Avoid Hacks Related to New Microsoft Outlook Flaw

Reading Time: 3 minutes

These days most of us won’t pay much attention to a collection of seemingly random letter and numbers with dashes, but when it comes to this one – CVE 2018-0950 – anyone using Microsoft Outlook email may want to pay a little more of it. CVE 2018-0950 is the name that’s been given to an information disclosure vulnerability of Outlook, and Microsoft released a vulnerability patch this month.

Every quality Canadian web hosting provider takes the initiative to keep their customers informed in these scenarios, and we’re no different here at 4GoodHosting. This one in fact is particularly noteworthy with the fact that Outlook is one of the most popular and common email applications. Given the nature of this flaw and the reality that much personal information can be contained in email communications, this one isn’t one to be taken lightly

The release of the patch mentioned above, however, came nearly more than 18 months after receiving the report that disclosed the bug, courtesy of one Will Dormann, a software vulnerability analyst with Carnegie Mellon Software Engineering Institute’s CERT Coordination Center.

This vulnerability can make it so that sensitive information is then disclosed to a malicious site. Obviously, Microsoft Outlook users need to be aware of this vulnerability and what safeguards are best to neutralize the risk.

Leak Bug Threat Analysis

CVE2018-0950 affects Microsoft Outlook software, and specifically by rendering Rich Text Format (RTF) email messages that contain remotely hosted OLE objects hosted on SMB (Server Message Block) server (under the control of attackers).

The situation is that when other Microsoft applications such as Word, Excel and PowerPoint encounter remotely hosted OLE objects, the user is notified as a security caution before thos messages are rendered. Here though, Outlook took no such action and allowed attackers to have an easy access to the user’s system when they opened or previewed such mails.

The resultant vulnerability makes it possible for hackers to steal sensitive information. Windows login credentials or hashed passwords are at risk of being revealed, and done by sending an RTF-formatted email to a victim and convincing the recipient to preview or open that email with Microsoft Outlook. It’s that simple, with no need for any further interaction.

The bug then initiates a connection to a remote, malicious SMB server which leaks the victim’s IP address, user name, host name, domain name, and their NTLM Over Server Message Block (SMB) password. By simply convincing the user to preview an RTF email message with Microsoft Outlook, the attacker may be able to get their hands on the victim’s IP address, domain name, user name, host name, and password hash – which may be cracked offline.

This vulnerability may be combined with other vulnerabilities to modify the impact – and with VU#867968 most notably. With this combination an attacker could cause a Windows system to blue-screen crash (BSOD) when a malicious email is previewed with Microsoft Outlook.

Not at all to say that Microsoft has been oblivious to all of this. In an attempt to patch the issue, Microsoft released a fix in its Microsoft Patch update for April 2018. It now prevents Outlook from automatically initiating SMB connections while previewing RTF emails, but it’s not far-reaching enough to prevent all SMB attacks.

Recommended Safeguards

The following safeguard moves are recommended for Windows users with the aim of mitigating this vulnerability.

  • Install Microsoft patch update and apply for vulnerability CVE-2018-0950.
  • Blocking of specific ports; 445/tcp, 137/tcp, 139/tcp, along with 137/udp and 139/udp, used for incoming and outgoing SMB sessions.
  • Block NT LAN Manager (NTLM) Single Sign-on (SSO) authentication.
  • Choose complex and long passwords that can’t be cracked easily.
  • Choosing not to click on suspicious links added in any emails.

Optimizing Voice Search for SEO Ranking  

Reading Time: 3 minutes

Voice recognition in smartphones isn’t exactly new, but pairing it with AI and this level of functionality is. Here at 4GoodHosting, part of what makes one of the best Canadian web hosting providers is the way we don’t need to be coaxed to keep up on developments in the digital world. We realize the immediate relevance all of these mobile trends that keep coming fast and furious have for both us and our customers who are in business on the web.

Nearly every business or company has been working to optimize their local SEO, and now voice search optimization has become more of a priority as well. Given the increasing predominate of searches and queries submitted by voice and process by digital assistants like those mentioned above, there’s good reason for that.

Here’s what we know about the best ways to optimize pages and content for voice search.

Ensure Good Page Speeds

Siri has made quite a name when it comes to helping people get the information they need without having to enter anything manually, and they don’t have to follow any set method or tradition for conducting their search. They’re free to use the feature in whatever manner they want. But if a page doesn’t load quickly, they’re going to move on.

Voice search engine optimization is important, and let’s note that page speed plays a major role in voice search SEO. The average voice search result page loads in 4.6 seconds, which is 52% faster than the average page. This definitely raises the bar of what’s ‘acceptable’ and you need to make sure you’re in line with it.

HTTPS is Better

That extra character at the end of your URL prefix makes all the difference in the world now.

