I hacked 3 sites and Microsoft Servers.

  • reaper
  • Proficient
  • Proficient
  • User avatar
  • Posts: 435
  • Loc: europe

Post 3+ Months Ago

Don't know exactly what you mean by that?

What would be usefull in my oppinion would be to have a small group of trustees of ozzu to do an evaluation of a site's security upon request.
Like an ex-burglar testing your homesafety and giving some pointers to fix the obvious security holes that are present.

Offcourse with your own home this is easier to establish you would say but you would be surprised how many people think there home is secured in a good manor even when they are not.

Same goes for websites...only thing is, this a lot different offcourse regarding the issues that comes with this kind of security.
A lot more technical stuff.

Pen test... that is for testing dollars right?

Also i would like to add the following:

When looking at this page http://www.ozzu.com/ozzu_supporters.html

and this part:

Ozzu and the Future

Our goal with Ozzu is to continue to increase the size of the community, make it easier and faster to get help, and hopefully create an environment where everybody can learn from each other. That is the main purpose of the forum and I believe it has been successful in that area. Ozzu should be around for many years to come.

I would say this kind of section would fit right into Ozzu because the purpose is to make it easier to get help in all sorts of aspects.
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2698
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

Security issues always boil down to two major areas of containment; Operating System and Application.

Since, as was mentioned by one of my colleagues, we cover those specific areas, adding a 'Security' forum would be redundant. There is the additional risk that someone would take it upon themselves to abuse that forum, or at least attempt to circumvent the conceptual idea for the foundation of such a forum through misuse and improper subject matter discussion.
While that opportunity exists for ANY specific forum, a labeled 'Security' forum tends to bring out the slugs who merely want to show off some imagined 733t H@x0r 5kilz.
Those are the sorts of individuals we do not wish to engage in topical and meaningful discussion.
If a system administrator bears the burden of security and can relate said concern as a query, it would serve them better to understand the issue as it relates to either OS or App. (Not to mention the interaction of the two, which brings me to my next point.)


At times, yes there will be convergence, but duplication of queries which each would not follow the same line of thought tend to branch and divide -- so much better would be to follow a concept to conclusion, only to realize the next path travelled a different road and take that data you have gathered unto that to help clarify the problem.

Are there security groups within large organizations, yes. They often live in a world more of bits, than bytes. Having done security for the US Government, I am able to attest to the nature of the security analyst.
If that analogy is difficult to follow, understand that by the time you have an exploit (or more important to the sysad/app manager) a bug fix, the security engineer has already completed his function.

If your intent is to discuss the safety and security of systems you have relating directly to exploits that exist in the wild, then your concern is with the fixes, not with the bugs themselves.

I know ATNO, I am waxing rhapsodic again.

  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6818
  • Loc: Martinsburg, WV

Post 3+ Months Ago

That was a very eloquent way of saying "No, we will not have that kind of forum".

I understand reaper's suggestion and I can relate to my fellow mod's thoughts and feelings. I also believe a forum like that may encourage the script kiddies to come out of the woodwork, some of which may be valued members of this forum already but are smart enough to keep their mouths shut about the subject.

So, in closing, a good idea but probably impractical to implement on this forum.

This may be a good thing for reaper to start up on his own. A site/forum dedicated to Windows/*nix security.
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

From a "non-hacker" side of things, Bigwebmaster made a serious effort to condense forums, to more generic all encompassing ones that you see now. Most of those were forums that had very few posts. If I recall correctly there was a security forum at the beginning. The Windows and Linux forums, were established to address any issues or problems and questions related to those two operating systems. It has been Bigwebmaster's practice since then to only create new forums when the demand became great enough to justify a separate forum for it. The Hardware forum and the Job Opportunities forum are two examples of this (prrof that the suggestions work and things are added as needed).

Security issues can easily be addressed in either the *nix or Windows boards. If you do a look through both boards, you'll note that there are extremely few posts related to security in either board, and most of what is security related is often handled in the programming board relative to writing programs correctly to avoid vulnerabilities.

In a nutshell, I'm stating the same thing Daemonguy did, but from a slightly different perspective.

Post Information

  • Total Posts in this topic: 34 posts
  • Users browsing this forum: No registered users and 6 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum

© 1998-2016. Ozzu® is a registered trademark of Unmelted, LLC.