Website Security Threats and Solutions

What is website security? Is it really important? Well, if you are a business owner and you have a website or you are responsible for managing or maintaining your company’s websites, then it is definitely important that you know website security threats and solutions.

Not all IT people know everything about securing a website. Just like not all doctors know how to cure every sickness. Believe it or not, when you go to school to study programming, computer engineering, or web development, you’ll find that there’s not much in the curriculum that would tell you how to create secure codes. You are simply taught to create a code that will run a software and later in life, as you experience failures in your newly developed software, you begin to think of a solution. You then create another software or a code to combat the weak link in your existing software.

Website Security Threats and Solutions
In other words, no one is truly secure online until someone finds a 
security tool or creates a new code better than the previous one.

For beginners, learning about web security may look like an intimidating feat because of the technical verbiage and profound coding involved. But once you get an understanding of its importance and why you need to know at least the basics, you’ll love every jargon!

So what are the problems of ignoring website security threats?

  • It can put your business or personal information at risk.
  • It can jeopardize your customers’ computers if you are running an e-commerce website or your readers’ if you are running a blog. This is because viruses and malware follow loopholes in the system. They see one, they get in, then move to the next, and so forth, infecting every computer they get into until someone finally figures out something is wrong and finds a solution for it.

Where do you start?

  1.   Always make sure your website’s software is up to date.
  2.   As much as possible, do not allow uploading of files to your website as this can be a total security risk.
  3.   Use an HTTPS protocol instead of just HTTP (SSL certificates).
  4.   Use web security tools like Trust Guard’s security scanning services to check for holes used by hackers.

 

Jonna LindawanArticle written by Jonna Lindawan
Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.

Online Payment Security Options

Special thanks to a friend for sharing an article about online payment security options from fitsmallbusiness.com. You can read it here.

One of the initial points of the article was discussing the differences in security needed based on whether or not you used a hosted or self-hosted checkout page. The most important reason for this is to know who is responsible for scanning the site for security holes – you or the company hosting the checkout process. Here is a snippet from the article my friend shared with me:

Online payment security starts with a secure checkout. That means the order checkout forms that collect customer data are hosted securely, data is properly encrypted during transmission, and any stored payment information is protected.

There are two types of online checkouts that you can use: A self-hosted checkout or a hosted checkout.

online website securityWhat is a Self-hosted Checkout?

A self-hosted checkout collects and transmits customer payment data on your store’s servers. This puts the security risk on you and makes you responsible for managing secure data connection, transmission, and storage systems Even if you use a top e-commerce platform, you can be responsible for handling security. Not all e-commerce platforms ensure secure checkouts with every payment processor.

What is a Hosted Checkout?

With a hosted checkout, sensitive payment data is entered directly into your secure payment provider’s system via a secure, encrypted connection called SSL (secure sockets layer authentication). Simply put, sensitive data never touches your store’s servers. In some cases your e-commerce platform ensures this, in others, your payment provider makes it happen. Either way, using a hosted checkout takes the bulk of e-commerce security risks off your shoulders.

This is one reason why hosted checkout providers like Square, Paypal, and Stripe are so popular.

How do You Choose?

Wondering why anyone would choose a self-hosted checkout over a secure hosted checkout? That’s a good question. For most small online sellers, a hosted checkout delivers everything needed to process payments in a tidy, secure package. But for others, factors such as checkout customization and lower credit card processing costs can come into play. In these cases, the flexibility that self-hosted checkouts offer can be worth the security headaches.

However, even if your checkout pages are hosted, it’s always a good idea to scan and secure your website from vulnerabilities accessible by hackers. Trust Guard provides trust seals and security scanning to help you protect your site and keep it safe.

Your Dog’s Name is Not a Good Password

Buster and Champ are great names for dogs. But neither of them make a good online password – especially when those are the names of your dogs!

Password Trust GuardOne of the most annoying things you’ll come across on the web is when a website forces you to create a complicated password. You’ve had to do it before—with capitals, and numbers, and special characters. You end up with something like “Beth@ny12”, which looks more like a 12-year-old’s screen name than a password. The worst part? Those passwords aren’t secure. Here’s why.

Dictionary Attacks

Brute force is usually what people think of when hacking comes to mind. That’s when hackers guess every possible combination of every letter and character. It’s a technique that’s used, but only as a last resort. Hackers start, instead, with dictionary attacks. These involve taking a very large and comprehensive list of common passwords, characters, and substitutions, and then using them to guess your password. So, yes, they’re going to guess “password”, or even “p@ssw0rd1”.

