Online security testing.
Results 1 to 9 of 9

Thread: Online security testing.

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    Online security testing.

    I found a pretty cool site, but then I got to thinking...

    The site I found is www.securitystats.com

    They have several "security awareness " tools on their page.

    These are web based pages that test the strength of your password and such.

    Well, if they wanted, couldn't they just use the info you submit to them and your ip address that is easily found in their logs to gain access to your computer/network?

    Call me parinoid, but I don't completely trust sites like this or programs that "test your security". All someone would have to do is write a program/page to send back your ip and your test results and they would almost have instant access to a pc without permission. Just because someone wanted to "test their security".

    So, my question...

    Do you think that the chances are high that someone/some company would take advantage of the information that a user submits while testing their systems?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Phish: While you are right to be wary I would suggest the following thoughts.

    If you see a site that proposes to "test your security" etc. go take a look around the site to see if it is selling any products. Financial gain is a wonderful way of ensuring the site is honest. But don't stop just there unless you recognize the product name. If you don't - Google it. What do people have to say about it and it's creators? If it is positive and there is a a feeeling amongst those comments that the organization is trustworthy then all the better. If you already recognize the product name then you have your own opinion of the company/product already - use that to make your determination.

    It's always handy to have a few "outside" systems run over your own systems just to see if they see something you forgot.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    You're right, you're best to be paranoid these days to stay secure!

    Quote taken from the site you just posted
    Please note that although we will not store the password you enter, it's never a good idea to send your password to someone you don't know. Instead, we recommend testing a password which is *similar* to one you might use.
    So for this site they're not asking you to input your actual passwords, but only a *similar* password to one you MIGHT use.

    But im sure there are sites out there doing just what youve suggested phishphreek80, so you just gotta be careful!

    Cheers

    r3b00+

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I'm also pretty sure most Online Security testing website's have a term's of service or conditions in which they can get in legal trouble if they exploit anything they find or use it in a manner that they said they wouldn't do. If no legal action can be taken against that (I'm not sure if there can) then you might want to be paranoid about how you check your security or which testing site's you go to.
    Space For Rent.. =]

  5. #5
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Read all of you guys,

    it seems that the safest is to check/audit its own ourselves!

    That's nessus purposes I guess. Dynamic auditing!
    [shadow] SHARING KNOWLEDGE[/shadow]

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    From looking at the web site they don't really offer any online security testing, yes they have a tools for passwords and what looks like a port scanner. I would stick clear of their tools they are not going to tell you much. But from what I read on the site they do know what they are talking about (and it's uptodate!), so I would give it a good read

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  7. #7
    Senior Member
    Join Date
    Dec 2002
    Posts
    107
    My opinion is, if you are really looking for a security defense program. Go to CompUSA and buy a program. I would recommend a couple(Nortan and McAffee), however I think you have your eye on a downloadable version.

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    A security program is only any good if it's set up correctly
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Originally posted here by SittingDuck
    A security program is only any good if it's set up correctly
    That's very true. Another thing I sometimes do is set up a box or webserver, secure it, and try to hack it. Either that, or try using common methods that people use against those servers/machines and that would be a good way to test security of the box or server.
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •