CALL-TO-ACTION: SECURE YOUR WEBSITE WITH SSL

Dear client, Google recently made a big update related to security in its popular Chrome web browser. This update works when users input information in a form on a website that is not secured with SSL, the browser will display a warning: NOT SECURED.

This update in Chrome is important for website owners, but it could pass a false sense of security when people surf the web.
Let’s discuss what to look out for and how to make sure you’re protected.

What is SSL?

SSL stands for Secure Sockets Layer. A site with an SSL certificate provides an encrypted link between the website and your browser so that the information you send through the website (such as your credit card or login details) remains private while in transit to the website’s server.

How To Identify A Secured Website

You can identify a site using SSL in a number of ways. Web addresses on secure domains will start with https:// instead of http://.
Your browser will also display a padlock icon indicating that the site is secure. There may also be a site seal or other indicator on the website itself noting it’s an encrypted transaction.

Your Site Needs SSL

The Google Chrome update has been a important call-to-action for website owners to add SSL to their website. Even if your site does not offer e-commerce, Chrome will flag the site as not secure if someone enters text into any web form.

This means all WordPress sites with comment forms will be flagged. Even a site with just a search box can trigger a warning.

Not having an SSL certificate for your website may lead to reduced comments on your blog, fewer people filling out contact forms, and people abandoning your site, fearing it might not be safe overall.

Thankfully, the cost of adding SSL to websites has dropped significantly, putting them in reach of all website owners.
OneNet Servers offers SSL certificates starting at just 3000.00 Naira per year. Click here to order.

If you run a website, don’t delay.  Protect your visitors by adding an SSL certificate to your website. OneNet Servers offers SSLs starting at just 3000.00 Naira per year.

PSA: Severe Vulnerability in All Wi-Fi Devices

This is a public service announcement (PSA) from the #OneNetServers regarding a security issue that has a wide impact.

 

Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability also emerged today, more on that shortly.

 

The Wi-Fi vulnerability is being called “KRACK”, which is short for Key Reinstallation Attacks.

 

I’m going to cover the problem in relatively non-technical terms in this post so that you are able to clearly understand how this affects you and what you can do about it, right now.

 

Once you are done reading this, I strongly recommend you spread the word, because this Wi-Fi weakness can allow attackers to crack WPA2 which was previously thought of as a secure Wi-Fi encryption protocol.

The WPA2 Wi-Fi Vulnerability

 

WPA2 is a protocol that secures all modern protected Wi-Fi networks. According to statistics by Wigle.net, it secures 60% of the world’s Wi-Fi networks.

 

Researchers at KU Leuven, a university in Flanders in Belgium, have discovered a way for an attacker to read sensitive information that is sent over a Wi-Fi network using WPA2.

 

Attackers can use this to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos and more. The attack works against all modern protected Wi-Fi networkIt may also be possible for an attacker to inject malicious information into the Wi-Fi network. This could include ransomware and malware.

 

The vulnerability is in the Wi-Fi standard itself, and not in individual products or their implementations. That means that all products that correctly implement the WPA2 standard are affected.

 

If your device supports Wi-Fi, it is likely affected by this vulnerability.

 

Products that are known to be affected by this at this time include Android, Linux, Apple, Microsoft Windows, Linksys and more. The list of affected vendors is enormous, and vendors including Amazon, Cisco and Netgear are scrambling to release patches to fix this issue.

 

BleepingComputer has compiled a running list of vendors that will be growing over time as more information about patches becomes available.

 

You can find out the technical details on the KRACK attack from the researchers themselves at krackattacks.com. This includes an academic paper and demonstration video which can be found on www.krackattacks.com

 

 

 

What to Do About the WPA2 Vulnerability

 

This affects every device you own that uses Wi-Fi. If your device uses public Wi-Fi, you are at higher risk. The vendors that make your products are working on patches which they will release in the coming days. As they release the patches, you will need to update your devices and hardware.

 

The good news is that this vulnerability does not require you to replace any hardware. It is fixable through a software update.

 

The devices and hardware you will need to update, once patches are released, include the following:

 

Desktop workstations

Laptops/notebooks

Mobile phones

Tablets and e-readers that use Wi-Fi

Home and office routers

Home devices like NEST, Amazon Echo and Google Home

Printers, both home and office, that use Wi-Fi

Any other device that uses Wi-Fi

You should prioritize devices that use public Wi-Fi higher than your other devices. This puts mobile phones and tablets at the top of the list.

 

How to Stay on Top of Updates

 

Your desktop, mobile and tablet devices will prompt you when an important security update is available. Many may update automatically. Most devices also provide an option to manually check for updates. We recommend you do that periodically this week so that you catch any updates as soon as they are released.

 

For routers, printers and other “Internet of things” devices, you may have to sign into the device to manually update the device “firmware.” For routers, you can contact your Internet service provider for help if you are unsure how to update. You may need to consult the manual of other devices or do a Google search to learn if they are affected.

 

Black Monday

 

Another vulnerability known as “ROCA” was also announced today. This vulnerability involves an attack on public key encryption which may weaken the way we authenticate software when installing it. It affects many other systems that rely on public/private key encryption and signing. Fixing this also requires you to update your devices using vendor-released software updates, so keep an eye out for security updates for your devices and workstations that fix any ROCA-related issues.

 

The combination of KRACK and ROCA is why we are referring to today as “Black Monday.” These are both severe vulnerabilities, and they emerged on the same day.

 

It is imperative that we get the word out about these vulnerabilities so that our friends and colleagues can update their devices before they are exploited. Please spread the word.

Did you enjoy this post? Share it.
Content from www.wordfence.com

Save 30% On All Hosting This September

OneNet Servers September 2017 Promo

Did you miss our May discount? Well, we have good news for you. We are starting off September with you on our mind. We are offering a discount of 30% off all shared hosting. Just make use of the coupon code SPMBR30 when placing your order. Click here to get started

Ransomware Now Targeting WordPress Sites

A Quick Introduction to Ransomware

Ransomware is malicious software that an attacker installs on your computer or on your server. They use an exploit to gain access to your system, and then the ransomware executes, usually automatically.

Ransomware encrypts all your files using strong unbreakable encryption. The attackers then ask you to pay them to decrypt your files. Usually payment is via bitcoin. Bitcoin gives the attackers a way to create an anonymous wallet into which the ransom can be paid.

Ransomware has been around for a long time. It originally dates back to 1989 with the “PC Cyborg trojan horse virus” that would extort its victims into sending $189 to a PO Box in Panama to get their files decrypted. The encryption on that virus was easily crackable.

Ransomware today is growing fast. In 2017, 100 new ransomware variants were released into the wild, and there was a 36% year-over-year increase in ransomware attacks worldwide. The average ransomware demand increased 266% to an average of $1077 per victim. [Source: Symantec Threat Report 2017]

This year we have seen ransomware attacks on a scale that would have been hard to imagine several years ago. In May of this year, the WannaCry ransomware attack affected hundreds of thousands of people in over 150 countries. The UK National Health System was affected and had to divert ambulances away from affected hospitals.

In June we saw the Petya (eventually dubbed NotPetya or Netya) ransomware rapidly spreading, starting in Ukraine. A large number of high-profile organizations were affected, including Ukraine’s state power company, the Chernobyl nuclear reactor, Antonov aircraft, shipping company Maersk and food giant Modelez.

Today a large number of affected people and organizations actually pay attackers when they are hit by ransomware, and sometimes their files are successfully decrypted. Security organizations, including the FBI, generally advise customers to not pay attackers because this encourages the spread of this kind of attack. However, many organizations simply do not have the option of not recovering their data – and so they pay, which perpetuates this criminal business model.

Ransomware Now Targets WordPress

Most ransomware targets Windows workstations.  The ransomware is uploaded by an attacker once they have compromised a WordPress website. Read full story here