News
Archive for the ‘Server/Technical’ Category
Okay, Ann Arbor did not unofficially rename itself to Google, but the news that Google is going to build a fiber optic network for some lucky town(s) as a test run of such a system did lead to some interesting displays of social media’s power. It also showed how Topeka, Kansas is a huge showoff, but that’s another story. Highlights of this effort include:
- Getting close to 1,000 followers on Twitter in roughly a month
- Organizing a “flash mob” (really just an event) via social networks that was attended by 1000s of residents and especially students
- Getting endorsements from the city government, nearby Ypsilanti, DTE, and more.
It used to be that someone stealing your internet for a free connection was all you had to worry about when it came to protecting your computer. Then, stealing data become the popular thing to do. Now, attackers are even able to maliciously modify data. All of a sudden someone using your internet connection for free seems just a little silly compared to someone changing an electronic medication order on a hospital network and killing patients. Just as technology has become more advanced and efficient, so have the people who want to get a hold of that sensitive information.
Typography on the web has been a thorn in the sides of website designers since the very beginning. Currently, a user has to have fonts installed on their system to display them in browsers, which means true web type is generally limited to a few basic fonts (Arial, Verdana, Georgia, etc). A few basic fonts just doesn’t cut it when designing attractive websites, so designers and developers have created a few workarounds.
The most basic is to simply save type like headlines as an image. This ensures it will render properly on any browser, regardless of what fonts users have installed. The problem is that it’s not really type; users can’t highlight it (for copying and pasting), and search engines won’t index it as such. It’s also a bigger file size, although this is less of an issue now that more users are on high-speed connections. In general this is the most common solution, but fundamentally flawed. For various reasons, text on the web should be actual text.
Design, content and functionality are to many, the major components of building and launching a website. But then you notice links aren’t working properly, the contact form isn’t sending to your email address and the main video on the homepage won’t play. Then you figured out the one critical step you missed – testing.
Manual testing of a site can be both daunting and time consuming, but in order for a site to be successful, some kind of testing needs to be done.
What if there was a kind of testing that could automatically check whether your website is functioning properly?
Since its conception about a decade ago, online banking has become a rapidly growing trend among internet users. According to a MSN article, about 43 percent of all people who use the Internet or about 63 million Americans manage some portion of their funds online. But, along with the increased use of people banking online there has also been an increase in hackers trying to obtain sensitive information such as passwords and account numbers through phishing and keystroke logging.
While phishing can be prevented by not clicking on bank related links from emails, it is very difficult to tell if or when your computer was targeted by a keystroke logger virus. A keystroke logger is a tiny virus style software and is one of the biggest dangers when it comes to banking online. This virus will record every keystroke you typed on your keyboard and will send it to a hacker’s server where it will be recorded as a plain text file. For example, when people are doing their online banking they will usually key in:
Bankname.com
Username
Tab key
Password
And enter key
All a hacker will need to do is decipher what is in between the domain name, tab key and enter key. If the hacker finds a match then most likely the online bank account will be stolen. This is because when people are banking online they will key in exactly the above information to login.
Below are some suggestions on how to protect yourself against keystroke logging:
- Save your banking URL in the browser bookmark and launch it from there (recent versions of Internet Explorer and FireFox make it very difficult for the virus to steal any information)
- Click with your mouse instead of the tab key or enter key. Unlike the tiny keystroke logger, it will need a huge amount of software to record your screen clicks with meaningful action.
If you use the above suggestions when banking online, your username and password will be mixed together with your daily typing and the keystroke logger will not be able to single them out.
Recently, the topic of web site security has made its way into news headlines.
At a conference at the end of December, security researchers from the United States and Europe demonstrated how someone could hack into a version of SSL, or Secure Sockets Layer, which is a technology that allows the transmission of private data via the Internet.
With the MD5 version of SSL, the researchers used PlayStation 3 game consoles to appear as a trusted Certificate Authority, or CA. The CA is a licensed company that issues a digital certificate. This certificate enables the encryption of sensitive information and verifies the identity of the certificate owner when it is issued.
After disguising themselves as CA’s, the researchers demonstrated how these fake certificates could give the illusion of legitimacy to a phishing web site designed to steal bank account passwords.
For example, when Media Genesis is hosting a site for an e-commerce client who accepts credit card information we need to work with a CA to ensure that all sensitive information is securely protected.
Since the MD5 version of SSL has proven vulnerable to hackers, many CA’s are now only using SHA-1. Both MD5 and SHA-1 are hashing functions used in cryptographic algorithms. The main difference is that the encryption key-size in MD5 is 128-bits. In SHA-1 it’s 160-bits, which is why SHA-1 is harder to break and a more secure certificate. Media Genesis has done extensive research on different CAs and MD5 versus SHA-1. Media Genesis only uses CA’s that have moved to SHA-1 certificates.
The following CA’s that Media Genesis uses are:
- Verisign
- Netsol
- Thawte
- Comodo
- GoDaddy
For more information email us at inquiry@mediaG.com.
