« Email as Half Factor Authentication
IDS Evasion By Accident »

Hackersafe Sites Are Likely Targets For Exploitation

There has been an interesting trend on the forums as of late. HACKER SAFE¬© sites are being targeted to identify the vulnerabilities in them. Ultimately the type of vulnerability assessments performed by Scan Alert has been essentially proven to be ineffective at the 99% rate that they claim. I know I’ve written about this before but this time the name of a security watermark is being used as an effective method for finding vulnerable websites. That’s right, the people on the forum are inventing Google Dorks to locate sites that bear Scan Alert’s watermark as they are probable targets for exploitation.

Not many security companies have the distinction of having such flawed methodology for testing for vulnerabilities that their services are being used as a method for finding vulnerable websites that they certify as being 99% safe, according to their website.

According to Scan Alert they help companies convert 14% better with their logo (thanks to Kyran for the link). Clearly the marketing aspect is worthwhile, even if it makes your company an even larger target to hackers. I encourage anyone using Scan Alert to hire a professional to do a real vulnerability assessment based on the results from the forum and ditch the logo before it makes you an even larger target to the people you are claiming to be safe from.

This entry was posted on Thursday, November 9th, 2006 at 10:20 pm and is filed under XSS, Webappsec. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Hackersafe Sites Are Likely Targets For Exploitation”

  1. id Says:
    November 10th, 2006 at 1:27 pm

    I wonder if having the logo makes them even more less likely to have secure code. With an outside vendor giving validation to flawed code it is less likely to be re-examined by the site coders, after all Scan Alert said it was ok…

  2. Apnovi Says:
    November 10th, 2006 at 2:05 pm

    I think you might be right there, if some security site from outside has already supposedly validated the code and given it the all clear…then some developers may be inclined to leave it be. Hey its always good to have a second opinion or even a third, but lets not get them from Scan Alert…lol

  3. RSnake Says:
    November 10th, 2006 at 4:25 pm

    I’d like to amend my statement after having thought about this quite a bit more. Given the increase in revenue attached with a well placed HACKER SAFE© logo, I think it is a good idea to place it on your site. Who doesn’t want an additional 14% in revenues? However, I don’t think it is a wise thing to do until you have had a chance to have your site professionally manually verified first. The last thing you want to do is jeopardize your corporate security and your additional 14%. That is an investment and it should go towards something.

  4. √ľnal Says:
    November 11th, 2006 at 2:41 am

    hehehe

  5. maluc Says:
    November 11th, 2006 at 5:39 am

    and that’s 14% more customer accounts for a hacker to steal. Everybody wins ^_^

    -maluc

Leave a Reply Or Discuss On the Forums



gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.