1. Forum
  2. DOVE-Net
  3. General

  • Eratta Sec

    From Gryphon@VERT/CYBERIA to All on Thursday, February 06, 2014 15:25:00
    I was looking in my connection logs, and I found this:

    Feb 06 2014 15:14 Connect from 209.126.230.74 (INTERNETSURVEY-5.ERRATASEC.COM)

    Whois offers this:

    OrgName: Errata Security
    OrgId: ES-241
    Address: 1401 Peachtree St Suite 500
    City: Atlanta
    StateProv: GA
    PostalCode: 30309
    Country: US
    RegDate: 2013-09-30
    Updated: 2013-09-30
    Ref: http://whois.arin.net/rest/org/ES-241

    OrgAbuseHandle: ESA77-ARIN
    OrgAbuseName: Errata Security Abuse
    OrgAbusePhone: +1-404-475-5597
    OrgAbuseEmail: abuse@erratasec.com

    Does anybody know anything about them?

    --- Mystic BBS v1.10 A38 (Linux)
    * Origin: Cyberia BBS | Cyberia.Darktech.Org | Kingwood, TX
  • From Poindexter Fortran@VERT/REALITY to Gryphon on Thursday, February 06, 2014 14:49:33
    Re: Eratta Sec
    By: Gryphon to All on Thu Feb 06 2014 03:25 pm


    "Errata Security is a team of dedicated security researchers that practice offensive security. The insight gained from research is delivered to clients through Hacker Eye View reports that cover a variety of topics and real world scenarios."

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Gryphon@VERT/CYBERIA to Poindexter Fortran on Thursday, February 06, 2014 19:10:00
    On 02-06-14, Poindexter Fortran said the following...

    Re: Eratta Sec
    By: Gryphon to All on Thu Feb 06 2014 03:25 pm


    "Errata Security is a team of dedicated security researchers that
    practice offensive security. The insight gained from research is
    delivered to clients through Hacker Eye View reports that cover a
    variety of topics and real world scenarios."

    Yeah, that's what it says on the website. But has anybody else seen any evidence that they've tried to snoop on your systems? Does anybody have any info beyond what they tell us on their website? Are they legit?

    --- Mystic BBS v1.10 A38 (Linux)
    * Origin: Cyberia BBS | Cyberia.Darktech.Org | Kingwood, TX
  • From Bbikebbs@VERT/OLDTIME to Gryphon on Friday, February 07, 2014 00:28:00
    Gryphon wrote to Poindexter Fortran <=-

    @VIA: VERT/CYBERIA
    @MSGID: <52F434AE.78806.dove-gen@vert.synchro.net>
    On 02-06-14, Poindexter Fortran said the following...

    Re: Eratta Sec
    By: Gryphon to All on Thu Feb 06 2014 03:25 pm


    "Errata Security is a team of dedicated security researchers that
    practice offensive security. The insight gained from research is
    delivered to clients through Hacker Eye View reports that cover a
    variety of topics and real world scenarios."

    Yeah, that's what it says on the website. But has anybody else seen
    any evidence that they've tried to snoop on your systems? Does anybody have any info beyond what they tell us on their website? Are they
    legit?

    --- Mystic BBS v1.10 A38 (Linux)
    * Origin: Cyberia BBS | Cyberia.Darktech.Org | Kingwood, TX

    They hit me yesterday (02/05/14) at 4:27pm CST.

    Scott

    Scott -- The Old Time BBS -- oldtime.synchro.net
    Streamwood, IL

    ... (A)bort (R)etry (I)nfluence with large hammer
    --- MultiMail/Win32 v0.49
    þ Synchronet þ -- The Old Time BBS Telnet: oldtime.synchro.net
  • From Allen Scofield@VERT/PHARCYDE to Gryphon on Friday, February 07, 2014 02:07:52
    Yeah, that's what it says on the website. But has anybody else seen any evidence that they've tried to snoop on your systems? Does anybody have any info beyond what they tell us on their website? Are they legit?

    I had a connect attempts to my server from them:

    Jan 15 00:41 0 Connect: 209.126.230.76 (internetsurvey-7.erratasec.com)
    Feb 06 14:41 0 Connect: 209.126.230.74 (internetsurvey-5.erratasec.com)

    --
    Thanks!
    Allen Scofield


    ... The government solution to a problem is usually as bad as the problem.


    ---
    þ Synchronet þ thePharcyde_ telnet://bbs.pharcyde.org (Wisconsin)
  • From Android8675@VERT/SHODAN to Gryphon on Friday, February 07, 2014 07:15:47
    Re: Re: Eratta Sec
    By: Gryphon to Poindexter Fortran on Thu Feb 06 2014 07:10 pm

    Yeah, that's what it says on the website. But has anybody else seen any evidence that they've tried to snoop on your systems? Does anybody have any info beyond what they tell us on their website? Are they legit?

    Does it matter? Your BBS is on the Internet, actually, everyone that's on the Internet is on the Internet, if someone wants to play bad guy wether they are "legit" or not is irrelevant.

    When I think about it, people that connect to my board are connecting to a backed up VM, and even if they somehow hacked into my other files, there's really nothing of consiquence on my system that I'll miss. I guess if you're really worried about EVERY IP that comes knocking on your board, you might want to do what LK did and block all IPs and figure out a way for people to request access and submit their IP ahead of time.

    This group in particular sounds like a security firm that researches internet security vulnerabilites so they can better serve their customers security needs. Question is, who's their customers (if they have any)?



    ---
    þ Synchronet þ Shodan's Core - shodan.synchro.net:23 & :2323
  • From Gryphon@VERT/CYBERIA to Android8675 on Friday, February 07, 2014 17:51:00
    On 02-07-14, Android8675 said the following...

    Re: Re: Eratta Sec
    By: Gryphon to Poindexter Fortran on Thu Feb 06 2014 07:10 pm

    Yeah, that's what it says on the website. But has anybody else seen evidence that they've tried to snoop on your systems? Does anybody any infobeyond what they tell us on their website? Are they legit?

    Does it matter? Your BBS is on the Internet, actually, everyone that's
    on the Internet is on the Internet, if someone wants to play bad guy wether they are "legit" or not is irrelevant.

    When I think about it, people that connect to my board are connecting to
    a backed up VM, and even if they somehow hacked into my other files, there's really nothing of consiquence on my system that I'll miss. I
    guess if you're really worried about EVERY IP that comes knocking on
    your board, you might want to do what LK did and block all IPs and
    figure out a way for people to request access and submit their IP ahead
    of time.

    This group in particular sounds like a security firm that researches internet security vulnerabilites so they can better serve their
    customers security needs. Question is, who's their customers (if they
    have any)?

    I've started blocking whole countries via iptables. I've only blocked a few
    so far, and left most open. But this firm is from within the US, so it's not something that I can block easily, unless I want to start adding individual IP's into the list. I may do that if there are obsessive knocks on the door from individual IP's in the US, with nobody logging in.

    So basically, if I think that they are warranted, then I will block them.
    But if they are legit, ie some probes like the telnet bbs guide or bbsnexus uses to verify that a bbs is up, then I would want to allow it.

    That, basically is why I was asking.

    --- Mystic BBS v1.10 A38 (Linux)
    * Origin: Cyberia BBS | Cyberia.Darktech.Org | Kingwood, TX