Author: wefightforsecurity

Data breach victims can sue up to $1,000, CA senate bill says

Author wefightforsecurityPosted on June 1, 2018Categories cyber securityTags , , , , ,

A  California Senate Bill states each victim can sue up to $1,000 for being impacted. This has just passed the California senate. If this becomes law,  companies who suffer data breaches will be on the line for hundreds of billions of dollars. If the Equifax data breach had occurred and this was law they  would’ve paid up to 400 billion dollars if this was a federal data breach law, in every state and country victims were affected by the equifax data breach.

 

The wording is as such, that the person has to be affected, not be a registered user of your service. This is a very important detail, for cases like Cambridge Analytica where some debate if that was a breach of data, despite the company getting the data via an app that allegedly the description wasn’t accurate as to how the data would be used  and allegedly using it to influence US voters.

 

It is far cheaper to hire a company who specializes in security with an elite team of freelance security professionals who will audit your systems and then explainhow to avoid the problems detected along with written patches for each issue, if you’re on that tier, then have to pay billions of dollars, as data breaches hit everyone, because few truly care about security

 

 

Credit Card chip bypass with teaspoon of sugar

Author wefightforsecurityPosted on May 27, 2018Categories information securityTags , , , ,

A teaspoon of sugar allegedly helps the medicine go down, however it also makes a credit card chip bypass work.

What are we talking about? a teaspoon of sugar carefully put on a chip sometimes that needs to be spread  across the chip will bypass the security of the chip. How so? Insert the card 3 times really quickly with the sugar and it will bypass chip security letting you just swipe the card.

 

That sounds too easy but this is due to a fallback technique in the point of sales systems where you accepts payments. The fallback technique is used for legacy purposes that then just let you swipe the card.

 

Do you have any ways to get to fallback you would like to share? Comment away.

My SCADA My Pro 7 Hard Coded FTP login exploit

Author wefightforsecurityPosted on May 20, 2018Categories Uncategorized

SCADA is used in some of the most critical infrastructure in the world, yet here we are with a severe SCADA exploit for mySCADA Mypro 7 in the newest version to date. Anyone can upload whatever they wish using the FTP username and password that was hard coded into the program.

Thankfully there is a solution, which is restricting access to the obscure port being used for the FTP access.

Until this is patched it is a must to restrict access to the obscure port 2121 being used for FTP.

zero day Detection Automatically in websites software

Author wefightforsecurityPosted on May 7, 2018May 7, 2018Categories UncategorizedTags , , , , ,

Zero day software detection is absolutely a necessity, since the average cost of a hack is 1.3 million dollars. We wondered if we could solve the zero day issue by discovering certain zero days nearly the instant they are made. It sounded crazy, but it worked. We can find and detect tens of thousands of zero days in software. Detection is only one step, you may be saying to yourself and you are right. Which is why we also have patch solutions, so whatever you find we have a quick and reliable way to accurately fix the zero day and removing it from the software.

What makes this even better? Our amazing software is only $20 a month. That isn’t 20 dollars a month for 12 months, no it’s 20 dollars a month and you can stop using our software to detect and solve zero days in software before hackers maliciously exploit them.

LinkedIn Messaging Gives Away Your Identity When You Click On Links

Author wefightforsecurityPosted on May 5, 2018May 5, 2018Categories Uncategorized

LinkedIn is a website for professional communication, what most don’t know is a privacy leak with LinkedIn. An odd referer was linked to our site. It was from LinkedIn, but it was someone reading their messages. It gets weirder, it also gives the token LinkedIn uses to identify if you are the logged in user.

When we clicked the referrer link, it gave us the picture and name of the CISO who clicked a link in his messages to our site. This is concerning as this is a privacy leak that is actively happening to every site people click on from LinkedIn.

This is in midst of the privacy debacle of Facebook and while this isn’t as bad as some of the things that have happened at Facebook it could endanger some peoples lives. Say you are a government agent and click a link, thinking it would just say it came from LinkedIn. This would expose the governments agent blowing his cover, but let’s say the roles are slightly reversed and a government agency, was running a sting site to arrest people, but have to prove their identity. This LinkedIn issue could certainly help identify people and what websites they visited along with their image and LinkedIn profile.

What do you think, is this a privacy issue or not? Let us know in the comments.