Posted on Jun 13, 2015
With internet hacking being a problem lately, is anyone afraid that terrorists could hack Rallypoint and steal personal information?
3.59K
3
8
1
1
0
Hacking social websites and other places for information has became a norm lately. Terrorists, especially ISIS, like to invade facebook and twitter to set up recruiting centers and pry into personal information on SMs and their families. I just want to know if anyone is worried about that happening to Rallypoint. If yes, then why? If no, then why not.
Hacking
Information
Terrorism
Servicemembers
Family
Posted 9 y ago
Responses: 3
0
0
0
Being in an IT field for the last 15 years, with plenty of Military and Civilian education on the subject, I can tell you that no system is un-hackable.
Any encryption can be broken.
In terms of the malicious, any system can be infiltrated with little effort and enough time and focus.
Most of the time people think they are safe because of encryption, or SSL certificates. Be aware that this is a stop-gap measure at best. While decrypting information is difficult and time consuming (as it is designed to be), Cracking a website, or database is not really that difficult, no matter what defenses are in place. If I were tasked with doing such, I would just choose an avenue that would not require me to have to break such encryption to be successful. There are plenty of ways to do such things, just spend some time on YouTube looking up KaliLinux tutorials and you will see. Any 13 year old with a laptop and time on there hands could accomplish this.
They're literally thousands of ways to steal the information on RallyPoint without even having to worry about the encryption they employ, the firewalls they use, or the physical security measures in place (assuming they are even in place). This is the same with all computer systems and networks.
All it takes is someone with the time to dedicate to the intrusion and the motivation to do so.
The best way you can protect yourself, is to not do the following:
Do not post information about yourself that can be used to steal your identity and also that would not violate any law or provision of the UCMJ.
If anyone has any questions about how they could further protect their own information, just let me know and I will be glad to accommodate !
Any encryption can be broken.
In terms of the malicious, any system can be infiltrated with little effort and enough time and focus.
Most of the time people think they are safe because of encryption, or SSL certificates. Be aware that this is a stop-gap measure at best. While decrypting information is difficult and time consuming (as it is designed to be), Cracking a website, or database is not really that difficult, no matter what defenses are in place. If I were tasked with doing such, I would just choose an avenue that would not require me to have to break such encryption to be successful. There are plenty of ways to do such things, just spend some time on YouTube looking up KaliLinux tutorials and you will see. Any 13 year old with a laptop and time on there hands could accomplish this.
They're literally thousands of ways to steal the information on RallyPoint without even having to worry about the encryption they employ, the firewalls they use, or the physical security measures in place (assuming they are even in place). This is the same with all computer systems and networks.
All it takes is someone with the time to dedicate to the intrusion and the motivation to do so.
The best way you can protect yourself, is to not do the following:
Do not post information about yourself that can be used to steal your identity and also that would not violate any law or provision of the UCMJ.
If anyone has any questions about how they could further protect their own information, just let me know and I will be glad to accommodate !
(0)
(0)
0
0
0
0
0
0
I don't know much about SSL certificates, but I believe Rallypoint has an OV cert, which is not the highest. I'd like to hear a more experienced IT tech's opinion, but I'm answering "yes, although there isn't much info on Rallypoint that I'd be nervous about except my resume."
(0)
(0)
SGT (Join to see)
Good point. I want to remind you, though, if you do something above the standard, your branch will "out" your duty station and job for you.
Attached is an example:
https://www.dvidshub.net/image/412248/cbrne-soldiers-year-chosen#.VXxt8aTJC00
Attached is an example:
https://www.dvidshub.net/image/412248/cbrne-soldiers-year-chosen#.VXxt8aTJC00
Spc. Jacqueem Spratley of the 737th Ordnance Company (Explosive Ordnance Disposal) prepares a range card for a 50 caliber machine gun during the "Warrior Tasks" portion of the 2011 20th Spt. (CBRNE) Soldier and Non-Commissioned Officer of the Year competition at the Gunpowder Military Reservation in Glen Arm, Md., May 11.
(0)
(0)
HN (Join to see)
Oh, absolutely. I'm aware of that. Not worried about that at all. I'd hardly call joining RallyPoint above the standard though so, it still doesn't solve hacking RallyPoint issue.
(0)
(0)
SSG (Join to see)
OV certificates are in the middle of domain validation(DV) SSL certs and extended validation(EV) SSL certs, EV certs are considered "top of the line". In order for a company to get one, the company must go through a heavy vetting process. The key difference in OV vs EV is the level of vetting and verification that is performed on the owner of the domain and the company that is applying for the certificate.
One of the clues if a website is using an EV certificate, is look at the upper left corner of your browser bar, is it green? RallyPoint seems to have an EV cert.
Green in the address bar (green bar or issuance name, see below)
Website owner’s company name in the address bar
https:// at the beginning of the domain name
Padlock in the address bar
Organization information in the certificate details
Facebook has one, USAA has one. Got to http://www.tacobell.com, taco bell doesn't have one. they may only have a domain cert.
One of the clues if a website is using an EV certificate, is look at the upper left corner of your browser bar, is it green? RallyPoint seems to have an EV cert.
Green in the address bar (green bar or issuance name, see below)
Website owner’s company name in the address bar
https:// at the beginning of the domain name
Padlock in the address bar
Organization information in the certificate details
Facebook has one, USAA has one. Got to http://www.tacobell.com, taco bell doesn't have one. they may only have a domain cert.
(2)
(0)
HN (Join to see)
So, there is no need for concern that someone could steal my information or find my family while I'm deployed. That is helpful.
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google