Will Chrome Mark Your Site as “Not Secure”?

With the release of Chrome 56 (estimated for release January 31, 2017), Chrome will be tagging website pages with login or credit card form fields as “not secure” if they don’t have a valid security certificate.

If you’re not sure if your forms are secured, look at the address bar while on your website. If the address is preceded by a green lock icon and the word “Secure”, your site is already secured. However, if you see an icon with a lower case i in a circle the site is not secured. A site that displays both the “Secure” and the i icon is partly secured.

With the new Chrome release, the i icon will be replaced with the words “Not Secure” and probably look something like the image below.

 

Why are they doing this?

To increase awareness and visibility. Any web page that collects information from a user should be secured. Without a security certificate there is increased risk of a website, and the information it collects, being compromised. This makes it easier for users to see if it’s safe to give their information to a website.

SEO Rankings

In 2014, Google announced it would be giving priority to to SSL enabled websites. This could seriously impact the rankings of any sites that are not secured.

Bottom Line

As hackers and other online bad guys get more creative in their antics, it becomes more important to secure your website. It will probably become mandatory to have a security certificate in the not too distant future.

The “Not Secure” message is going to scare a lot of users. For your, and your users, piece of mind, you should seriously consider getting a security certificate.

Get help setting up your HTTPS

 

117 Million LinkedIn Emails and Passwords For Sale

hacked-linkedin

According to Motherboard, and confirmed by LinkedIn, the data was stolen during a hack in 2012.

A hacker going by the handle “Peace” announced that the data has been posted for sale on the dark web. The database contains approximately 167 million accounts, 177 million of those contain both emails and passwords.

Everyone should be changing their passwords on a regular basis but not everyone does. If you haven’t changed your LinkedIn password since 2012 you’ll want to do it now.

If even if you’ve changed your LinkedIn password you may not be off the hook.

If you use the same combination of email and password as you did on LinkedIn in 2012 on any other websites you should change those as well. Hackers are very aware that many people have a habit of reusing the same login information over many websites so those website accounts could be at risk.

Good web security practice is to change all your passwords every 6 months. 

How to change your LinkedIn Password
(You can see the date your password was last changed there as well)

Is Your Website a Time Bomb?

Don’t Neglect Website Upgrades.

You’ve been running WordPress (or any other online application) for years. You’ve never worried about doing updates, toughening up your password, or increasing your site security, and there have never been any problems.  You’re fine, right?

Wrong… You’re just lucky.

You may not even be lucky. Some hacks can silently operate on your website and deliver malware to your users’ devices. This will get you blacklisted by search engines and blocked by anti-virus software, which will result in people seeing something like the image below when they try to go to your website.

Would you risk returning to a website if you saw this?

blacklisted

The fact is, if you are using an outdated online application, hackers will find you. It’s only a matter of time.

I’m not saying this to be alarmist, it’s just an unfortunate fact of life online. While WordPress, Joomla, and Drupal, are particularly targeted, due to their popularity, no program is immune. Applying updates when they are released, running regular backups, installing security, and using secure passwords are as important as locking your doors in a bad neighbourhood.

Unfortunately, too many people don’t realise the importance of maintaining their website security, aren’t sure how to tackle it, or they procrastinate.

If managing your site security seems daunting to you or you just don’t have the time, I offer a security maintenance packages that will take care of all that for you.

Contact for more info

Online Shaming Can Get Out of Hand

Don’t Join the Mob.

mob

One of the great things about social media is ability to spread information far and fast. The news is full of heart warming stories about lost pets found, missing people reunited with family, stolen items recovered; all aided by social media. This is wonderful, when used in an honest and positive way.

Unfortunately, there is a flip side.

Well meaning people can be duped into taking part in a virtual lynch mob.

There are numerous instances where innocent people have had their lives turned upside down, even threatened; and people or companies who have had their reputations tarnished by people who were incensed by postings that were either accidentally, fraudulently, or maliciously misleading.

Woman Mistakenly Facebook Shames Man For Being A Pedophile
10 Attempts At Internet Vigilantism That Made Things Worse

Even in cases where the person may actually be guilty, online attacks have, on occasion, moved into the real world, and even spilled over to affect family and friends of the intended target. People have been forced from their homes in fear, businesses have had to shut their doors, people have lost their jobs.

So, what to do when you see a post that makes your blood boil and calls to you to take action?

Stop.

Unless a post contains an article from a legitimate news agency or a request from a legal authority, don’t share the post.

There are usually minimal facts provided (generally just a photo and a few words), not enough to make an informed decision. If you are able to find more information about the issue and there would be some benefit in contacting legal authorities, political representatives, or some other authoritative body that is in the position to deal with the issue legally, then by all means do so, otherwise the best course is to do nothing.

Online shaming can do far more damage than good. If the offence is that serious then it should be up to legal authorities to determine a person’s guilt or innocence. If the offence isn’t illegal then is it really worth putting a person’s livelihood, reputation; and even their safety, and the safety of those close to them at risk?

 

frog1

Who owns the code?

who-owns-code

The question of code ownership in a custom application comes up fairly often and the answer isn’t as clear cut as one might expect.

The follow is a case sample of why it’s important to establish licensing of any custom development at the beginning of the project.

The National Association for the Protection of Snipes (NAPS), a group dedicated to banning hunting of the rare and elusive snipe, contracts a developer to create a custom application for managing their conferences. NAPS is really happy with the final product. So much so that they decide they want to make copies of it available to their smaller regional groups, and sell it to other associations. Since the developer was paid for their work, NAPS owns the code, right?

Not necessarily.

