chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 Okay. Quote Link to comment Share on other sites More sharing options...
msgreenf Posted May 25, 2021 Share Posted May 25, 2021 1 minute ago, ekohn00 said: Your'e a frigging underpowered over priced Pen Test Please don't call it a Pen Test - that insults the people that do testing for a living! It's a vuln scan - VERY different then a pen test Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 Removed....out of sympathy.... Quote Link to comment Share on other sites More sharing options...
chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 I called control4 snake oil because I am using your logic of saying proprietary = snake oil and it was referenced that control4 has their own unique way for designing their products. Your second logic of review of the product really , how do you know I am a dude ? But at this point I will go away. Discussion over. Quote Link to comment Share on other sites More sharing options...
chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 I think putting someone’s information in a forum on the internet is called doxxing @ekohn00 that is illegal. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 1 minute ago, chiuu said: I think putting someone’s information in a forum on the internet is called doxxing @ekohn00 that is illegal. I posted the link to his public facing linkedin profile..... dumbass! Quote Link to comment Share on other sites More sharing options...
chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 Okay let’s see how that goes ? Quote Link to comment Share on other sites More sharing options...
msgreenf Posted May 25, 2021 Share Posted May 25, 2021 But I thought that wasnt you? Doxing is not posting a linked in profile... Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 7 minutes ago, msgreenf said: Please don't call it a Pen Test - that insults the people that do testing for a living! It's a vuln scan - VERY different then a pen test true that.... pen was easier to spell.... i doubt they do any manual hack, so you're right it's just a vulnerability scan. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 There's an obvious lack of intelligence in this world. So since you don't own a dictionary or have google.... dox /däks/ verb INFORMAL gerund or present participle: doxing search for and publish private or identifying information about (a particular individual) on the internet, typically with malicious intent. "hackers and online vigilantes routinely dox both public and private figures" Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 Just now, ekohn00 said: There's an obvious lack of intelligence in this world. So since you don't own a dictionary or have google.... dox /däks/ verb INFORMAL gerund or present participle: doxing search for and publish private or identifying information about (a particular individual) on the internet, typically with malicious intent. "hackers and online vigilantes routinely dox both public and private figures" PS..... if there's any doubt, feel free to reach out this board's admin to have the informational post removed. Quote Link to comment Share on other sites More sharing options...
chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 @ekohn00wasn’t your intention of posting someone’s public profile with malicious intent when you said they could reach out about the bad sales approach. So in that moment you showed your intent not sure . I guess courts that can decide stuff like that. I do not even know. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 6 minutes ago, chiuu said: @ekohn00wasn’t your intention of posting someone’s public profile with malicious intent when you said they could reach out about the bad sales approach. So in that moment you showed your intent not sure . I guess courts that can decide stuff like that. I do not even know. Dear Dummy, I posted a link to a PUBLIC LinkedIN profile. There's no private information that I have or posted. And that profile is clearly marked FOUNDER of the company..... Obviously the information has been made public for the reasons of contact and discussion. NOTHING PRIVATE is known or shared, so good luck with your threats.... Quote Link to comment Share on other sites More sharing options...
chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 @ekohn00but the definition of Doxing states “Publish Private or identifying information with malicious intent” I think someone’s public information is one thing but your intent was malicious when you said go there and tell them about their sales tactic. I am using that dictionary definition you put out there. Quote Link to comment Share on other sites More sharing options...
chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 I was just saying that is all. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 5 minutes ago, chiuu said: @ekohn00but the definition of Doxing states “Publish Private or identifying information with malicious intent” I think someone’s public information is one thing but your intent was malicious when you said go there and tell them about their sales tactic. I am using that dictionary definition you put out there. Nothing Malicious about asking folks to share bad sales tactics to a public email Oh and since the email is locked on linkedin...it's not even possible..... Quote Link to comment Share on other sites More sharing options...
chiuu Posted May 25, 2021 Author Share Posted May 25, 2021 @ekohn00I see your point , but how can you prove whether it was malicious or not ? I am actually learning doxing right now. I am going of the dictionary definition. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 25, 2021 Share Posted May 25, 2021 5 minutes ago, chiuu said: @ekohn00I see your point , but how can you prove whether it was malicious or not ? I am actually learning doxing right now. I am going of the dictionary definition. sharing an opinion is not malicious. there's no harm letting you know your sales tactic of spamming a private bulletin board is a horrible way to go about things. Quote Link to comment Share on other sites More sharing options...
