@Steve, did you ever hear me say that you shouldn't do anything and wait for hack3rs to break your site? FYI, I'm a security researcher and always take web security seriously. As much as one tries to mitigate exploits, there are several advanced techniques which hack3rs use to break sites. These include: WAF bypasses, encoding sniffing, external entity injection and advanced SQL injection. KR, Joseph. On Mon, Feb 24, 2014 at 9:52 AM, Steve Obbayi <steve@sobbayi.com> wrote:
@Joseph I don't agree with your attitude to a high degree. To be honest if your were to ask me to develop my site, I would run away so fast in the opposite direction. Hackers spend a lot of time finding exploits... why can't you as a developer spend as much or more time hardening your website or finding new ways to beat these guys, or recovering as fast as possible from an attack? You don't just sit and say since PayPal or VISA were hacked, there is nothing that can be done.
Here is an example of doing something right other than throwing hands up in the air
http://blog.cloudflare.com/good-news-vulnerable-ntp-servers-closing-down
My advice to Janiffer, keep worrying and let that worry be positive in that in makes you become better techie.
Steve
------------------------------
*From: *"Joseph Tintale" <jayxtintale@gmail.com> *To: *"janiffer muthama" <j_muthama@yahoo.com>, "Skunkworks Mailing List" <skunkworks@lists.my.co.ke> *Sent: *Lunes, 24 de Febrero 2014 6:18:50 *Subject: *Re: [Skunkworks] ECCouncil Hacked
Janiffer, What you need to understand is that all websites are vulnerable to hacking. These hackers spend lots of time finding exploits on their targets. There's also DDOS which is quite hard to mitigate and major sites like visa and paypal have suffered occasionally from these type of attach.
As a student worry not should you, because worrying is as effective as trying to solve an algebra equation by chewing bubblegum.
KR, Joseph.
On Monday, February 24, 2014, janiffer muthama <j_muthama@yahoo.com> wrote:
http://www.eccouncil..org <http://www.eccouncil.org>
I thought Eccouncil offers certifications to provide the foundation needed by every Electronic Commerce and Security Professional!, The professionals are trained by "super professionals" who are supposed to build and manage an organization's networking and security operations and to effectively utilize various resources to achieve operation excellence. Now their site is hacked!! how now??, a shame on their professionalism or alama ya Dugudugu?
Worried student...
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Ah ok Joseph, thanks for clarifying ----- Original Message ----- | From: "Joseph Tintale" <jayxtintale@gmail.com> | To: "Skunkworks Mailing List" <skunkworks@lists.my.co.ke> | Sent: Lunes, 24 de Febrero 2014 7:23:09 | Subject: Re: [Skunkworks] ECCouncil Hacked | @Steve, did you ever hear me say that you shouldn't do anything and | wait for hack3rs to break your site? FYI, I'm a security researcher | and always take web security seriously. | As much as one tries to mitigate exploits, there are several advanced | techniques which hack3rs use to break sites. These include: | WAF bypasses, encoding sniffing, external entity injection and | advanced SQL injection. | KR, | Joseph. | On Mon, Feb 24, 2014 at 9:52 AM, Steve Obbayi < steve@sobbayi.com > | wrote: | | @Joseph I don't agree with your attitude to a high degree. To be | | honest if your were to ask me to develop my site, I would run away | | so fast in the opposite direction. Hackers spend a lot of time | | finding exploits... why can't you as a developer spend as much or | | more time hardening your website or finding new ways to beat these | | guys, or recovering as fast as possible from an attack? You don't | | just sit and say since PayPal or VISA were hacked, there is nothing | | that can be done. | | | Here is an example of doing something right other than throwing | | hands | | up in the air | | | http://blog.cloudflare.com/good-news-vulnerable-ntp-servers-closing-down | | | My advice to Janiffer, keep worrying and let that worry be positive | | in that in makes you become better techie. | | | Steve | | | | From: "Joseph Tintale" < jayxtintale@gmail.com > | | | | | | To: "janiffer muthama" < j_muthama@yahoo.com >, "Skunkworks | | | Mailing | | | List" < skunkworks@lists.my.co.ke > | | | | | | Sent: Lunes, 24 de Febrero 2014 6:18:50 | | | | | | Subject: Re: [Skunkworks] ECCouncil Hacked | | | | | | Janiffer, | | | | | | What you need to understand is that all websites are vulnerable | | | to | | | hacking. These hackers spend lots of time finding exploits on | | | their | | | targets. | | | | | | There's also DDOS which is quite hard to mitigate and major sites | | | like visa and paypal have suffered occasionally from these type | | | of | | | attach. | | | | | | As a student worry not should you, because worrying is as | | | effective | | | as trying to solve an algebra equation by chewing bubblegum. | | | | | | KR, | | | | | | Joseph. | | | | | | On Monday, February 24, 2014, janiffer muthama < | | | j_muthama@yahoo.com | | | > wrote: | | | | | | | http://www.eccouncil...org | | | | | | | | | | I thought Eccouncil offers certifications to provide the | | | | foundation | | | | needed by every Electronic Commerce and Security Professional!, | | | | The | | | | professionals are trained by "super professionals" who are | | | | supposed | | | | to build and manage an organization’s networking and security | | | | operations and to effectively utilize various resources to | | | | achieve | | | | operation excellence. | | | | | | | | | | Now their site is hacked!! how now??, a shame on their | | | | professionalism or alama ya Dugudugu? | | | | | | | | | | Worried student... | | | | | | | | | _______________________________________________ | | | | | | skunkworks mailing list | | | | | | skunkworks@lists.my.co.ke | | | | | | ------------ | | | | | | List info, subscribe/unsubscribe | | | | | | http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks | | | | | | ------------ | | | | | | Skunkworks Rules | | | | | | http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 | | | | | | ------------ | | | | | | Other services @ http://my.co.ke | | | | | _______________________________________________ | | | skunkworks mailing list | | | skunkworks@lists.my.co.ke | | | ------------ | | | List info, subscribe/unsubscribe | | | http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks | | | ------------ | | | Skunkworks Rules | | | http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 | | | ------------ | | | Other services @ http://my.co..ke | | _______________________________________________ | skunkworks mailing list | skunkworks@lists.my.co.ke | ------------ | List info, subscribe/unsubscribe | http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks | ------------ | Skunkworks Rules | http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 | ------------ | Other services @ http://my.co.ke
participants (2)
-
Joseph Tintale -
Steve Obbayi