Category: Security

February 23, 2015

Domain Related, Hosting Related, Security, Security Related

Reading Time: 5 minutes

What happens if we simply allow governments to make all the regulations and rules, not us, and let corporations argue about it, not us? That would be the clear merger of state and corporate power, which are the only two ingredients in the recipe for fascism; which has always occurred through all of the past two centuries of history under similar circumstance. Our case in point for this article is: Google Claims Opposition to New (without public consent) Rule that Gives American Federal Judges and their Government Omnipresent-Global Search Warrant Powers. The American “Advisory Committee on the Rules of Criminal Procedure” is quietly and slying consider changing a rule would allow judges to issue “ global warrants” to search computers (ie. your/anyone’s computer) and networks which are outside of the judge’s district. So, they wish to give the already outrageous NSA-spylike powers to all of their federal judges? If so, shouldn’t the American people be having some say on that particular huge issue? But they seem so utterly passive. Do the American people really need a “congress” to echo their concerns and trust that their elected officials vote likewise -> when today people can theoretically all take a vote simultaneously on the internet? The simple point is that individual citizens should claim their right to express their opinion publicly or privately over the internet without government suppression of it, nor interference. And why should we care? Because what happens in America certainly affects us here too; especially when pertaining to the internet. Back to the current scoop... Google has again surprised us all by just suddenly announcing an always-untimely proposed change to a procedural rule; which the google representative says could have “profound implications for the privacy and security of all web users”. read_more Into the nitty-gritty - American Federal Rule of Criminal Procedure 41 dictates that federal judges cannot issue warrants to search things outside of their district, with specific exceptions. The US Department of Justice asked the Advisory Committee to make changes to allow the government to conduct “remote access” searches of content stored in a location “concealed through technological means,” { they are also saying they don’t...

January 27, 2015

Domain Related, Hosting Related, Security, Security Related

Reading Time: 3 minutes

Forward: Pretty much all of us have heard or know that privacy rights no longer exist in the United States. Gone, finished, beyond recourse (except through using end-to-end encryption techniques ; however the NSA can probably still secretly grab your screenshot or logged keystrokes or live microphone through a backdoor partnership with Microsoft and Apple). Any per-existing privacy laws have been overwritten by new creepier laws that have paved the way for absolute intrusion into the American people’s personal world by their out-of-control government. Even if there are a few scraps of privacy protection in the states, it has become clear that any such laws are completely ignored by large and sophisticated spy organizations such as a the NSA. Edward Snowden’s whistle-blowing reports are a case in point. But did you know our home country of Canada has some of the most protective laws regarding internet privacy in the world, at least on paper? Our nation even has appointed a “Privacy Commissioner”: The Commissioner is currently Daniel Therrien. He was appointed on June 5, 2014. [ There have been eight Privacy Commissioners since the office was established in 1977. ] You even have the right to contact him or his office with your own related personal privacy concerns, anytime. More info: http://en.wikipedia.org/wiki/Privacy_Commissioner_of_Canada Here is his youtube channel: https://www.youtube.com/user/PrivacyComm The first incarnation of a privacy law came in 1977 when the Canadian government introduced data protection provisions into the Canadian Human Rights Act. read_more Then in 1982 The Canadian Charter of Rights and Freedoms stated that Canadians have "the right to life, liberty and security of the person" and "the right to be free from unreasonable search or seizure"; but strangely avoided using the word ‘privacy’. The following year, in 1983, the Federal Privacy Act regulated how federal government collects, passes around and utilizes people’s personal information. In the 90’s and 2000’s, other privacy legislation placed restrictions on the archival, the use and disclosure of citizen’s personal information by territorial and provincial governments, and likewise also by companies and institutions within the private sector. The latest ruling to emerge out of this fray is the recent June 2014 Canadian Supreme Court...

December 29, 2014

Domain Related, Hosting Related, Security, Security Related

Reading Time: 1 minutes

... the Pentagon has quietly built a multibillion-dollar cyberwarfare capability and trained its commanders to integrate these weapons into their battlefield plans. U.S. Cyber Command was officially stood up in 2010, based at Fort Meade in the Maryland suburbs of the nation’s capital, consolidating intelligence and cyberwarfare capabilities of the Army, Air Force, Navy and Marines under one house. Soon, billions of dollars were being invested in the concept that cyberattackers targeting America should be prepared to sustain their own damage. Little has been discussed in public about U.S. Cyber Command’s specific capabilities since, though budget documents detail a growing commitment to this form of warfare. The Pentagon’s cyberwarfare budget has grown from $3.9 billion in 2013 to $4.7 billion in 2014 and an estimated $5.1 billion in 2015. More at: original Washington Times December 22nd Article Link For an additional layer of internet security from many forms of spying and hacking, see information about our SSL certificates .

