Yet another new WordPress Security Issue: CryptoPHP (Nulled Scripts)

Reading Time: 2 minutes

cryptophp

A Scandinavian technology company, Fox IT, was one of the first discovers of a new threat to PHP based programs (such as WordPress, Drupal, Joomla, etc. )

The Fox IT CryptoPHP white paper is quite technical but we will summarize the issue for you here.

It is about something termed ‘Nulled Scripts’ and given another label too, CryptoPHP. This is perhaps a new term to most of our customers.

So what exactly are these so-called Nulled Scripts?

Nulled scripts are scraps of PHP code, which can be found on free or otherwise non-approved WordPress plugin sites or even in WordPress theme archives; which have had their copy-protection removed.

Various *pro* plugins and themes come with a serial number, or key, which enables paid features or provides access to download free upgrades.

Nulled scripts have such protections removed (so that it is become ‘free’).

There are many websites that are offering these nulled-scripts and also nulled WordPress plugins and theme installers.

They shouldn’t be used because of the following problem:

CryptoPHP explained

The programmers who published the white paper have witnessed a drastic increase in the availability of nulled/corrupted scripts.

Reading Time: < 1 minute

Canadian Web Hosting

Do you ever feel like somebody is watching your back (and not your computer screen) when you are on the internet? Well Canada’s privacy law is still protecting you when you are online surfing.

Our fellow Canadian Social media users are shielded from the complex details Terms of Service on many popular social services. Just because you are forced to check the many lengthy terms of service, that of course most of us don’t sit there for a half and hour and actually read, our privacy law trumps any provision that is against the grain of our current privacy law.

“This overriding provision in our federal privacy legislation actually does provide protection for unexpected, unreasonable uses, even with consent,” stated a Toronto-based lawyer and expert on internet law Barry Sookman. “So I actually think there is a standard here that applies that is fairly useful and is consumer friendly.”

“An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.” reads Canada’s Personal Information Protection and Electronic Documents Act.

This means that “the person has to agree to the terms,” Sookman said. “So a person who simply accesses a social networking site and hasn’t seen or hasn’t had a reasonable opportunity to review the terms wouldn’t be bound by them.” If the policy had terms that a reasonable person wouldn’t consider appropriate, then those terms may not be binding.

“There’s two good examples of when a service’s privacy policy wouldn’t be enforceable: either when a person hasn’t been put on notice that there’s going to be a policy that’s binding, or when it’s an unreasonable term.”

Depending on the service, when somebody accesses their website, many website companies automatically collect basic information to know, for example, where people are coming from and to know if they are a returning visitor.

Those kind of data collection is rather hidden and it is automated usually to facilitate the operation of their site.

When data collection crosses the line:

read_more

Where there is some completely unexpected use of one’s personal information, matters “may go over the line.”. “So the test in Canadian privacy law is whether it goes over the line,” Barry says.

In several years ago, researchers at Carnegie Melon University calculated it would take an average user 76 8-hour days to read all the privacy policies that the average internet user typically has by then already agreed to.

“Many experts now realize that consent is not the linchpin that is the right standard for internet governance of use because of that fact that many people don’t actually read the privacy policies as well,” Barry said. “ However, social website users should realize that these services are free, and the only way it makes sense to continue to offer them for free is by finding a way to monetize their usage”, Barry adds.

“The currency that individuals pay for the privilege for the free use is giving up some usage of their personal information.”

However, we at 4GoodHosting pledge to you in our Terms of Service that we will never resell your private information. We are strong privacy advocates!

Free webserver encryption? It is almost here, mid-2015.

Reading Time: < 1 minute

Did you know what google gives a very slight ranking boost to websites that use SSL (https://…) encryption?

There are other more significant reasons for your website to offer secure connections to your website visitors, especially if your website conducts ecommerce or credit card transactions.

Nowadays, people everywhere have to purchase a SSL certificate if they want to offer secure/private connections to their website visitors. However, that might just be a thing of the past with https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html

As their website explains:

“ The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.

Let’s Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process.

Mozilla Corporation, Cisco Systems, Inc., Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc., and researchers at the University of Michigan are working through the Internet Security Research Group (“ISRG”), a California public benefit corporation, to deliver this much-needed infrastructure in Q2 2015. The ISRG welcomes other organizations dedicated to the same ideal of ubiquitous, open Internet security.

The key principles behind Let’s Encrypt are:

  • Free:
    Anyone who owns a domain can get a certificate validated for that domain at zero cost.
  • Automatic: 

    The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background.

  • Secure: 

    Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices.

  • Transparent: 

    All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.

  • Open: 

    The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.

