Tag: data security

How Web Hosts Exposed Your Data & We Fixed It

Author wefightforsecurityPosted on March 5, 2021March 6, 2021Categories UncategorizedTags , , , , ,
An image of a chalkboard that says web hosting.
The words web hosting on a picture

This is a piece to show you what happens and has happened behind the scenes here at Planet Zuda to help the cyber security of the world.

The year we are discussing is 2010. Bitcoin had been invented a year prior so, this was a different era. Everyone cared about their website, but we were more interested in the security or lack thereof, of the webhosts for websites.

A company named after a color and that hosted websites didn’t keep their servers secure. You could find command line access to some of their server instances by google dorking. They did not respond to emails, they did threaten to sue us by voice, however. This was common place in this time period, but they never sued.

The lack of security of this one web-host got us looking into every web-host. Almost every single web-host in that time period leaked databases onto google.

We & GoDaddy Secured Your Data On Other Hosts

We teamed up with GoDaddy and their CISO Todd Redfoot. GoDaddy was very competent with their security and they became one of our clients. Basically the best client for this situation, that we could hope for.

Once we teamed up with GoDaddy, we contacted every single webhost via proxy of Godaddy’s security team. We were able to tell them how their server files were exposed right down to /bin/, to databases. There are two web-hosts that had good security posture during this era, lunarpages and MTMII. MTMII is a web-host our founder volunteered with.

Webhosting was the wild wild west for cyber-security, as there were no consequences for insecurity at that time except for negative articles. Still Many webhosts fixed their security posture when issues were reported to them by Godaddy. They did tighten up their security over the next 2 years of us working with Godaddy.

Now web hosts are way more secure, so you can’t just google dork and find their info in Google cache. Google dorking is completely legal, so all this info was legally available.

We hope you find these articles interesting and informative.

Macy’s Was Hacked — What You Need To Know

Author wefightforsecurityPosted on November 20, 2019November 20, 2019Categories UncategorizedTags , , , ,

Two important pages of Macy’s website was hacked for one week in October. During that period your credit card details and other information may have been stolen. You were only impacted if you went to the checkout page or your wallet page. Any information entered, including credit cards was sent to the criminals between October 7th, 2019 and October 15th, 2019 when they detected and removed it.

How was Macys hacked? The information given makes it sound like persistent XSS, which means code in a computer language called Javascript was entered into an area that accepts information and was saved and stored with all the other information. It then contacted the hackers and sent any to the hackers system with the information, until it was removed.

This type of hack truly is trivial for most hackers to do, but we’re glad Macy’s detected it and removed it in a week.

Louisana Government Department Of Education Hacked

Author wefightforsecurityPosted on October 11, 2017October 11, 2017Categories cyber securityTags , , , , ,

United States Department of Education

United States Department Of Education failing to secure their systems.

Louisiana Department Of Education referred to as DOE had a subdomain hacked yesterday. This was discovered by a researcher and was posted on Twitter September 10th at 4:58 PM .  The researcher received an email from the Louisiana governments EDGAR System with a link to the malicious page.

 

The malware on the page is served up by powershell and is believed to be called Cobalt Strike. Immediately on hearing this, our CEO alerted some other government contractors, since we do security work for the government, but do not have any contacts in Lousiana.

This ended up in the researcher being told to contact US CERT by a well known researcher.  11 hours ago it was no longer available to access, hopefully it is down for repair.

 

Unfortunately, this is not the first time this month that we have reported on the United States Education systems being hacked.

While the exploit point is unknown, EDGAR is known to be exploited often and has come under scrutiny by congress for the system being exploited and not being disclosed for far too long.

 

We will continue to keep you up to date on the Lousiana government DOE hack as the events are still developing.