HTTPS websites dominate Google’s voice search results, and more standard HTTP sites lag far behind in popularity with voice-based search results. Take note again that 70.4% of Google Home result pages are secured with HTTPS.

Voice search results are significantly more likely to use HTTPS than other websites ranking on Google’s first page. As a result, implementing HTTPS may improve your chances of appearing as a voice search result.

Keep it Simple

Google prefers short, concise answers to voice search queries. The typical voice search result is only 29 words in length. When optimizing your content to rank in Google Home or Google Assistant, make your answer snippet as short as possible, while of course still providing a thorough answer to the query. However, it’s unclear how this applies to Amazon Alexa, Siri and other voice search platforms.

It’s safe to say it’s a good practice to get into, and brevity is always beneficial in the digital world in general.

Schema not so Big

Many of you will be familiar with schema.org and the way it helps search engines better understand your content. 36.4% of voice search results come from pages that use Schema, as compared to the slightly higher worldwide average of 31.3%.

While it’s true that voice search result pages tend to use Schema slightly more often than your average web page, the difference is not significant. Also, 63.6% of voice search results don’t use Schema at all. Conclusion? Schema has a direct impact on voice search rankings.

Assert Authority

Authoritative domains tend to produce voice search results significantly more than non-authoritative domains. In fact, the mean Ahrefs Domain Rating of a Google Home result is 76.8.

Unlike traditional searches, Google Home gives you a single answer to your question. Offering only one response means that Google feels the need to be extremely confident that they’re giving you accurate information.

The voice search algorithm may rely on domain authority over page authority to determine this certainty. Once Google finds a plausible voice search answer on a trusted website, the number of links pointing to the page itself aren’t that relevant.

Socialize and Thrive

Content with high levels of social engagement tends to perform well in voice searches. Consider that the average voice search result has 1,199 Facebook shares and 44 Tweets.

However, it’s extremely unlikely that the voice search algorithm uses social signals. But where’s there’s smoke there’s fire. Valuable, engaging content performs well in any search engine environment, and voice search is no exception. Try to publish valuable, highly-shareable content to improve your chances of ranking as a voice search result.

Easy on the Advanced Syntax

This is the surprising one of the bunch it seems. Simple, easy-to-read content may help with voice search SEO. Apparently the average Google voice search result is written at a 9th grade level. Which is not surprising when you consider that voice search results:

  • Need to contain simple words that are easy for Google to pronounce
  • Need to be comprehensible without any visual reference
  • Can’t contain challenging words or phrases

While it’s not proven, it’s quite plausible that Google may measure reading level and use it as a voice search ranking factor. Publishing simple, easy-to-understand content may help with voice search SEO, and overall it’s a good habit to get into, particularly if you’re in e-commerce.

Immersion Cooling: The Future for Data Centers

Reading Time: 3 minutes

The continuing boom in digital technologies – and in particular for mobile video streaming and online gaming – now has mobile devices making up nearly 60 percent of the entirety of data traffic. Come 2020 that’s expected to rise to 80 percent and it’s an indication of how totally wired we’ll all look to be in the not so distant future.

Here at 4GoodHosting, we’re in a spot like any other Canadian web hosting provider where we see the incredible benefits this type of mobile connectivity is going to provide for us, but we’re also obviously aware of the operation challenges that these data demands are going to put on data centers across Canada.

Every online activity involves massive amounts of data that’s stored in different data centers, and while there’s many different sizes of them it is the large data centers that may overheat on account of the billions of gigabytes of data being created and used all around the world. Data centers and their IT equipment – servers, networking and storage equipment – consume mammoth amounts of energy to run AND work to cool the heat which emanates from the IT equipment going at or near capacity much of the time.

In fact, cooling is far and away the biggest consumer of electrical power in nearly all data center, and sometimes they may take up to 40 or 50 percent of all the power being used in certain ones.

Here’s something else to consider; this round-the-clock global data center energy consumption eats up roughly 3% of all globally generated power, and makes up 4% of greenhouse gas emissions. That puts the ICT industry at par with the airline industry in as far as those emissions, but it’s the data centers that are said to have the fastest growing carbon footprint among the entire ICT sector – to the tune of almost 1/4 of global carbon dioxide emissions from ICT.

There have been energy efficiency improvements, but it’s predicted that data center energy use will grow by 4% between 2014 and 2020.

Technological Advances in Cooling

The biggest change from recent years is that demand for data centers among cloud service providers, enterprises, government agencies, colocation providers and telecommunication organizations has increased in a big way along with the increased implementation of advanced technologies such as cloud-based services for their operational business needs.

Factor in as well the rapid growth of new technological trends like big data analytics, A.I. and machine learning, cryptocurrencies and the IoT. Bitcoin mining also burns huge amount of electricity.

