Categories
Articles

Defend your business from modern-day cyber attacks with these 3 tips

Unknowingly clicking on an email attachment containing malware has the power to corrupt your entire system and wipe out all of your highly sensitive data.

Now that’s frightening.

Cybercriminals are now finding more ways to steal money, highly sensitive data, and interrupt your business operations. That is why it’s crucial for you to protect your business and your customers from these types of threats.

Allow us to share with you three tips that you can use to defend your business from modern-day cyber attacks.

Let’s begin.

1. Perform Security Testing

One of the best defenses against cyber-attacks is to set up a defense mechanism that will detect threats before they even happen. You can do that by identifying vulnerabilities in your system.

Some vulnerabilities might only appear after a cyber-attack simulation or a test run, and this is why security testing is an essential factor in establishing the online security of your business.

For instance, one way of securing your website is by restricting access to specific pages through secure data access by catalog permissions.

Your web hosting and content management systems (CMS) should also be tested for possible security cracks that hackers can slip through.

You can work with third-party cybersecurity services like Bulletproof to help you with vulnerability assessment and penetration testing.

With cybersecurity features like hack simulations and a review of your firewall infrastructure, operating system, and server, this helps you identify system vulnerabilities that you need to fix and determine the level of risk to cyber-attacks.

Keep in mind that as your network changes and grows, so will the new and more sophisticated cyber-attacks. It’s because of this that you need to run vulnerability assessments as part of your first line of defense, and long-term cybersecurity game plan.

Suggested read: Acronis and ZNet Technologies join forces to equip partners with innovative cyber protection solutions

2. Guard Against Zero-Day Attacks

If you think that cybersecurity companies are the only ones fighting off cybercriminals, then think again. Even software developers are hard at work to protect their security solutions from cyber-attacks.

After all, the security and safety of their products can have a significant impact on retaining their customers, and this is why sellers include security patches in their solutions through regular software updates.

Security patches are intended to detect and fix vulnerabilities in your security system in the older software versions.

The first approach you should take should be to update your security software and applications regularly to keep yourself protected.

However, there is a kind of cyber-attack that even regular software updates have difficulty stopping, and that is zero-day attacks.

Zero-day attacks target and exploit security vulnerabilities as soon as they’re detected, not allowing software developers and security companies enough time to respond.

This type of attack is one of the most dangerous threats to your business and your customers.

The challenge, however, is remembering to regularly update your security software and apps as soon as they are available.

A sure-fire way to never miss your updates is to use apps to manage software patches automatically.modern-day cyber attacks

Here are some other tips to help you mitigate exposure to the risks that zero-day attacks pose:

  • Exercise safe browsing habits to minimize the dangers of cyber-attacks such as malware, spyware, virus, ransomware, etc. and protect your personal information.
  • Configure the security settings for your internet browser, security software, and operating system.
  • Always check for security patches and software updates by downloading the most recent versions. Doing so will fix bugs that older software versions might have missed.
  • Avoid downloading or opening files and attachments from unknown sources.

However, there might not be a fail-safe method to stop zero-day attacks, but a way to nullify its impact is by using Security Information and Event Management (SIEM) services.

SIEM services offer 24/7 incident response, real-time monitoring, and lets you see a full picture view of your network by collecting the security log data from host operating systems, many software elements and applications, and security controls.

SIEM can also analyze substantial security log data to detect potential attacks and security threats.

3. Protect from Man-in-the-Middle Attacks

A Man-in-the-Middle (MitM) attack is a term for a kind of cyber-attack wherein cybercriminals intercept the conversation between two parties, usually an application and a user, with the purpose of eavesdropping or impersonating either one of the parties.

This type of attack aims to make the exchange of information between the two parties appear normal and steal highly sensitive details such as credit card numbers and login credentials.

Stolen information from MitM attacks can be used for unauthorized fund transfers, illegal password changes, and identity theft (among other things), which is why common targets are users of ecommerce sites, financial applications or websites where a login is required.

So, the best course of action is to protect your information from being stolen during an MitM attack by using encryption.

Encryption keeps data theft from happening by turning readable data into a code, and a decryption key can only decode this.

Another way to protect your business using encryption is with SSL certificates, and you’ll know a website has one if it shows HTTPS instead of HTTP.modern-day cyber attacks

SSL certificates secure connections and encrypt the information (payment details, passwords, etc.) that are exchanged on your website.

For ecommerce sites, it can also build customers’ trust since savvy users know that transacting with websites that have SSL certificates will keep their personal information safe.

Here are additional tips to keep your business and personal information, devices, and connections protected from MitM attacks:

  • Wi-Fi networks. To keep your Wi-Fi network secure, make strong passwords using as many unique characters as possible for your router and update usernames and passwords, plus all the devices that are connected to the network.
  • Internet Security. MitB attacks are typically executed by releasing malware, so installing internet security solutions is a great way to detect and prevent this kind of threat.
  • Emails. Emails are also common modes of virus and malware delivery. Exercise caution when opening emails that ask you to reset or update your login credentials and avoid clicking on links and downloading attachments.modern-day cyber attacks

To be on the safe side, instead of opening the link within the email, manually type in the site address in the browser.

  • Public Networks. Never connect directly to public or unsecured networks.

Install a VPN or virtual private network to ensure that the connection between your server and browsers is secure.

It’s crucial to understand how man-in-the-middle attacks happen so you can take the necessary steps to prevent them from happening and protect your highly-sensitive information.

What’s Next?

As a business owner, one of your top priorities is to invest in the security of your business assets and customers from various cyber threats.

The tips discussed here are just three out of the many strategies you can equip yourself to bulletproof your business against modern-day cyber-attacks.

If you found this article useful, feel free to share it.

Categories
Newss Web Security

Comodo CA and Korea Information CA expand partnership in Asia

Comodo CA and Korea Information CA (KICA) are expanding their partnership in Asia, to offer digital web security solutions in Vietnam and Indonesia.

KICA is a prominent certification authority in Asia, while Comodo CA is a global leader in digital web security solutions. The partnership will help both the companies to further expand their footprints in the region.

As a part of the partnership, Comodo CA will be able to leverage localized sales and support of KICA in Asia to reach more enterprises and customers and offer web security services.

“KICA has strong relationships throughout Asia and specifically in emerging geographical regions primed for rapid adoption of digital web security solutions,” explained Michael Fowler, President Channels and Partners, Comodo CA.

“Through our partnership, Comodo CA is well positioned to further extend our offerings throughout new regions within Asia and benefit from KICA’s leadership in integrated authentication.”

On the other hand, KICA will now exclusively provide Comodo CA’s TLS/SSL certificates to enterprises in Vietnam, Indonesia and Republic of Korea.

“We have historically had great success with our Comodo CA partnership, enabling us to sell high volumes of digital certificates to organizations of all sizes, across many industries,” said Mr. Sangjun Kim, CEO of KICA.

“The expanded relationship enables KICA to exclusively offer a variety of certificates from the world’s largest and longest-standing CA.”

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are security protocols, used to establish a secure link between a web server and a web browser. Enterprises need TLS/SSL certificates to implement these protocols.

Importance of these certificates have increased all the more for enterprises as Google now marks all the websites without SSL as ‘not secure’. The ‘not secure’ warning tells the website visitors that the website doesn’t encrypt the connection, hence the confidential information submitted on the site is not secure.

Also read: 400 million unique malware samples detected globally in Q2 2018: Comodo Global Threat Report

Last month, Comodo CA acquired website disaster recovery leader CodeGuard to expand its offerings and help enterprises with one-click restore for website issues.

Image source: Comodo

Categories
Cloud News News Web Security

Let’s Encrypt to now issue free Wildcard certificates through ACMEv2 

Let’s Encrypt, the non-profit certificate authority, has announced that wildcard certificates and ACMEv2 will now be supported. With this announcement, Let’s Encrypt takes a step ahead to make HTTPS adoption easier and to make the web a more secure place.

Wildcard certificates work same way as typical SSL certificates, but allow a website to secure multiple sub-domains of the main domain with a single SSL certificate. For example, for a website ‘domain.cxm, a Wildcard SSL certificate can secure ‘blog.domain.cxm, ‘login.domain.cxm, ‘newsroom.domain.cxm, etc.

Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases,” wrote Josh Aas, ISRG Executive Director in Let’s Encrypt blog.

Currently, there are more than 53 million active Let’s Encrypt certificates on the web.

Let’s Encrypt has also launched version 2 of ACME (Automatic Certificate Management Environment) protocol. ACME is a communication protocol used to automate the interactions between a certificate authority and its users’ web servers, making automated deployment of public key infrastructure possible at a very low cost.

The authorization/issuance flow in ACMEv2 is faster than its v1 version. Let’s Encrypt has changed the JWS request authorization in v2, along with ability to rename directory endpoint/resource and URL in challenge resources.

In ACMEv2, the ‘resource’ field of JWS (JSON Web Signature) request bodies has been replaced by a new JWS header. Users will be able to create account and ToS (terms of service) agreement in a single step rather than two. ACMEv2 aims at making the management of certificates easier.

Also read: Cybercriminals using trending topics like Bitcoin and FIFA 2018 for phishing scams: Kaspersky Report

The websites who want to implement Wildcard certificates will need to use ACMEv2. Let’s Encrypt has not stopped ACMEv1 yet, since a lot of subscribers use this protocol.

The requests for Wildcard certificate will need websites to modify the DNS (Domain Name Service) TXT record, to prove domain ownership.

Categories
Cloud News Web Security

Cybercriminals using trending topics like Bitcoin and FIFA 2018 for phishing scams: Kaspersky Report 

The average amount of spam in 2017 decreased to 56.63%, down 1.68% from 2016. However, the amount of phishing increased by 59% in 2017 as compared to 2016. This and other interesting revelations came to the fore in a report by Kaspersky Lab titled- Spam and Phishing in 2017. It found that cybercriminals used hot topics like FIFA 2018 and bitcoin to fool users and steal their money.

“Spammers have shown themselves to be thoughtful actors, instantly monitoring global issues and major events worldwide with one main purpose – to capture and capitalize on their victim’s attention,” wrote Kaspersky.

The cybercriminals sent fraud messages saying that during such-and-such lottery held by a recognized organization, the recipient won the lottery among the million others. Other than money, users were promised free tickets to competitions and events. The details were usually attached in a file using official event and sponsor logos.

Bitcoin was a trending topic in 2017 because of drastic increase in its price value, reaching almost $20,000. Other hot topics in the year remained natural disasters like hurricanes Harvey, earthquake in Mexico, and popular sport events like Olympics and FIFA.

The spammers also used terms like earn-from-home schemes, cryptocurrency services with great opportunities, and demanded some investment to unveil the openings. CryptoLocker, whose creators demanded payment in bitcoin, was found in spam mails less often than in 2016.

Spam emails with malware were also sent to steal passwords from cryptocurrency wallets. According to the report, 40% of spam emails were less than 2 KB in size.

Kaspersky said that its Anti-Phishing system was triggered 246,231,645 times on the computers of Kaspersky Lab users in 2017, an increase of 91,273,748 from an year earlier.

“In 2017 we saw a slight decrease in spam activities, but throughout the year, spammers haven’t missed any reason to steal users’ personal information, keeping their eyes on what’s happening in the world. As sports events such as the upcoming FIFA World Cup and others take place, their activity will only increase,” said Darya Gudkova, spam analyst expert, Kaspersky Lab. “Moreover, in 2018 we expect further development and growth of cryptocurrency-related spam and phishing – with more cryptocurrency diversity besides Bitcoin, which was widely used in the previous year, and with ‘pump and dump’ schemes.”

Most of the spam was generated from USA (13.21%), followed by China (11.25%), Vietnam (9.85%), with India, Germany, Russia, Brazil, France and Italy, among top 10 spam generating countries. While China used spam to market goods internationally, India offered IT services like web design, SEO etc. to spread spam.

Germany (16.25%) was the most targeted country by malicious mails, followed by China, Russia, Japan, UK, Italy, Brazil, Vietnam, France, and UAE. Of all the victims of phishing, 15.9% were the unique users.

The most concerning finding of the report was that scammers used sites with SSL Certificates, which ensure users that the site is safe. However, the truth is cybercriminals use free 90-day certificates from leading certificate authorities like Let’s Encrypt or Comodo. Attackers mostly utilized services that do not monitor user posted content regularly. It was found that phishing content was placed on free hosting sites of famous companies by the attackers as then, they locate themselves on a reputable domain with a good SSL certificate.  

Also read: Lazarus hacking group now attacks crypto currency and global banks

The Punycode encoding technique too was highly used to attack users. It is imperative that a site visitor checks the spelling of domain name, but it has become extremely difficult as with Punycode encoding, phishers mask phishing domains under the domain names of recognized brands. For example, attackers used paypàl.com to fool users in the name of well-known paypal.com. 

For detailed Kaspersky report, visit- https://securelist.com/spam-and-phishing-in-2017/83833/

Images source: Kaspersky Lab

Categories
News

Google’s new HSTS list to tighten up browser security

Google recently announced HTTPS Strict-Transport Security (HSTS) preload list as a measure to improve web browser security.

With this, Google plans to enforce HTTPS for all sites lying within its own TLDs (top-level domains) like .google, .soy and .how.

Google has always tried to ensure security of the web. It is not the first time that it has introduced a measure to secure sites. Earlier in 2010, it announced HTTPS as default for Gmail and then again, in 2014, made HTTPS a standard to boost a website’s rank in Google search and to encourage HTTPS usage. Recently in 2016, it also become the gold sponsor for Let’s Encrypt SSL certificates.

Now, as the wider next step to boost HTTPS adoption, Google has switched to HTTPS strict transport security for many of its TLDs.

Per the HSTS policy, browsers will automatically use HTTPS encrypted connection to sites that support HTTPS. This means, even if the user hits http://gmail.com on the address bar, the browser will switch to HTTPS.

This policy will protect sites from attacks like POODLE that weaken and aim to strip out encryption.

The HSTS list will support all major browsers (Chrome, Internet Explorer, Safari, and Opera). It will include a list of hostnames for which the selected browsers will automatically enforce encrypted HTTPS connection.

The preload list can contain individual, sub-domains and even TLDs that are added through the HSTS website. Google currently operates 45 TLDs.

The provision to add TLDs as a whole under the HSTS list will ensure that all domains under them are secured by default. So, the registrants simply need to choose a secure TLD for their website and configure an SSL certificate. They do not need to worry about adding individual domains or sub-domains to the preload list of HSTS.

Google plans to make these secure TLDs available for registration soon.

Categories
Awards Cloud Editor's Choice Awards Hosting News Technology

DailyHostNews Announces myhosting.com as Winner of May 2013 Editors’ Choice Award

Web hosting news and review site DailyHostNews announces myhosting.com, a Canada based web hosting provider as winner of it’s May 2013 Editors’ Choice Award. Given after a thorough evaluation of myhosting.com’s entire service portfolio on various parameters, including, but not limited to product range, product reliability, product transparency, value for money, post-sales customer support, quality of online resources and refund policies; this Award recognizes myhosting.com’s web services range as extremely feature-rich, affordable, trustworthy and one of the broadest in the industry.

DailyHostNews Announces myhosting.com as Winner of May 2013 Editors’ Choice Awardmyhosting.com offers shared hosting, VPS services, email hosting, domain names, web applications and web designing services. While a detailed analysis of each of these services will follow in this review, what is most striking and mention-worthy is the extensive detail in which features of each service are covered on the website. myhosting.com is probably only provider in the industry that has technical specifications of every single product mentioned prominently on website. Customers can hence be assured that there wouldn’t be any nasty surprises ahead.

