Nothing is more than 80% secure. All networks are insecure, but what matters is how you protect them. I currently did a Blackbox against an organization that i truly felt was soo protected, and i was actually afraid of taking the job, but later on, i was upside down and every where. Nothing is impenetrable. Hire the best Information RIsk consultants, and you will see how. On 2/24/14, Steve Obbayi <steve@sobbayi.com> wrote:
Ah ok Joseph, thanks for clarifying
----- Original Message -----
| From: "Joseph Tintale" <jayxtintale@gmail.com> | To: "Skunkworks Mailing List" <skunkworks@lists.my.co.ke> | Sent: Lunes, 24 de Febrero 2014 7:23:09 | Subject: Re: [Skunkworks] ECCouncil Hacked
| @Steve, did you ever hear me say that you shouldn't do anything and | wait for hack3rs to break your site? FYI, I'm a security researcher | and always take web security seriously. | As much as one tries to mitigate exploits, there are several advanced | techniques which hack3rs use to break sites. These include:
| WAF bypasses, encoding sniffing, external entity injection and | advanced SQL injection.
| KR, | Joseph.
| On Mon, Feb 24, 2014 at 9:52 AM, Steve Obbayi < steve@sobbayi.com > | wrote:
| | @Joseph I don't agree with your attitude to a high degree. To be | | honest if your were to ask me to develop my site, I would run away | | so fast in the opposite direction. Hackers spend a lot of time | | finding exploits... why can't you as a developer spend as much or | | more time hardening your website or finding new ways to beat these | | guys, or recovering as fast as possible from an attack? You don't | | just sit and say since PayPal or VISA were hacked, there is nothing | | that can be done. |
| | Here is an example of doing something right other than throwing | | hands | | up in the air |
| | http://blog.cloudflare.com/good-news-vulnerable-ntp-servers-closing-down |
| | My advice to Janiffer, keep worrying and let that worry be positive | | in that in makes you become better techie. |
| | Steve |
| | | From: "Joseph Tintale" < jayxtintale@gmail.com > | | | | | | To: "janiffer muthama" < j_muthama@yahoo.com >, "Skunkworks | | | Mailing | | | List" < skunkworks@lists.my.co.ke > | | | | | | Sent: Lunes, 24 de Febrero 2014 6:18:50 | | | | | | Subject: Re: [Skunkworks] ECCouncil Hacked | | |
| | | Janiffer, | | | | | | What you need to understand is that all websites are vulnerable | | | to | | | hacking. These hackers spend lots of time finding exploits on | | | their | | | targets. | | | | | | There's also DDOS which is quite hard to mitigate and major sites | | | like visa and paypal have suffered occasionally from these type | | | of | | | attach. | | |
| | | As a student worry not should you, because worrying is as | | | effective | | | as trying to solve an algebra equation by chewing bubblegum. | | |
| | | KR, | | |
| | | Joseph. | | |
| | | On Monday, February 24, 2014, janiffer muthama < | | | j_muthama@yahoo.com | | | > wrote: | | |
| | | | http://www.eccouncil...org | | | | | |
| | | | I thought Eccouncil offers certifications to provide the | | | | foundation | | | | needed by every Electronic Commerce and Security Professional!, | | | | The | | | | professionals are trained by "super professionals" who are | | | | supposed | | | | to build and manage an organization's networking and security | | | | operations and to effectively utilize various resources to | | | | achieve | | | | operation excellence. | | | | | | | | | | Now their site is hacked!! how now??, a shame on their | | | | professionalism or alama ya Dugudugu? | | | | | |
| | | | Worried student... | | | | | |
| | | _______________________________________________ | | | | | | skunkworks mailing list | | | | | | skunkworks@lists.my.co.ke | | | | | | ------------ | | | | | | List info, subscribe/unsubscribe | | | | | | http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks | | | | | | ------------ | | |
| | | Skunkworks Rules | | | | | | http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 | | | | | | ------------ | | | | | | Other services @ http://my.co.ke | | | | | _______________________________________________ | | | skunkworks mailing list | | | skunkworks@lists.my.co.ke | | | ------------ | | | List info, subscribe/unsubscribe | | | http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks | | | ------------ |
| | Skunkworks Rules | | | http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 | | | ------------ | | | Other services @ http://my.co..ke |
| _______________________________________________ | skunkworks mailing list | skunkworks@lists.my.co.ke | ------------ | List info, subscribe/unsubscribe | http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks | ------------
| Skunkworks Rules | http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 | ------------ | Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/