Pwnd2Pwnr Posted May 8, 2013 Share Posted May 8, 2013 I was perusing an interesting article. I am sure others would like to read about, too. I bring you... http://resources.infosecinstitute.com/gauss-between-technology-and-politics/ Amazing... Quote Link to comment Share on other sites More sharing options...
digip Posted May 8, 2013 Share Posted May 8, 2013 (edited) If I'm not mistaken, they are the same people that stole Corelan Coders teaching materials and sold classes teaching from tuts off his site. They tend to auto blog and plagiarize other sites, and also jump the gun on vulns. I think they even once published a vuln on BackTrack since it used the default passwords of root/toor. Might be a different site, but if its the same people, they have a whole slew of sub domains, and at one point, I think I even found XSS on one of their pages, this, coming from a school that teaches how to protect against XSS. Take what they post, with a grain of salt is all I am saying... Yeah, same people as I had thought before -> http://securityerrata.org/errata/plagiarism/infosec_institute/ By the way, the default user on the link you posted, is "root". Oh, the irony.... Sure someone will have fun bruteforcing that one... http://resources.infosecinstitute.com/author/root/ I went through the first 18 or so names of users before I got bored, then saw Ryan Dewhurst, someone I respect and follow on Twitter. Didn't know he was associated with them though. Hes one of the guys behind DVWA I think as well as the wordpress scanner or wp-scan scripts on google code(I think). Sad...good people associated with a site thats borderline crap. Hey, lets email their webhost while we're at it... infoseci@pair.com Edited May 8, 2013 by digip Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted May 8, 2013 Author Share Posted May 8, 2013 Hmm... I got the article from packetstormsecurity... good to know, though. :) . I will shoot an email straight away .. jk jk ;) Quote Link to comment Share on other sites More sharing options...
digip Posted May 9, 2013 Share Posted May 9, 2013 (edited) http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/ Also interesting that they have 14 domains using the same google analytics code. http://www.ewhois.com/analytics-id/UA-146509/ Edited May 9, 2013 by digip Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted May 9, 2013 Author Share Posted May 9, 2013 So, how would you classify infosec as? Malicious? Quote Link to comment Share on other sites More sharing options...
digip Posted May 9, 2013 Share Posted May 9, 2013 I think they are a company, looking to make money, like most businesses, but they do it in a way, that to me, seems boderline shady. The corelan incident was bad at the time, but they worked it out and apologized, but no one likes being stolen from. I'm going through it now with Attack Scanner. Someone stole our Pro version and basically reworked it a tad, encrypted it and are selling it as their own product, so I don't like thieves in that regard, where people profit off others works. Sharing something is one thing, flat our stealing, then I have an issue when you make money off someone else's hard work and pass it off as your own. So the corelan thing was one strike against them. Then the Backtrack thing, was kind of silly, if not just maybe a way to bring more attention to their company. Free advertisement through controversy, aka, how can we get famous like Michael Jackson famous in the tabloids, oh, lets call out someone else famous in the community and it will draw attention to us. We'll apologize again, and all will be fine, but in the meantime, it will promote us. To some extent, it worked I guess. To me, they are the Gregory Evans of infosec though, but thats my opinion. I don't expect others to feel the same way. They have decent articles and writers, but is it all their material, or reposted from someone else's work? Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted May 14, 2013 Author Share Posted May 14, 2013 One positive = They thought it was good enough to steal ... ... I am not anywhere near the programming level of people like you, sebkinne, etc., but isn't there a way to bind your Attack Scanner for updates, serial/integrity checks so you can have a cache and verify all of the AS's you sold? (I sound like a Welshman, jk :) ) All in all; they have lost my trust AND I will not support/read any whitepapers, docs, info, etc. as they are probably someone elses' work. B) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.