Licensing needs to be established from the start

When contracting the creation of a custom application, it’s final use needs to be established with the developer from the beginning. With no established agreement of licensing or assignment of ownership, the ownership generally stays with the developer with an assumed single-use licensing agreement.

Which seems simple enough but can get complicated quickly.

When NAPS contracted the application, they were under a tight budget. In order to meet NAPS’ budget the developer combined third party code with a single use license and their own custom code.

Using third party code can significantly speed up development times and reduce cost; however, it also means that the developer doesn’t have the rights to extend the licensing without prior arrangements with the third party.

If a licensing agreement had been established at the beginning of the project the developer would have skipped using third party code and been able to enter an agreement with NAPS. As it is, NAPS will have to enter into agreements with both the developer and third party that allow them to distribute and sell the application. This is assuming the third party is open to extending the licensing at all. They would be well within their rights to refuse to alter the original licensing.

The above is just one instance of how assumptions in licensing can cause serious problems. Even in small projects, it is always a good idea to have a discussion with the developer about the licensing, and clearly document any deviations from a standard single use agreement.frog5

 

 

 

 

Hacked? Don’t Take It Personally.

Example of hacked website

Example of hacked website

A while ago I had a couple of clients call me up, quite upset because their websites had been hacked. In both cases I had previously reminded them that their websites were overdue for security upgrades, which they had chosen to postpone. As it happened, both sites were also of a religious nature. The site owners were concerned that they had been targeted because of their site’s subject matter.

Given the climate around religion these days, I can understand their concern. When you invest a lot of time building up your site and content, it’s hard not to take it’s defacement personally. Hacking not only causes you stress and money, but it can impact your credibility with your users.

The one small bit of good news is, in most cases it has nothing to do with you personally, or your website. Unless you are a high profile target like a government or financial organization, chances are your website has been targeted because your content management system is either missing the latest security upgrades or has a vulnerable third party add-on.

Only a small portion of hacked websites are targeted because of who operates them or their content. The vast majority are hacked, simply because they can be.

A fair analogy would be a thief walking down a street trying all the front doors until they find an open one. That’s the house they’ll rob. They don’t know, or care, whose house it is. All they care is that the door is open. Hacks that resemble the example above are generally minor and the web equivalent of a “smash and grab”.

Regardless of the motivation of the hacker, it’s always a good idea to keep your website software up to date to prevent unwanted intrusions into your website. Hacking is stressful and it can sometimes be expensive to fix a hacked site.

Contact for help with your website security

 

What is “The Cloud”

Simply put, the cloud is the internet.

Since the mid 2000s, more and more programs and services that operate from the cloud have become available. One of the earliest and most familiar examples is Microsoft’s Hotmail. The Hotmail program operates and stores all your email online, allowing it to be accessible from any computer or device connected to the internet. No software is required to be installed on your computer or device, outside of a browser, to operate it.

Examples of some common programs and services that operate on the cloud;

  • Netflix (Online TV/Movie streaming)
  • Yahoo Mail (Online email management)
  • Google Docs (Online business office suite)
  • DropBox (Online files storage)
  • Carbonite (Online computer/device) backup

Some advantages to using cloud based applications are;

  • No installation required – Software is available immediately without having to worry about installing it.
  • Automatic updates – When you use a cloud application, you are always working with the most up-to-date version. Updates are managed by the company that provides the software.
  • Recovery – In the event of a hard drive failure or the theft of a computer/device, the cost and time required for getting up and running again is considerably reduced if documents are stored or backed up to the cloud.
  • Reduced cost – For organizations that are required to have the most recent version software versions, cloud computing allows for considerable savings in software updates and the man power required to implement upgrades.

Some disadvantages to using cloud based applications are;

  • Security issues – Care needs to be taken to ensure that you are using a reputable company that uses the highest level of security measures on their servers. Lax security on a cloud application or server means your data could be at risk.
  • Must have high speed internet – If you have visions of telecommuting from the cottage or camp ground, cloud computing may not be for you. Without a stable high speed connection, online programs often won’t function well, or at all, in some cases.
  • Increased cost – While there may be savings for larger scale users and frequent updaters, if you just have one or two devices and you tend to renew your software every 3-5 years then the monthly payment model will likely cost you more, depending on the software. Make sure to do the math.

frog5

Don’t “Like” Me!

downssyndrome

The image above has appeared multiple times on my Facebook newsfeed recently.

Yes, the girl is adorable and she deserves to hear it. Unfortunately, all the “likes” and comments will never reach her because the image was stolen from this website and the poster has no connection to the girl. The photo (as well as everything else on this Facebook profile) is posted specifically to generate traffic. The person who posted it is a “Like Farmer”.

What is a “Like Farmer”?

Like Farmers fall into a spectrum from harmless annoyance to outright criminals. They deliberately post provocative content unrelated to the profile/page owner to generate a lot of traffic on their profile or page. The least offensive of these people do it to see how high their numbers can get, an ego stroke of sorts.

On the other hand, there are criminals who will post content specifically to generate as much traffic as they can. When they feel they have acquired enough traffic they will sell the page to people who change the page content and use it to spread malware, scam advertising, or collect people’s information, among other things.

These types of posts are easy to spot. They generally involve statements like “Like and Share to win a FREE car!”, “This child will get a life saving surgery for 100,000 Likes!”. Some, like the photo above, are a little more innocuous. If in doubt, take a quick look at the original poster’s profile. If it is almost entirely provocative content it’s probably a Like Farmer. There will be little to no personal content; no comments about their life, or photos of family or pets.

If you find you have liked or friended a Like Farmer, unfriend, unike, and delete any shared content to prevent exposing yourself and your friends to possible threats.