We recently consulted on an incident where a bad actor compromised a large ecommerce website. They were able to manipulate elements of the checkout page to hijack the users card information. They targeted an onclick action when the user clicked “continue”. While the platform was not storing the data locally, they had local scripts capturing […]
A Guide to Email Security for Domain Owners
Email is a critical piece of our technical stack as business owners. This is especially true if you’re using your domain for emails (e.g., tony@noc.org vs tony@gmail.com). Ensuring the security of this piece of our tech stack is imperative. Emails have proven an easy vector to abuse, contributing to successful Phishing campaigns, Account Takeovers, Spoofing […]
Bringing A Domain to Life: Choosing Between Closed and Open Web Platforms
Choosing how to bring your domain to life is an important decision. Like with everything, the $10 / year annual subscription for the domain itself is only the beginning. One of the more important, and often overlooked, decision is choosing between Open and Closed platforms. This is a relatively new phenomena, thinking within the last […]
Registries, Registrars and DNS
There are fundamental elements that play a critical role in ensuring the internets functionality and accessibility. Among these, three key components stand out—registries, registrars, and the Domain Name System (DNS). While these terms may sound technical and complex, they form the backbone of our online experiences, shaping the way we navigate the web and access […]
WooCommerce Patches Two SQLi Vulnerabilities
Yesterday, WooCommerce released an urgent announcement encouraging users to update because of a serious vulnerability. They don’t get into the details, but for us it’s imperative to understand what they are patching so that we can virtually patch at the edge via the NOC Web Application Firewall (WAF). Especially when it comes to a platform like […]
The Affects of a CDN on your Websites Performance and Users Experience (and Google)
One of the most common questions we get related to our CDN is about performance. How much faster does it really make a website? Is it worth the trouble to enable a CDN for my site? Does performance have a material impact? Is it worth the cost benefit analysis? Let’s explore those questions. In this […]
Introducing DNSRepo
For over a decade Daniel and I have been building very big networks. These networks have amassed massive amounts of usage data and for years it was what we used to get smarter about how we identified and mitigated attacks. When asked, what made us different, it was always about two things: Today, things are […]