Hi All,The above conversation is quite insightful. However to put my mind fully at ease, what I would like to see is an independent security report covering the whole integrated solution: personalbrain, web services and mobile apps. I am looking for a reputable 3rd party penetration test and code scanning report, plus ideally an on-going (annual should be sufficient) process of repeated 3rd party security reviews published on thebrain.com. Is there such a report and regular review process? Note, I have read The Brain security whitepaper, but that is an internal document about the intended highlevel design, and not a 3rd party evaluation of the actual implementation.Kind Regards
This might mean that someone’s trying to trick you or steal any information that you send to the server. You should close this site immediately."
Browsing to the site using Chrome from within my client's corporate firewall, the certificate is reported as failed due to a common name mismatch, where the host name is 'assets.thebrain.com' but the common name is '*.cloudfront.net'.Maintaining and proactively monitoring your certificates and public key infrastructure is no longer optional now-a-days. It does not fill me with confidence that this is the third time over three separate occasions, I've reported to TheBrain that your public websites' certificates are invalid or misconfigured. You really should be proactively monitoring and managing these things.
Please get on top of certificates. Seeing that public-facing certificates are not being proactively monitored and maintained doesn't make me confident that the our data on the other side of the "SSL" connection is being looked after.Please post when the SSL issue has been resolved, so I may confidently download version 8 from your site. I do not trust downloads coming from unverified web servers.It would also be nice if thebrain.com would proactively protect its customers by removing server-side website vulnerabilities as I documented in my previous comments above.Kind regards
Add a Website Forum to your website.
Supported videos include:
Please paste your code into the box below: