News Categories
RSS Feed
News
Apr
27
HTTP, HTTPS, Not Secure, and what it means to you
Posted by Matt Kinne on 27 April 2017 03:57 PM

Security Warning Icons

Lately, you might have noticed that more and more websites are showing the words “Not Secure” in your web browser window. It might even be present on your site. Now, before you get worried that your data or your viewer's data is being compromised, let us explain this a little more in-depth. "Not Secure" is accurate, but may or may not be significant depending on how you are using your site.

In most cases, nothing on the site has changed to trigger this message, the browser is simply providing the user with data that already existed in a more direct manner. Recently, Chrome and Firefox have come out with a new update to their browsers which detect if websites have SSL certificates installed or not. You'll notice some websites that do not have an SSL certificate will say "Not secure" in the URL window while others won't say anything, as in the past.

There are two main reasons that the words “Not Secure” appear on a webpage since Chrome and Firefox’s latest update: password field and credit card fields. These are considered sensitive data, and if it is being sent over an unsecured website (http and not https), the data can be compromised.

This goes back to our earlier statement about how you use your website. If you are selling products, collecting user info (such as emails, content, etc.), or storing sensitive files on your web server, it is best to keep that information safe. If you are just using your website as a blog or as a landing page for your business, you probably don’t need to get an SSL certificate.

At the end of the day, if you have any questions about your website’s security, you can always ask Evolve Systems for recommendations. We are always happy to help.

Here is a good article from Google explaining the different security statuses: https://support.google.com/chrome/answer/95617?visit_id=1-636241568048158526-700204908&p=ui_security_indicator&rd=1


Read more »



Jan
12
Be aware of a highly effective Gmail phishing attack
Posted by Matt Kinne on 12 January 2017 11:34 AM

Gmail, one of the world's most popular email providers, has been the target of a highly effective phishing scam to get password information from Google accounts. Let us explain how it works and what you can do to prevent it from happening to you, friends, and co-workers.

The way the attack starts is that you will be sent an email from a compromised email address; it could be one of your known contacts if their account was hacked already. The email will include an image of what looks to be an attachment. Clicking on an attachment will typically expand it and show you a preview, but in this case the faux attachment will open a new tab, prompting you to sign into Gmail again. 

Google Sign In Page

This is where it gets tricky. The page, will look like a standard Google login page. This is where even highly technical people are getting fooled. Once you sign in to the look-alike Google login page, your data has been compromised.

How to avoid this from happening

The easily way to tell is that all of Google's websites are secured with an SSL certificate. That means all data transferred between your device and Google is encrypted. The dead giveaway on this phishing scam is to look at the URL in your browser window. We have a screenshot of what the actual phishing URL looks like courtesy of Wordfence. We have compared it side-by-side with the official Google URL for reference.

Secure vs. Unsecure Google URL

Now, when you compare that to Google's actual account page login, you will notice the green padlock and "https" text. That is how you know you are on a secure connection. Also making sure that the sign in page URL begins with https://accounts.google.com/ is a good way to check. The phishing URL above has https://accounts.google.com/ within it, but it starts with "data:text/html,". If you are unsure if the URL you are visiting is compromised, close it out and return to your Gmail or Google accounts page. 

Lastly, if you believe your data has been compromised, change your password immediately. Make sure to use a very secure password with numbers, special characters, and a length longer than 8 characters! Please spread the word to friends, family, and co-workers so we can minimize the impact of this phishing scheme. It is unknown at this moment if Google will employ any precautions to stop this from happening.


Read more »



Nov
4
Buckle-Up Internet, the next few days may be a little bumpy
Posted by Matt Kinne on 04 November 2016 11:20 AM

Internet Attack Map

You may have noticed things going on with the internet the past few weeks. Major sites such as Reddit, Twitter, Netflix, and many more experiencing connectivity issues in late October. This was caused by a distributed denial of service (DDoS) attack on Dynamic Network Services (Dyn), which routes internet traffic; it is part of the internet's address system. A DDoS attack is where many infected internet devices target a single system. These devices can be anything from a computer, phone, or even a baby video monitor. 

That leaves the question: "can't we just update the devices to prevent this?" In theory, yes we can updated computers and phones with the latest security patches, but when it comes to the Internet of Things (IoT), it's not that simple. The IoT are classified as everyday objects that have network connectivity. Some examples are thermostats, baby monitors, fridges, and the list continues to grow everyday. According to CSO, there are between 13 billion to 18 billion IoT devices in use today. Many of these devices have admin controls and have no way of being updated or patched.

Just as everything was starting to clear up, it seems like it is coming back once more. As of today (11/4) major sites such as EA, Netflix, Delta, and Craigslist have been experiencing issues intermittently. When attacks on the main internet infrastructure happen, it causes strain on the whole world wide web, not just the intended targets. Effects from large-scale DDoS attacks may or may not cause slow loading times on your company website. 

At Evolve Systems, we will continue to employ everything we can to protect your site. We are constantly monitoring servers and will continue to keep you updated with any developments. We don't know if anything will happen in the coming days, but according to a DHS Official, the attacks on October 21 could have been a trial run for a potential attack on Election Day. 

Just make sure to keep an eye out and remember to go out and vote!

 


Read more »



Aug
29
Education Ecommerce: Knowing platforms and their limits: Part 2
Posted by Matt Kinne on 29 August 2016 04:02 PM

Ecommerce options

Last month, we wrote the first part of Education Ecommerce, which went over four of the biggest platforms we use and briefly compared them. The big message we wanted to get across is that there is no "one size fits all" when it comes to ecommerce. Choosing a platform is a very important decision because it is a big investment when it comes to your business. The last thing you want to do is regret the cart platform your business choose, that's why we want you to help get it right the first try. We can make suggestions on which platform to pick, but it ultimately your choice as the customer.

What to look for when picking an ecommerce platform

One of the most important factors when choosing an ecommerce platform is making sure you a comfortable with the dashboard and how the platform functions. You can always change the appearance (front-end) of a platform, but the dashboard and back-end areas are not customizable. This is one of the easiest ways to narrow down your choice when picking between BigCommerce, Ecwid, OpenCart, and Shopify. You will be in the back-end of your online store quite a bit, fulfilling orders, adding products, etc., you don't want one you do not like.

 

There is a reason why every platform offers an easily accessible free trial, even they want you to pick the platform that is right for you. Like we stated in our last article about ecommerce, BigCommerce offers a 15 day trial, Shopify offers a 14 day free trial, and both OpenCart and Ecwid are free to use, so there is no excuse not trying out different platforms. It will make everything easier on both the development team as well as your team if you know what you’re picking before you get into it.

Ecommerce add-ons cover missing features

Not every platform ships with everything you need out of the box, but that’s what add-ons are for. BigCommerce, Ecwid, and Shopify have apps whereas OpenCart has modules. It is just another way to add dynamic functionality to your web store. Do you want to add the ability for customers to give reviews on your product? There’s an add-on for that.

 

It is good to make a list of which features you want for your online store and go through each platform’s respective app and modules library to see what is available. Some will be free, but be prepared to pay for additional functionality. Just remember, the necessities to open an online store are always included in each platform - the trick is uncover your needs and wants in your testing and explore the limits of your choices.

We are always here to help

At Evolve Systems, we want to help you as much as we can, that’s why this decision isn’t something you have to make on your own. That is far from it. We are here to help you choose which platform is best for your business, but we want to make sure you are comfortable with your choice and plans for the near future. We are here to provide as much guidance as possible.


Read more »



Jul
22
Education Ecommerce: Knowing platforms and their limits: Part 1
Posted by Matt Kinne on 22 July 2016 01:44 PM

Ecommerce options

Starting up an ecommerce store is a huge endeavor. It takes a lot of thought, just like opening up a storefront. There a multitude of things to take into account when you are opening a brick and mortar store: size of the building, location, is there room to grow, etc. Opening up an ecommerce store is no different. When choosing a platform to build your online store, you need to thoroughly analyze all options because you don’t want to be handcuffed down the road when things need to change.

There are many ecommerce platforms on the web and fortunately or unfortunately, they are all unique with different features. Because of these different features, you must choose wisely when picking a platform so your website can grow with your business.

Here at Evolve Systems, our two most prominent ecommerce platforms that we use are bigCommerce and X-Cart with the latter being replaced eventually by OpenCart. We also have plenty of experience with Ecwid and Shopify.

How many products will you be selling?

When picking a platform, one of the first questions you want to ask yourself is how many products are you going to sell and how much volume. There is no need for a full-scale ecommerce site if you’re only going to be selling a handful of items every month. The best option for you would most likely be Ecwid. On the other hand, if you do have a large volume, you want your customer’s experience to be as smooth as possible and probably don’t want to skimp on the basics. That means picking from bigCommerce, OpenCart, Shopify, or another platform.

We have gone and made a table to briefly show the difference between the four platforms. If you would like more information, please go to their respective sites via the links below.

 

Platform

Pros

Cons

Price per month

OpenCart

  • Open source - free

  • Product ratings and reviews
  • Highly customizable
  • Unlimited products
  • Not as easy to customize as the alternatives

  • Web page caching is not provided
  • Free - $0

Ecwid

  • Free with 10 or less products

  • Easy to use, plug and play on Facebook, WordPress, Drupal, etc.

  • Add to any website

  • No transaction fees

  • The more you pay, more support you receive 

  • Free - $0
  • Venture - $15
  • Business - $35
  • Unlimited - $99

bigCommerce

  • No transaction fees

  • Unlimited Products
  • 24/7 support
  • Product rating and reviews
  • Plans are associated with sales volume

  • Theme editor isn't as user-friendly as Shopify
  • Standard - $29.95
  • Plus - $79.95
  • Pro - $199.95
  • Enterprise - Call for pricing

Shopify

  • Unlimited products

  • 24/7 support

  • Free SSL certificate (all plans)

  • Unlimited products

  • Unlimited file storage
 
  • Transaction fee on third party payment gateways

  • Limited customization
 
  • Basic Shopify - $29
  • Shopify  - $79
  • Advanced Shopify $299

Now that we have gone over the very basics of a few ecommerce solutions, it gives you an idea of which direction you need to be headed in. The nice thing about the platforms is they are all available for a free trial of some sort so there is no need to commit to a platform right away. Shopify and bigCommerce offer 14 and 15 day trials respectively. Ecwid and OpenCart both can be used for free, no need to worry about a trial.

Next month we will go more in-depth into what functionality each platform offers and how the differ between each other. Our goal is to help you narrow down which ecommerce solution you will choose in the future.

 


Read more »



Jul
12
Education: CMS - Adding additional security to WordPress
Posted by Matt Kinne on 12 July 2016 11:37 AM

WordPress is one of the most used content management systems in the world by a large margin. According to Marketing Land, WordPress is on 25% of the world's websites as of November 2015. To compare, the next closest content management systems which are Joomla and Drupal, are just over 2% of the market share. Since WordPress is so popular and well-known, that means it's the perfect target for hackers. So now you're probably thinking, how can I add additional security to my WordPress site to keep the chances of hacking low? Don't worry, we're here to help.

There is no such thing as too much security

The internet is always changing, that means security needs to change along with it. That means that keeping your plugins up-to-date is very important. Updates aren't always just to add new features, most of the time they are to fix security vulnerabilities. There are a few plugins that we always install on our sites to provide the maximum amount of security.

Wordfence Security

Wordfence Security is an excellent avenue to take when it comes to bolstering the security of your website. Not only does it provide real-time scanning, but it also acts as a firewall. If you jump into the premium version, which we highly recommend, it includes the ability to block traffic from certain countries, check if your site's IP is generating spam, real-time threat defense feed and more.

Brute Force Login Protection

This plugin can be very helpful to stopping hackers from getting into your WordPress site. One way hackers find there way in is running a program on your login fields, randomly guessing usernames and passwords. So with Brute Force Login Protection, you can limit the amount of login attempts a user can make. Once they have used all of their login attempts, that IP address will be blacklisted.

Make a longer, more complex password

This one is by far the easiest and one of the most secure things you can do. We see a ton of WordPress sites that have basic passwords such as ChangeMe!, password123, admin123, and so on. Those definitely aren't secure and can almost be guessed without the help of a program. We use a website called Password Generator and use 16 character passwords. 

To give you an example, a password that is 8 characters long, only using lowercase alphabetical characters, has 208,827,064,576 options. That's over 200 billion different passwords! Now, if you were to add capitalization to the letters, that’s 53,459,728,531,456 options. If you were to add numbers and even special characters, you have yourself a very strong password. Increasing the length will only increase the amount of different passwords. Just don't make it abcdEF!#, that's still relatively simple. 

Not using comments? Disable them site-wide!

An easy way for hackers to use your site as a spam center is to comment and provide their links. This not only is not good for your site in the customer's eyes, but Google is not a fan of this. We use a lightweight plugin called Disable Comments. It is very easy to disable comments site-wide.

Math Captcha

To go along with having a stronger password and brute force protection, to make it really difficult on perspective hackers, we add a math captcha. Whenever someone goes to log into your site, they will have to complete the math captcha before they are able to sign in, even if they have the right username and password. 

Now, all of these plugins and methods do not guarantee that your site will not be hacked, but they will definitely help out and lower the chances. If you have any questions about WordPress security, or security in general, check out our official blog or feel free to contact us!

Don't forget to Subscribe to the Help Desk for weekly news updates!

Subscribe to Help Desk


Read more »




Help Desk Software by Kayako evolvehelpdesk.com/index.php?