The problem, here, is that people pick passwords out of habit. The computers have been forcing us to when they make us turn “Scruffy” into “$CruFfy89”. We use short, familiar words because it’s the only way we can remember those ridiculous passwords. But that only makes them easier to guess for the dictionary attacks. Online bullies know all of the words we pick, and all the substitutions we’re going to use. And heaven forbid we forget our password. Then we just reset it to a password we already use somewhere else…which is another cardinal password sin.

Better Passwords

So how do we protect ourselves? The best option is to add more letters, preferably in the form of a random word (or words), as words are easier to remember than substitutions. If you have the option, instead of “$CruFfy89”, do a few random words, like “correcthorsebatterystaple”. You’ll get way more bang for your security buck that way. There are online password creation and storage companies like LastPass that can create and store unique passwords for you. That way, you only have to remember one password in order to access all of your accounts.

Online security should be a big deal for you! It seems like every other day we hear about another big company that got hacked. So before you give some online business your personal information and unique, non-personal password, make sure the website has a Trust Guard trust seal on it, verifying that it is secure.


Special thanks to writer Stephen Porritt.

Cyber Security Can Get Personal!

In 2013, Brian Krebs taught someone a lesson in cyber security. He had earned the unwanted attention of a man calling himself The Fly, or Flycracker, later revealed to be a 26-year-old career thief named Sergey Vovnenko. Krebs tracked Vovnenko to a forum where he brokered the sale of credit card information. Krebs found out that Vovnenko was going to do his best to damage Krebs’s reputation – maybe even land him in jail.

The plan was to have heroin delivered to Krebs, then to call the police. It didn’t work out that way. Krebs called the police first, notifying them of Sergey’s plan. The heroin came a few days after he gave his statement to law enforcement. Krebs turned it over to the cops and went to work, trying to find Vovenko.

Cyber security can get personal

Vovnenko fits a profile Krebs says applies to many in the world of information crime: young, arrogant and frankly sadistic, with a chip on his shoulder. Investigators are prone to boil down credit card stealing operations and mass identity thefts to simple greed. But often, it’s much more than that. “These guys have such huge egos,” he said. “What are they after? How much is enough? You make $100 grand a month, is that not enough?”

Krebs thinks some hackers just really enjoy messing things up and attacking people or doing it as a power trip.

After Vovnenko failed to frame him, Krebs wrote about the experience in a blog post, which the Guardian republished. He says he thinks the post embarrassed Vovnenko, who then sent Krebs’s wife a funeral flower arrangement. Says Krebs, “He had it delivered to our house with a note to her, just to her, saying, ‘Dear Jennifer, you married the wrong guy, but we’ll always take care of you. Rest in peace, Brian.'” And at that point, Krebs was so mad that he really wanted to know who the jerk was.

It didn’t take Krebs long to find out that Vovnenko, just like the people he stole from, shared passwords between the administrator account on his identity theft forum, and the Gmail address he used to do his dirty work. After a little digging, Krebs learned that Vovnenko didn’t trust his fiancee and had her every keystroke logged and secretly sent to the Gmail account; in those messages was every possible personal detail about Vovnenko’s life.

Here are some of those details: Vovnenko lived in Naples, Italy. He had a son and he married his one-time untrusted fiancee. Vovnenko bought stolen Italian credit card information. He also printed and embossed credit cards on machines he owned himself and cashed out the cards through high-end Italian retailers in the fashionable city.

Krebs decided to get in touch with Vovnenko. Running organized crime was one thing; a Ukrainian running an identity theft ring and printing stolen credit cards in the Camorra’s backyard was another. The Camorra is an Italian Mafia-type crime syndicate, or secret society, located in the region of Campania and its capital Naples.

“I just reached out to him and said, ‘Hey, how’s Italy? How’s your son Max?’” Krebs recalls. “And he said ‘Ahahaha, I wait for FBI.’

“I said: ‘It’s not the FBI you have to worry about.’” Should the Camorra be displeased with Vovnenko, bad thinks were sure to happen.

Vovnenko fell afoul of Italian authorities and spent “a while” in what he called “Naples’ worst prison” in a letter of apology he wrote to Krebs. Krebs thinks Vovnenko was in a 12-step program. Vovnenko told his victim that he “forgave” him for posting a picture and Vovnenko’s address on the website “Krebs on Security” when Vovnenko was arrested.

