Government Security
Network Security Resources

Jump to content

Photo

A New Member

security spam
  • Please log in to reply
4 replies to this topic

#1 theade

theade

    Private

  • Members
  • 2 posts

Posted 23 April 2011 - 02:10 AM

Hello everybody, I'm new to this forum and I'm also new about security stuff. I wish this could be a useful place where discuss and learn new things.
I already have a question about this forum.
When I performed the registration, i notice that the certificate of governamentsecurity.org isn't issued my a valid CA, and, after the registration, the confirmation mail was set as spam by gmail.
I found this quite strage from a security website, is it normal?

#2 wan26

wan26

    Private

  • Members
  • 18 posts

Posted 23 April 2011 - 04:59 AM

It's quite normal for services like gmail or hotmail to panic and flag almost everything as spam in the hope of pleasing the user. Like with other websites I just set my filter manually and everything is fine.

And hello :]

#3 bonarez

bonarez

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 1,252 posts

Posted 23 April 2011 - 09:12 AM

When I performed the registration, i notice that the certificate of governamentsecurity.org isn't issued my a valid CA

It's a self signed certificate. Meaning the logins are SSL without having to pay money to a certifying authority. It's safe.

I was looking at prices for a level 2 code singing certificate myself a while back. I didn't buy anything ;)
"Ask the right question and you will receive the right answer. I'm just very sensitive about the right syntax"

Read the rules before you post

#4 infiltrator

infiltrator

    Staff Sergeant

  • Sergeant Major
  • 421 posts

Posted 29 April 2011 - 01:08 AM

Certificates can cost quite a lot and if you are tight on budget than you would be forced to sign your own certificates.

#5 Edu

Edu

    First Sergeant

  • Members
  • 2,269 posts

Posted 29 April 2011 - 08:35 AM

it is all about money. If you pay a good ammount of money, you can get a digital cert no matter if you have good or bad intentions. Some decent and good intentioned developers cant afford such a thing and has to eg. self sign programs and other utilities and... they wont be recognized as valid, unless people manually install the cert. in their computers because they doesnt come from a "Trusted" authority. This means, be ware with digitally signed stuff, you need to trust the Editor itself, which in my opinion renders digitally signed stuff irrelevant, as in, if you trust "johnny", than u will download and install stuff from "johnny┬┤s place", no matter if they are executable or media, signed or not. if johnny gets compromised...oh well even the digital certs could be used by the attacker to sign malicious programs anyway ;)
http://www.secumania.net - Secumania security blog.


Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!





Also tagged with one or more of these keywords: security, spam