Cyber Security Blog

What Is WebP & How It Could Make You Money In 2021

Posted on September 11, 2020September 11, 2020Categories UncategorizedTags , , ,

WebP is the latest and greatest image format, simply meaning it makes your image look awesome while making your image as small as possible, so people who have slow internet will see your site load quickly.

WebP will play a significant role in SEO come 2021 with the release of Lighthouse 6 also known as web core vitals, which we covered what that is and why you should be acting now extensively.

The reason webp will play such a significant role is because it can turn an 18 megabyte image into half a megabyte without losing the quality of the image, which is absolutely astonishing.

Core Vitals version 6 will be part of Google’s search algorithm in 2021 and the main focus is on the speed your site loads, so naturally you want to use the fastest images available, which is webp. There are a ton of webp converters available right now for free.

This article will continue to develop and expand on this topic for awhile, please subscribe if you want to get updates on it.

Google Dork queries aren’t Hacking, But Exposes Your Data!

Posted on September 6, 2020January 20, 2021Categories Uncategorized

1.0 What is a Google Dork query?

1.1 Google Dorks Can Be Used For Evil

1.2 What is Google Cache?

1.3 How Do Google Dorks Find exposed data on my site if they don’t know about my site?

What is a Google Dork query?

Google dork queries isn’t a way to hack, it is a way to refine a google search query. These queries are features most people forgot exist in Google Search, that let you optimize your results. Say you want to know about the story man in the moon, but don’t want to get the results for man on the moon. Then you would simply write your search as intext:”man in the moon” -intext:”man on the moon” – intext:”men on the moon” . I know some could say you can simplify that search by removing the intext, but what you’re looking for is in the text, so that google search parameter, also known as a google dork is best in this situation. Now you will only get results for man in the moon.

Google Dork queries Can Be Used For Evil!

Google dorks can be used for evil, which is why you need to protect your customers data. We’ve heard all sorts of reasons why companies won’t secure areas “there is no link to that section” “no one will look for that on our site”, but none of those things matter or are true. Google can find links that aren’t linked to, if it is searching a site granted it is harder, but they still succeed to do so.

This can expose your customers information, like say your customer has a bunch of sql files where all their customers data is exposed, do you think that will show up in search? Odds are if you know what to type in it will appear, which can expose your customers data, but not everyone using this ability is using it for evil, some of us are trying to use it to inform companies about the issue.

Let’s say a site has no search bar, go to Google and type in site:example.com “example” this would bring up a page on example.com with the words example. You can search by site:.gov even by file type using the Google dork filetype: . I don’t have to give your imagination much to work with, because filetype, you’re usually able to obtain some, if not all of the sites data, though it is a lot better than it was in 2012.

How do Google Dorks Use Google Cache?

While we don’t want to dive in to great specifics, even Google themselves published the most useful dork of them all cache: now, what is Google cache? Google cache is a saved copy of what is on that site, so if you don’t want to visit that site going to the google cache version of the site is great. If you don’t want the site to know you visited it, alter the google cache link to turn off javascript. This will help prevent the site knowing you viewed it in Google Cache.

How Do Google Dork Queries Find Vulnerable info on my site if you don’t know about my site?

This is a pretty logical question that people think is fact “If you don’t know about my site, you can’t find the exposed info on my site, I am a small company”, unfortunately that logic is flawed. As shown above in our man in the moon search, we didn’t specify a site, we simply searched google and filtered out man on the moon results. We also discussed other things like being able to search by .com, .gov, etc. using site and of course you can use filetype: to look up any filetype you want. So, you don’t need to specify a site to find out what is on that site, which makes protecting your customers data even more important.

We are great at this and if you need any help, feel free to contact us or hire our cyber-security experts to help secure your site for you.

WordPress 5.5 Makes sitemaps that will help your site!