There are many times that hackers outfool security professionals. Daily security scanning can help. And all it takes is for people like Brian Krebs and Trust Guard to help take down these criminals – even if it is one at a time. The key is to find them before it gets personal.

 


 

Special thanks to The Guardian for supplying much of the information found in this article.

Five Ways to Combat Cyber Crime

Like most theft, cyber crime tends to follow the path of least resistance.  For paid security monitoring for your website, contact Trust Guard. They’ll help you combat cyber crime by scanning your website for more than 75,500 known vulnerabilities used by hackers to really screw things up.

Here are five online hygiene tips anyone can follow, for free, to make life harder for people looking for an easy way to steal your personal or financial information – whether you’re a business owner or not.

Combat Cyber Crime1. Use multifactor authentication. This includes entering a password plus a code or a question that only you know. Google’s authenticator app is a quick download and works easily with many services including Amazon and Gmail. It’s worth checking to see if there’s a multifactor option every time a website asks you to fill out bank account or credit card information.

2. Don’t share passwords across websites. Almost everyone shares at least a couple of passwords. Don’t. There are plenty of inexpensive password manager phone apps that can help you with this, notably the open-source Password Safe and LastPass.com.

3. Refuse to give up information whenever you can. Best Buy doesn’t need your phone number. The more information you part with, the more can be used against you if the retailer is hacked. Ron Swanson from Parks and Rec didn’t have it right all of the time, but staying off the grid as much as possible is always a good idea.

4. Check your bank balance regularly. Thieves often try for a small purchase to see if the card works before they go shopping; in particular, look for easy-to-resell items like gift cards and credits on online marketplaces. When it comes to financial accounts, you also want to change the passwords to those accounts every three months at a minimum.

5. Close down services that you don’t use anymore. Do you still have a Steam account from that one time you bought a PC game all your friends were talking about? Are you sure? Is it linked to a credit card you still use? These are the easiest ways for hackers to steal in bulk, and the one-off purchase you make on impulse is probably the one you’ll unthinkingly reuse your old password on, too. For these types of purchases, it’s a good idea to get a pay-as-you-go debit card that you load from another card with only the amount you need to make the one-off purchase.

Everyone can and should do their small part to keep their personally identifiable information safe and protected. These five tips should help.


Special thanks to The Guardian for supplying much of the information found in this article.

Gambling with Your Website’s Security

Let’s face it. We love gambling. There is a thrill in risk taking that isn’t found anywhere else. The anticipation of possibly guessing right gives us an emotional high. The possibility of failure outweighs the possibility for success. Many entrepreneurs and their investors have made millions on just such gambles while others have lost almost everything.

Some gambles are meaningless, others are life-changing. Gambling $50 to bet that our favorite team will win the Superbowl isn’t a big deal. If they don’t win, we’re often more upset at the loss of the game than we are at the loss of the $50. However, when we win big games like that, even though monetarily we may have only doubled our risk, we feel like millionaires as we celebrate our winnings.

Gambling with Online Website Security

But how many of us, as online business owners, knowingly or unknowingly, risk opening up our websites up to hackers? We gamble that out of the 30,000 websites that are destroyed or debilitated every day, for some reason, hackers will continue to leave us alone – even though we’ve done nothing to keep them out.

There is an online service that monitors for more than 75,500 vulnerabilities used by hackers to make a mess of online businesses. During the monitoring process, if any vulnerabilities are found, the company sends a report to the business owner with instructions on how to fix the issue. Once fixed, the website is safe from unfriendly visitors trying to ruin the lives of business owners and their online visitors.

Trust Guard, the leader in websites security, runs security scans for thousands of websites for owners from all over the world. These business owners don’t gamble when it comes to their website’s security. They understand the risks associated with malware, trojans, and viruses that hackers can leave. They have spent too much and effort to risk losing it all to a hacker. They don’t want to face the economic, legal and/or reputational consequences that would come if their website were hacked.

The truth is, however, that there are still hundreds of thousands of website owners that are still gambling unnecessarily with their website’s security. Are you one of them? If you are, you have two choices: Continue to trust your luck or ask Trust Guard to scan your website on a daily basis against online security threats.

 

 

 

Playing Russian Roulette with Hackers

Business owners who never scan their websites for security vulnerabilities are playing Russian Roulette with hackers.

Russian Roulette is the practice of loading a bullet into one chamber of a revolver, spinning the cylinder and then pulling the trigger while pointing the gun at one’s own head. There is a one in six chance that the bullet will kill you. It’s an activity that is potentially very dangerous.

 

Russian Roulette

 

There are people out there that love to take risks. They go climb cliffs, swim in oceans, and walk into dance clubs leaving very little to the imagination. Hobbies aside, some people take unnecessary risks with their online businesses. More than 30,000 websites of all shapes and sizes fall prey to hackers every single day, holidays included. But for some unexplainable reason, there are those who believe that, although they have done nothing to protect themselves from viruses and malware, getting hacked could never happen to them.

 

Truth is, there are about the same odds in getting hacked as there are in playing Russian Roulette. And the same is true for both games: the longer you play, the ‘better’ the chances of ending the life of your body or business. If you have been in business for more than five years without ever running a security scan, consider yourself a very lucky person.

 

Security scans, like those performed by Trust Guard and their partners, can check for over 75,500 vulnerabilities used by hackers to make a total mess – just like Russian Roulette would make a total mess of your face. More than 85% of all websites they scan fail their first scan – which demonstrates the overall need for additional and consistent scanning.

 

If you haven’t scanned your website, contact Trust Guard and use this 50% off discount code: STO50. They have a money back guarantee. They’ll also give you a trust seal. It’s a little image that you display on your site to show website’s visitors that you’re not a risk-taker when it comes to their online safety. When they see the seal, it gives them peace of mind, so more of them buy from you.

 

So stop taking unnecessary risks. Sign up for security scans from Trust Guard.

Tesla Cars Hacked through Mobile App

‘Tis the season for giving, but Tesla may be offering more than what was originally planned.

If you’re a hacker, and you want a new Tesla car for the holidays, all you have to do is access the company’s smartphone app.

New research shows that Tesla cars can be stolen by hacking the company’s smartphone app.

Tesla Cars Vulnerable
According to SCMagazineUK, Norwegian app security firm Promon has demonstrated through research that cyber-criminals could take control of Tesla vehicles, to the point where they can locate, unlock and drive the car away unhindered. Such a hack, possible by exploiting a lack of security in their smartphone app, gives criminals total control of the vehicle, providing additional functionality to that exposed by Keen Security Labs in a different hack in late September.

This is all done by attacking and taking control of the Tesla app. This underlines the vital importance of app security, and the wider implications this could have for IoT-connected devices in general. (IoT refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other internet-enabled devices and systems.) Most people understand the importance of online website security – and only visiting sites that constantly check for vulnerabilities, but few consider the potential issues with mobile security.

Tom Lysemose Hansen, founder and CTO at Promon, said: “Keen Security Labs’ recent research exploited flaws in the CAN bus systems of Tesla vehicles, enabling them to take control of a limited number of functions of the car. Our test is the first one to use the Tesla app as an entry point, and goes a step further by showing that a compromised app can lead directly to the theft of a car.”

One way for the hack to work is for cyber-criminals to set up a Wi-Fi hotspot close to a public Tesla charging point. When Tesla users log in and visit a page, an advert targeting car owners appears, offering an incentive such as a free meal. When clicking this link and downloading the accompanying app, hackers can gain access to the user’s mobile device, which enables them to attack the Tesla app.

According to Hansen, the ease with which any tech-savvy criminal can steal a Tesla car in this way is indicative of a need for a much greater focus on in-app security across all IoT-connected devices and applications. “Mobile-focused criminals are more skilled than ever before and are using a lack of security in mobile apps as an increasingly lucrative source of revenue. Remotely controlling and stealing Tesla cars is a particularly dangerous example of just what can be done, but in theory, any app without the necessary protection in place could be affected.

“One way to achieve this is by introducing self-defending app software that protects the app from the inside out, greatly reducing the possibility of a cyber-attack. By moving away from having a physical car key to unlock the door, Tesla is basically taking the same step as banks and the payment card industry. Physical tokens are replaced by ‘mobile tokens’. We strongly believe that Tesla and the car industry needs to provide a comparable level of security, which is certainly not the case today.”

Hansen concluded: “Tesla is a shining example of how technological advances are providing unprecedented levels of innovation and user convenience. However, our increasingly app-focused world needs to be urgently secured, to prevent criminals from seizing their opportunity on a large scale.”

 

Special thanks to SCMagazineUK.com for providing much of the content for this article.