Category: information security

Why Cyber Security is essential to SEO

Author wefightforsecurityPosted on August 23, 2019October 26, 2019Categories information security, search engine optimization, seo, seo hack, website hack

We had a client who insisted only on us doing SEO and no cyber security. They believed that being small company prevented them from being hacked. When we showed them the statistics that 50 percent of small businesses go out of business from cyber attacks, they still didn’t think they would be hacked. That was one factor that lost them a lot of money, and as they’ve learned adding in cyber security after the hack isn’t going to recover your money. Also, if you refuse to replace your vulnerable software, you’ll be hacked again and again.

So how does this link to search engine Optimization? It’s pretty simple. When you are hacked, Google remembers and penalizes you for it till your site hasn’t been hacked for 90 days. Not being hacked is vital to survival online, and we help companies survive online both with getting seen and making their sites and apps far more secure.

Building cyber security in with your SEO is a great option. We also do just SEO as some people like to live life on the dangerous side and not do anything about their security.

Many SEO Software Companies Are Making You Not Rank As Well Costing you money

Author wefightforsecurityPosted on January 8, 2019July 3, 2019Categories cyber security, information security, yoast seoTags , , ,

Based on our research, top SEO plugins cause sites to drop in Google rankings due to telling Google not to index their sitemaps. We support this with graphs and facts with our software fix.

We wrote this article in January, thatpointed directly to Yoast SEO as causing issues with sites being not seen by Google. We later learned Google was suggesting the code that Yoast was using it to all major SEO software companies we’ve discovered.

Update: Yoast requested to have this post deleted and our plugin removed that fixes this issue.

Yoast SEO is one of the most popular WordPress Plugins with over 5 million sites using their software. While Yoast provides a template to fill in the meta description field, it also generates a sitemap as do many other SEO software products.

Sitemaps are extremely important for Google to be able to see your site and be able to decide what it should index and what it shouldn’t index.

Yoast, All in one SEO, and many other seo products are essentially telling Google to not look at your sitemap by putting no-index in their header. This makes it much harder for Google to find links on your site.

While the list of SEO software that we’ve found containing the code Google suggests, we are happy Yoast will be fixing this in 11.7.

The SEO software companies currently include Yoast, All In One SEO & an independent plugin called Google XML sitemap Genator for WordPress, which was not made by Google.

This started around July 5th, 2018 and cost one of our clients tourslosangeles.com over 100,000 dollars and another client an undisclosed amount of money from all in one seo. We made a free fix with our plugin Airtight Security so you can continue to use these programs and Google can see your sitemap. This means Google can find your site a lot easier. All you have to do to get our plugin is go to your WordPress site and log in. Then go to your plugins and click add new. After clicking add new search for airtight security and download our plugin and activate it. It will automatically fix the issue without any intervention by you.

The rest of this article is kept intact for historical purposes with minor updates, as this article was written in January.

Does A sitemap guarantee Google Will Index My Links?

No, it does not and Moz pointed this out in an extremely honest and detailed piece on xml sitemaps they wrote. What a sitemap does is let Google see you have content, rank the content using their algorithm and decide if the content should be included on Google and how valuable it is. The reason this is so important is that serious companies will be writing content that is of value every single day and expect their sitemap to help Google find it quickly instead of having to manually go to Google Webmasters and enter each link manually.

What Happens When Google Sees my Sitemap When using one of these SEO companies?

Here are screenshots of what Google sees when we tested this using Yoast.

Yoast SEO no-index sitemap
Yoast SEO blocks XML Sitemaps
YOAST SEO XML Sitemap no-index header
Yoast SEO XML Sitemap has no-index http header on it

Is that not enough proof for you that Yoast among others are blocking your sitemap from being indexed? This is what happens when you try to index a Yoast sitemap without going to the live test view, which is what we displayed above.

Prove SEO Software Is Causing this!

While Our team initially thought the site was infected with malware, we found no malware. We finally found the code SEO products making it not possible to index the sitemap. All that is required is to remove a few lines of code to stop the problem.

When we turn on our program airtight security the no-index header created by Yoasts sitemaps are removed.

Google allows sitemap indexing after Airtight Security Fixes Yoast SEO

When we turn off airtight security and use a chrome extension that let’s you see http headers, you can visually see the no-index header on the sitemap.

You see where it says x-robots-tag noindex, follow? That is how your sitemaps aren’t being indexed.

DO Premium Versions Fix This?

Since we were not aware that Google was telling SEO companies to do this when this was first published we noticed Yoast, which is where this investigation began at  was pushing their premium version what seemed to be more than usual. At the time we thought Yoast  had possibly  patched  the  issue in their free version if you upgraded to their paid version and bought the product for analysis to learn that isn’t the case.