VPS services are clearly myhosting.com’s forte. myhosting.com offers VPS services in four plans: Custom VPS, Developer VPS, Business VPS and Reseller VPS; with Custom VPS and Developer VPS available on Hyper-V cloud Windows or Linux, and Business VPS split into Linux with Plesk or Windows SharePoint Services. Reseller VPS gives users an option to choose from Linux with Cpanel (starting from $55.75/mo) or Hyper-V cloud Windows Reseller plans (starting from $45.95/mo.)

myhosting.com’s Web Hosting services are available in three plans: Personal Website, Business Hosting and eCommerce hosting priced at $4.95/mo, $ 9.95/mo and $18.95/mo respectively. All plans come with extras like Basic Email based on Microsoft Exchange, website builder, Google’s anti-spam/anti-virus solutions, $25 – $75 in Bing/Yahoo! Advertising, e-commerce add-ons and one click installers like WordPress, Joomla, Drupal, Magento e-commerce, phpBB etc. Various add-ons like goMobi Mobile Website Builder, SSL certificates, System DSN, HackerWise Reputation Monitoring, HackerWise Health Scanning, Website Restore service etc. are available at an additional price for interested users.

DailyHostNews' Review of Web Hosting Provider myhosting.com

Much like its services, myhosting.com has extensively detailed and informative online support resources . On the company’s help page, customers can access a comprehensive and product-wise segregated knowledge base (arguably the best in industry), starter guides, video guides, server status, account specifications and community forums. myhosting.com provides 24/7 support for all its services via phone, email and live chat.

myhosting.com also scores high on trust and reliability parameter. A very rare sight in the web hosting industry, myhosting.com is remarkably transparent about the fact that it uses three third-party data centers (two in Toronto and one in New York.) All data centers have state-of-the-art infrastructure and top-shelf security systems in place.

Currently offering a 30-day money back guarantee, myhosting.com provides 100% uptime guarantee for hosting services and 99.9% uptime guarantee for its VPS services.

Final Verdict: myhosting.com scores an overall “A+” grade after being judged on a broad range of parameters listed above. A veteran web hosting solutions provider with 16 years of industry experience, myhosting.com has an upper-hand over most of its competitors when it comes to providing well-rounded services with top-notch customer support.

Categories
Hosting Interviews New Products News Technology

“We offer non-binding and free pre-orders for over 700 new gTLDs” – Jochen Kieler, RRPproxy

The domain industry has seen a massive expansion since its inception in 1983. But when it comes to Generic top-level domains arena in particular, it has been pretty much a slow burn affair.

.COM has been a de facto choice of organizations moving online , and any new gTLD launches in the past have failed to marginalize its dominant position. A bubble that never burst, .COM has enjoyed a monopolistic presence with as much as 109,134,165 out of a total of 145,498,970 domains registered under it at the time of writing this.

The picture might change with 1500 soon-to-be-launched new gTLDs gaining traction among registrars, registries and resellers alike. While the impact these gTLDs will have on the domain industry remains to be seen over the coming years, there is another relatively lesser discussed aspect of the market changes that will follow: How will resellers manage such a large number of extensions across multiple registries effectively?

This is where Key-Systems’ world-wide reseller network like RRPproxy comes into the picture. A fully automated and real-time system for the registration and management of domain names along with various other services like SSL certificates, web hosting, vServers etc, RRPproxy lets resellers manage multiple domain portfolios with various extensions through a single interface.

We recently had an opportunity for a quick Q & A with Mr. Jochen Kieler, Chief Business Development Officer, Key-Systems and CEO, KS Internet Solutions at WHD.India 2013 and he had a lot to say on RRPproxy, its Meta Registry Application Layer, new gTLDs and other ventures of Key-systems. Read away!

RRPproxy offers a white-labelled, hierarchical sub reseller system and guarantees full API support for all operations. Furthermore, we offer a user-optimized web interface in English, German, Spanish, French and Chinese. The domain registration services are surrounded by additional resalable services such as hosting, SSL certificates, vServers and WHOIS privacy.

