As part of my bid to live a healthier life, I have started to visit the gym regularly. It’s gets me into a good mood before work starts, it adds regularity and routine. It’s a good thing.
As I look around I am impressed by the years of commitment that the other folk have put in.1 I also noticed that some of them would put their weights and platforms and other bits in any convenient space, which is often just in front of the fire door.
It always reminds me of the phrase of a buildings inspector, ‘What time have you booked the fire?’ Obviously, you don’t know when the fire will be, so you should keep the fire exits clear at all times.
Similarly, with website security: you don’t know when the hackers or other disaster will strike. Your best defense is to ensure that your website software is all up-to-date with relevant patches, that you have security software installed and, in case all that fails, you have a backup stretching back six months (with a rapid restore option). You could do all that yourself, or you get us to manage it for you, as part of our ‘safe and secure websites’ package for WordPress. As added security, we have just added ‘noCaptcha re-Captcha’ (no more illegible text to decode, just simple questions and a tick-box) as a security option to both Woo Commerce and our website forms.
1Aside: I remember, when I joined the gym, that they showed me the range of health foods/food supplements that they had. I pointed out that if I could eat myself healthy I would be an Olympic athlete. Being in IT isn’t the best for ones physique.
This week we have seen one of the biggest benefits of Open Source – security. Stick with me there is a BIG benefit for you. (Open Source means that the code the programs are written in is available for everyone to see.)
Joost de Valk, who writes many plug-ins for WordPress, became aware of a security flaw in some of his plug-ins. WordPress and its plug-ins are also open source, so he checked other plug-ins and found that they had the same vulnerability. He was able to work with those plug-in writers to fix the flaw. If they were all using Closed Source this would not be possible. This affects some of the big-name plug-ins such as Gravity Forms, Jetpack… See the article at https://yoast.com/coordinated-security-release/
The benefit for you is two-fold:
1) By updating the plug-ins in WordPress you will fix this vulnerability.
2) If you are signed up for our Safe and Secure Websites package we will do it for you! (And check that everything works for you, and back-up your site beforehand and every day.)
This is a short one – I’ve recently phoned my bank and my insurance companies. It’s not because I live a high flying lifestyle, but because I live in the modern world and you can’t do everything on the internet.
What are the security questions they ask? Mother’s maiden name, blood type (or is that only HMRC?) and BIRTHDAY.
These are all supposed to be items of information easily known to you, but more difficult for a potential thief/scammer/fraudster to know. Yet lots of people advertise this information on their publicly available Facebook profile. Perhaps they want lots of presents? Even if you hide the information on a social media site, there has been more than one data leak. (Have you ever had a friend who doesn’t password protect their computer and has had it stolen? The thief of that computer then has your information!)
So, my advice is, put an incorrect birth date on social media sites. Perhaps have it in the same month (so that you don’t get lots of surprise gifts at the wrong time of the year) unless you like having two sets of presents…
But at least you won’t receive the NASTY surprise of having your bank account emptied!
You could say that it has been a good week, but that would be a lie. It has been a fantastic week! Bear with me… I will get to that security flaw.
I have to start with Salesforce – Cloud Genius Ltd now has registered partner status. This will let us give you even better service and give you sneak peeks at new features. It will also enhance our ability to offer training environments.
As you may have read before, we have been developing an Eventbrite -> Salesforce connector. Why? when there are others? Well this one has features that are unavailable in the others (and unlikely to be, because of their nature) and ours does not have the usage/limit costs associated with the others. We have finally come up with a name for the product (Event Bridge) and are in the process of developing a website that will tell you all about its features, pricing and why you could really do with using it. We are also in the process of re-vamping the CG website. (Yes, I know it is looking ‘tired’, but if you go to an electrician’s home and turn on the light the kettle boils.)
In the process of developing Event Bridge we discovered a subtle security flaw in Eventbrite. Talk about rapid reaction – within hours they had deployed a fix. I always say that you can just a company not in the good times, but in the bad. On that score, Eventbrite has certainly come up trumps. Even better, Cloud Genius will now appear on their security Hall of Fame… so we managed to help make the internet a safer place. (I always like it when a small company in Wales helps out a multi-national.)
So, that’s it for this week. Just off to get my super-hero uniform re-tailored.
Some of you may have heard about a massive flaw in the security of the internet.
This is really serious and everyone should be aware of the implications.
Heartbleed is the sort of flaw that gives systems admins huge nightmares.
On vulnerable websites there is a significant possibility that your passwords have been revealed to hackers making use of the bug. Worse than that, if a site has been compromised there is no evidence!
It would be good practice to change all the passwords you use on the internet. Now.
…unless you have evidence that the services you use are not part of the problem.
At Cloud Genius, we have performed a full review of the services we use.
- Services to back up websites/update plug-ins. For clients that subscribe to this services one was not vulnerable, the other service has been secured and we have taken steps necessary to prevent any problems. No action required on your part.
- Website hosting – our provider has informed us that they are vulnerable. Until they update all their systems you may wish to change the password on your account at http://webhost.cloud-genius.com. Once their patching process is complete you should change your password again on the account. We will endeavour to let you know when this is.
- Paypal – our understanding is that Paypal is not affected.
- Teamviewer – our remote control solution of choice is not affected.
- Salesforce – To the best of our knowledge is not affected.
- LastPass – our password management software of choice is not affected. (And helped a lot in fixing services that were affected.)
Here is a list of other networks that were affected – these include people like Google, Yahoo and many others.
This is really serious. Make sure you are not caught out!
One positive – LastPass was able to scan all the services we use, list the affected services and make password changing a doodle! Highly recommended… and much more secure than any other system we have come across.