Category: Security

September 3, 2019

Domain Related, Hosting Related, Security, Security Related

Reading Time: 6 minutes

Shopping online is pretty much a ubiquitous activity for people all over the world these days, and - not surprisingly - so much so that it’s now the preferred means of shopping for many people. Especially for certain goods, and not only do these people want selection, good prices, and the like, but they also want to be able to enter their credit card information and not have to worry about it being exposed. Offering that peace of mind is absolutely essential if you’re in the e-commerce world, and nothing is more important in this regard as having your online transactions guarded by an SSL certificate. Even if you may not know exactly what these are, you’ve probably seen the ’##-Bit Encryption’ tag prominently on display once you get to the checkout when you’re shopping online. Here at 4GoodHosting, not only do we offer very competitive prices on highest-quality SSL Certificates but like any good Canadian web hosting provider we have plenty of customers who are trusting our web hosting to ensure they’re ‘open’ for business 24/7 and all day, everyday. Probably safe to say that there’s few if any of those folks who don’t already have their SSL Certs in place, but for those of you who are new to your business online then we thought we’d dedicate one post here to discussing SSL certificates and what you need to know to choose one for yourself. Overview There is a plethora of certificate types, and several categories and plenty of CAs. In advance of highlighting the different SSL certificates and how to choose the right one, we’ll first discuss why an SSL certificate is so important nowadays. The reach and strength of cyber crimes has grown rapidly over recent years. So much so in fact that cybersecurity has become the #1 concern issue for both web users and website admins. The truth of it all is that cybercriminals can cost online businesses millions. The worldwide economy loses unimaginable amounts of money every year due to cybercriminal activity. What SSL certificates do to protect agains this is that they enforce a secure connection between a server and its web users....

August 27, 2019

Security, Security Related

Reading Time: 4 minutes

Most people have claimed a reward of some type at some point in their lives. Return someone’s smartphone to them, for example, and they’ll probably think your honesty in returning it is worth $50 at least. Or maybe you return someone’s precious pet to them and get a whole lot more than that for your effort or, more likely, good fortune in having it cross your path or end up in your backyard. But what if there was up 30K in reward money to be had? Well, up to that amount is what software development mega-giant Microsoft is offering anyone who can find flaws in their newest Chromium-based Edge browser. Now the likelihood of most people – myself included – even having the ability to do that is pretty slim, but for those who are web development savvy it’s definitely something worth taking note of. Now to be sure, just as it would be for any Canadian web hosting provider we’ve got some talented people on staff who do have the wherewithal required for something like this. They’re aware, and now you are too so let’s get into discussing what exactly all this is about and whether or not this would be not just easy money, but a LOT of easy money. Beta Stage Bonuses Microsoft recently released the beta version of its Chromium-based Edge and then introduced the Insider Bounty Program along with it. As mentioned, there’s apparently up to $30,000 to be had for those who find out unique vulnerabilities in this beta version of their new browser. Yes, that’s what you can do when you have deep pockets to this extent. You’d have to find a thousand+ lost phones and pets to come even close! To clarify though, 30K is only available if you find a flaw that is a vulnerability that leads to escape from the WDAG container. The majority of would-be rewards included in the Microsoft Edge Insider Bounty Program are in the range of $1,000 to $3,000, depending upon the bug’s severity and – take note – the quality of the submission (see thoroughness – less work for them = more $ for you)....

August 19, 2019

Hosting Related, Security, Security Related

Reading Time: 4 minutes

A while back we had discussed some of the particulars with of the latest revisions available to people running desktop and notebook running Windows 10. Needless to say that encompasses a great many of them purring away at any given time all around the world, and it’s for that reason that some frequent undesirable occurrences seen with the most recent Windows 10 update are sufficiently noteworthy to the point that it makes sense for us to write about them in this week’s blog. Here at 4GoodHosting, a part of what makes us a leading Canadian web hosting provider is the way in which we’re proactive in sharing information that’s easily identified as having value to our customer base. Given how ubiquitous the Windows OS is for personal computer users and the reality that’s unlikely to change, we’re going to discuss more than a few problematic issues that users are encountering quite frequently with the most recent Windows 10 update. Reason enough to have less faith in the OS? That’s for you to decide. The Issues Where there’s smoke there is fire. While there had been rumblings about shortcomings with the latest Windows 10 update for a while, the way it is in the biz is that you don’t really take heed of these sorts of things until these sort of expressions of dissatisfaction become a little more numerous than just a few people here and there. That’s the case now, and the consensus is that the latest update for Windows 10 is causing a string of issues for users. The update comes with patches against two critical vulnerabilities, but it seems they’re leading to problems. Among them are random reboots and inexplainable installation failures. The update was made available on Tuesday of last week, and was created as a defense against a pair of remote code execution vulnerabilities which were deemed ‘wormable,’ - which means they are able to jump from one infected computer to another. Microsoft owned up to these vulnerabilities and informed users about the patches in a blog post, with users being encouraged to update their operating systems without delay. Primary Problem 1, with Fix Some users,...

August 12, 2019

Hosting Related, Security, Security Related

Reading Time: 4 minutes

The scope and extensiveness of malware risks for computing devices is more pronounced than ever before, and that’s pretty much the story from one month to the next these days. At a recent security conference in Las Vegas, the Eclypsium security research team announced they had dug up some serious security flaws in at least 40 device drivers from 20 different vendors. These vulnerabilities could increase the likelihood of devices being infected by malware. While this type of development in itself is nothing out of the ordinary, what makes it noteworthy is the sheer number of different drivers that may be affected. Here at 4GoodHosting, we’re like any other reputable Canadian web hosting provider in that we strive to make our customers aware of risks to their digital security when they arise. When one is as potentially far reaching as this one, we’re almost always going to make some sort of announcement regarding it. The Latest The research team’s report is stating that this malware targets system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component. By doing so what the attackers have done is take the same tools used to manage a system and then turn them into powerful threats that can escalate quickly on the host. Once the driver is infected it then provides the attacker with optimized access for means of launching malicious actions within all versions of Windows, and Windows Kernel most notably. Do note that all these affected drivers are ones certified by Microsoft: American Megatrends International (AMI) ASRock ASUSTeK Computer ATI Technologies (AMD) Biostar EVGA Getac GIGABYTE Huawei Insyde Intel Micro-Star International (MSI) NVIDIA Phoenix Technologies Realtek Semiconductor SuperMicro Toshiba The Why All of this is related to a specific design flaw in Windows device drivers. They have a functionality that can be taken advantage of to perform a read/write of sensitive resources without being restricted by Microsoft. Some are suggesting that bad coding practices are to blame for this, and while that can’t be substantiated it is true that there is a more pressing need for better ones these days and older work can...

July 30, 2019

Hosting Related, Security, Security Related

Reading Time: 6 minutes

It seems Bitcoin and all the hubbub about cryptocurrency is ‘back on’ now, and there’s a renewed general interest in mining for digital currency. The one takeaway anyone who’s developing an interest in this should take is that this is not a way to get rich quick, and that bitcoin mining is much more labour-intensive than you think. Blockchain technology is integrally important to managing cryptocurrencies, so f you’re still not dissuaded and you’d like to start amassing cryptocurrency for yourself then you’re encouraged to read on. Here at 4GoodHosting, we join every other Canadian web hosting provider in understanding the way many of our customers have real interest in taking advantage of everything that’s there for discovery in the digital world. It’s likely more than a few are taking more than a passing interest in cryptocurrency mining, so today we’ll share some information these folks are going to find valuable. Smart contracts have the potential to be one of the most useful tools associated with blockchain, and it’s almost certain that they’re going to take off right along the cryptocurrencies they’re designed to manage. So what exactly are smart contracts then? No Administration Required Smart contracts are self-executing, business automation applications that run on a decentralized network, such as blockchain. The appeal of them is specifically in the way they're able to remove administrative overhead. Indeed, smart contracts are one of most attractive features associated with blockchain technology. Blockchain functions as a database, and confirms that transactions have taken place, while smart contracts execute pre-determined conditions at the same time. They’re not unlike a when a computer executes on "if/then," or conditional, in programming. The way all of this works is once certain conditions of a smart contract are met – and related to our discussion here that’ll be two parties agreeing to an exchange in cryptocurrency – they can automate the transfer of bitcoin, fiat money, or the receipt of a shipment of goods that makes it possible for them to continue on their journey. The workings of that will reveal a blockchain ledger that stores the state of the smart contract. Tokens and Smart Contracts The different...