  • Cooperative: 

    Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization. “

We hope the above initiative will be successful, but until then we still offer the lowest-cost and also highest quality SSL certificates available:

http://4goodhosting.com/sslcertificates.html

So if you want to offer secure encrypted connections to you website, you can get started with a SSL today, and in about a year’s time the above free encryption standard should be available starting in mid-2015. For more information on the project please see: https://letsencrypt.org

About the Value of Privacy

Reading Time: 2 minutes

Value_of_Privacy

Dear Customer and/or blog visitor,

Please do see this important video presentation. It is certainly worth the time it takes us to wake up to what has really being going on: http://vimeo.com/106681730

For your information, when people send you email to your 4GoodHosting hosted website account (for example: me@my-very-own-site.ca ), or when you send email to another person at another 4GoodHosting hosted website, your email conversation is ‘really’ or ‘actually’ “private” – just like real snail-mail used to be.

We actually do honor your right to control your private information and to guard it from information wholesaling. We don’t look, share, or sell any of your private information. We believe in doing this, and we base our business model on respecting your wishes.

But when you email somebody at a @gmail.com account, then your email is definitely wide open to at least google (and who-knows-who-else ultimately gets a copy of it from them throughout the future). Basically if you have a conversation with somebody using google mail (gmail, or yahoo mail, etc.) then your conversation is being recorded for prying eyes and will be potentially/possibly used to profile you to interested parties throughout the future.

That’s just one point of this eye-opening presentation. We are recommending this video been seen by you, because we believe in the old-fashioned concepts of personal privacy. If you feel the same way, please share the link of this article with your friends.

https://4goodhosting.com/blog/value-privacy/

Benefits of Shared and VPS Web Hosting

Reading Time: 2 minutes

4GH Shared vs VPS
Benefits of Shared Web Hosting

Affordable cost – The benefits shared hosting come in terms of cost as you share a common server with other clients of the web hosting company. With this, we can save money so that we can offer you the services at a lower cost. With less than $10 per month, you can get two different plans of shared hosting. If you consider the features that you are able to get today, our web hosting packages will be more effective and gives excellent value.

Simplicity – We maintain the servers and their associated hardware in our peer data center, provide you with the connectivity and along with it, we will maintain all the server administrative tasks that are complex for you. For those people who don’t know or who don’t have the necessary manpower to run severer or who just need to focus on the critical aspects of their business, shared hosting is a perfect solution.

It’s a Year Since Snowden Leaks – Still Efforts On to Restore Trust on Online

Reading Time: 4 minutes

It has been roughly a year back the truth that US national security agency NSA has been accumulating huge amounts of personal data on American and other international citizens secretly.

This year, a year after Edward Snowden leaked the documents on how and to what extent government has collected huge amounts of personal data, he has become an icon of the movement that demands more transparency from government agencies when they are using Internet technologies for the purpose of surveillance.

However, transparency is just a one-way street in that regard to this heavily corrupted and non-constitutional government. They want to know everything you are doing but they want you not to know how they are spying on you, and are secretive in dozens if not hundreds of other ways.

Dauntless and strident calls for reforms in government government surveillance are coming from the companies that hold large amount of customer and client data on the Web. The compulsions come in the form of threats of prosecution through court orders issued by the Foreign International Surveillance Court. The orders seek the information without intimation of such a move to the customer. This sounds like the Nazi era during World War II. The companies who are responsible for personal data are working over strengthening their security backbone through encryption of customer’s data at least at some key junctions. The move came after NSA managed to intercept customer data flowing between various private data centers of Google.

Companies to Let You Know When Government Requests for Your Data

Reading Time: 2 minutes

Date posted: May 6th , 2014

An increased number of big tech companies are denying compliance with government with regard to personal data by updating their terms and conditions and other policies.

alarm notification

 

 

News that raises concern

Washington Post has published that many businesses such as Apple, Google, Facebook and Microsoft will be notifying their users when their personal data will be asked by the government. They are changing their company policies to suit this. They would comply with such requests only if a judge or other agencies to do so secretly.

 

Many of the protectors of law are concerned that these moves of the company will intimate the criminals before hand and they will try to destroy the evidence of the crimes committed. The government can loose important information on the case. But they need to know that it is criminal and not just on the part of the government to spy on their citizens seeking their personal information.

Even Homeland Security Says Not to Use Internet Explorer

Reading Time: < 1 minute

Homeland Security Advises Not to Use Internet Explorer

It’s very tremendous to come to know about Internet Explorer. Even the government of the United States do not like to use IE until they get a new browser that does not have any problem.

The version that brings the problem is version 6 and beyond. These versions enable people with malicious intentions to get into a PC through a bad website. The security firm that deals with these issues is known as “Operation Clandestine Fox” by the Fireeye. The threat is true and is dangerous.

The department of Homeland Security in the United States issued security alerts to computer software many times. But this time they acted differently. Multiple number of agencies of the government use IE versions.

We advise users to use another internet browser until a new official update is available.

Microsoft’s schedule will be available until May 13. The company may release an unscheduled update before this date. If you use an unsupported form of Windows such as Windows XP, you’ll not get any update.

And, if you’re looking for hassle free things, choosing Mozilla Firefox could be an optimal solution.