 Yoast did not want to remove these lines as they believe this is helpful and makes sitemaps not rank higher in the search engines. While it is true it makes sitemaps not rank higher, since you’re not indexing them at all, our data also shows all these companies, not just Yoast are making companies less visible online. So far we’ve identified All In One SEO, Yoast & Google Sitemap Generator which is a WordPress plugin.

Leafly used Yoast

Leafly is a website that suffered a massive depletion of users, yet magically jumped back up and are doing great. So how is this possible if they use Yoast? Because they abandoned WordPress when customers started dropping off as the chart shows in September and October. We know they used Yoast thanks to this site that tracks users of Yoast. When they stopped using yoast the no-index code was removed and they became more visible.

Google ranking dropped with Yoast SEO
Icepop progressively loses users as they use Yoast version with no-index

 

Icepop.com has progressively lost users in the same time period our customer experienced a drop in customers, which was towards the end of summer, though it is worth noting they no longer publicly display they are using yoast in their view-source. They still both have something in common, they both used Yoast. But is that it, just two sites that have had a decrease in traffic? Nope, not at all, so let’s keep looking.

yoast SEO lowers Google Ranking
Cheatsheet has lost a massive amount of visitors due to Yoast

Cheatsheet.com has had a major decrease at the same time of all the other sites, though it is worth noting they currently use Yoast SEO Premium. It is of no surprise to us that cheatsheet.com has had a massive decrease of visitors to their site since Yoast put a no-index on the sitemap. While we could compare millions of  sites this helps give you a visual of the issue that Yoast caused. It is also important to note that around the time this issue started, someone filed a github complaint that they noticed the rss feeds were not being indexed.

Does Yoast Know About the No-index issue?

Yoast initially considered this a feature in January, not a bug or an issue as that is what Google told them, but in July announced they are releasing a fix.

Their employee jono-alderson addressed the feature. Jono said on August 26th, 2018 when this started about the RSS Feed issue that ”
From an SEO perspective, it’s generally worthwhile preventing Google from indexing RSS feeds via the x-robots HTTP header. Note for reference, that when this has a value of noindex, that doesn’t prevent Google from accessing or consuming the information – just from indexing it.
That aside, we should definitely add the ability to filter this value, so that we can be podcast-friendly. Easy fix! “

Let’s break that down into easily, consumable pieces. First they claim no-index does not stop Google from “accessing or consuming the information”.

Google and any other search engine goes to a link, checks the headers and if the header says no-index, they go away, since that is what no-index means. So, from the statement by the Yoast employee since they can access the site and be told to leave, that is fine. What we haven’t mentioned is that Yoast uses noindex, follow which is very misleading and we clear up how this messes up your site in the words of Google’s Webmaster Round Table John Mueller who is in Charge of Webmaster Trends Analyst at Google.

Let’s be very clear, they do not consume the information on your sitemap, meaning they can not use it they ignore it per Yoast’s instructions. Google explains why they ignore it in the next paragraph. Also, one person pointed out they are violating Google’s rules on RSS feeds for podcasts. 

Google who is an industry leader in SEO says the exact opposite about Yoast’s noindex, follow technique in their Google SEO round table. John Mueller who is the Webmaster Trends Analyst at Google essentially said that if you put noindex, follow they won’t index that page or follow any of the links.

John Mueller explained how Google handles the exact type of code that Yoast and other SEO companies are using in a 2017 Google webmaster round table.
“It’s tricky with noindex, which I think is something of a misconception in general within the SEO community. With a noindex and follow it’s still the case that we see the noindex. In the first step we say ‘okay you don’t want this page shown in the search results’. We’ll still keep it in our index, we just won’t show it and then we can follow those links.”

That part seems to support Yoast’s claim, but the next paragraph debunks Yoasts claim.

“If we see the noindex there for longer than we think this page really doesn’t want to be used in search so we will remove it completely. And then we won’t follow the links anyway. So noindex and follow is essentially the same as a noindex, nofollow. There’s no really big difference there in the long run. “

So, what John Mueller is saying is that if you put noindex, follow on a page for a few days they would still follow the links and add the content into Google, like Yoast claims. However, if the noindex, follow stays on the same page for say a few weeks they will ignore that page and all the links on it. So, in short Google is addressing the exact code Yoast is using months before Yoast released it. Since the sitemap made by Yoast never removes the no-index header Google now ignores the sitemap and all of it’s links. However since we’ve found this issue John Mueller is trying to say that Google processes XML differently, but the search engine results are not reflecting that statement.

This disproves everything that Yoast claims and is why your site is having so much trouble. When it comes to how search engine optimization works, I listen to data.

Joost De Valk in July has announced this will be fixed in 11.7 and has tested it to make sure it works properly.

Joost De Valk from Yoast in January commented “

I’m sorry but this just isn’t true AT ALL. XML sitemaps aren’t indexed like normal webpages. Or at least: they shouldn’t be. Google reads them differently and doesn’t obey the indexing directives when it ingests them like that. Sometimes they get linked to on the web as well. At that point, Google *does* index them normally, and follows indexing directives. So we set the noindex header on the XML sitemaps so as to make it impossible for XML sitemaps to start showing up in search results. They do *not* prevent Google from using them for what they’re important for: getting URLs into the index.

We talk regularly to Google and are in fact looking at making XML sitemaps better for everyone together with them, so I’m 100% certain of this.”

None of what he said is supported by information from Google, charts showing damage as we showed above or even from Yoast’s customers.

.

Why Airtight security Premium Is Great!

Author wefightforsecurityPosted on December 14, 2018January 17, 2019Categories cyber security, data breach, first page google, information security, internet security

Have you ever wanted software that is maintained by programmers that have your best interest at heart? Do you want features and a security scanner to check and see if you’re vulnerable to being hacked? You are at the right place.

We provide a team that analyzes code that acts in a malicious manner or is malicious. We provide a free fix for Yoast SEO blocking podcasts and lowering your visibility in Google rankings. Our software automatically adds in some cross site scripting protection by putting in the xss protection header. This helps keep your site safer from a certain type of hack called cross site scripting. We also provide a header that tries to make sure only the right code runs, so if someone does something malicious it may not run depending on how it is written.

We provide you with extra privacy, meaning when you leave your site using a secure connection to a site not using a secure connection they won’t be told what site you came from. By default all sites are told where people come from.About the airtight security team

We have over over 20 years of working in cyber-security.Our programmers have a security first motto, which makes great code to help you stay secure.

  Premium Airtight Security

Our scanner provides up-to-date info on publicly known ways to hack software used on your site. Our cheapest premium version is $4.99 a month for two site licenses.   $9.99 a month for being able to use it on five sites, $14.99 a month for 20 site licenses, $19.99 a month for 50 site licenses and $59.99 a year for unlimited licenses. We currently scan up to 50 plugins and themes on your site.

What do you get with Airtight Security?

We defend against code that acts in a malicious manner and our premium version alerts you about publicly known exploits that you have on your site. You are harnessing the power of a crowd of researchers and getting information from the worlds largest software that is known to be exploitable for WordPress.


Marriot Starwood Hotel Hack, Lack Of Security Put In Context — What internet security Isn’t Reporting

Author wefightforsecurityPosted on December 1, 2018Categories data breach, hotel hack, information security, internet security, marriot breach, starwood hotels, technology, website hack

Sit back and travel back in time. Our founder was at a Marriott Starwood hotel at a hacker convention called Layerone competing in a capture the flag, also known as a CTF. A CTF is a way for security researchers and hackers to test their security skills and solve, essentially puzzles where you have to find security weaknesses to win.

In a series of incorrect instructions provided by the CTF accidentally specified the Starwood Hotel website as a valid CTF target to hack. Alright, well, this isn’t a normal target, but I’ll start poking around. It took minutes to find out the site was highly insecure, to the point that the capture the flag security puzzles were far harder, than it is to hack Starwood Marriott Hotels.

The CTF hosts said if our founder hacked the hotel website, we would win the CTF. It was all too easy to hack starwood hotels, however due to our level of decency, ethical code of conduct, and always doing everything legally, we didn’t go as far as the hack that started in 2014 that was just discovered and is currently being reported. Instead, we simply ran some of our own code on their site that did not impact the safety or security of customer data and contacted their head leadership with the exploit.

Starwood patched the exploit and the world went on. Now everyone is just discovering how soft of a target Starwood hotels truly was and may still be. 500 million users potentially compromised that had been ongoing since 2014 is a bit hard to believe for some, but then again few have poked at starwood security. This news doesn’t surprise me one bit and it honestly shouldn’t surprise you.

How do you keep anonymity while staying at hotels if and when you want it?
Since 500 million accounts were exposed, some anonymous identities will be partially compromised as well. How can you have an anonymous identity at a hotel? That is an interesting question, and it turns out it is very simple. There are some people I’ve known for years and I still do not know their real names. They get credit cards with their secret identities and introduce themselves as their secret identity.