All these new services and enhanced products is also pumping up demand for powerful computing hardware. This creates space needs and design implications for high-density racks that can be both powered and cooled.

P.U.E. stands for Power Usage Effectiveness, and all of these developments make it difficult to have reasonable PUE and be a ‘Green’ data center. The ideal PUE is 1.0, and that indicates maximum attainable efficiency along with no overhead energy.

Which leads us to cooling.

Air cooling struggles to effectively lower the operating temperatures of data center hardware these days, but liquid immersion cooling is much more effective. Liquid immersion cooled data centers are more compact, modular, green and highly efficient, saving up to 99% of electricity compared to traditional data center cooling themselves with chillers, heat pumps and HVAC.

Server immersion cooling makes it possible to significantly reduce their data center energy load, and that’s independent of how their PUE is doing. Hardware or servers are kept submerged in what is typically an oil-based liquid that is dielectric and thermally conductive.

This in turn allows data centers to employ evaporative or adiabatic cooling towers instead of chiller-based air cooling.

Submer Technologies is one new player on the scene that has a quality oil-based data center product, using a coolant fluid which is 100% biodegradable dielectric fluid and ensures an impressive 1.03 PUE plus a 45% savings on traditional electricity bill and hyper scaler efficiency. It’s great for web hosts, cloud providers, edge computing, cryptocurrency mining, blockchain and research data centers.

Big Data needs to stay cool too, and it would seem air is soon to be relieved of its duties there in most data centers around the world.

Can Your Web Hosting Provider Be Bringing Down Your SEO?

Reading Time: 3 minutes

When you set out to build a website and – in the bigger picture of things – an online identity you are probably going to focus most on layout, graphics, content, SEO, marketing, and advertising. These are all vital components of a good website, but it turns out that where you choose to host your website also factors in as well.

Here at 4GoodHosting, so much has gone into making us a top Canadian web hosting provider, but without a doubt seeing to it that our clients and their websites are optimally located and enabled has always been a priority. We definitely understand that before you choose your website’s design or content, you need to choose a good web host who’s got the infrastructure in place to protect your rankings.

One of the factors Google and other search engines look for when indexing web pages is how fast they load. Now while it’s true that a good Canadian web host won’t necessarily get your website listed on Google’s first page, it is true that a lesser host will ruin your credit with Google and other search engines. Between a provider’s server type, location, speed, and uptime there can be an affect on your website’s relevance with search engines. It’s definitely something to consider.

Here are five web host traits that search engines that Google will see unfavourably for search engine rankings.

  1. Slow Speeds

This one’s probably fairly obvious. A website that is clocked to load slowly will be disadvantaged. Search engines aren’t going to rank your website high in the search results when it’s too slow, and that’s in the interest of keeping visitors on a page. Most site visitors will click off a website if the page is too slow to load. Between 7 and 10 milliseconds is considered to be the optimal speed, but anything over 100 milliseconds isn’t good. Your homepage should load in under 1 second, and there are many ways to test this. Google ‘free website speed checker’ and you should be able to find them easily.

  1. Excess Downtime

Even the fastest loading website is going to be disadvantageous if it’s down too often. When a user clicks on a link to your website, it should be readily available. Make sure you have uptime that is at 99.9% as a minimum. This is very much directly related to the quality of your web host’s servers and networks, and nearly all of them are able to guarantee 99.99% uptime. The closer to 100% the uptime is, the more time your website spends live.

  1. Server Locations

Occasionally the cause of a slow loading website is that the server is far away from you. If the website’s server is in Asia, and you’re in North America, there’s often delays and especially so at certain times of the day. It’s advisable to choose website hosting servers that are close to where your visitors are located, whether they’re your neighbours or far overseas. Doing this will inherently help your boost your search engine rankings and SEO.

  1. Shared Hostin

Shared hosting is an affordable way to get your website online fast, but it’s typically only suited for very small basic websites. Ones with added functionality and dynamic media are often starved for bandwidth on shared hosting. VPS web hosting is an affordable alternative to give your website all the breathing room it needs.

  1. Connection Errors

Now here’s the one that you just can’t tolerate. Most web hosting providers are air tight in this regard, but there’s a few who aren’t and it’s important that you do your homework. Read customer reviews and dig for reviews on the company as a whole.

Common messages are ‘internal server error’ and ‘database connection failure.’ If your website’s getting more traffic (which IS a good thing) and this is occurring, then like above it’s time to get a VPS hosting account OR move to a provider who has what you need with shared web hosting.

Now not to toot our horn a little too much, but we’ve had a AAA rating with Better Business Bureau all across Canada and we are one of the providers who CAN guarantee 99.9% uptime and we’ve got exceptional customer service and support to go along with it.