Month: April 2017

SEO Backlinks Can Damage your Sites SEO Optimization with Search Engines

Author wefightforsecurityPosted on April 28, 2017April 28, 2017Categories Uncategorized

SEO is very important, unfortunately one of the main problems we run into with our customers is that some giant companies are still selling SEO backlinks services, where they go around the web posting links to your website and call it SEO.

 

This is not helpful, it is in fact quite damaging, fortunately the SEO damage can be reversed but it takes time to fix the SEO damage and put proper search engine optimization in its place.

What is SEO backlink damage?

SEO backlink damage as we described above is where you go around the web randomly posting links back to your site, known as backlinks. The reason this is damaging is because the backlinks are irrelevant to your site and the search engines know that you or someone else is trying to damage your sites reputation.  If you make a bunch of profiles and post backlinks to your site that have no relevancy with your company, that can be damaging, especially when the sites you post on are primarily used for spam.

Organic SEO backlinks are entirely different then what we are talking about in this post and will discuss that in a future post. Organic SEO backlinks are good and healthy, but that’s all we will say on that subject.

 

How do I fix SEO backlink damage?

It varies from site to site, however one big step is finding the most offending websites that hurt your rankings and then remove  those websites by using the disavow tool in Google. We try to keep the amount of SEO backlinks we remove low, since we only focus on the worst damage.

If you simply remove the backlinks, that in itself does not fix your sites SEO damage. We always have to update the site to rank better in many other ways and do so for $99.99 a month. If you have any questions, feel free to contact us.

 

 

 

 

Website security: Is Website security easy to hack by criminals?

Author wefightforsecurityPosted on April 27, 2017April 27, 2017Categories web securityTags , , , , , , , , , ,

Website security is code that tries to stop criminals from illegally hacking your website and bypassing  security measures you have in place, if you have any in place.

How secure is website security on average?

On average it takes less then a minute to bypass website security that is supposed to stop criminals and automated tools can crack simple passwords in under 30 seconds, sometimes under three seconds depending how weak your password is and what type of machine  you have.  How is this possible? Most developers aren’t familiar how code can break, they just know how to write code that works and depending on the project, that can be complicated in itself. Education on how to secure code is very important, if we want to make more secure programs in the future.

What is website security?

Website security is supposed to stop criminals from getting into your site. It simply is code that is designed to make it so criminals can’t bypass it, but they may be able to bypass another part of your code, since there are so many ways into your average system.

Website security being illegally hacked by criminals is a major problem, since all your users data could be stolen, your site could be used to deliver malware to users, gain access into areas that require admin authentication, and so much more. Protecting website security is one part of our job, making sure we provide enough plans so everyone can afford web security is another part of our job. Whether you  can only afford malware removal  or need a security audit to find vulnerabilities, we have you covered. We continue to release more  products to help people stay as safe as possible without breaking the bank.

 

Hackers for hire to secure your website from criminals

Author wefightforsecurityPosted on April 22, 2017April 27, 2017Categories cyber security, web securityTags , , , , , ,

We are cyber security professionals, information security professionals, but when it boils down to it we are hackers for hire that are easy to find and easy to  contact. or hire by one of our hacker for hire subscription plans. When we are hired by the private sector we help secure your websites, servers, applications and any IoT device under the sun. Our plans currently only support websites, however we are professionals at IoT security, also known as internet of things security and server security.  Companies hire us to stop criminal hacking before it happens or if it’s already started we put a stop to it and provide an analysis of the criminals behavior and information we have on them, along with if they are known elsewhere, since many criminals want to be known, they just don’t want to be caught.

  What type of hacking will you not do? Since you’re easy to find hackers for hire will you do unethical hacking?

We are ethical hackers for hire that are easy to find, so we will not do illegal hacking.   We will end up putting a FAQ together about the most common requests for illegal hacking, but a few off the top of our head of requests are to hack another users facebook account for you, instagram, or any other service.  We don’t care if you tell us the person you want hacked is a cheating slimeball, that doesn’t make it legal to hack them. Since we’re ethical hackers for hire, we stick by our code and won’t hack cheating slimeballs for you.

What can you do as hackers for hire?

As hackers for hire we can do a lot, like secure your website, server, IOT products, etc. Working as hackers for hire we have recovered stolen laptops, We identified a hacker who claimed to be a woman in San Diego, who ended up being an Indian in India living in a flea hotel, who took a trove of unreleased music from a studio.

We’ve identified employees who have destroyed their companies systems making them inoperable. We’ve worked for fortune 100’s, we’ve had GoDaddy as a client showing them security flaws in their servers and we found a lot of issues.

We identify malware in companies infecting their users, we’ve helped make it so companies don’t have to pay ransomware by securing their systems and offer anti-phishing training.

What can we not do as hackers for hire? Whatever the law prohibits, which is becoming less and less. We can show you how insecure your internet connected devices are, also called internet of things devices, among other things.  It’s even legal to hack a car or anything else you own to show how insecure it is.

Remotely Disconnecting Bebop Drone pilot exploit As seen on ZDF

Author wefightforsecurityPosted on April 17, 2017April 17, 2017Categories cyber security
  1. Last year we ran into an issue when recording Smarter Living for ZDF when they gave us a drone we hadn’t hacked before which was the bebop 1. It took half an hour to find a vulnerability and exploit the bebop drone. while it isn’t a  fancy exploit it got the job done. Parrot had tried to put a patch in place for the bebop drone to stop people from accessing telnet, however you could still send request to telnet. We sent a bunch of telnet requests to the drone while it was flying and remotely disconnected the user from being able to control the drone. Instead of the drone crashing no one had control of the drone and it was doing whatever it wanted requiring the director and I to grab it out of the sky.

While we have a ton more of drone vulnerabilities that we spoke about at bsides LA, we won’t be releasing them today.  We went all the way down to a binary analysis, which was quite interesting and may make publicly available.

Chrome Vuln Denied By Google Then Patched Bug Without Payment

Author wefightforsecurityPosted on April 5, 2017Categories cyber security

Google Chrome is the browser by Google. We found a chrome bug that is so simple that every browser should’ve already been protected from it, but neither Firefox nor Chrome were. We also attacked other platforms and used the attack to crash our peer reviewers phone. We found a way to crash the chrome and Firefox browser by putting 500 thousand lines of urls that would remotely crash the other users system, wipe all the sites they were on from restoring, etc. An example would be https://planetzuda.com/test/http://planetzuda.com/test/ and repeat. The bug was far harder to exploit on chrome, then it was on Firefox since to Google’s credit or Chromiums they had better protection then Firefox had against this attack.

The way it worked was taking the URL above and then manually copying it or using a python script to automatically copy it thousands of times and then sending it to the browser. We contacted Our peer reviewer and tested it against him.

We were in the process of seeing if we could get leaked memory and go to RCE, but Google likes reports as soon as you know of an issue, so we reported to Google Chrome per their bounty program. The bug quickly got marked won’t fix, but another member marked it needs more feedback afterwards, but once you mark a bug won’t fix, you have no interest in engaging with the submitter. Never underestimate the person submitting the bug. If you don’t get the bug, that’s fine but don’t assume what it is, which is exactly what they did. So if the bug was no big deal, which is the way they acted on January 16th why is it patched? Also, how did Firefox get the patch when we didn’t submit it to them? These are questions we want answers to. We are asking Google to pay for the bug, since they found it to be of value to quickly patch it and it appears they also passed the info along to Firefox without our permission, which is problematic as we were never credited for the bug by Firefox.

We will update this if Google responds to our requests, but from now on we are going public disclosure on bugs here on out.