It was a hard decision sometimes, (as most boards gave only an hour so other people get a turn). Do I play Tradewars? LORD? What about downloading another half of disk 2 of UFO:Enemy Unknown? Maybe I should just stuff…
Okay there's something not right here. People are reporting that it was too late, however the block post is gone, and I've yet to see an obit posted in any of the locals around here. There's more to this.
Why guess when you can just sniff the network for the sequence? Port knocking requires the network that you're using to knock is in fact as secure and trusted as the one you're knocking. So there's really no point as…
Restrict SSH access inbound to trusted networks only. Then you don't have to worry about all this hoopla.
There's a number of things I disagree with in the article, but it does have a few good points. Here's what I disagree with and why: - Portknocking. I've found from experience that it's far better to allow SSH access…
If you can't secure your email, why would you be surprised when your servers dissapop? I understand that there should have been more layers beyond this and all, but really, what is the point if you're vulnerable across…
Okay Wordfence CEO. How the hell does your product prevent SQL injection attacks on a payment processor outside of the Wordpress ecosystem??? ( http://www.theregister.co.uk/2016/04/11/hackers_pwn_mossack_... ) You guys…
While this helps *.wordpress.com users or custom domains using the wordpress.com back end, it's going to cause a ruckus with self hosted ones. Neither WordPress or LetsEncrypt has any way to modify global server setting…
Forgot to mention, the RevSlider exploit used on your demo video will not give full access to the system as you stated. It'll give only access which the web server is currently executing as; www-data has no access…
At best, this article is amateur hour for WordFence. It's focused on the topmost layers of the OSI model in an ecosystem requiring attention at all layers, from the wire -> up. Don't sell your product as anything more…
I think there's actually more web sites being built than ever, and that the problem is that company's expect more for less. The WordPress pollution has brought about a revolution in pricing within our field. Companies…
First thing I do when configuring a mail client. Enforce plain text only.
It's email. SMTP. It's not instant messaging and it sure isn't a browser. Point blank, it's easy to see that this is by design and not by quirk or fault. If anything Google are looking to maintain usability by keeping…
Can you post this dialog? I have trouble understanding how they gave a solid "No" on something which warrants much consideration. Most companies won't even respond if they don't intend to fix something, that way they…
>Note: This information has been disclosed to >Google appropriately, they have chosen to not >fix this behavior. >The other day, my friend sent me a link So did Google respond with a "No" or is 2-3 days with no fix…
Plus lack of identity validation. While the author of the article minimizes this, we shouldn't remove it from the equation just because users can't tell the difference. The right thing would be to fix the users…
I can safely say that it's never to limit our own workload. Considering we'd get paid less if we had nothing to do, it would be pretty dumb to work towards that goal. It's to save the company from going bankrupt with…
If you want to get employees to lock their workstations, make it a policy and fire the ones who repeatedly break it. If you have to get their attention via childish pranks it's a waste of everyones time. Also, the IT…
"I have detailed files on human anatomy." - T-800
Every investment opportunity has risk, and many possible outcomes. There will always be investors who gained. There will always be investors who missed a chance to gain. Alternatively, there could be investors who lost,…
I should also note that no email provider should be trusted for 'important email' as mentioned in the article title. Two reasons. 1) Email is not built with security in mind. Don't suggest SSL as it only protects…
I agree with him. False and useless. There's zero evidence to show that, "Gmail not to be trusted with important email.", as the title suggests. None of it is factual. All of it is presented as-is with only what appears…
You're clearly not understanding this. Random checks do belong in a large scale mail system such as GMail. Their system only checks 1 in x emails for DKIM/SPF. Could you imagine running DKIM/SPF checks on EVERY single…
Enable SPF and DKIM before jumping to uneducated conclusions please. Even if it's randomly accepting for the same address during repeat testing does not indicate that it's not caring about SPF or DKIM, it indicates a…
It was a hard decision sometimes, (as most boards gave only an hour so other people get a turn). Do I play Tradewars? LORD? What about downloading another half of disk 2 of UFO:Enemy Unknown? Maybe I should just stuff…
Okay there's something not right here. People are reporting that it was too late, however the block post is gone, and I've yet to see an obit posted in any of the locals around here. There's more to this.
Why guess when you can just sniff the network for the sequence? Port knocking requires the network that you're using to knock is in fact as secure and trusted as the one you're knocking. So there's really no point as…
Restrict SSH access inbound to trusted networks only. Then you don't have to worry about all this hoopla.
There's a number of things I disagree with in the article, but it does have a few good points. Here's what I disagree with and why: - Portknocking. I've found from experience that it's far better to allow SSH access…
If you can't secure your email, why would you be surprised when your servers dissapop? I understand that there should have been more layers beyond this and all, but really, what is the point if you're vulnerable across…
Okay Wordfence CEO. How the hell does your product prevent SQL injection attacks on a payment processor outside of the Wordpress ecosystem??? ( http://www.theregister.co.uk/2016/04/11/hackers_pwn_mossack_... ) You guys…
While this helps *.wordpress.com users or custom domains using the wordpress.com back end, it's going to cause a ruckus with self hosted ones. Neither WordPress or LetsEncrypt has any way to modify global server setting…
Forgot to mention, the RevSlider exploit used on your demo video will not give full access to the system as you stated. It'll give only access which the web server is currently executing as; www-data has no access…
At best, this article is amateur hour for WordFence. It's focused on the topmost layers of the OSI model in an ecosystem requiring attention at all layers, from the wire -> up. Don't sell your product as anything more…
I think there's actually more web sites being built than ever, and that the problem is that company's expect more for less. The WordPress pollution has brought about a revolution in pricing within our field. Companies…
First thing I do when configuring a mail client. Enforce plain text only.
It's email. SMTP. It's not instant messaging and it sure isn't a browser. Point blank, it's easy to see that this is by design and not by quirk or fault. If anything Google are looking to maintain usability by keeping…
Can you post this dialog? I have trouble understanding how they gave a solid "No" on something which warrants much consideration. Most companies won't even respond if they don't intend to fix something, that way they…
>Note: This information has been disclosed to >Google appropriately, they have chosen to not >fix this behavior. >The other day, my friend sent me a link So did Google respond with a "No" or is 2-3 days with no fix…
Plus lack of identity validation. While the author of the article minimizes this, we shouldn't remove it from the equation just because users can't tell the difference. The right thing would be to fix the users…
I can safely say that it's never to limit our own workload. Considering we'd get paid less if we had nothing to do, it would be pretty dumb to work towards that goal. It's to save the company from going bankrupt with…
If you want to get employees to lock their workstations, make it a policy and fire the ones who repeatedly break it. If you have to get their attention via childish pranks it's a waste of everyones time. Also, the IT…
"I have detailed files on human anatomy." - T-800
Every investment opportunity has risk, and many possible outcomes. There will always be investors who gained. There will always be investors who missed a chance to gain. Alternatively, there could be investors who lost,…
I should also note that no email provider should be trusted for 'important email' as mentioned in the article title. Two reasons. 1) Email is not built with security in mind. Don't suggest SSL as it only protects…
I agree with him. False and useless. There's zero evidence to show that, "Gmail not to be trusted with important email.", as the title suggests. None of it is factual. All of it is presented as-is with only what appears…
You're clearly not understanding this. Random checks do belong in a large scale mail system such as GMail. Their system only checks 1 in x emails for DKIM/SPF. Could you imagine running DKIM/SPF checks on EVERY single…
Enable SPF and DKIM before jumping to uneducated conclusions please. Even if it's randomly accepting for the same address during repeat testing does not indicate that it's not caring about SPF or DKIM, it indicates a…