Results 1 to 14 of 14
  1. #1

    The audacity of hackersafe

    I previously (or rather still have it for a few days) had an account with Hackersafe, not feeling it worth it to continue services with them as it is extremely expensive, didn't feel that the hackersafe seal probably brought in much business, and don't really rely on their services for security anyway, I decided to cancel. I bought it as an investment for the seal, not feeling I do enough business for the seal to actually validate itself, I decided to cancel, sensible enough right?

    I emailed them to ask not to have it renewed, it was forwarded to the correct department, etc. They asked me if I wanted to switch plans and the like, I said no, I don't really find their product worth it. Then, a reply I didn't really expect.

    They replied to my emailing implying that I don't care about my customer's security. They said that if that's how I view my customer's security (this was a reply to my email that said I don't find their product worth it) then they'll go ahead and cancel my account.

    I plan to stay away from all McAfee products from now on.

    I expected maybe one last plug, saying that studies have shown such and such, not an outright insult.
    TitanTutorials.com, Making Flash Tutorials Affordable Again, Always Up For Custom Jobs

  2. #2
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    Can you copy/paste the email from them? I'd like to see exactly how they worded it.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  3. #3
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,479
    Have you ever tried canceling a credit card? It could be worst.

  4. #4
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Quote Originally Posted by AH-Tina View Post
    Can you copy/paste the email from them? I'd like to see exactly how they worded it.

    --Tina
    Ditto...

    ..
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  5. #5
    Canceling with them isn't hard, and by and large they did a fine job. I'm in no way implying that others shouldn't use them, I just can't believe that they would say that. This was more of a "what the hell?" moment than anything else. Here is the exact quote

    "If that is how you look at securing your customers with quality security" and then they proceeded to say that they will cancel my account as asked.
    TitanTutorials.com, Making Flash Tutorials Affordable Again, Always Up For Custom Jobs

  6. #6
    Join Date
    Apr 2004
    Location
    SF Bay Area
    Posts
    877
    Quote Originally Posted by zildjian2000 View Post
    I plan to stay away from all McAfee products from now on.
    Hmmm... didn't even know Scanalert had been acquired by McAfee. They had a sales office just up the road from me.

    Regardless, I would hardly judge the behavior of a sales person at an acquired company as indicative of the corporate culture or attitude across McAfee, which is a very large company. Yes, every person should behave as part of the team, but not everyone does. As someone who has come into a number of acquired companies, the culture clash can be pretty severe.

    What you might do instead--and admittedly this isn't your job--is see if you can speak to that person's supervisor, send them the email, voice your concerns, then move on. It will be up to them to deal with that employee.

  7. #7
    I actually agree with you serverminds. You can't judge a company by one employee. I don't plan on using McAfee products, but that's just because I use other products that compete with them. I posted this right after it happened, so I was pissed at the moment. However, in retrospec it wasn't that bad, and it was just one employee.

    Though I will say this, when you are an employee of a company, you do represent said company. So unless Mcafee already does so, they should really stress the concept that the customer is always right, even when they're wrong.
    TitanTutorials.com, Making Flash Tutorials Affordable Again, Always Up For Custom Jobs

  8. #8
    Quote Originally Posted by zildjian2000 View Post
    "If that is how you look at securing your customers with quality security"
    Quality security? As in running a Nessus scan resulting in numerous false positives and reporting them as vulnerabilities, then resorting to lying to scare less knowledgeable folks when proven that their half baked scan didn't find squat? They told one of our customers that since mod_userdir was enabled, they could brute force valid usernames, and as a result of this, they could use hping to monitor the traffic of that user. Of course, our customer didn't understand the mountain of garbage that this fear mongering snake oil salesman was pushing, but we set things straight.

    HackerSafe/ScanAlert should be ashamed, but I guess when you're making hand over fist in cash for something as simple as pressing a button, sending a report, and allowing someone to use some silly little image on their website, there's not much else to do but laugh all the way to the bank.