Posted on September 4, 2020September 6, 2020Categories Uncategorized

1.0 What is a Sitemap?

1.1 What makes WordPress built-in Sitemap so Important?

WordPress 5.5 introduced sitemaps that will help your site, they’re so good in fact we rushed to add a link to the sitemap to our plugin search engine optimization redirect editor. Not only does WordPress 5.5 out of the box make great sitemaps you can submit to Google search console, they don’t put the noindex sitemap mark on their sitemaps. This is a problem with many SEO plugins, and we are thrilled to see that WordPress is not doing that.

What is a sitemap?

A sitemap to put it simply lists all links on your site of posts, pages, etc. WordPress has also made it visually nice to look at in case a human is looking at your sitemap. This let’s search engines know what they should be indexing and where to go.

SEO plugins already have this, what makes WordPress sitemap so important?

Yes, many plugins, some of the most popular have sitemaps that are damaging your rankings in Google Search as we have discussed in great detail over the years. These search engines add in a header called no-index, which says don’t look at this, essentially so Google doesn’t look at the sitemap.

The sitemap provided by WordPress does not do this, however some SEO plugins are already redirecting you back to their sitemap, so while you may go to the correct link, you may get a bad sitemap due to the plugin you’re using.

Anyone who says no-index on sitemaps is good either hasn’t done all the research we have along with others or is monetarily incentivized to deny facts.

We encourage you to use the sitemaps made by WordPress, and as always please update your WordPress and keep it up-to-date along with all plugins and themes.

WP Woocommerce Vs Shopify

Posted on August 21, 2020September 6, 2020Categories Uncategorized

WordPress Woocommerce plugin is supposed to turn WordPress originally designed as a blogging platform in to an e-commerce store while shopify is an e-commerce platform. What is the difference between Woocommerce and shopify?

The first difference is the simplicity shopify has comparatively woocommerce is extremely complex and not easy to use. With woo, you’re responsible for setting up the payment settings, and then deal with settings that are cumbersome and clunky to use.

Shopify themes work with shopify by default. WordPress themes aren’t all designed for woo by default, but when they are you are fighting to make the theme and woocommerce function together in the way they’re supposed too.

The cons is that shopify has a fee for their smallest version for $29 a month, so why would you pay all that money?

How much do you pay for WordPress Hosting?

If you’re paying more than $29 a month for WordPress hosting, then then we would recommend switching over to shopify, if you only have ten unique items for sale, variants of the item, like different colors or sizes are currently unlimited.

We will continue updating this with feedback, this is based off our experiences and customers experiences.

How To Solve The 200 Point Biohacking village CTF question

Posted on August 13, 2020September 3, 2020Categories cyber security, data breach

The story around the question was long with hundreds of paths of thought to go down as the story was so well written it explained everything that happened in the hospital down to the sticky notes on the computer and what was written on them. If it was shorter it could’ve been a fictional ode memoir, an ode memoir is only written with things from your senses, that you can explain factually.

The question simply was “What are you going to do to make it through the long night? We need some creative, specific ideas we can share with others. There are no wrong answers.”

A vague question, indeed, but then it caught my eye that the answer had to be 100 characters long that it is tweet worthy. This has to be something the hospital can tweet out, that embraces confidence in their users that everything is fine.

I knew I was on to something, so I re-read the story and focused on what would solve the problem, not all the paths on how the problem could’ve been created. I came to an answer, an answer I tell clients all the time and that we say all the time in our business. So to not ruin the fun of it all, I won’t tell you what answer that is, but the CTF is really just testing your common information security logic in this scenario. It took max ten minutes and was a lot of fun. I then answered a bunch of acronyms plus the hundred points from the other write-up. That’s how I got 355 points in just a few hours as I joined towards the very end of the CTF. It was fun and I look towards joining the biohacking villages next CTF.

We hope you’ve enjoyed these write-ups and apologize that they can’t be more clear. If you enjoy them, please subscribe to our mailing list, which that pop up will ask you to do. We have a lot more research coming out, since bitfi just sent their newer devices to us after we published a bitfi exploit on Twitter in their older version.