In the field of Information Security (InfoSec) we like to use the phrase defense in depth. Like many things, it is a borrowed term with roots dating back millennia (216 B.C. – the second Punic war). It’s a term that refers to tactics employed by militaries around the world in which they would deploy layers… […]
Archive | Security
RSS feed for this sectionMagento Credit Card Swiper Exports to Image
Over the past year we have seen a rash of credit card swipers in Magento and other ecommerce-based websites. In fact, we have been finding new variants nearly every week. It is no surprise that ecommerce sites are lucrative for attackers. Although attackers have many ways of making money by hacking websites (such as with… […]
Security through Confusion – The FUD Factor
The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first appeared in the 70’s as a tactic used by competitors in the computer hardware business. FUD is as a disinformation strategy used to intentionally push information that is very misleading… […]
TLS nonce-nse
One of the base principles of cryptography is that you can’t just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you can’t encrypt blocks with ECB.) […]
Ask Sucuri: Is My Website Hacked?
Having your website hacked can be a devastating experience for any website owner. Unfortunately, many website owners rarely know they are infected until days, if not weeks, after the compromise has occurred. Their notification comes in the form of a blacklist or some other alert, including notifications from their users. Neither is ideal. So how… […]
Labs Notes Monthly Recap – Sep/2016
Sharing what we learn in the form of content and tools has been a staple here at Sucuri since our inception. Our greatest challenge is having enough hours to share everything we find. Whether it be newfound research or discoveries made by our Incident Response Team, we strongly feel that it’s our responsibility to share. Many are familiar… […]
WordPress Hack Modifies Core Files to Share Spam
One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even website owners with the best intentions can lose control of their website. When hackers gain access to your site, they can use it to host phishing content, distribute malware, steal… […]
Cloudflare Certifies Under the New EU-U.S. Privacy Shield
Cloudflare has certified with the U.S. Department of Commerce for the new EU-U.S. Privacy Shield framework. Beginning this summer, the U.S. Department of Commerce began accepting submissions to certify under the EU-U.S. Privacy Shield framework, a new mechanism by which European companies can transfer personal data to their counterparts in the United States. By certifying […]
Spotlight: How Softwear Systems Provides Drupal Security
In the early 1980’s Softwear Systems opened up as a custom software company in Chicago. Over the years, its founder Mitch Meyers, learned how to create and manage great websites. Today, the company focuses on providing effective Drupal web development for their clients. At one point, Softwear had a client who worked for a branch… […]
Introducing Dedicated SSL Certificates
When we launched Universal SSL in September 2014 we eliminated the costly and confusing process of securing a website or application with SSL, and replaced it with one free step: sign up for Cloudflare. CC BY 2.0 image by JD Hancock When you complete the sign-up process, we batch your domain together with a few […]
