Google Chrome is the browser by Google. We found a chrome bug that is so simple that every browser should’ve already been protected from it, but neither Firefox nor Chrome were. We also attacked other platforms and used the attack to crash our peer reviewers phone. We found a way to crash the chrome and Firefox browser by putting 500 thousand lines of urls that would remotely crash the other users system, wipe all the sites they were on from restoring, etc. An example would be https://planetzuda.com/test/http://planetzuda.com/test/ and repeat. The bug was far harder to exploit on chrome, then it was on Firefox since to Google’s credit or Chromiums they had better protection then Firefox had against this attack.

The way it worked was taking the URL above and then manually copying it or using a python script to automatically copy it thousands of times and then sending it to the browser. We contacted Our peer reviewer and tested it against him.

We were in the process of seeing if we could get leaked memory and go to RCE, but Google likes reports as soon as you know of an issue, so we reported to Google Chrome per their bounty program. The bug quickly got marked won’t fix, but another member marked it needs more feedback afterwards, but once you mark a bug won’t fix, you have no interest in engaging with the submitter. Never underestimate the person submitting the bug. If you don’t get the bug, that’s fine but don’t assume what it is, which is exactly what they did. So if the bug was no big deal, which is the way they acted on January 16th why is it patched? Also, how did Firefox get the patch when we didn’t submit it to them? These are questions we want answers to. We are asking Google to pay for the bug, since they found it to be of value to quickly patch it and it appears they also passed the info along to Firefox without our permission, which is problematic as we were never credited for the bug by Firefox.

We will update this if Google responds to our requests, but from now on we are going public disclosure on bugs here on out.

Many articles have come out stating that between 43 to 50 percent of small businesses are hacked. This makes sense and we will explain why in our guide that gives you a tiny bit of insight on how to think like this particular type of hacker.

Most small businesses use insecure software, they use anything that is free or cheap, and they never have a security audit no matter how much they want it due to how expensive it is.

Free and cheap software generally has no security to very little security, however paying more does not mean in anyway that you are more secure,  but they have a bigger budget to at least focus on security.

Before using a piece of software look up that software with the word exploit and see if there are any recent articles about exploits not being fixed in it. Also, update your software as much as possible and always do backups. We can’t stress those two the most, so we will repeat it. updating your software is critical  and having backups are critical for when you are hacked. Backups have saved some of our clients businesses when they were hit with ransomware, because instead of paying the ransom they simply restored from the backup and then had us make it more secure.

 

Our goal is to provide true security audits and malware removal at an affordable price, that is a true security audit, not the untrue security audits provided by other companies at affordable prices. A security audit is finding vulnerabilities before you’re hacked and we do that for as low as $29.99 a month, but enough about us let’s focus on what you can do for free to keep yourself secure. Of course, the ransomware sometimes does damage the perception of how secure you are if it also holds the entire site ransom, thus people may not trust your site as much. However, there are ways to mitigate this issue, by being very open and transparent about the entire process. While we know some companies want things to be hidden and not talked about, hackers find them anyways, so it’s better to be open about something then closed off.

 

We hope this very small and not even remotely close to extensive guide has helped you.