The mission of the United State’s Government’s Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. It’s ironic then that the CPSC is playing an unwitting role in most of the largest DDoS attacks seen on the Internet. To understand how, you need to understand a bit about how you launch […]
Archive | Security
RSS feed for this sectionIPv4 vs IPv6 Performance Comparison
IPv6 usage has been growing very slowly through the last 10 to 15 years. Since mid-2015 it started to pick up and increase adoption at a rapid pace. Google, for example, has been tracking their IPv6 usage since 2009 and it is beautiful to finally see some growth. As the number of available IPv4 addresses… […]
Evenly Distributed Future
Traveling back and forth between the UK and US I often find myself answering the question “What does CloudFlare do?”. That question gets posed by USCIS on arrival and I’ve honed a short and accurate answer: “CloudFlare protects web sites from hackers, makes web sites faster and ensures they work on your computer, phone or […]
Spotlight: How WebMechanix Provides Client Site Security
WebMechanix is a full-service digital marketing agency focused on managing the online presences of over 100 web properties. In 2009, when WebMechanix was founded, managing websites was a bit less stressful. For website administrators, security was as much of a concern as it is today. All at once, hackers became wise to the lucrative nature… […]
The Cuban CDN
On a recent trip to Cuba I brought with me a smartphone and hoped to get Internet access either via WiFi or 3G. I managed that (at a price) but also saw for myself how Cubans get access to an alternate Internet delivered by sneakernet. Cuba is currently poorly served by the Internet with a […]
SQL Injection Vulnerability in Ninja Forms
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites. Vulnerability Disclosure Timeline: August 11th 9:35 am, 2016 – Initial report to the Ninja Forms team August 11th 2:49 pm, 2016 – Public release of version… […]
Analyzing and Cleaning Hijacked Google SEO Spam Results
Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display unwanted content in the title and description of infected web pages. The negative impact to the infected website cannot be understated. This harms the website’s reputation with visitors and will… […]
Spotlight – How Cart66 Maintains Security for Ecommerce
Cart66 offers a comprehensive plugin solution for WordPress shop owners. With a unique suite of services, intuitive features, and essential security components, Cart66 provides everything you need to operate a PCI compliant online store. PCI compliance is one of the most important considerations for any ecommerce site. Cart66 connects your WordPress website to a hosted… […]
A Plugin’s Expired Domain Poses a Security Threat to Websites
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clients and our readers. Applying updates quickly will make sure that you replace any vulnerable code as soon as the security patch is released. However, this isn’t the only reason to keep… […]
Fake FreeDNS Used to Redirect Traffic to Malicious Sites
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads, spam and malicious downloads. One of our security analysts, Andrey Kucherov, did some research in conjunction with our research team to find what was going on. In all cases the redirect… […]
