts here I'm not impresed at all. Anybody who knows anything about adult web site security could regurgitate this info and you give out false info in your article on YNOT (You get hacked and thousands of credit card numbers are stolen.). Prove yourself.
Originally posted by sean416 lol. you sound like a politician. I dont mean to knock your 'free service' but from your website and your posts here I'm not impresed at all. Anybody who knows anything about adult web site security could regurgitate this info and you give out false info in your article on YNOT (You get hacked and thousands of credit card numbers are stolen.). Prove yourself.
Actually, do you heckle Magicians to show how their tricks are done?
Penetration testing / system auditing usually uses quite a few publically available tools, a few homegrown scripts and manual auditing for configuration problems, and a manual check of results to weed out false / positives. You heckle this guy? I recently had a customer pay $700.00 to get audited by Nessus, the string Nessus use to identify itself were all changed to the company name in question - least this guy is honest.
But close to 350,000 credit card numbers were stolen that same month from music site CD Universe and posted online. A hacker going by the name "Maxus" claimed he had the numbers and tried to extort $100,000 from the Web site. The FBI shut down the site where the credit card numbers had been posted.
Originally posted by xenophobic Actually, do you heckle Magicians to show how their tricks are done?
Penetration testing / system auditing usually uses quite a few publically available tools, a few homegrown scripts and manual auditing for configuration problems, and a manual check of results to weed out false / positives. You heckle this guy? I recently had a customer pay $700.00 to get audited by Nessus, the string Nessus use to identify itself were all changed to the company name in question - least this guy is honest.
But close to 350,000 credit card numbers were stolen that same month from music site CD Universe and posted online. A hacker going by the name "Maxus" claimed he had the numbers and tried to extort $100,000 from the Web site. The FBI shut down the site where the credit card numbers had been posted.
Well if you consider web site security a magic act, then heh.. I wont even argue my point.
But if I was going to hire someone to 'secure' my website. He better know more then what he read in an article.
He says he does adult site security. ALL adult websites have third party processors. IBILL, CCBILL, etc. Therefor the owner of the website never sees any CC numbers, and they are never stored on the server. So yeah, I think it's impossible for a hacker to hack a porn site and end up with 1000's of CC numbers unless this hero is offering security checks for CCBILL & EPOCH, etc.
Originally posted by sean416 Well if you consider web site security a magic act, then heh.. I wont even argue my point.
But if I was going to hire someone to 'secure' my website. He better know more then what he read in an article.
He says he does adult site security. ALL adult websites have third party processors. IBILL, CCBILL, etc. Therefor the owner of the website never sees any CC numbers, and they are never stored on the server. So yeah, I think it's impossible for a hacker to hack a porn site and end up with 1000's of CC numbers unless this hero is offering security checks for CCBILL & EPOCH, etc.
You do not need to argue your point, because I already know what goes on under a standard security audit, or a penetration test, I do not have to ask.
The point was no auditor is going to explain to you all of the tools, or all of their methods because not all of the information is public, or is not for their disclosure.
The facet of the Adult business you're familiar with is the only one that's effected? There is no Adult Ecommerce shopping carts selling items for example? do all of these shopping carts go through EPOCH/CCBILL? what about if the site has already been compromised and the attacker redirects new signups to a fake page?
What do you base the fact that he doesn't know what he's doing? It is evident to me that iBouncer.com is a new business, that doesn't mean he's an amateur.
Originally posted by xenophobic What do you base the fact that he doesn't know what he's doing?
Lack of information.
I'm not going to go back and forth with you about how you think im out of line for questioning how much someone really knows about the service they're offering. It wasn't the point of this thread, it wasn't the point of my initial reply and it isn't why I come to this board. I had every right to ask him to explain his expertise and he still hasn't stepped up to the plate. Now get off my dick.
I'm not going to go back and forth with you about how you think im out of line for questioning how much someone really knows about the service they're offering. It wasn't the point of this thread, it wasn't the point of my initial reply and it isn't why I come to this board. I had every right to ask him to explain his expertise and he still hasn't stepped up to the plate. Now get off my dick.
Yes, the point of the thread was to offer a FREE security audit, so why the fuck would you care if you're not paying nor evidently terribly interested in the service offered.
Do you do that a lot, post in random topics and question the expertise of the people posting, a hobby perhaps?
Originally posted by xenophobic so why the fuck would you care if you're not paying nor evidently terribly interested in the service offered.
Look, I have every right to question someones expertise. The reason I felt the need to question his expertise was because this is a post in the NEWBIE section, it seemed to me perhaps he was planning on taking advantage of people who dont know any better then to ask questions. I didnt accuse him of that because it could very well be that he does know what hes doing. So instead I asked him to prove himself. He has not responded since and I have seen him make posts in other threads in this section offering his services.
I've been watching this thread, but I generally don't respond to flames or haters.
Security and risk management is all I've done for 10 years. iBOUNCER is a new company that we started focused entirely on the adult industry. Anyone who wants to know more can hit me up on ICQ or meet me in Vegas for a drink, or both.
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews
Originally posted by iBOUNCER I've been watching this thread, but I generally don't respond to flames or haters.
Security and risk management is all I've done for 10 years. iBOUNCER is a new company that we started focused entirely on the adult industry. Anyone who wants to know more can hit me up on ICQ or meet me in Vegas for a drink, or both.
what do you use for testing weak security in billing systems?
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.
why do people have to contact you privately to get any kind of explanation as to what 'experience' means? We're not looking for all your tricks and trades, just tell us what you've done for the past 10 years. If its confidential who you worked for.. then tell us briefly what you did and what your responsibilities were. Do you have any formal education or are you self taught?
So...in principle, you´re doing what a regular hacker/exploiter would be doing (without doing any damage of course), and using just about the same set of tools that are more or less publicly available ?.
We will need one soon over at AdFrontier.com ...we are an auction site for ad space....or sig space if you want ....its on a different server right now, but when we move it to the domain and have it all in place i'd be interested....
Comment