Category: Security

December 29, 2014

Domain Related, Hosting Related, Security, Security Related

Reading Time: 1 minutes

... the Pentagon has quietly built a multibillion-dollar cyberwarfare capability and trained its commanders to integrate these weapons into their battlefield plans. U.S. Cyber Command was officially stood up in 2010, based at Fort Meade in the Maryland suburbs of the nation’s capital, consolidating intelligence and cyberwarfare capabilities of the Army, Air Force, Navy and Marines under one house. Soon, billions of dollars were being invested in the concept that cyberattackers targeting America should be prepared to sustain their own damage. Little has been discussed in public about U.S. Cyber Command’s specific capabilities since, though budget documents detail a growing commitment to this form of warfare. The Pentagon’s cyberwarfare budget has grown from $3.9 billion in 2013 to $4.7 billion in 2014 and an estimated $5.1 billion in 2015. More at: original Washington Times December 22nd Article Link For an additional layer of internet security from many forms of spying and hacking, see information about our SSL certificates .

December 15, 2014

Domain Related, Hosting Related, Security, Security Related

Reading Time: 15 minutes

What are we talking about in this creative original blog post? How about a freshly deployed “blank content” completely-isolated-new-private-virtual-internet-environment; just like a starter internet on a different planet. In other words, imagine being on an internet where you and your friends are the only inhabitants of Mars but you are all connected through a common (and private) internet on the surface of that distant planet. We think you should be able to deploy and command your own completely isolated Virtual Private Internet (VPI) or perhaps better marketing name Virtual Private Planet (VPP); just add users! ) In this new age of omnipresent internet surveillance/spying/intrusions/ddos attacks, etc and creeping and shadowy “Orwellian” state takeovers, we here at 4GoodHosting thought thinking-up a new service offering, as private and secure as possible, could be a big value-add overall for our customers. So does the idea of a Virtual Private Server(VPS) still sound impressive? Well, try this instead... Virtual Private Internet(VPI) - or Virtual Private Planet (VPP - as private and secure as you and your friends and family living on another extremely distant planet and interacting over your own private internet). "Imagine" a virtual instance of an entirely other pre-configured "encapsulated internet" with almost no content stored in it, maybe just a couple of images and some started 'hello world!' webpages and templates and web builder programs. What if all “content” and logfiles were deleted from this internet, with just open-source webservers and virtualization software (vps - virtual private servers, instead of physical ones) and applications, programming languages, and scripts left on it? And then compiled and condensed into a VPI/VPP container with extra starter terabytes of storage (deeply encrypted by the VPP container) available only to itself and using its own entirely unique ip address protocol? As the whole container is encrypted other than its login sevice, so ,you would need to authenticate into, to get onto, that virtual private internet. Inside it, or on it, you could only request webpages and emails and voice communications from the other users within that self-contained virtual internet. Your ‘allowed-in’ VPI/VPP users can even pick their fantasy geographical location in your virtual fantasy world. Your...

December 9, 2014

Hosting Related, Security, Security Related

Reading Time: 4 minutes

A Scandinavian technology company, Fox IT, was one of the first discovers of a new threat to PHP based programs (such as WordPress, Drupal, Joomla, etc. ) The Fox IT CryptoPHP white paper is quite technical but we will summarize the issue for you here. It is about something termed ‘Nulled Scripts’ and given another label too, CryptoPHP. This is perhaps a new term to most of our customers. So what exactly are these so-called Nulled Scripts? Nulled scripts are scraps of PHP code, which can be found on free or otherwise non-approved WordPress plugin sites or even in WordPress theme archives; which have had their copy-protection removed. Various *pro* plugins and themes come with a serial number, or key, which enables paid features or provides access to download free upgrades. Nulled scripts have such protections removed (so that it is become ‘free’). There are many websites that are offering these nulled-scripts and also nulled WordPress plugins and theme installers. They shouldn’t be used because of the following problem: CryptoPHP explained The programmers who published the white paper have witnessed a drastic increase in the availability of nulled/corrupted scripts. read_more Of course it is not “new” news that alot of “free” WordPress plugins might have this kind of malware embedded in it; if it was not downloaded from a trusted source such as WordPress.org, WooThemes, WooThemes, Theme Forest, Drupal.org Joomla.org, etc. But this particular kind infection is more of a threat than previous malware because in it encrypts data before transmitting it back to its controlling servers; which of course can be located anywhere in the world. Identifying the infection is rather simple though: For example take this line of code: include('wpassets/images/someimage.png'); A web developer that could be reviewing the code should be suspicious of it because an 'image' is not supposed to be included this way into an PHP script. This “ include() “ function call is supposed to be used for importing PHP code. So this has turned out to be be a way of injecting malware PHP code contained in a fake image file. This devious technique isn’t readily detected by malware/virus scanners because most of the...