    My advice, as many others have said in other threads: make your own image or logo. It would likely be equally effective.

  9. #9
    Join Date
    Aug 2002
    Location
    Bharat
    Posts
    4,722
    Was not nicecoder website got hacked while boasting with hackersafe logo at the top.

    Search for "hackersafe" here and you will find quite interesting information.
    Vinsar.Net - Quality Web Hosting at Economical Price on USA & European Servers
    Offering domains, shared, reseller & VPS hosting.
    Reliable Domain Reseller Account Resell Domains with Confidence

  10. #10
    Join Date
    Aug 2002
    Location
    Bharat
    Posts
    4,722
    And google is your friend as always

    'Hacker Safe' Site Hacked, Data Stolen
    Vinsar.Net - Quality Web Hosting at Economical Price on USA & European Servers
    Offering domains, shared, reseller & VPS hosting.
    Reliable Domain Reseller Account Resell Domains with Confidence

  11. #11
    Join Date
    Apr 2003
    Location
    Winnipeg
    Posts
    198
    I work for Nicecoder, and was actually hired the day the site was hacked.

    I personally believe "hackersafe" is a farce, but to set the record straight, it is the script IndexU that is hackersafe tested, not the website. The website actually used a vulnerable CMS.
    http://www.wpdirectorypro.com is a premium plugin to make a directory using WordPress
    http://www.pocketbikeforum.com racing, mods, sales, and general discussion of pocket bikes

  12. #12
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Quote Originally Posted by jpetersen View Post
    Quality security? As in running a Nessus scan resulting in numerous false positives and reporting them as vulnerabilities, then resorting to lying to scare less knowledgeable folks when proven that their half baked scan didn't find squat? They told one of our customers that since mod_userdir was enabled, they could brute force valid usernames, and as a result of this, they could use hping to monitor the traffic of that user. Of course, our customer didn't understand the mountain of garbage that this fear mongering snake oil salesman was pushing, but we set things straight.

    I'd have to say my impressions of them are just the same, and that they're using JUST THAT software in fact, not reading the results, and not caring about anything but 'error' .

    Nessus is good, unfortunately, nessus has a problem where it will report a LOT of stuff as bad even when it's not, such as mod_userdir, or using an RPM version of OpenSSL, etc. You have to actually READ it to understand what's going on. @ HackerSafe, they don't read, OR understand these reports.

    I had a conversation with a client regarding hackersafe, and it went something like what is going on in this thread. They're manipulative pains in the *** that prey on the unknowing.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  13. #13
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Quote Originally Posted by linux-tech View Post
    I'd have to say my impressions of them are just the same, and that they're using JUST THAT software in fact, not reading the results, and not caring about anything but 'error' .

    Nessus is good, unfortunately, nessus has a problem where it will report a LOT of stuff as bad even when it's not, such as mod_userdir, or using an RPM version of OpenSSL, etc. You have to actually READ it to understand what's going on. @ HackerSafe, they don't read, OR understand these reports.

    I had a conversation with a client regarding hackersafe, and it went something like what is going on in this thread. They're manipulative pains in the *** that prey on the unknowing.
    When someone or some entity lacks proof of the reliability of their product, I would assume they rely on such tactics.
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  14. #14
    Join Date
    Sep 2006
    Location
    Indiana
    Posts
    166
    HackerSafe is useless in my opinion. Sure it scans for some things. But at the price, the money would be better spent on having a processional server admin check/harden your server periodically (it's unlikely the security of your server varies day-to-day).

    Also, I know of guys who have found several vulnerabilities (with varying degrees of severity) on sites bearing the HackerSafe seal. HackerSafe evidently doesn't really do much for XSS and CSRF issues.

    I also have a suspicious that the HackerSafe seal is kind of a challenge...as if you're daring hackers to attack the site.
    [Lurking Glass] <- Not a webhost.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •