Loading....

What’s Rubbing-Up Against YOUR Website?

CloudFlare IDS

Or who, for that matter.  If you think your website just sits there and serves pages to friendly visitors, you’re missing out on all the fun that’s going on behind the scenes.  Properly securing a website + ongoing maintenance are critical to preventing your site from being “hacked”.

Websites are not a “set it and forget it” sort of thing.  Server logs should be inspected on a regular basis.  An Intrusion Detection System should be in place.  Updates for software should be installed on a regular basis.  WordPress must be updated and maintained and if you ignore this maintenance, you’ll have some friends coming to visit you…

CloudFlare IDS
CloudFlare IDS | Click to Enlarge

And what are these “friends” doing on your website?  Just running some friendly Dictionary Attacks, that’s all…

Dictionary Attacks
Dictionary Attacks | Click to Enlarge

Attempting to log in as ‘admin’…

Admin Login Attempts
Admin Login Attempts

If you have a WordPress site, unsuccessful login attempts are not blocked, so someone can try to log in to your admin page over and over again without you ever knowing.  That is, unless you have the right tools in place.  At the very least, make sure you install the Limit Login Attempts plugin.

Security is a multi-layer approach, so don’t think there is just one simple solution to secure your website.  Make sure you or someone is maintaining your website, installing the latest updates, pruning as many attack vectors as possible, checking your logs, etc.

If you have any questions, feel free to comment below or Contact Us!

[Critical] Vulnerabilities In Adobe Reader and Acrobat | Affects Linux, Macintosh, and Windows

Acrobat Vulnerability

Critical security vulnerabilities in Adobe Acrobat and Adobe Reader have been identified and Adobe has issued a security advisory.  These are being actively exploited in the wild by sending users malicious PDF files.

This affects users of Linux systems, Macs, or Windows.

Told You So

Adobe is recommending users enable Protected View  via Edit > Preferences > Security (Enhanced).

Reader/Acrobat Protected View
Protected View | Click to Enlarge

Unfortunately, this security feature is not enabled by default.  Thanks, Adobe.

This is one of the many reasons we recommend using SumatraPDF (via Ninite.com).  It is lightweight, functional, and it’s one additional layer of protection against attacks.

For clients on our System Monitoring w/ Patch Management service, we will be addressing this issue for you.

ConsignPro and Liberty Are Incompatible with Gmail

Secure Email

ConsignPro and Liberty are incompatible with Gmail or any secure email service.

Liberty4 Consignment Incompatible with Gmail
Liberty4 Consignment Incompatible with Gmail

[hr]

ConsignPro Incompatible with Gmail
ConsignPro Incompatible with Gmail

Although Liberty made attempts to partially support it, it is not compatible with secure connections to Gmail today.

Why is it that free software has had built-in SSL/TLS support for years, but consignment software vendors who sell their software for $1,000 on up, haven’t added this most-basic of features?  It truly is a few lines of code, literally.  We’ve seen a lot of crappy “workarounds” which only break systems.

ConsignmentTill offers support for SSL, but in our testing the application locked-up when attempting to Test settings.

ConsignmentTill Incompatible with Gmail?
ConsignmentTill Incompatible with Gmail?

We’ll follow-up again with additional details.

ConsignmentTill supports TLS on port 587…

ConsignmentTill Supports Gmail
ConsignmentTill Supports Gmail

SBS’ The Consignment Shop supports SSL…

SBS' The Consignment Shop Software Supports SSL
SBS’ The Consignment Shop Software Supports SSL

There’s just no excuse for not supporting secure email connections and we’d like to see the consignment software vendors step up to the plate here and address this issue.  Too busy?  Too many other features to add?

By all means, if you’re a software vendor and have any feedback as to why this hasn’t been added or available for years, feel free to post your comment below.

Updated 2/18/2013 @ 3:11 PM EST – Added SBS SSL info.

Updated 2/18/2013 @ 5:35 PM EST – Added ConsignmentTill TLS info.

Patch Tuesday To Address 57 Security Vulnerabilities

Windows Updates Patch Tuesday

Tomorrow is Patch Tuesday and this one’s a big one.  Microsoft is releasing a dozen updates that will address a whopping 57 security holes.  So chances are, this just means another Manic Wednesday for some users.

Some tips to help avoid bumps on Patch Tuesday:

[checklist]

  • When you leave for the day, close any programs or files you’re working on.  Running applications, un-saved files, etc. can all affect the Windows Update process, especially come time to shutdown/reboot.
  • Ensure your computer is running on a stable power source + an Uninterruptible Power Supply.  Even just a slight sag in power can have a major impact on a system.  It’s just not worth it to not protect your data with a battery backup.
  • If you see Windows Updates in progress when rebooting or when powering-on, be patient.  Sometimes it can take 5, 10, even 15+ minutes to “chew” on all of these updates.

[/checklist]

Don’t forget to patch your other applications as well, such as Acrobat Reader, Flash, etc.  Java should be fully removed unless absolutely required.  If you’d like to have The Computer Peeps handle automatic patch management for you, as well as complete system monitoring, we offer those services on a monthly basis with no contracts.  Whether it’s us, you, or another tech, someone needs to be patching your systems.

What are you doing for patch management at your consignment store?  Comment below if you have any questions!

Edit 2/11/2012 6:46 PM EST: Fixed a typo.

How To Install AdBlock Plus for Firefox [Video]

AdBlock Plus

Here is a quick video tutorial on how to download the free AdBlock Plus add-on for Firefox…

You can install the AdBlock Plus add-on, or any add-on, via your Firefox Button, then Add-ons

Firefox Add-on

The very first result is for AdBlock Plus – click Install

AdBlock Plus Add-on
AdBlock Plus Add-on | Click to Enlarge

We strongly recommend utilizing ABP not just to hide annoying ads, but as another layer of security for your system.  Many legitimate websites can have their 3rd party ads compromised, so just by using ABP, you are reducing some of the potential attack vectors you may encounter.

Speedtest.net Recently Compromised

Speedtest.net

The most popular internet speedtest site, Speedtest.net, was recently compromised.  They have since fixed the issue and the site is no longer infected, but if you visited the site within the last few days and if you have Java installed, lookout.

Invincea has a fantastic dissection of the payload the infected site was delivering.  This is a great opportunity to discuss how completely legitimate websites – e.g. Speedtest.net – can infect your system.  It doesn’t have to be a *questionable* website or suspicious email that leads to infection.  Websites can be compromised in any number of ways and commonly, 3rd party ads on websites are how malicious activity can sneak-in.

There is no single solution to security.  Security is a multi-layered approach.  With AdBlock and NoScript installed, you’re knocking off a good chunk of attacks before they even get a chance to start.  By running ESET Nod32 antivirus and Malwarebytes’ Anti-Malware Pro, you’re giving your system the best chance at fighting off anything that makes its way onto your system.  Changing your DNS to a faster and more-secure service, such as Google Public DNS, Comodo, or OpenDNS, helps keep the pool of sites you bump into, as safe as possible.  A hardware firewall, updated applications (and only essential applications installed), and user-awareness add to the security sandwich.

So keep your wits about ya, folks.  Don’t think that just because you’re browsing legitimate sites, you’re not vulnerable to attack.

For those interested in an alternative to Speedtest.net, there is an HTML5/no Java/no Flash service provided by SpeedOf.Me.

Over 80 Million Routers Vulnerable to UPNP Security Flaw

Router Bug

Universal Plug and Play or UPNP, is a feature that is supposed to make connecting networked devices easier for end-users.  According to security experts, over 80 million unique devices responded to their public internet request.

Essentially, they sent out a question and over 80 million routers – e.g. the one in your living room, the one at your consignment store, etc. – responded.  That’s not good, to say the very least.

[info_box style=”warning”]It is recommended that you disable UPNP in your router immediately, if you have not done so already.[/info_box]

Log in to your router and locate the UPNP option – typically just a box you un-check.  Make sure you have a backup of your router’s configuration before making any changes.  You might need to reboot any devices connected to the network as well.  Keep in mind, this could “break” any devices’ connections that were not manually setup and instead utilized the UPNP shortcut.

Back To Top