November 25, 2014

Hosting Related, Security, Security Related

Reading Time: 3 minutes

Do you ever feel like somebody is watching your back (and not your computer screen) when you are on the internet? Well Canada’s privacy law is still protecting you when you are online surfing. Our fellow Canadian Social media users are shielded from the complex details Terms of Service on many popular social services. Just because you are forced to check the many lengthy terms of service, that of course most of us don’t sit there for a half and hour and actually read, our privacy law trumps any provision that is against the grain of our current privacy law. "This overriding provision in our federal privacy legislation actually does provide protection for unexpected, unreasonable uses, even with consent," stated a Toronto-based lawyer and expert on internet law Barry Sookman. "So I actually think there is a standard here that applies that is fairly useful and is consumer friendly." “An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances." reads Canada's Personal Information Protection and Electronic Documents Act. This means that "the person has to agree to the terms," Sookman said. "So a person who simply accesses a social networking site and hasn't seen or hasn't had a reasonable opportunity to review the terms wouldn't be bound by them." If the policy had terms that a reasonable person wouldn't consider appropriate, then those terms may not be binding. "There’s two good examples of when a service’s privacy policy wouldn't be enforceable: either when a person hasn’t been put on notice that there’s going to be a policy that’s binding, or when it’s an unreasonable term." Depending on the service, when somebody accesses their website, many website companies automatically collect basic information to know, for example, where people are coming from and to know if they are a returning visitor. Those kind of data collection is rather hidden and it is automated usually to facilitate the operation of their site. When data collection crosses the line: read_more Where there is some completely unexpected use of one's personal information, matters “may go over the line.”. "So the test in...

November 18, 2014

Domain Related, Hosting Related, Security, Security Related

Reading Time: 3 minutes

Did you know what google gives a very slight ranking boost to websites that use SSL (https://...) encryption? There are other more significant reasons for your website to offer secure connections to your website visitors, especially if your website conducts ecommerce or credit card transactions. Nowadays, people everywhere have to purchase a SSL certificate if they want to offer secure/private connections to their website visitors. However, that might just be a thing of the past with https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html As their website explains: “ The challenge is server certificates. The anchor for any TLS-protected communication is a public-key certificate which demonstrates that the server you’re actually talking to is the server you intended to talk to. For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update. Let’s Encrypt is a new free certificate authority, built on a foundation of cooperation and openness, that lets everyone be up and running with basic server certificates for their domains through a simple one-click process. Mozilla Corporation, Cisco Systems, Inc., Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc., and researchers at the University of Michigan are working through the Internet Security Research Group (“ISRG”), a California public benefit corporation, to deliver this much-needed infrastructure in Q2 2015. The ISRG welcomes other organizations dedicated to the same ideal of ubiquitous, open Internet security. The key principles behind Let’s Encrypt are: Free: Anyone who owns a domain can get a certificate validated for that domain at zero cost. Automatic: The entire enrollment process for certificates occurs painlessly during the server’s native installation or configuration process, while renewal occurs automatically in the background. Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices. Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them. Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source. Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a...

September 25, 2014

Hosting Related, Security, Security Related

Reading Time: 2 minutes

Dear Customer and/or blog visitor, Please do see this important video presentation. It is certainly worth the time it takes us to wake up to what has really being going on: http://vimeo.com/106681730 For your information, when people send you email to your 4GoodHosting hosted website account (for example: me@my-very-own-site.ca ), or when you send email to another person at another 4GoodHosting hosted website, your email conversation is 'really' or 'actually' "private" - just like real snail-mail used to be. We actually do honor your right to control your private information and to guard it from information wholesaling. We don't look, share, or sell any of your private information. We believe in doing this, and we base our business model on respecting your wishes. But when you email somebody at a @gmail.com account, then your email is definitely wide open to at least google (and who-knows-who-else ultimately gets a copy of it from them throughout the future). Basically if you have a conversation with somebody using google mail (gmail, or yahoo mail, etc.) then your conversation is being recorded for prying eyes and will be potentially/possibly used to profile you to interested parties throughout the future. That's just one point of this eye-opening presentation. We are recommending this video been seen by you, because we believe in the old-fashioned concepts of personal privacy. If you feel the same way, please share the link of this article with your friends. https://4goodhosting.com/blog/value-privacy/ read_more Thank you for your patronage and time reading this.

September 2, 2014

Hosting Related, Security, SEO Related

Reading Time: 3 minutes

One effective, yet costly, way to help drive traffic to a website is through the use of PPC (pay per click; google-adwords) advertisements. Yet google has found a way and, by the end of the this month, are enforcing us all to use the new adwords policy termed "Close variant keyword matching". But what does this really mean? This article is not authored by google, therefore we will skim over the positive spin that they would automatically inject into their new campaigns, but rather focus on some potential drawbacks. If you read google's articles about it, it sounds like a good thing; and google plays it up that advertisers already using the new close variant method claim to see an increase in traffic. That may be true: but what is the cost of all the extra ad-impressions being served out?; and perhaps also errant click-thrus by people searching for something 'slightly different '. So say that you have been used to paying google to advertise your site for keywords " women's floral skirts ". So, under the new policy, on he default close-variant matching option "Broad match", web searchers typing in "women's floral shirts " or even "colorful female shirts " might be presented with your ad. Google might *think* there is a possibility that perhaps a typographical error happened when a person typed in 'shirts' and your ad for 'skirts' might pop up. This is just one tiny example, as the total domain of possibilities is immense. Perhaps you can quickly think of your own example(s) too. read_more For a detailed description of the new policy, you can go to these two links that google has presented to the public on this important new topic: https://support.google.com/adwords/answer/2497836 http://adwords.blogspot.de/2014/08/close-variant-matching-for-all-exact.html ... together with the following exhausting, potentially headache inducing, document that google has published named "Keywords to the Wise-Cultivating Demand with Keyword Strategies": http://services.google.com/fh/files/blogs/google-keywords-to-the-wise.pdf 4GoogHosting does not always endorse Google's ranking algorithm adjustments, strategies, and new procedures that we are all occasionally compelled (by Google) to follow. A computer program that google frequently internally hacks on and tweaks is the new judge, jury, and ranking executioner for all of us. The topic...

July 8, 2014

Hosting Related, Security, Security Related

Reading Time: 3 minutes

Benefits of Shared Web Hosting Affordable cost - The benefits shared hosting come in terms of cost as you share a common server with other clients of the web hosting company. With this, we can save money so that we can offer you the services at a lower cost. With less than $10 per month, you can get two different plans of shared hosting. If you consider the features that you are able to get today, our web hosting packages will be more effective and gives excellent value. Simplicity – We maintain the servers and their associated hardware in our peer data center, provide you with the connectivity and along with it, we will maintain all the server administrative tasks that are complex for you. For those people who don't know or who don't have the necessary manpower to run severer or who just need to focus on the critical aspects of their business, shared hosting is a perfect solution. read_more Apart from this, tools such as control panel software and our 4GoodHosting/4GH website builder will make the environment of shared web hosting easy to understand. Even the most technically challenged can succeed because of the rapid evolution in this type of web hosting technology. For more information on shared web hosting, see: Canadian Web Hosting Are you developing a shared hosting account? Performance problems: Sometimes performance varies. For example, if you are having average traffic to your website when compared to Joe who is sharing the server with you has a sudden burst in the traffic. To be frank, in shared web hosting, there is a chance of your website getting affected with neighborhood traffic, which causes the sever delays for a second when it is serving pages. One more issue with shared environment is security that is not sealed-off in shared hosting. Although we are able to provide abundant power to our customers these days, all that requires is one amateur web master to misuse the .htaccess, or another sensitive component for creating a problem on the server. Our server engineers will always diagnose and resolve the problems quickly and will be available 24/7. Your web applications will...

June 10, 2014

Hosting Related, Security, Security Related

Reading Time: 5 minutes

It has been roughly a year back the truth that US national security agency NSA has been accumulating huge amounts of personal data on American and other international citizens secretly. This year, a year after Edward Snowden leaked the documents on how and to what extent government has collected huge amounts of personal data, he has become an icon of the movement that demands more transparency from government agencies when they are using Internet technologies for the purpose of surveillance. However, transparency is just a one-way street in that regard to this heavily corrupted and non-constitutional government. They want to know everything you are doing but they want you not to know how they are spying on you, and are secretive in dozens if not hundreds of other ways. Dauntless and strident calls for reforms in government government surveillance are coming from the companies that hold large amount of customer and client data on the Web. The compulsions come in the form of threats of prosecution through court orders issued by the Foreign International Surveillance Court. The orders seek the information without intimation of such a move to the customer. This sounds like the Nazi era during World War II. The companies who are responsible for personal data are working over strengthening their security backbone through encryption of customer's data at least at some key junctions. The move came after NSA managed to intercept customer data flowing between various private data centers of Google. read_more Tech companies are of the view that government can take considerable steps to safeguard the consumer's data and protect them from unreasonable access to government agencies. But in contrast, government seems to be working in violating the 4th amendment rather than protecting it. An interest group named Reform Government surveillance is working to bring together the large hitech companies like Google, Yahoo, Apple, Dropbox, Microsoft and others to address the government to help them in bringing back the lost faith in their Internet user community. They believe that the surveillance of the government should be constricted by clearly demarcated by laws and the laws should be transparent. They should be proportional to the risks and...