December 15, 2014

Domain Related, Hosting Related, Security, Security Related

Reading Time: 15 minutes

What are we talking about in this creative original blog post? How about a freshly deployed “blank content” completely-isolated-new-private-virtual-internet-environment; just like a starter internet on a different planet. In other words, imagine being on an internet where you and your friends are the only inhabitants of Mars but you are all connected through a common (and private) internet on the surface of that distant planet. We think you should be able to deploy and command your own completely isolated Virtual Private Internet (VPI) or perhaps better marketing name Virtual Private Planet (VPP); just add users! ) In this new age of omnipresent internet surveillance/spying/intrusions/ddos attacks, etc and creeping and shadowy “Orwellian” state takeovers, we here at 4GoodHosting thought thinking-up a new service offering, as private and secure as possible, could be a big value-add overall for our customers. So does the idea of a Virtual Private Server(VPS) still sound impressive? Well, try this instead... Virtual Private Internet(VPI) - or Virtual Private Planet (VPP - as private and secure as you and your friends and family living on another extremely distant planet and interacting over your own private internet). "Imagine" a virtual instance of an entirely other pre-configured "encapsulated internet" with almost no content stored in it, maybe just a couple of images and some started 'hello world!' webpages and templates and web builder programs. What if all “content” and logfiles were deleted from this internet, with just open-source webservers and virtualization software (vps - virtual private servers, instead of physical ones) and applications, programming languages, and scripts left on it? And then compiled and condensed into a VPI/VPP container with extra starter terabytes of storage (deeply encrypted by the VPP container) available only to itself and using its own entirely unique ip address protocol? As the whole container is encrypted other than its login sevice, so ,you would need to authenticate into, to get onto, that virtual private internet. Inside it, or on it, you could only request webpages and emails and voice communications from the other users within that self-contained virtual internet. Your ‘allowed-in’ VPI/VPP users can even pick their fantasy geographical location in your virtual fantasy world. Your...

December 9, 2014

Hosting Related, Security, Security Related

Reading Time: 4 minutes

A Scandinavian technology company, Fox IT, was one of the first discovers of a new threat to PHP based programs (such as WordPress, Drupal, Joomla, etc. ) The Fox IT CryptoPHP white paper is quite technical but we will summarize the issue for you here. It is about something termed ‘Nulled Scripts’ and given another label too, CryptoPHP. This is perhaps a new term to most of our customers. So what exactly are these so-called Nulled Scripts? Nulled scripts are scraps of PHP code, which can be found on free or otherwise non-approved WordPress plugin sites or even in WordPress theme archives; which have had their copy-protection removed. Various *pro* plugins and themes come with a serial number, or key, which enables paid features or provides access to download free upgrades. Nulled scripts have such protections removed (so that it is become ‘free’). There are many websites that are offering these nulled-scripts and also nulled WordPress plugins and theme installers. They shouldn’t be used because of the following problem: CryptoPHP explained The programmers who published the white paper have witnessed a drastic increase in the availability of nulled/corrupted scripts. read_more Of course it is not “new” news that alot of “free” WordPress plugins might have this kind of malware embedded in it; if it was not downloaded from a trusted source such as WordPress.org, WooThemes, WooThemes, Theme Forest, Drupal.org Joomla.org, etc. But this particular kind infection is more of a threat than previous malware because in it encrypts data before transmitting it back to its controlling servers; which of course can be located anywhere in the world. Identifying the infection is rather simple though: For example take this line of code: include('wpassets/images/someimage.png'); A web developer that could be reviewing the code should be suspicious of it because an 'image' is not supposed to be included this way into an PHP script. This “ include() “ function call is supposed to be used for importing PHP code. So this has turned out to be be a way of injecting malware PHP code contained in a fake image file. This devious technique isn’t readily detected by malware/virus scanners because most of the...

November 25, 2014

Hosting Related, Security, Security Related

Reading Time: 3 minutes

Do you ever feel like somebody is watching your back (and not your computer screen) when you are on the internet? Well Canada’s privacy law is still protecting you when you are online surfing. Our fellow Canadian Social media users are shielded from the complex details Terms of Service on many popular social services. Just because you are forced to check the many lengthy terms of service, that of course most of us don’t sit there for a half and hour and actually read, our privacy law trumps any provision that is against the grain of our current privacy law. "This overriding provision in our federal privacy legislation actually does provide protection for unexpected, unreasonable uses, even with consent," stated a Toronto-based lawyer and expert on internet law Barry Sookman. "So I actually think there is a standard here that applies that is fairly useful and is consumer friendly." “An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances." reads Canada's Personal Information Protection and Electronic Documents Act. This means that "the person has to agree to the terms," Sookman said. "So a person who simply accesses a social networking site and hasn't seen or hasn't had a reasonable opportunity to review the terms wouldn't be bound by them." If the policy had terms that a reasonable person wouldn't consider appropriate, then those terms may not be binding. "There’s two good examples of when a service’s privacy policy wouldn't be enforceable: either when a person hasn’t been put on notice that there’s going to be a policy that’s binding, or when it’s an unreasonable term." Depending on the service, when somebody accesses their website, many website companies automatically collect basic information to know, for example, where people are coming from and to know if they are a returning visitor. Those kind of data collection is rather hidden and it is automated usually to facilitate the operation of their site. When data collection crosses the line: read_more Where there is some completely unexpected use of one's personal information, matters “may go over the line.”. "So the test in...

November 18, 2014

Domain Related, Hosting Related, Security, Security Related

Reading Time: 3 minutes

Did you know what google gives a very slight ranking boost to websites that use SSL (https://...) encryption? There are other more significant reasons for your website to offer secure connections to your website visitors, especially if your website conducts ecommerce or credit card transactions. Nowadays, people everywhere have to purchase a SSL certificate if they want to offer secure/private connections to their website visitors. However, that might just be a thing of the past with https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html As their website explains: “ The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update. Let’s Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process. Mozilla Corporation, Cisco Systems, Inc., Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc., and researchers at the University of Michigan are working through the Internet Security Research Group (“ISRG”), a California public benefit corporation, to deliver this much-needed infrastructure in Q2 2015. The ISRG welcomes other organizations dedicated to the same ideal of ubiquitous, open Internet security. The key principles behind Let’s Encrypt are: Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost. Automatic:The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background. Secure:Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices. Transparent:All records of certificate issuance and revocation will be available to anyone who wishes to inspect them. Open:The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source. Cooperative:Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the...

September 25, 2014

Hosting Related, Security, Security Related

Reading Time: 2 minutes

Dear Customer and/or blog visitor, Please do see this important video presentation. It is certainly worth the time it takes us to wake up to what has really being going on: http://vimeo.com/106681730 For your information, when people send you email to your 4GoodHosting hosted website account (for example: me@my-very-own-site.ca ), or when you send email to another person at another 4GoodHosting hosted website, your email conversation is 'really' or 'actually' "private" - just like real snail-mail used to be. We actually do honor your right to control your private information and to guard it from information wholesaling. We don't look, share, or sell any of your private information. We believe in doing this, and we base our business model on respecting your wishes. But when you email somebody at a @gmail.com account, then your email is definitely wide open to at least google (and who-knows-who-else ultimately gets a copy of it from them throughout the future). Basically if you have a conversation with somebody using google mail (gmail, or yahoo mail, etc.) then your conversation is being recorded for prying eyes and will be potentially/possibly used to profile you to interested parties throughout the future. That's just one point of this eye-opening presentation. We are recommending this video been seen by you, because we believe in the old-fashioned concepts of personal privacy. If you feel the same way, please share the link of this article with your friends. https://4goodhosting.com/blog/value-privacy/ read_more Thank you for your patronage and time reading this.

September 2, 2014

Hosting Related, Security, SEO Related

Reading Time: 3 minutes

One effective, yet costly, way to help drive traffic to a website is through the use of PPC (pay per click; google-adwords) advertisements. Yet google has found a way and, by the end of the this month, are enforcing us all to use the new adwords policy termed "Close variant keyword matching". But what does this really mean? This article is not authored by google, therefore we will skim over the positive spin that they would automatically inject into their new campaigns, but rather focus on some potential drawbacks. If you read google's articles about it, it sounds like a good thing; and google plays it up that advertisers already using the new close variant method claim to see an increase in traffic. That may be true: but what is the cost of all the extra ad-impressions being served out?; and perhaps also errant click-thrus by people searching for something 'slightly different '. So say that you have been used to paying google to advertise your site for keywords " women's floral skirts ". So, under the new policy, on he default close-variant matching option "Broad match", web searchers typing in "women's floral shirts " or even "colorful female shirts " might be presented with your ad. Google might *think* there is a possibility that perhaps a typographical error happened when a person typed in 'shirts' and your ad for 'skirts' might pop up. This is just one tiny example, as the total domain of possibilities is immense. Perhaps you can quickly think of your own example(s) too. read_more For a detailed description of the new policy, you can go to these two links that google has presented to the public on this important new topic: https://support.google.com/adwords/answer/2497836 http://adwords.blogspot.de/2014/08/close-variant-matching-for-all-exact.html ... together with the following exhausting, potentially headache inducing, document that google has published named "Keywords to the Wise-Cultivating Demand with Keyword Strategies": http://services.google.com/fh/files/blogs/google-keywords-to-the-wise.pdf 4GoogHosting does not always endorse Google's ranking algorithm adjustments, strategies, and new procedures that we are all occasionally compelled (by Google) to follow. A computer program that google frequently internally hacks on and tweaks is the new judge, jury, and ranking executioner for all of us. The topic...