Year: 2017

Google dorks, many have heard of them but few know what they are. Do Google dorks hurt my website? That depends on your website, but let’s first breakdown what they are.

Google dorks is simply a way to refer to a refined Google search using special built-in Google features like inurl:crazy or intext:crazy or “crazy” – insane. We will now break down each one and what it does. If you did a search inurl:crazy it will return results for all urls with crazy in them and if you do a search for intext:crazy, it will return all meta descriptions and other text it detects and displays with crazy in it. The third example is the best one, because that will only show you results for the word crazy, but not if the word insane is in  the title or description.

How can Google dorks  hurt my website or get it hacked?

Certain files are easy to find using Google dorks, we’ve been able to view web hosts databases, electric grids, things you wouldn’t imagine are connected to the internet. We aren’t going into what Shodan is today, but let’s just say this is  nothing compared to what you can find using Shodan.

We viewed one of John McAfee’s companies using google dorks and discovering a vulnerability that impacted their security. We reported it to Mcafee and the developers of the product and it was fixed. We do find it humorous that John says he loves hackers to hack him, because he gets attacked first with the newest attacks, when this issue has been known since the early 2000’s. In McAfee’s  defense his company didn’t write the code for this software, they simply were using it without a security audit of the code.

With Google dorks, you never access the website, that is if you are smart. Instead, you go to Google cache and anything that happens is indexed by Google and on Google’s domain, so you are viewing a copy of a website that Google hosts. If you go beyond viewing, then you may be in trouble.

Google dorks are powerful and can find all sorts of things that shouldn’t be openly accessible to the web, but for some reason are.

So, are you vulnerable to Google dorks? Hire us and you will find out so much more, like if you are vulnerable to SQL injections, XSS, CSRF, etc.

Cabrillo college students have been hacked, which is unfortunate since 28  thousand students  personal details are stolen along with their passwords, names, dates of birth, addresses and emails along with 12 thousand of the students social security numbers expected to have also been stolen.

The amount of data stolen in the criminal Cabrillo college hack is far worse than one may think. This affects students all the way back to 2009 and the way students used to be identified was by their SSN, until a few years ago they switched to user ids. This means that 12 thousand alma mater students of Cabrillo college are exposed to identity theft. One now has the social security number of a person, the day of their birth and their addresses along with name. This is all it takes to setup virtually any account online. It is highly advisable that all students get a credit freeze to avoid their identity being stolen. The school has not announced if it is providing identity protection or if it has followed the law and informed all the students about the data breach. They have had more than a month to do so, since the data breach was detected September 5th.

source: http://www.santacruzsentinel.com/social-affairs/20171009/cabrillo-college-hack-exposed-40000-students-data

Planet Zuda was in Readers digest explaining when you should give out your Social Security number, unfortunately a typo has us as Planet Zuta. An excerpt of what we said in Readers Digest says “First, focus on where you have to give your SSN”

If you want to read more, check out Readers Digest.

https://www.rd.com/advice/saving-money/times-to-never-disclose-social-security-number/

PureVPN in our opinion is a shady VPN provider, but we aren’t saying that because PureVPN worked with the FBI to catch a criminal. We are saying this based on experience  our founder actually has had   with them and when they were hacked.

PureVPN’s founder Uzair Gadit email was allegedly hacked years ago that sent out a message to users saying we could get refunds. Why a criminal would send out refund emails is something we don’t know the answer to, but in response to this we contacted them and somewhere in this process we were informed that the email address had been hacked. We argued for a long time for the refund, but what they exposed surprised us. They were willing to show us how many gigabytes of data we had used while being online. From what we experienced and per our knowledge, we firmly believe they do keep some logs or some form of file that if not  technically called a log,  stores data on you.  This made us stop using PureVPN for all  purposes.

We later discovered PureVPN was using insecure software on their site, which we believe makes their statement that they provide “Complete Online Security, Privacy and Anonymity” to be inaccurate.

What does PUREVPN say on assisting the FBI and what information they store on you? This is what they have said so far.

“We do not maintain any log of your internet traffic or browsing data. We keep timestamps, as of which purevpn ip was assigned to which username at what time and date. Refer to the link for further information: https://www.purevpn.com/term.php

As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).”

When further pushed on how many gigabytes they store they repeated theirselves by saying “We keep timestamps, as of which purevpn ip was assigned to which username at what time and date.”

We do not have a problem with tracking down criminals, even if that includes assisting law enforcement, however we do have a problem with companies who make claims that per what we know are not true and PureVPN falls into the latter.

We will update this if PureVPN provides more information.