Site "Not Secure" - Page 3
Page 3 of 3 FirstFirst 123
Results 41 to 47 of 47
  1. #41
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    Quote Originally Posted by rwurster View Post
    Was this 3rd party "partner" held accountable for their actions? Because every article on the 45 million users who lost data the first time, and the 2.7 million users who lost data the second time, never once mentioned that anyone was caught or prosecuted for these hacks. Every article did say the data was "up for sale" both times.

    "In its official statement to Krebs, Vertical Scope noted that the intruders obtained access to all individual websites files but did not provide exclusive details about who conducted the attack and when did the data breach occur."

    So stealing data is ok from your partners or kyle is full of "it" or what's the deal? And then there's the malicious advertisements. Almost every time I've encountered malicious advertisements, I've been on a sketchy site to begin with. Which begs the question, do you guys care about your users? Because Kyle knows one of the data breaches was from a 3rd party partner who tried to sell said data and suffered no consequences for their actions.
    Seems more like the VerticalScope team is just blowing smoke and doesn't have anything under control, specifically their users interests in keeping their personal data safe. And that's my concern, my personal data.

    Then there's the malicious ads...
    Please do not twist my statement. I never said anything about it was ok, nor did I even reference the second attack, which was a targeted webshell. The breach was referenced and I stated, accurately, that ssl would have done nothing to help in either instance. And if you go further into the history of each instance you'd notice that we do in fact take action to keep user data safe, it's even referenced in this thread that all user data is encrypted on our servers. SSL prevents man in the middle style attacks which have not occurred. It's also been stated that we are adding SSL compliance to our network site by site because SSL is not a plug and play function on a platform like Vbulletin. If this site were xenforo maybe, or IPB 4, but that's not the case so we have to treat each vbulletin site as a unique instance to add it so as not to break functions on each site that would react to the change of the root url.

    Lastly, the malicious ads, IE the amazon gift card ads, are not a localized problem. https://discussions.apple.com/thread/8220208

    Kyle

  2. Remove Advertisements
    BeeSource.com
    Advertisements
     

  3. #42
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by Admin View Post
    SSL prevents man in the middle style attacks which have not occurred.
    Kyle, please do tell me how you would even know if a MITM attack has occurred or not? Without implementing https, there is no mechanism to even detect it (let alone prevent it). Previous client of mine did deep packet analysis, and I know I visited beesource from their facility. I know for a fact mitm has occurred between beesource and myself.

    Please stop replying with ill informed comments regarding security. Denial of reality isn't how you handle security issues, it is how you end up quoted in Kreb articles. Just keep working on implementing SSL, and stop trying to downplay the fact that lack of SSL is indeed a real security issue here.
    Instrumental Insemination & Northern VSH Queens

  4. #43
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    Quote Originally Posted by jcase View Post
    Kyle, please do tell me how you would even know if a MITM attack has occurred or not? Without implementing https, there is no mechanism to even detect it (let alone prevent it). Previous client of mine did deep packet analysis, and I know I visited beesource from their facility. I know for a fact mitm has occurred between beesource and myself.

    Please stop replying with ill informed comments regarding security. Denial of reality isn't how you handle security issues, it is how you end up quoted in Kreb articles. Just keep working on implementing SSL, and stop trying to downplay the fact that lack of SSL is indeed a real security issue here.
    Could you please provide details of the MITM attack, as this will need to be investigated by our security department.
    -Philip

  5. #44
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by Admin View Post
    Could you please provide details of the MITM attack, as this will need to be investigated by our security department.
    -Philip

    Philip, many major corporations do active packet analysis on their networks. Many public wifi networks do this, even some consumer ISPs do this. These are all MITM attacks. Since you dont have https running, you security team couldn't do any incident response, they have nothing to act on.
    Instrumental Insemination & Northern VSH Queens

  6. #45
    Join Date
    Oct 2010
    Location
    Pueblo, Colorado, USA
    Posts
    1,527

    Default Re: Site "Not Secure"

    Kyle, you said it was a 3rd party smash and grab. Misdirection and not addressing the issue and saying I twisted your words is a sure sign of deception. As stated, it must be ok for your 3rd party partners to do these things as they obviously suffered no reprecussions from selling our data.

    I agree, HTTPS would not have stopped your smash and grab. It would help keep all of our logins safer though, which is what we've been saying. I mean its not like its the title of the thread or anything.

    Thanks
    Zone 5 @ 4700 ft. High Desert

  7. #46
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    No, they did not sell anything, they were the ones who were hit. As the formal investigation it outside my purview I'm permitted to disclose further information to that effect. This is not misdirection.

    But thank you for agreeing with me

    Kyle

  8. #47
    Join Date
    Jan 2015
    Location
    Penobscot County, ME, USA
    Posts
    1,206

    Default Re: Site "Not Secure"

    Quote Originally Posted by Admin View Post
    That was a DB smash and grab from a third party partner we have. SSL would not have prevented that.

    Kyle
    Correct, which is exactly the point I was making to the other poster- SSL offers protection only in one limited area, and the idea that it would make all login info 'safe' is false.
    If you want to be successful, study successful people and do what they do.
    Zone 4a/b

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •