Archive for the ‘Data Security’ Category

Recent WordPress Malware Highlights the Need for a Paid Webhost

Friday, January 2nd, 2015

If you’re on a WordPress site and you saw your search engine traffic suddenly dip to alarming levels, you might want to check if you’ve been using the Revslider plugin on your WP theme, and yes, it was Google that specifically blocked your site.

According to recent reports, Google has blacklisted over 11,00 WordPress domains and more than 100 thousand sites due to being affected by a new malware campaign from SoakSoak.ru The malware was Javascript that was injected via a vulnerability found in the WordPress plugin RevSlider, which is used in many WordPress themes so many site owners don’t even know that they are using the plugin.

The issue highlights the need for a paid webhost, for a number of reasons:

Prestige Technologies is a solid hosting company that guarantees the best in security and consistent quality service. Click here and check out the different plans. (more…)

A Quick Look at Mobile Security Development this Year

Wednesday, December 31st, 2014

Computer SecuritySince companies and even schools have allowed employees and students to bring their own devices to access online information in their institutions, people have become a bit more concerned about how secure their device operating systems are. After all, an unsecured system can pose a personal threat to, let’s say, someone who has all his medical information on his mobile device. To date, Apple’s iPad and iPhone are the favorites among companies with very strict policies when it comes to BYOD. This is because Apple has the most user-friendly interface, allowing mobile owners to more easily manage the content they’re willing to broadcast, share on iCloud, or keep privately in their phones.

Last year, Apple already made gigantic changes in its iOS7, with very little to add to its upgraded iOS8 this year. However, among the additions was the limitation of what can be transported to the iCloud, Apple’s online information vault. iOS8 no longer allows medical information to be imported to the iCloud, which means that if it is wiped out from the phone, it is gone forever. If company policies have disallowed iTunes, it cannot be imported there either. This is a huge disadvantage to some users, and despite the obvious security reasons behind the change, some users are a bit iffy about the shorted leash.

Prestige Technologies is a solid hosting company that guarantees consistent quality service and security. Click here and check out the different plans. (more…)

Website Tips: Secured Messaging Platforms

Tuesday, December 2nd, 2014

If you use Skype, Facebook chat, Whatsapp or any other Instant Messaging platforms on a regular basis, you might want to look for a more secure alternative. It goes double if you actually talk about things that require privacy. This is because the EFF evaluated 39 of the most popular messaging applications to date and found all of them wanting, unable to protect the user from the government’s ever-watchful eyes.

The EFF did recommend a few digital communications that are truly safe and secure due to the use of secure and “usable crypto.” These EFF-recommended tools include:

1. ChatSecure + Orbot (free, iOS and Android)
2. CryptoCat (free, iOS and Web-browsers)
3. Signal / RedPhone (iOS and Android)
4. Silent Phone (paid, iOS and Android)
5. Silent Text (paid, iOS and Android)
6. TextSecure (Android)
All Web Hosting plans of Prestige Technologies provides redundant security measures. Click here and check out the different plans.
The qualities that the EFF were looking for include the ability to encrypt data on transit, encryption that will make it so that the provider can’t read messages, the ability to verify contacts’ identities, secure past communications in the event of stolen keys, code that’s open to independent review, proper documentation, and audited code.

All the popular communication tools like Facebook chat, Google Hangouts, Skype, and WhatsApp failed all of EFF’s requirements except for encryption in transit and audited code. The exception is Skype, which failed audited code but passed the requirement for encryption so that the provider can’t read messages.

EFF’s findings and recommendations is especially important after Edward Snowden’s revelations, and should be taken seriously by people who value their privacy and don’t want any third party – government or not – snooping around their communications.

How China Censors the Internet and How You can Go Around It

Thursday, November 20th, 2014

Great wall of china-mutianyu 4A 2012 report by Freedom House, which is a U.S. organization that tracks global trends in political freedom, has ranked China as the 3rd most restrictive country in the world in terms of internet access, citing that only a small portion of the country’s 560 million internet users are able to browse websites that have been blocked by the Chinese government (which can be anything from adult sites to popular western services like Facebook and Google.)

The main motivation behind the extremely restrictive internet in China is because the government wants strict controls over its people’s browsing, effectively limiting the control of information and censoring content that they deem inappropriate. But how does China do it?

The Great Firewall of China

The Chinese government has two methods of exercising control over what its citizens can access on the web. First is a national firewall that has been dubbed as “The Great Firewall” by foreigners, as a pun on the country’s famous wonder. The national firewall was started in the late 90s and is active to this day, blocking specific websites (or rather only allowing specific websites and blocking the rest.)

The Golden Shield

The other way that the Internet is censored in China is through the Golden Shield, which is a system for domestic surveillance that goes as far back as 1998, having been set up by the Ministry of Public Security. Under the Golden Shield are local and provincial monitoring systems exclusive to specific government departments.

All Web Hosting plans of Prestige Technologies provides redundant security measures. Click here and check out the different plans. (more…)

The Benefit of Google HTTPS Algorithm for Web Hosting Companies

Thursday, November 13th, 2014

Google has recently made a statement pointing to a new company outlook that safe websites provide a more secure and better internet on the whole, which means that they will provide search preference to sites that provide secure connection through HTTPS to their website visitors; the statement lead to speculations that Google may add a new ranking indicator that gives weight to sites that use HTTPS.

Logo Google 2013 Official

The search engine’s official blog made a statement that all but confirms all the speculations. According to their blog post:

“Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”

Google’s move is certainly one that is much-needed. And it shows because their announcement is met with favorable responses from many website owners and web hosts, a contrast to the furor that their algorithm changes and patches usually inspire on the web. However, while Google has not said anything that points to sites without HTTPS prefix suffering from any ranking drops, it is where things will naturally go if the rankings of HTTPS sites are elevated. (basically, they’re not dropping in rank, but everyone else will be elevated. It boils down to the same thing.)

Click here and try Prestige Technologies’ 6 months free hosting. No Credit Card required.
(more…)

Things to Consider When Integrating Cloud in an IT Infrastructure

Tuesday, November 11th, 2014

cloud web hostingWhile there are still cloud naysayers among the crowd, there is no denying that cloud technology has matured enough to the point where it’s become foolish for organizations to avoid implementing at least one type of cloud solution for their IT infrastructure. If your organization falls into this category and you don’t want to be left behind, here are some of things you might want to consider:

Email

These days, implementing cloud based email solutions don’t really cost that much yet provides companies and its employees with several benefits, including the ability to access their mails (and therefore continue working) regardless of device or location. Additionally, a cloud-based email infrastructure will bring savings as it doesn’t require much in the way of maintenance and support compared to a traditional on-site email server.

Security

It may seem ironic because security is one of the key issues that slowed adoption of the cloud at the outset, but the technology has matured and now we have various security solutions that are based on the cloud. Leading security companies like McAfee and Norton now offer cloud-based security suites that make it easier for organizations to maintain security for their network without devoting too much local resources on security suites.

Backups

While it’s still important for companies to have on-site backups in order to facilitate fast recovery, off-site backups are a necessity in order to cover against various unforeseen and unfortunate circumstances that would take an on-site backup out of the equation. Cloud-based backups are exceptionally suited for these purposes as they will be hosted far away from the site and can be made redundant on several different locations all over the globe.

Click here to check Prestige Technologies’ Shared Hosting Plans. (more…)

What Wireless Hackers Don’t Want You To Know

Thursday, November 6th, 2014

WiFi made Internet access convenient, but as with any kind of technology, convenience usually has tradeoffs particularly in terms of security. If you think having a secure password and encryption on your wireless access point keeps you safe, then you’d be wrong and thinking the way hackers want you to think so that you can continue being vulnerable to their attacks.

Before you take the first steps towards protecting your wireless access point from intruders, you first need to know several things that hackers don’t want you to find out, such as:

WEP Encryption is Useless and Doesn’t Offer Any Protection

If you’re using WEP encryption in your wifi access point, then you’re basically operating under a placebo and you might as well just keep the router open to the public, because it literally takes mere minutes for hackers to gain access to access points using WEP encryption. Use a stronger type of encryption like WPA2. If your router doesn’t support any other encryption besides WEP, then chances are it’s too old that you have to replace it anyway.

MAC Filtering is Easily Defeated

Many savvy home administrators use MAC filtering so that only specific machines can connect to their wifi access point. However, a hacker can easily use a wireless packet capture program to eavesdrop on the traffic, find a MAC Address that’s being allowed on the network, and then spoof their own address to gain access.

All Web Hosting plans of Prestige Technologies provides redundant security measures. Click here and check out the different plans. (more…)

Lessons From the Scariest Security Threats

Tuesday, November 4th, 2014

One of the scariest security threats, particularly for companies who have a lot to lose in terms of finance and data, is what’s called Advanced Persistent Threats or APT. What makes it so much more scary than the average intrusion is that unlike the random hacking attempt, which is usually a hit-and-run because the perpetrators are scared of being traced and caught, APTs are highly sophisticated forms of cyber attacks that take a lot of time and careful planning on the side of the hackers, as they “settle in” on a network and mine sensitive corporate data for the long term.

By the time admins find out about APTs, it’s usually too late as too much data has already been compromised. In a lot of cases, the APTs are only found out when the hackers have already achieved their goal. Recent examples are the Target and Home Depot breaches, where the attacks were only found out after the perpetrators have already stolen billions of sensitive customer data and caused a big enough PR nightmare to get CEOs and CIOs fired.

Do not listen to upstart security professionals who thumb their nose and label APTs as just a marketing buzzword. It’s a dangerous (and financially ruinous) threat as outlined by the example above. However, the silver lining is that there are lessons to be learned from all the attention APTs have been getting as of late. Here are a few:

Prestige Technologies is a solid hosting company that guarantees consistent quality service. Click here and check out the different plans.

You’re Always a Target

Many companies get hit by APTs easily because they think they’re not a target. They think they’re small, that there’s no money to be had in hacking them, that they’re not popular enough to be noticed, and that it’s simply not worth it for the hackers. But perpetrators of APTs don’t care. They know that all businesses strive for growth, and even small ones will “ripen” over time, so they watch out for new targets and get in early while the company still feels safe because they are “not worth the effort.” When the company grows and becomes large enough to warrant increased security, it’s already too late as the APTs have already got in.

Security Threats Aren’t Always Technologically Advanced

When it comes to security, meticulousness is imperative and no detail however small should be ignored. The tendency for some security experts, particularly in massively important cases like APTs, is to assume that the perpetrators are highly organized and have access to the best tools and skills needed for an attack, sometimes missing things right under their noses – like a disgruntled former employee who got elevated access after buddying up to a network administrator.

Prioritize Security Over Maintaining Operations

It’s not just APTs. All hackers love it when companies are so determined to maintain their operations that they won’t even entertain the idea of a few hours of business disruption for the sake of increased security. They would rather leave a few things untouched as long as it’s a low risk. One key example of this is password resets. It is important that all accounts in the network get their passwords reset regularly, but sometimes businesses choose to leave a few accounts untouched because changing them would disrupt operations (either because the account is used by an executive who doesn’t want to go through the trouble of remembering a new password, or because some automated workstations would need to be taken down in order to update their code for the new credentials.) These unchanged passwords could make all the work on security worthless, as hackers will have the proverbial keys to the kingdom when they get their hands on them.

Realistic Web Hosting Expectations

Thursday, October 30th, 2014

You know the stereotypical portrayal of people having problems with phone networks. Outages are met with irate calls to customer support or even in written form. Consumers have very little patience for outages in these cases, but when it comes to web hosting problems, it would seem that users tend to be a little bit more forgiving. Why is this so? Are people generally just more realistic when it comes to web hosting expectations? There are a number of possible reasons for this:

Web Hosting Providers Offer Transparency and Accountability

Generally, when web hosting problems occur, web hosting providers are very transparent and admit liability. In Prestige Technologies’ case, for instance, the customer support serves as a way of connecting customers to people who can help with their problems, as opposed to some industries where customer support is used to deflect or delay customers’ complaints while the people who can help work at their own pace. Additionally, outages with web hosting can be measured and customers are usually given practical estimates on recovery time and restoration of services. Customers get a feeling that their problems are being worked on, instead of being led around in circles.

Higher Chances of Failure Due to New Technology

This started becoming a reality when cloud adoption became widespread. People understand that a new technology experiences birth pains, and there’s a complex infrastructure that need to be taken into account. They tend to expect some problems and aren’t taken completely off guard in the rare cases when problems do occur.
Click here and sign up for Prestige Technologies’ 6 months free plan. You will get all the benefits of a paid plan for FREE. NO credit card required. (more…)

Detecting the Undetectable Through Your Logs

Tuesday, October 21st, 2014

The strange thing about computer security in the corporate world is that many of the victims don’t even know about their own lapses in security, and only become aware after an attack has happened or if it’s noticed by a third party. In some of the worst cases, the lapses are only found years after the original vulnerability became existent, and after various hackers have already gone and infiltrated the system silently.

What makes things even more odd is that the lapse could have been caught easily because the evidence is found in their own event logs. They didn’t catch it because they simply didn’t look. Many of the big, million-dollar cyber crimes only happened because of this. It’s an issue of poor security due to negligence.

Click here and sign up for Prestige Technologies’ 6 months free plan. You will get all the benefits of a paid plan for FREE. NO credit card required. (more…)