Tag: website security

How Web Hosts Exposed Your Data & We Fixed It

Author wefightforsecurityPosted on March 5, 2021March 6, 2021Categories UncategorizedTags , , , , ,
An image of a chalkboard that says web hosting.
The words web hosting on a picture

This is a piece to show you what happens and has happened behind the scenes here at Planet Zuda to help the cyber security of the world.

The year we are discussing is 2010. Bitcoin had been invented a year prior so, this was a different era. Everyone cared about their website, but we were more interested in the security or lack thereof, of the webhosts for websites.

A company named after a color and that hosted websites didn’t keep their servers secure. You could find command line access to some of their server instances by google dorking. They did not respond to emails, they did threaten to sue us by voice, however. This was common place in this time period, but they never sued.

The lack of security of this one web-host got us looking into every web-host. Almost every single web-host in that time period leaked databases onto google.

We & GoDaddy Secured Your Data On Other Hosts

We teamed up with GoDaddy and their CISO Todd Redfoot. GoDaddy was very competent with their security and they became one of our clients. Basically the best client for this situation, that we could hope for.

Once we teamed up with GoDaddy, we contacted every single webhost via proxy of Godaddy’s security team. We were able to tell them how their server files were exposed right down to /bin/, to databases. There are two web-hosts that had good security posture during this era, lunarpages and MTMII. MTMII is a web-host our founder volunteered with.

Webhosting was the wild wild west for cyber-security, as there were no consequences for insecurity at that time except for negative articles. Still Many webhosts fixed their security posture when issues were reported to them by Godaddy. They did tighten up their security over the next 2 years of us working with Godaddy.

Now web hosts are way more secure, so you can’t just google dork and find their info in Google cache. Google dorking is completely legal, so all this info was legally available.

We hope you find these articles interesting and informative.

Macy’s Was Hacked — What You Need To Know

Author wefightforsecurityPosted on November 20, 2019November 20, 2019Categories UncategorizedTags , , , ,

Two important pages of Macy’s website was hacked for one week in October. During that period your credit card details and other information may have been stolen. You were only impacted if you went to the checkout page or your wallet page. Any information entered, including credit cards was sent to the criminals between October 7th, 2019 and October 15th, 2019 when they detected and removed it.

How was Macys hacked? The information given makes it sound like persistent XSS, which means code in a computer language called Javascript was entered into an area that accepts information and was saved and stored with all the other information. It then contacted the hackers and sent any to the hackers system with the information, until it was removed.

This type of hack truly is trivial for most hackers to do, but we’re glad Macy’s detected it and removed it in a week.

Website security: Is Website security easy to hack by criminals?

Author wefightforsecurityPosted on April 27, 2017April 27, 2017Categories web securityTags , , , , , , , , , ,

Website security is code that tries to stop criminals from illegally hacking your website and bypassing  security measures you have in place, if you have any in place.

How secure is website security on average?

On average it takes less then a minute to bypass website security that is supposed to stop criminals and automated tools can crack simple passwords in under 30 seconds, sometimes under three seconds depending how weak your password is and what type of machine  you have.  How is this possible? Most developers aren’t familiar how code can break, they just know how to write code that works and depending on the project, that can be complicated in itself. Education on how to secure code is very important, if we want to make more secure programs in the future.

What is website security?

Website security is supposed to stop criminals from getting into your site. It simply is code that is designed to make it so criminals can’t bypass it, but they may be able to bypass another part of your code, since there are so many ways into your average system.

Website security being illegally hacked by criminals is a major problem, since all your users data could be stolen, your site could be used to deliver malware to users, gain access into areas that require admin authentication, and so much more. Protecting website security is one part of our job, making sure we provide enough plans so everyone can afford web security is another part of our job. Whether you  can only afford malware removal  or need a security audit to find vulnerabilities, we have you covered. We continue to release more  products to help people stay as safe as possible without breaking the bank.

 

Hackers for hire to secure your website from criminals

Author wefightforsecurityPosted on April 22, 2017April 27, 2017Categories cyber security, web securityTags , , , , , ,

We are cyber security professionals, information security professionals, but when it boils down to it we are hackers for hire that are easy to find and easy to  contact. or hire by one of our hacker for hire subscription plans. When we are hired by the private sector we help secure your websites, servers, applications and any IoT device under the sun. Our plans currently only support websites, however we are professionals at IoT security, also known as internet of things security and server security.  Companies hire us to stop criminal hacking before it happens or if it’s already started we put a stop to it and provide an analysis of the criminals behavior and information we have on them, along with if they are known elsewhere, since many criminals want to be known, they just don’t want to be caught.

  What type of hacking will you not do? Since you’re easy to find hackers for hire will you do unethical hacking?

We are ethical hackers for hire that are easy to find, so we will not do illegal hacking.   We will end up putting a FAQ together about the most common requests for illegal hacking, but a few off the top of our head of requests are to hack another users facebook account for you, instagram, or any other service.  We don’t care if you tell us the person you want hacked is a cheating slimeball, that doesn’t make it legal to hack them. Since we’re ethical hackers for hire, we stick by our code and won’t hack cheating slimeballs for you.

What can you do as hackers for hire?

As hackers for hire we can do a lot, like secure your website, server, IOT products, etc. Working as hackers for hire we have recovered stolen laptops, We identified a hacker who claimed to be a woman in San Diego, who ended up being an Indian in India living in a flea hotel, who took a trove of unreleased music from a studio.

We’ve identified employees who have destroyed their companies systems making them inoperable. We’ve worked for fortune 100’s, we’ve had GoDaddy as a client showing them security flaws in their servers and we found a lot of issues.

We identify malware in companies infecting their users, we’ve helped make it so companies don’t have to pay ransomware by securing their systems and offer anti-phishing training.

What can we not do as hackers for hire? Whatever the law prohibits, which is becoming less and less. We can show you how insecure your internet connected devices are, also called internet of things devices, among other things.  It’s even legal to hack a car or anything else you own to show how insecure it is.