Respecting Users' Privacy

Seven Stones Information Security has created this privacy policy (the "Site Policy") to demonstrate our commitment to the privacy of our website visitors and the right of privacy throughout the Internet. Privacy on this Seven Stones Information Security website (the "Site") is of great importance to us. Because we gather important information from our visitors, we have established this policy as a means to communicate our information gathering and dissemination practices. By using this Site, you are agreeing to the terms of the Site Policy. We reserve the right to change the Site Policy. If we decide to revise the Site Policy, we will post a notice at least thirty days prior to making any material changes. Your continued use of this site, including use after the posting of any changes to these terms, will be deemed acceptance by you of the Site Policy. Anonymous Information You can visit the Site to read information about our company, products, and services without telling us who you are and without revealing any personal information. To improve the usefulness of our site, Seven Stones Information Security measures and analyzes non-identifying, aggregate usage, and volume statistical information from Site visitors in order to administer our Site, and to constantly improve the quality of our service and site performance. Information gathered may include, but is not limited to, the following: the activity of the Site visitor's browser when the visitor is viewing the Site; the site path of visitors; and the time visitors come to the Site. Seven Stones Information Security reserves the right to publish anonymous, aggregate summary information regarding its Site visitors for promotional purposes and as a representative audience for advertisers. Please note that this is not personal information, only general summaries of our visitors' usage of the Site.

 

Personally Identifiable Information

You may wish to request information about our products and services. To facilitate the distribution of this content, you are asked to provide information, such as, but not limited to, name, company, title, phone number, e-mail address, site name, URL, and address. Based on the your request, Seven Stones Information Security may also ask for additional information, such as number of page views your site receives, how many orders your site receives, and how you heard about us. This is information is provided by you on a voluntary basis only and is not required by us in order for you to use and enjoy our site.

 

Collected Personal Data

Seven Stones Information Limited may use the information that we collect on the Site to contact you to further discuss your interest in our company, our services, and to send information regarding our company or partners, such as marketing promotions and events. This information may also be used to improve the services we provide you. The information is collected and stored in a manner that is appropriate for the nature of the data that we collect, and the need to fulfill your request. This information is not provided or sold to third parties for their use. Seven Stones Information Security uses secured server areas and advanced firewall technology to minimize the risk of security breaches for individually identifiable information that is volunteered on the Site. Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law, or in order to comply with a current judicial proceeding, a court order, or legal process served on the Site. We will of course notify you should such a situation occur.

 

Information Security

Our Site has security measures in place to help protect against the loss, misuse, and alteration of the data under our control. When sensitive on our Site are accessed using Netscape Navigator, Microsoft Internet Explorer versions 5.0, or higher, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that the data is safe, secure, and available only to you and us. Seven Stones Information Security also provides unique usernames and passwords that must be entered each time a customer logs on to an Seven Stones Information Security product via this Site. These safeguards help prevent unauthorized access, maintain data accuracy, and help ensure the appropriate use of all data. The webserver is protected by a firewall to provide network access control.

 

Third Party Sites

The Site contains links to other websites. Seven Stones Information Security is not responsible for the privacy practices or the content of these other websites. Customers and/or visitors should check the privacy policy statements of these other websites to understand their policies. Customers and visitors who access a linked site may be disclosing their private information. It is the responsibility of the user to keep such information private and confidential.

Security Macromorphosis

Sacred Cows

Latest Blog Post

 

What Is Your VA Scanner Really Doing?

April 20, 2021, 1:05 p.m.

 

It's clear from social media and first hand reports, that the awareness of what VA (Vulnerability Assessment) scanners are really doing in testing scenarios is quite low. So I setup up a test box with Ubuntu 18 and exposed some services which are well known to the hacker community and also still popular in production business use cases: Secure Shell (SSH) and an Apache web service.

This post isn't an attack on VA products at all. It's aimed at setting a more healthy expectation, and I will cover a test scenario with a packet sniffer (Wireshark), Nessus Professional, and OpenVAS, that illustrates the point.

I became aware 20 years ago, from validating VA scanner output, that a lot of what VA scanners barf out is alarmist (red flags, CRITICAL [fix NOW!]) and also based purely on guesswork - when the scanner "sees" a service, it grabs a service banner (e.g. "OpenSSH 7.6p1 Ubuntu 4ubuntu0.3"), looks in its database for public disclosed vulnerability with that version, and flags vulnerability if there are any associated CVEs. Contrary to popular belief, there is no actual interaction in the way of further investigating or validating vulnerability. All vulnerability reporting is based on the service banner. So if i change my banner to "hi OpenVAS", nothing will be reported. And in security, we like to advise hiding product names and versions - this helps with drive-by style automated attacks, in a much more effective way than for example, changing default service ports.

Read on ...

Publication

Security DeEngineering

Security
De-engineering

 

 

Security De-engineering, published by Taylor Francis, covers ubiquitous problems in information security and offers a solution in the final chapter

Areas covered: Penetration testing, Hackers, CASEs (Checklists and Standards Evangelists), IDS, Cloud Security, jobs in security, Identity Management, and organisational elements.

 

Partners

Literatecode

Literatecode

 

 

Literatecode was established in 2003 as an informal R&D lab and reorganized to a registered business in 2012.

Literatecode specializes in applied research and experimental development to help companies and individuals defend themselves against security threats.