

Clubbing (Third-party Security) Seals - tomvangoethem
https://vagosec.org/2014/11/clubbing-seals/

======
JCJoverTCP
Myself and Shane MacDougall spoke of trustmarks at both BSidesLV and Toorcon
several years ago, introducing a tool against some industry backlash, Oizys,
to troll through all the trustmark placeholders we could find, logging when
detecting a change in the trustmark during subsequent runs. Typically there
were several reasons why a trustmark would change: the site was no longer
secure from the perspective of the vendor scan tool (modified nessus?), or
maybe the vendor was no longer under contract (the bill hasnt been paid to the
vendor). The easiest thing to look for was a transparent gif where previously
there was a non-transparent one. This can also be done with your favorite
search engine, with some thought, but i am glad to see this getting some
additional attention.

------
JCJoverTCP
the engine also used OCR to parse timestamps within the rendered trustmark
image, and log when the image was past a certain amount of days. it was also
possible to generate spoofed trustmarks using the same method and we did that
too.