July 22, 2019

Hosting Related, Security, Security Related

Reading Time: 4 minutes

Rats have always had a bad rap, and among all the many negative things associated with the rodents is the fact that ‘rat’ is no longer only a noun in the English language. It’s now also a verb. To ‘rat’ out someone or something is to make someone in position of power or authority aware of what that thing or person is doing when they shouldn’t be doing it. An example could be when you were kids and telling the school principal the names of the students you saw scratching their names into the side of the gymnasium. They’re sure to be punished for it, but only you and the principal will ever know who exactly ‘ratted them out.’ Here at 4GoodHosting, we’re like any quality Canadian web hosting provider in that we don’t need to be prompted to stay on top of interesting developments in the digital world. We do it quite naturally, and we also have an at-least somewhat vested interest in maintaining a functional integrity for the World Wide Web. All of which makes this recent news entirely newsworthy for our blog here. Introducing the Suspicious Site Reporter Google this week started requesting help in identifying suspicious websites, and to that end is making an add-on that lets them ‘rat out’ suspicious URLs through their Chrome browser. They can add the Suspicious Site Reporter, and what they’ll then see is a new flag-style icon on the top bar of the browser. When they come across a URL that’s fishy looking, all they have to do is click on the icon to report unsafe sites to Safe Browsing for further evaluation by the overlords at Google. Safe Browsing is a ubiquitous term between Chrome, Mozilla's Firefox, Apple's Safari, and Android when users are steered away from sites that contain malicious or deceptive content. Google uses robots to scan the web and compile lists of websites that host malware, harmful downloads or deceptive ads and pages. Software developers then have the option of plugging into an API to integrate this list into their own applications. In honesty, rival browser makers have done this for years, but it’s a fact...

July 10, 2019

Domain Related, Security

Reading Time: 4 minutes

It’s July 9th and two weeks from today the web is officially going with full HTTPS as requisite, and that’s a development that’s been a long time in the making. Securing traffic on the internet is an obvious priority, but of course there are people who are strongly opposed to having a secure web. Two weeks today Google will be uniformly labeling any site loaded in Chrome without HTTPS to be not secure. Most webmasters will be on top of this and accordingly usage of HTTPS is exploding right now. In the 6 months up to a recent report, 32% growth in the use of HTTPS was seen in the top 1 million sites. Mozilla tracks anonymous telemetry via Firefox browser and recorded big growth (75% page loads) in the rate of pages being loaded over HTTPS. Chrome too, at around the same 75 percent. We’re a Canadian web hosting provider who’s always got our thumb on the pulse of the industry, so it’s important to relate that quite a few popular sites on the web still don’t support HTTPS (or fail to redirect insecure requests) and will soon be flagged by Google. Plus, let’s clear up a few emerging myths about HTTPS: It’s a Hassle I Don’t Need It It’s Gonna be Slow It’s A Hassle No, it’s pretty darn simple. You can protect your site with HTTPS in a matter of seconds for FREE. Sign up for Cloudflare or using a CA such as Let’s Encrypt. We can assist you with any other web security and accessibility concerns you may have beyond https encryption of your website. I Don’t Need It Well it turns out, you do - particularly as it relates to the safety and privacy of those visiting your site. Without HTTPS, anyone in the path between your visitor’s browser and your site or API can peer in on (or make modifications to) your content without you needing to be made aware of it. Governments, employers, and even especially internet service providers can and have been overseeing content without user consent. If having your users receiving content unmodified and safe from maliciously injected advertisements or malware...

June 25, 2019

Security, Security Related

Reading Time: 5 minutes

Even the most tuned-out of us will be aware of how Bitcoin seemingly went out with a whimper after arriving on the digital cryptocurrency scene with a bang a few years back. The same could be said for the hype about cryptocurrency as a whole, but of course now it’s made something of resurgence. Now it seems the acceptance of a global currency that’s not bound by the constraints of the world bank and international currency norms is an actual large-scale possibility, and no doubt we’re going to see a rush on bitcoin mining flare up again too. Whether or not you believe in the validity of cryptocurrencies and if they’ll ever gain a foothold in the world of e-commerce and beyond is one thing, but it would seem that Apple is forecasting it’s going to do that to at least some extent. To cut right to it, it seems that they’re preparing to let iPhone users turn their devices into hardware wallets that will allow them to store and use bitcoin and other cryptocurrencies for mobile purchases of pretty much everything. The bulk of us here at 4GoodHosting are like the staff you’d find at any leading Canadian web hosting provider in that we take a keen interest in any major shift in the web world landscape, and if cryptocurrency is now to gain traction like it was predicted to then that definitely qualifies. That and the fact that iPhone users likely make a good half of the majority of those of you, and so let’s look at what can we read into the possibility of iPhones becoming crypto wallets. iOS 13 – WITH CryptoKit At the recent Worldwide Developers Conference (WWDC) a few weeks back, Apple's new CryptoKit for iOS 13 was on display. What it will do is allow developers to easily create hashes for digital signatures and public and private keys that can be stored and managed by Apple's Secure Enclave. The keys will represent cryptocurrencies, which iPhone owners can then exchange as a form of payment through an app. This doesn’t necessarily mean that Apple is going down the cryptocurrency path, but if it is...

June 11, 2019

Domain Related, Hosting Related, Security, Security Related

Reading Time: 4 minutes

Many people lament the fact that the Internet can’t be an unimpeded digital information source and not have commercial interests to the extent it does. It would be nice if it was a fountain of knowledge that exists for everyone’s own information gathering exclusively, but living in the world we do when there’s a buck to be made somewhere the opportunity will be taken. It’s especially frustrating for people who aren’t big consumers and have never clicked on a link or purchased very little online. Google has recently moved to limit Chrome’s ad-blocking capabilities, and no doubt many of you using an ad-blocker will have already noticed this. Google also announced that this feature will not apply for Google’s paid G Suite Enterprise subscribers. Here at 4GoodHosting, we’re a Canadian web hosting provider who keeps our thumbs on the pulse of the digital world and the prospect of ad-free internet browsing only via paid web browsers would be a pretty big deal for nearly all of us who source information online. According to a recent study, as many as 40% of people browsing the web from laptops use an ad blocker. That’s a big group of people that aren’t viewing Google’s ads. So why’s this happening, and what’s the underlying current here? Beyond Blocked Blockers It’s been reported in the news how Chrome users - and developers of Chrome-friendly, ad-blocker extensions - are none too pleased with Google’s proposed changes to the Chrome Extensions platform. We have to go back to when Google announced Manifest V3, which constituted a set of proposed changes to Google Chrome’s Extensions platform. In it, specific changes to Chrome’s webRequest API were proposed with an eye to limiting the blocking version of it and this potentially would remove blocking options from most events and creating them as observational only. Content blockers would now use a different API instead, known as a ‘declarativeNetRequest.’ The Manifest concluded that this new API is “more performant and offers better privacy guarantees to users.” The reality is though that Google’s Manifest V3 changes will prevent Chrome’s ad-blocker extensions from using the webRequest API as it normally, but it will also...