A quick (and worrying) post.

I have read over the last couple of weeks about either fairly or extremely big vendors with glaring mistakes. TorcollectiveDnm didnt have 2fA active on their account, but worse than that , Quantik was using an online pgp service.

What the fuck guys !?!?


Comments


[7 Points] don_crackavelli:

We all have to remember something, vendors are humans too. They make mistakes, also being a vendor doesn't mean you are well versed in OPSEC or computers in general. Still those are both rather large mistakes.


[8 Points] None:

[deleted]


[5 Points] MLP_is_my_OPSEC:

Yeah I noticed this too. You'd think big vendors like them would have their shit straight, but I guess not.


[5 Points] None:

Vendors are just people. There are bad vendors and good vendors. There are bad buyers and good buyers. The spectrum stretches far and wide.


[2 Points] HarleyDavidsonFXR2:

What is 2fA?


[2 Points] DrQuarters_:

Quantik's old key was BCPG verision 1.6 if I recall correctly. Very unsecure. That is why I refuse to communicate with people who have less than ideal PGP configurations.


[2 Points] QuantikXanax:

We have since then fixed our pgp key, along many other problems or insecurities that was fixed during our infrastructure upgrade.

We're not perfect. My team isn't perfect and I am not perfect either. However, we do appreciate posts like this that pinpoint problems and allow us to change our business to always improve. We aren't stubborn.


[1 Points] anon4658:

Damn really? Thanks for the heads up!