Why would you go to such lengths? Because, internet security research wasn’t always looked upon as friendly as it is now, and we still have plenty of problems that need to be overcome, but that isn’t the focus of this article. Those with credit cards who have fake names, have it easier than those who didn’t have fake names. They simply have to change their name and get new credit cards. Your information tied to your real name is now available for, potentially the entire world to see. We do not know the extent of the breach yet, but it may know your interests, like what you buy at hotels, etc.

One thing that is nice about Starwood Marriott Hotels is that it is it’s own world within a world. You walk through the automatic opening doors and there is a robot who delivers room service. No, I am not kidding. You then turn the corner to see one of the stores inside their miniature world that has food, if Chocolate and other snacks count. They have clothes, so if you forget your swimsuit you can just go buy one. You can walk over to the bar and grill and still be inside the hotel.

Do you see how great this is from a convenience standpoint both for the people who stay there and for those who stole all your data? They may, which we do not know yet but they may know what you buy at the store, what you order from the room service robot, and what type of foods you eat. They may also have your credit cards, and duration of visit. Also, if you used a special promo code for a block of rooms, which are bought for conferences, that is also exposed.

So, a lot of people will say why does any of this matter? So what if they know I like Godiva Chocolate? At face value it doesn’t look like a problem, but for others this is a huge compromise. Everyone can now selectively target you, knowing what foods you will react to and what you like to eat, so if we are going to go a bit 007, they could potentially poison food you order.

For the majority of people, none of these scenarios are a problem. Most of us already share that data online, but for a minority, these type of breaches could cause grave problems for them, especially for spies. Say what you want about spies, they’re still a minority that have had their cover blown. Now the probability of a spy staying at a starwood is surprisingly higher than you think, based on how many Starwood hotels exist. However, their identities could be compromised even if they didn’t stay at a Starwood hotel or property, if they stayed at any Marriot and had their data merged when Starwood was bought out, they’ve been exposed.

Do you see the severity of this internet security breach? You do? Great, then you don’t need to keep reading, but if you don’t, then let’s look at it from this viewpoint 500 million credit cards have been leaked affecting 500 million bank accounts, which if they are all still valid and used, could cause a major problem for banks. You hate banks, so you don’t see how this affects you? Fine, we can see that viewpoint, but if the banks have a problem, say too much credit card fraud, then it is going to cost them money and potentially impact the economy.

If none of this has you concerned, we will give it another try. Were you having an affair? Does your significant other not know and you weren’t exposed in the Ashley Madison data breach? You thought it would be smart to buy a hotel room, so you wouldn’t be caught, right? Well, now your significant other will find out and your relationship is at where it should be, from my honest perspective. You don’t deserve a significant other you cheat on. Or let’s say you’re part of the LGBT community and you got a room for two and both names are shown. It is going to rise suspicions if you are married and being your true self on the side. Maybe in this case, this will improve your life in the long run and you can become the true you. Let’s hope you aren’t from a country where being gay puts you in jail or you are killed.

One last example for the road, let’s say you don’t want your employer to know you attend a certain type of conference and that data has been exposed. Let’s say they may find out you were at a convention at the hotel that was focused on hiring people. They may suspect you were trying to get a new job, which while legal some companies don’t look kindly on that.

Now that every potential example we can think of on how the Starwood Marriott Hotels could impact you has been explained, we hope you realize there is a problem.

Now what do you do to protect yourself from the Starwood Marriot Breach?

While the default reaction is to say change your password, the announcement from Starwood didn’t make it clear if the hackers still had control of the system or not, so change your password with one you’ve never used before. You’re always supposed to do that. If you reused the password associated to your Starwood marriott account on another site, change that password now.

Contact your bank and let them know that you were impacted by the Starwood Marriott hotel data breach and to keep a closer eye on your transactions, so fraud alert is at a higher level. Also, if you care about privacy and don’t want your birthday known, change it on every website.

If this helps you, let us know, if not we would like to thank you for reading. We will be writing about SEO tomorrow!

Credit Card chip bypass with teaspoon of sugar

Author wefightforsecurityPosted on May 27, 2018Categories information securityTags , , , ,

A teaspoon of sugar allegedly helps the medicine go down, however it also makes a credit card chip bypass work.

What are we talking about? a teaspoon of sugar carefully put on a chip sometimes that needs to be spread  across the chip will bypass the security of the chip. How so? Insert the card 3 times really quickly with the sugar and it will bypass chip security letting you just swipe the card.

 

That sounds too easy but this is due to a fallback technique in the point of sales systems where you accepts payments. The fallback technique is used for legacy purposes that then just let you swipe the card.

 

Do you have any ways to get to fallback you would like to share? Comment away.