rambot's comments

rambot | 10 years ago | on: SecureMe scans your Android phone for publicly known vulnerabilities

From the talk they are doing about this at AppSecUSA (http://sched.co/3VgM):

    The only information which gets accessed and transmitted are listed below:

        1. Application Name
        2. Application Package Name
        3. Application Version Number
        4. Application Version Name
        5. SecureMe – Droid Search Depth setting (1-5 only)
        6. SecureMe – Droid Vulnerability Details settings (1 or 0)

You aren't sending anyone your APKs. The application exists to make searching Mitre's CVE database more convenient and automagic.

The developers are security consultants at Security Compass. The application is hosted in Montreal, Canada. (I work there as well, and can ask them to add an FAQ about this this stuff.)

rambot | 11 years ago | on: Show HN: Let's Chat, a self-hosted chat app for small teams

We started the project back in 2012. It's an open source version of Campfire. :)

rambot | 11 years ago | on: Show HN: Let's Chat, a self-hosted chat app for small teams

Our actual job is working on SD Elements (http://securitycompass.com/sdelements/). Let's Chat is just a side project, but it's also something we use internally everyday. The features you wish were there we also wish were there, no doubt. Lots of the developers here like working on it. I expect there will be updates from us for the foreseeable future. Hopefully we'll start getting more external pull requests as well.

I doubt we are going to pivot to a free chat client company any time soon.

rambot | 11 years ago | on: Show HN: Let's Chat, a self-hosted chat app for small teams

We should add that we are using Gravatar to our Wiki. It's not obvious for people who aren't already using Gravatar what's going on.

rambot | 13 years ago | on: MongoDB remote command execution vulnerability: nightmare or eye opener?

It sounds like they listen on localhost by default (http://docs.mongodb.org/manual/reference/mongod/#options), though i'm not sure if that's always been the case. It's also possible installers change the default behaviour. (i.e. when you install via apt, yum, homebrew, etc.)

rambot | 13 years ago | on: MongoDB remote command execution vulnerability: nightmare or eye opener?

Same. I was trying to suggest the attack vector most people would encounter is the web application MongoDB is servicing.

rambot | 13 years ago | on: MongoDB remote command execution vulnerability: nightmare or eye opener?

I suspect a lot of people are using MongoDB as the database backend to their web applications or services, so they are probably being indirectly exposed to the Internet. (Just like your Postgres or MySQL database.)

rambot | 13 years ago | on: Why the Latest Rails Exploit Is Indicative of a Bigger Problem

Where does the post suggest Rails is the only framework with bugs like this? The article opens with: "The latest Rails security flaw is example of a common anti-pattern. ... a similar issue may also exist in Python’s YAML parser ... I am reminded of similar flaws in other frameworks and libraries." I don't think the goal here was to pick on Rails, but to highlight that its recent security woes might be a sign of a bigger common issue.

rambot | 13 years ago | on: Show HN: A YouTube and Last.fm mashup

You can use it to listen to music you like, or find new music. I'm using it right now to listen to the same stuff my coworkers are listening to in our office while I work from home. Does that help?

rambot | 15 years ago | on: Bitcoin is Up Over $30USD -- You Still Think it's Worthless? :)

It wouldn't be a ponzi scheme if the value didn't go up, at least for a little while.