If you are an IT enthusiastic and mainstream-security maniac then you probably keep hearing news media boast nonstop on this and that security hole has/hasn't patch, Anon versus FBI, nonsense DDoS, defacement, MS vs Linux vs Apple, C vs Java for a secure lang and tons of retarted news that aren't helpful much.
The most stand-out topic is: which website or country has the best security system?
Recently, McAfee look-good lists of most secure country is pretty irrelevant. Yet I see many people believe it immediately.
Found 2 bugs on Finish Sewer Control's SCADA servers yesterday that let me gain access to administration, easily. What is the password of the main admin user? Abc123-. Rooted in less than an hour with slight bruteforcing.
Another bug (generic SQL) on Bank of Finland site a week ago. Critical.
Paypal Canada's login data leak. Patched.
Israel Central Bank's website, 13 bugs ranged from XSS to traversal. Some patched, some not yet.
Eurasia login page, DOM XSS. Patched.
_________
I think whoever thought their whatever site is secure should stay humble and shut up about how secure you are. The more you rant about your own server the more happier the attackers are, such as I was.
Be vigilant. Open wills. Be united. And shut your mouth about your security's proud. McAfee was getting paid to lie then I guess?
I think your site is not secure. Oops. I could mean anysite including Newgrounds, right now.
VicariousE
Personally, I kept up with security, till I hit hit with something that ...
It's an arms race. It's also a defense game.
And everyone online is involved. You're either part of the problem, solution or scenery... waiting to be a victim.
The more involved with computers we got, the scarier it got.
Wurfel-Waffles
I have a pretty bad habit in pen testing, especially black box testing. I used to leave out small bugs since I aim mostly for critical ones. Those small bugs can turn into critical if current system's condition change.