“ACTIVE BREACH PROTECTION Breach Proof Your Business with Our Zero Trust Platform [EXPLORE THE PLATFORM]”
Lead to:
“DRAGON PLATFORM”
“Activate breach protection for your business with the Dragon Platform.”
“Comodo delivers everything cybersecurity you ever needed to activate breach protection immediate value added from day one”
“Bulletproof Protection Scored 100% protection from zero-day attacks”
“ZERO TRUST PROTECTION Get breach protection from our leading portfolio of cybersecurity solutions and services.”
“Comodo’s Dragon platform offers your business a zero trust environment to provide breach protection for your digital evolution.”
“Make your life easier, your customers safer, your employees more productive and your data more secure with the Comodo’s Dragon Platform.”
There are multiple places were Comodo refers to their Comodo Dragon platform as providing breach protection and protecting customer data. If you go back to Comodo’s home page and download the E-Book on “Preventing Breaches by Building a Zero Trust Platform” talks about the protection for the entire IT environment including the public and hybrid cloud. It also states:
“This shift from reactive to proactive is what makes Comodo Cybersecurity unique and gives them the capacity to protect your business—from network to the web to cloud—with confidence and efficacy.”
Back on Comodo’s main page also references “Comodo Cybersecurity” in a heading right above the “DRAGON PLATFORM” and “REQUEST DEMO TODAY” which leads to “See the Comodo Dragon Platform in Action”
So, there is strong indications on the Comodo web page that “Comodo Cybersecurity” and the “Zero Trust Platform” are both references to the “Comodo Dragon Platform.” They also state multiple times that this platform provides protection from breaches. As far as I know, the majority of public and hybrid cloud are web based which they also imply their platform protects. The E-Book clearly defines the web services as part of the entire IT ecosystem and reaches the conclusion Comodo is the solution for protecting them. What Comodo product are they talking about if not the Comodo Dragon Platform? Comodo is clearly indicating to provide prevention of breaches, so what product from Comodo should they have been running on this forum to get that breach prevention?
The original security notice about “a potential data breach” did not use the word “hacked” and I didn’t either. I was focused strictly focused on a noticed of data breach from a company that has a very strong claim to being able to prevent data breaches.
I have also found nothing in the Zero Trust e-book or any of the promotional material that indicates limitations to the “active breach proof protection.” If a hack can result in a data breach then that would still violate the claim of having protected against a breach. Once a vendor gets to the point of releasing a full e-book, there should be no excuse as to being transparent about the product limitations.
Also, a product called “Comodo HackerProof” … it is really strongly implied in the name of the product it is to prevent being hacked.
From the web page about why sites should use the HackerProof TrustLogo(R), it is stated:
“78 percent of online shoppers say that a seal indicates that their information is secure”
“Nearly 70 percent of online shoppers have terminated an online order because they did not ‘trust’ the transaction. In those cases, 53 percent indicated that the presence of a seal would have likely prevented the termination.”
So, they seem to be acknowledging the role of the seal is to make shoppers less vigilant and proceed with (blindly?) trusting the site to keep the data secure. If HackerProof is allowing for the site to be hacked then they seem to be admitting that 78% of shoppers are being mislead regarding the security the logo indicates. What exactly is “the next dimension in website scanning” accomplishing at the end of the day?
While the Comodo forums does not have the HackerProof TrustLogo(R) displayed, as part of taking security seriously Comodo should be using HackerProof for their own forums and the capabilities of the product should still remain the same.
Correct. Any device that is the final destination for a network packet is an endpoint. This forum is on an endpoint. A system running Debian Linux is an endpoint. I have evaluated endpoint protection products for Linux. If they don’t provide support for Linux, then I question their claim of protecting the entire IT ecosystem that includes the public and hybrid cloud. However, they also have had option to run the forum on Windows. PHP runs on Windows and can be used with IIS. MySQL runs on Windows. A system running Windows server is also an endpoint.
So, now that we are in agreement that the Dragon Platform is for endpoints. Where was the “Active Breach Proof Protection” via a “Zero Trust Platform” for this endpoint which now has a notice of a breach?
I have no sales platform, sell nothing on the Internet, I’m just a regular user.
In this forum are about me no confidential, sensitive data to find. No credit card number, no bank account - nothing (oh: my e-mail address). I do not know how many users here personal data such. have saved the mentioned by me. I no. So why should I worry about that?
Why doesn’t comodo use their own tool on this page? Ask someone from the team.
[b]Comodo HackerProof Alternatives & Competitors[/b]
(1)
5.0 out of 5
Looking for alternatives to Comodo HackerProof? Tons of people want Vulnerability Scanner software. What’s difficult is finding out whether or not the software you choose is right for you.
Top 20 Alternatives & Competitors to Comodo HackerProof
Giridhara Raam is a Cybersecurity Evangelist, Analyst, Author, Speaker. He also immerses himself in cybersecurity research from an endpoint security management. He is a Security Writer & Author of GBHackers On Security
ABOUT US
GBHackers on security is a Cyber Security platform that covers daily Cyber Security News, Hacking News, Technology updates and Kali Linux tutorials. Our mission is to keep the community up to date with happenings in the Cyber World.
