Google Chrome to stick ‘Not secure’ on pages with search fields

To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

Chrome currently indicates HTTP connections with a neutral indicator. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.

A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.

Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.

In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

Outdated WordPress Software

Panama Papers Breach Attributed to Outdated Sites

Security-Breach Just like the software on your PC, your Content Management Software (CMS) (or for most, your WordPress Software) for your website also needs to be kept up-to-date.

Failing to keep the software up-to-date means that your website has the potential to be exploited. This could result in your data being stolen (or your customer’s data), your website being blacklisted as a security threat or even all of your website being deleted. While Conetix is responisble for the security of the network and the server itself, the security of your website (and all software updates) is the responsibility of the client.

Warning: Failure to keep your site up-to-date may result in your website being defaced or if it’s used for malicious activities it will be suspended.

Tips to keep your CMS software up-to-date:

Use a platform which is easy to update (eg WordPress)
Login frequently to your admin area in order to check for updates
Don’t forget to update all plugins and themes as well.
Contact us to organise for use to do this on a weekly or monthly basis for you

A recent write up explains how the sites owned by the Panama Papers Breach were left vulnerable.
See write up.

So imagine your site being hacked? Imagine your site having your content stolen from.

Do something about it today. Call us to discuss your options.

Ransomware Strikes Websites

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker).

Ransomware infections were first seen in 2013 and have been on the increase since then. Today it is one of the most pervasive online threats that Internet users and businesses face. Traditionally, ransomware has only affected personal computers and the malware is often distributed through hacked websites.

Every Week we hear of someone who computer has been infected. Just recently ( Jan 2016) there is a new email coming out disguised as Australia Post. Telling you that a parcel could not be delivered and to click here for more info.

Over the last few months there has been a new development with ransomware attacks: They’ve started to infect websites themselves. Yes so if you are reading this and you have a website, BEWARE!!!

These attacks infect and encrypt the website files and then demand payment. The files on the server are inaccessible and the homepage is defaced with a warning that the website has been held hostage.

Have you seen this? You dont want too.

Ransom

Unsurprisingly, vulnerabilities in outdated software seem to be the main method of distribution. Remember web admins: Update, update update!

Ransomware Is Now Targeting Websites

Usually websites are used to spread PC-based ransomware; visiting the infected website will launch the virus onto your machine, encrypting its contents. Before it was also commonly distributed through tech support scams and bogus e-mails, but now we see website admins fall victim as well. Magento e-commerce sites seem to be a big target of this new website ransomware, but it is by no means limited to them. ALL websites are now at risk.

Once the attackers have access to your server, (where your website is hostedthey encrypt all your site files and have the extension of .encrypted added to the file name rendering them useless:

There was a flaw in the way the files were encrypted, and it was possible to return then to a state or good health, however the attackers caught wind of their design flaw and now it is even hard to rectify. So without a clean backup, you might find yourself having to rebuild your entire website (unless you want to take the risk of paying the ransom fee which there is no guarantee you will ever get the key to fix the files).

Whats even worse, is this malware can spread to other websites in the same hosting environment making a bad situation much worse. So if you have more than one website

Just like your computer backups, website backups are Critical

If you are unfortunate enough to have your website infected with this ( or any) malware, your only option is to revert to a recent backup, change all login detailss and update all software. If you dont do backups, then when you get hit, you will understand why we impress on our customers to backup Backup BackUP!!!!. If you don’t already do backups, then we can take some steps for you to ensure you have a backup handy.

If you find yourself having to get your website rebuilt after such an infection, then you will be kicking yourself, and wondering why you never got us to do a backup for you. Once it has happened, it is too late.

The very least you should do for your site is to put your site behind a website firewall to help prevent attacks before they even reach your site. We can recommend a hosting company that bends over backwards to prevent this sort of thing happening..

If you would like to talk to us then please call or head over to our contact page and get in touch.

We have various packages available, however we can do special one off deals depending on your needs. Speak to us today to see what we can do for you

Testimonials Are They Worth It?

We have it on very good authority that client testimonials increase your visitor’s trust. Whose authority I hear you say? Yoast, one of the most renowned Search Engine Optimisation (SEO) businesses. Yoast consults to some of the biggest brands on the planet, including Facebook, eBay, and the Guardian.

Why do Testimonials work?:

It is proof that someone else has used or tested the product and it worked well enough for them to say so.
Testimonials not only say how good your product is but how and or why it worked for them.
The benefit of the product is clearer and it is easier for the potential client to decide to purchase it too.

What should you ask clients to write about?:

If you are offering a service they could write about what the issue is that they needed to be addressed and how your service or product accomplished that.
If you are selling a product item (eg clothes) they could write about the quality of the product, delivery time and the ease that they experienced when dealing with you.

Placement of the Testimonial.:

Testimonials are no good if people have to go searching through your site to find them, so display them prominently on your landing pages. The two most common pages that people visit are your “home page’ and the “about us page”.
They should also be placed close to call-to-action buttons – make sure you have them somewhere else on your site and not just on the testimonials page.

Click here for the full story from Yoast about Testimonials.

Email Scams Targeting Websites

CAUTION WEBSITE OWNERS

We are often contacted by clients after they have received emails from random individuals or businesses claiming to have the expertise to improve the website’s “digital performance”, or improve the site’s ranking by providing a “website audit” or wanting to write “posts” and link to the site.

Be very wary when approached in this manner. Before you agree to let someone have access to your site or pay any money to them, thoroughly check their credentials. It is more than likely that they are email scams.

HOW CAN YOU TELL??
If you look at the Signature blocks for all 3 of these examples below they are all very similar.

Michael | Strategy & Technology Manager

AU IT SOLUTIONS
Headquarters: 41 Bridge Rd Glebe, NSW 2037, Australia
Other Offices: Hong Kong & China | USA | New Zealand | UAE | Singapore

PAGE PORT Pty Ltd
Address: Level 13, 460 La Trobe St Melbourne VIC 3000
Global Offices: NZ | China | USA | Singapore | UAE

SMM Pty Ltd
Headquarters: 36 Surry Hills Sydney NSW 2010 Australia
Other Offices: Hong Kong & China | USA | New Zealand | UAE | Singapore

Google their names, visit their websites.
Looking at our examples on the internet, each of these companies have different addresses to what is listed on the Signature block. Also when we looked at “Page Port” there are warnings on the net about this being a SEO Scam from India.

So please before you think about contacting any of these people because they sound good and say they can help you out, check with us. As the end result could be that you spend money and get nothing or get infected with spam etc on your site. No doubt they would ask for money up front or access to your site..