Andrew luecke Posted May 26, 2021 Share Posted May 26, 2021 In my unprofessional opinion, it feels like some of this advice isn't the best way to deal with security, and misses some common security issues (keep in mind, security isn't my day-job, and never was).. 1. Backing up to external HDD. That's not considered a backup unless its using a Copy on write filesystem. Ransomware will totally destroy it next time its plugged in. You actually should save to a device or appliance designed for backups, and support versioning, which many cloud storage systems do.. On Synology for instance, DS Drive can save copies of files so if ransomware corrupts them all once, you can simply revert to an older version. 2. There is no mention of IPS, or ransomware protection at all (network appliances such as Watchguard literally send all downloads to a VM online, and monitor them for long periods to identify if they are running malicious code which runs on a timer. If it's discovered to be malware, all infected computers can be identified instantly). It's all great to run tests, but that only shows you your security at a specific point of time, and uses specific valnerabilities, whereas an IPS may be able to block packets with certain characteristics which indicate a high likelihood of malware. 3. No mention of Wifi security. We had the argument on the Control4 Professionals group a few months ago, where it was discovered some installers were installing OPEN wifi networks which were hidden. In all likelihood, those networks are now listed in wardriver search engines. 4. "watch out for phishing emails" isn't sound advice. It doesn't mention strategies to identify them, and doesn't offer any strategies to avoid them. The number of clients we see running outlook and a cheap Cpanel based mail system is fairly alarming.. 5. No mention of password reuse. These days, that's how most people get hacked. Cycling the passwords won't help a huge amount if the client is using the same password on their email account as their bank account. msgreenf 1 Quote Link to comment Share on other sites More sharing options...
msgreenf Posted May 26, 2021 Share Posted May 26, 2021 But @Andrew lueckeyou also make the assumption the goal was to help people. When clearly it's to promote an incompetent product and scare people into needing it. Quote Link to comment Share on other sites More sharing options...
ekohn00 Posted May 26, 2021 Share Posted May 26, 2021 4 hours ago, Andrew luecke said: 2. There is no mention of IPS, or ransomware protection at all (network appliances such as Watchguard literally send all downloads to a VM online, and monitor them for long periods to identify if they are running malicious code which runs on a timer. If it's discovered to be malware, all infected computers can be identified instantly). It's all great to run tests, but that only shows you your security at a specific point of time, and uses specific valnerabilities, whereas an IPS may be able to block packets with certain characteristics which indicate a high likelihood of malware. 3. No mention of Wifi security. We had the argument on the Control4 Professionals group a few months ago, where it was discovered some installers were installing OPEN wifi networks which were hidden. In all likelihood, those networks are now listed in wardriver search engines. 4. "watch out for phishing emails" isn't sound advice. It doesn't mention strategies to identify them, and doesn't offer any strategies to avoid them. The number of clients we see running outlook and a cheap Cpanel based mail system is fairly alarming.. 5. No mention of password reuse. These days, that's how most people get hacked. Cycling the passwords won't help a huge amount if the client is using the same password on their email account as their bank account. Good points but some realistic add ons (my 2 cents): 2. Typically, Scanners are not capable of IDS/IPS. IDS/IPS requires an inline sensor. What you're describing by Watchguard sounds like a sandbox. The IDS/IPS can only act on known signatures. The Sandbox has the ability to execute items and see if they act in an unauthorized way and can then take action on them. Best to use both if available, especially if you're worried about ransomeware. 3. Web based Scanners have limited, if any wifi capabilities. They're not capable of wireless access obviously. Any installer who installs OPEN and hidden should be blacklisted! that's basically a backdoor for anyone. 5. I wouldn't want to give access to files to determine password reuse to random crappy scanner anyway. Quote Link to comment Share on other sites More sharing options...
videostorm Posted May 26, 2021 Share Posted May 26, 2021 Another point to add: The cornerstone of any security (especially network security) is TRUST. Who do I trust to access my network? What code / programs do I trust to run? Which websites do I trust with my info. etc.... Public free security scanners from any unknown party..... That would be like negative infinity on the trust scale. IMO most security training should start with discussions about who/what to trust and why. Quote Link to comment Share on other sites More sharing options...
Niloy bormon Posted October 13, 2023 Share Posted October 13, 2023 Free fire Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.