Category: data breach

How To Solve The 200 Point Biohacking village CTF question

Author wefightforsecurityPosted on August 13, 2020September 3, 2020Categories cyber security, data breach

The story around the question was long with hundreds of paths of thought to go down as the story was so well written it explained everything that happened in the hospital down to the sticky notes on the computer and what was written on them. If it was shorter it could’ve been a fictional ode memoir, an ode memoir is only written with things from your senses, that you can explain factually.

The question simply was “What are you going to do to make it through the long night? We need some creative, specific ideas we can share with others. There are no wrong answers.”

A vague question, indeed, but then it caught my eye that the answer had to be 100 characters long that it is tweet worthy. This has to be something the hospital can tweet out, that embraces confidence in their users that everything is fine.

I knew I was on to something, so I re-read the story and focused on what would solve the problem, not all the paths on how the problem could’ve been created. I came to an answer, an answer I tell clients all the time and that we say all the time in our business. So to not ruin the fun of it all, I won’t tell you what answer that is, but the CTF is really just testing your common information security logic in this scenario. It took max ten minutes and was a lot of fun. I then answered a bunch of acronyms plus the hundred points from the other write-up. That’s how I got 355 points in just a few hours as I joined towards the very end of the CTF. It was fun and I look towards joining the biohacking villages next CTF.

We hope you’ve enjoyed these write-ups and apologize that they can’t be more clear. If you enjoy them, please subscribe to our mailing list, which that pop up will ask you to do. We have a lot more research coming out, since bitfi just sent their newer devices to us after we published a bitfi exploit on Twitter in their older version.

Why Airtight security Premium Is Great!

Author wefightforsecurityPosted on December 14, 2018January 17, 2019Categories cyber security, data breach, first page google, information security, internet security

Have you ever wanted software that is maintained by programmers that have your best interest at heart? Do you want features and a security scanner to check and see if you’re vulnerable to being hacked? You are at the right place.

We provide a team that analyzes code that acts in a malicious manner or is malicious. We provide a free fix for Yoast SEO blocking podcasts and lowering your visibility in Google rankings. Our software automatically adds in some cross site scripting protection by putting in the xss protection header. This helps keep your site safer from a certain type of hack called cross site scripting. We also provide a header that tries to make sure only the right code runs, so if someone does something malicious it may not run depending on how it is written.

We provide you with extra privacy, meaning when you leave your site using a secure connection to a site not using a secure connection they won’t be told what site you came from. By default all sites are told where people come from.About the airtight security team

We have over over 20 years of working in cyber-security.Our programmers have a security first motto, which makes great code to help you stay secure.

  Premium Airtight Security

Our scanner provides up-to-date info on publicly known ways to hack software used on your site. Our cheapest premium version is $4.99 a month for two site licenses.   $9.99 a month for being able to use it on five sites, $14.99 a month for 20 site licenses, $19.99 a month for 50 site licenses and $59.99 a year for unlimited licenses. We currently scan up to 50 plugins and themes on your site.

What do you get with Airtight Security?

We defend against code that acts in a malicious manner and our premium version alerts you about publicly known exploits that you have on your site. You are harnessing the power of a crowd of researchers and getting information from the worlds largest software that is known to be exploitable for WordPress.


Marriot Starwood Hotel Hack, Lack Of Security Put In Context — What internet security Isn’t Reporting

Author wefightforsecurityPosted on December 1, 2018Categories data breach, hotel hack, information security, internet security, marriot breach, starwood hotels, technology, website hack

Sit back and travel back in time. Our founder was at a Marriott Starwood hotel at a hacker convention called Layerone competing in a capture the flag, also known as a CTF. A CTF is a way for security researchers and hackers to test their security skills and solve, essentially puzzles where you have to find security weaknesses to win.

In a series of incorrect instructions provided by the CTF accidentally specified the Starwood Hotel website as a valid CTF target to hack. Alright, well, this isn’t a normal target, but I’ll start poking around. It took minutes to find out the site was highly insecure, to the point that the capture the flag security puzzles were far harder, than it is to hack Starwood Marriott Hotels.

The CTF hosts said if our founder hacked the hotel website, we would win the CTF. It was all too easy to hack starwood hotels, however due to our level of decency, ethical code of conduct, and always doing everything legally, we didn’t go as far as the hack that started in 2014 that was just discovered and is currently being reported. Instead, we simply ran some of our own code on their site that did not impact the safety or security of customer data and contacted their head leadership with the exploit.

Starwood patched the exploit and the world went on. Now everyone is just discovering how soft of a target Starwood hotels truly was and may still be. 500 million users potentially compromised that had been ongoing since 2014 is a bit hard to believe for some, but then again few have poked at starwood security. This news doesn’t surprise me one bit and it honestly shouldn’t surprise you.

How do you keep anonymity while staying at hotels if and when you want it?
Since 500 million accounts were exposed, some anonymous identities will be partially compromised as well. How can you have an anonymous identity at a hotel? That is an interesting question, and it turns out it is very simple. There are some people I’ve known for years and I still do not know their real names. They get credit cards with their secret identities and introduce themselves as their secret identity.

Why would you go to such lengths? Because, internet security research wasn’t always looked upon as friendly as it is now, and we still have plenty of problems that need to be overcome, but that isn’t the focus of this article. Those with credit cards who have fake names, have it easier than those who didn’t have fake names. They simply have to change their name and get new credit cards. Your information tied to your real name is now available for, potentially the entire world to see. We do not know the extent of the breach yet, but it may know your interests, like what you buy at hotels, etc.

One thing that is nice about Starwood Marriott Hotels is that it is it’s own world within a world. You walk through the automatic opening doors and there is a robot who delivers room service. No, I am not kidding. You then turn the corner to see one of the stores inside their miniature world that has food, if Chocolate and other snacks count. They have clothes, so if you forget your swimsuit you can just go buy one. You can walk over to the bar and grill and still be inside the hotel.

Do you see how great this is from a convenience standpoint both for the people who stay there and for those who stole all your data? They may, which we do not know yet but they may know what you buy at the store, what you order from the room service robot, and what type of foods you eat. They may also have your credit cards, and duration of visit. Also, if you used a special promo code for a block of rooms, which are bought for conferences, that is also exposed.

So, a lot of people will say why does any of this matter? So what if they know I like Godiva Chocolate? At face value it doesn’t look like a problem, but for others this is a huge compromise. Everyone can now selectively target you, knowing what foods you will react to and what you like to eat, so if we are going to go a bit 007, they could potentially poison food you order.

For the majority of people, none of these scenarios are a problem. Most of us already share that data online, but for a minority, these type of breaches could cause grave problems for them, especially for spies. Say what you want about spies, they’re still a minority that have had their cover blown. Now the probability of a spy staying at a starwood is surprisingly higher than you think, based on how many Starwood hotels exist. However, their identities could be compromised even if they didn’t stay at a Starwood hotel or property, if they stayed at any Marriot and had their data merged when Starwood was bought out, they’ve been exposed.

Do you see the severity of this internet security breach? You do? Great, then you don’t need to keep reading, but if you don’t, then let’s look at it from this viewpoint 500 million credit cards have been leaked affecting 500 million bank accounts, which if they are all still valid and used, could cause a major problem for banks. You hate banks, so you don’t see how this affects you? Fine, we can see that viewpoint, but if the banks have a problem, say too much credit card fraud, then it is going to cost them money and potentially impact the economy.

If none of this has you concerned, we will give it another try. Were you having an affair? Does your significant other not know and you weren’t exposed in the Ashley Madison data breach? You thought it would be smart to buy a hotel room, so you wouldn’t be caught, right? Well, now your significant other will find out and your relationship is at where it should be, from my honest perspective. You don’t deserve a significant other you cheat on. Or let’s say you’re part of the LGBT community and you got a room for two and both names are shown. It is going to rise suspicions if you are married and being your true self on the side. Maybe in this case, this will improve your life in the long run and you can become the true you. Let’s hope you aren’t from a country where being gay puts you in jail or you are killed.

One last example for the road, let’s say you don’t want your employer to know you attend a certain type of conference and that data has been exposed. Let’s say they may find out you were at a convention at the hotel that was focused on hiring people. They may suspect you were trying to get a new job, which while legal some companies don’t look kindly on that.

Now that every potential example we can think of on how the Starwood Marriott Hotels could impact you has been explained, we hope you realize there is a problem.

Now what do you do to protect yourself from the Starwood Marriot Breach?

While the default reaction is to say change your password, the announcement from Starwood didn’t make it clear if the hackers still had control of the system or not, so change your password with one you’ve never used before. You’re always supposed to do that. If you reused the password associated to your Starwood marriott account on another site, change that password now.

Contact your bank and let them know that you were impacted by the Starwood Marriott hotel data breach and to keep a closer eye on your transactions, so fraud alert is at a higher level. Also, if you care about privacy and don’t want your birthday known, change it on every website.

If this helps you, let us know, if not we would like to thank you for reading. We will be writing about SEO tomorrow!