Contact us: admin[at]gbhackers.com
10 Best Vulnerability Scanning Tools For Penetration Testing ? 2019
According to BleepingComputer, the data for sale from the breach of the Comodo forums includes the member’s name, country, IP address of last login and MD5 hash of the password.
If I ask you to give me all of those details, would you? Are you at all curious what type of spear phishing email can be composed with that information? Are you interested in what using hashcat could do with a MD5 hashed password? What if I offered to give a penny to someone you never met if you give me those details, would it be a good deal then?
What if you were forced to take that deal, would you want to know why? Or would you want no explanation at all? Did this deal meet with your expectations of Comodo?
Comodo’s team has not been responsive to questions in the past even when they initiate the conversation about buy their enterprise services.
Neither of these lists provide any details for a test methodology or criteria for success.
gbhackers throws in Wireshark and Aircrack-ng in a top 10 list of vulnerability scanning tools?? Both are great projects but nether are vulnerability scanning tools.
At least gbhackers keeps his wordpress up to date. So maybe Comodo should hire one of them to maintain the forums software?
There opens a wide field. I do not believe that these data are only known through this website.
I do not think that even you are really anonymous on the Internet and that there is nothing to be found about you. Except, you do not do anything in the I-net as only surfing with TOR, VPNs (if they are safe, people are behind it as well), obfuscate as much as possible. But then the use of the Internet is so limited that I could leave it at once. Not a single one of my accounts has the same password and these are very safe. An importent point.
On the other hand, I use TOR in certain cases i.e. if I want to inform myself about something and certain words could be misinterpreted.
For example, I can not reach certain pages with TOR because this is detected and then the access is blocked.
Most sites require cookies and java-script. Without them you have only limited use or none at all. Online banking not possible. Acrobat Reader knows your IP address etc, etc.
Without tracking some things will not work.
Facebook “reads” on pages with her “thumbs up pic”, etc., etc.
Since the current problem is the much lower.
Now, however, everything is really said from my side as I think about it. I do my best to be protected, don’t open funny websites, I do not download software from websites I do not know about and use a modified software from me and this not to “lax”.
Edit: Of course I hope that my datas are sure when visiting any website but do I know it?
From an end user perspective using a web browser, it makes perfect sense to question if in a post-Equifax breach world if the concept of Personally Identifiable Information still really exists. If you want to question the worth of laws like GDPR for yourself, that is perfectly fine. But at the end of the day, regardless of what additional steps you take yourself to protect your data, you and everyone else would like to hope data is secure on the websites they visit.
I’m on the flip side of the coin from being a client, I need to provide solutions to customers in which being compliant with PCI-DSS and GDPR is not optional or up for debate. For these customers, the idea of protecting PII like hashed passwords is critical. If they run a forum and there is a data breach then that has consequences for their brand.
In a NSS Labs security value map, Comodo came up as 1 of 5 products that is over 98% in security effectiveness during their tests. But they also show it at being over twice as expensive as three of those products.
It would help me greatly if I could better understand what is being provided for that price, why Comodo uses such strong language for what they deliver and why this data breach still occurred.
If Comodo is not using the forums to perform a real world test of their own products or if Comodo doesn’t take security seriously enough for their forums to use their own products, then it would be good to know that. But so far I can’t obtained any straight answer in this regard.
It should also be noted that if Simply Machines Forum is updated to version 1.1.0 (released in 2006) or higher, the cookie should be called “SMFCookie11” instead of “SMFCookie10”
Version before 2.0.15 are stated to be vulnerable to CVE-2018-10305 and there several more CVEs for SMF previous to 1.1.0.
So in addition to needing to possibly update vBulletin for the second security patch level, now might also be a good time to look at upgrading Simple Machines Forum on this site too.
According to the a post from EricJH in that thread, they finally updated to SMF 2.0.13 just last month? That version was released back at the beginning of 2017! And as I stated before, that version has a publicly stated vulnerability. How does a CVE from 2018 with a CVSS v2.0 exploitability subscore of 10 out of 10 get ignored when finally updating in the second half of 2019?! Seriously, I can not understand the logic. Does this make sense to someone else?
I changed mine.
I would have thought Comodo would have placed a rather large and important banner at the top (at the very least) of forums.comodo.com to grab users attention. Seem like something most other forums would do?
I would have thought Comodo would have placed a rather large and important banner at the top
They should have also sent emails out and also could potentially send a notification to their AV products to pop up maybe but they did not. WTF? Seriously? Just a forum post?
If online accounts and databases have been compromised the least any company must do is send emails out but I did not received any. I didn't know about this hack until now.
I am very disappointed.
Fortunately my login credentials here are different than any “important” places so no harm can be done with this information they obtained here.
Wondering if I purchase a license key would I get a notification if that database was compromised? Now days even if someone just know you name, address and email and what services you paid for and subscribed to and what type of payment if it was debit, credit card or paypal is enough to scam you. Do Comodo notify us if this information is leaked?