– Mr. Jochen Kieler, CEO, KS Internet Solutions.Jochen Kieler,  Chief Business Development Officer, Key-Systems and CEO, KS Internet Solutions

Q: Let’s begin with a brief introduction of yours and a broad overview of services RRPproxy provides.

A: I was born and raised in Mexico and am fluent in Spanish, English, German and Italian. I have worked for top registrars worldwide and have had experience and expertise of more than thirteen years in the domain and Internet industry. I joined Key-Systems GmbH in Germany in 2010 and am currently Chief Business Development Officer of Key-Systems and CEO at KS Internet Solutions, a fully-owned subsidiary of Key-Systems based in Mexico.

RRPproxy is Key-Systems’ reseller portal for Internet Service Providers, registrars and domainers. As a Metaregistry, RRPproxy enables the unified management of domain portfolios with various extensions through one portal.

We offer fully-automated registration of more than 300 existing gTLD and ccTLD extensions, other TLDs which do not offer automation, and non-binding and free pre-orders for over 700 new gTLDs. Customers may use their own registry accreditations (Registry Account Management) or those of RRPproxy.

RRPproxy guarantees full API support for all operations. Furthermore, we offer a user-optimized web interface in English, German, Spanish, French and Chinese. The domain registration services are surrounded by additional resalable services such as hosting, SSL certificates, vServers and WHOIS privacy.

For the optimized reseller business, RRPproxy offers a white-labelled, hierarchical sub reseller system. In addition, we are constantly adding external plugins such as Parallels, WHMCS and others.

Q: Can you please explain the modus-operandi of RRPproxy’s software kernel Meta Registry Application Layer and how it acts as a one-stop shop for registration and management of domain names for such a wide range of registries?

A: Metaregistry Application Layer is the software kernel responsible for all registry/registrar/reseller transactions. It also performs dispatching to the different registry handlers and unifies all commands to a single set in order to handle all services.

The RRPproxy system is fully compliant to real-time specifications and offers the registration and management of domain names in real-time wherever the respective registry allows. Further, we offer a wide range of standard interfaces like EPP, SOAP, etc.

Q: How can resellers leverage the advantage of Meta Registry Application Layer fully?

A: Metaregistry allows our resellers to offer domain registrations under numerous extensions and many domain-related services with a minimum of financial, technical and operational investment. Even if they want to keep their own registry accreditation, e.g. for reputational reasons, they may rely on the RRPproxy technology by using our Registry Account Management.

RRPproxy Metaregistry offers one API for all TLDs – this also includes, that we will offer registrations under all new gTLDs in all launch phases. The API also supports all operations concerning the other resalable services, such as hosting, SSL certificates, vServers and WHOIS privacy.

The whole technical implementation is handled by Key-Systems domain experts. Furthermore, we have our own data center, which guarantees maximum security and stability of our services.

RRPproxy’s software kernel Meta Registry Application Layer

Q: There is a great buzz in the market right now in the wake of the new gTLDs to be launched soon; which will supposedly change how the domain industry operates forever. New gTLD launches of the past like Biz, Info, Travel, Mobi, etc. failed to marginalize .COM’s dominant position. In your personal opinion, how’re things different this time?

A: The fact, that this time there will be a great amount of new gTLDs launching at the same time, will have a significant impact on the market. We don’t expect that any of the new gTLDs will achieve such a dominant position as .COM, but the wide range of possible domain names & TLD combinations will definitely stimulate the competition and boost domain sales.

We also think, that the markets are saturated with .COM which is why many customers already pass over to other generic TLDs and ccTLDs. The new gTLDs will offer them a much greater variety & more specialized TLDs will gain market share.

Q: How is RRPproxy, as an accredited Trademark Clearinghouse agent, helping businesses and individuals protect their trademark rights during the launch processes of new gTLDs?

A: RRPproxy customers can transmit trademarks for TMCH validation comfortably via API or by using the web interface. RRPproxy’s TMCH service offerings include:

  • The trademark registration with the TMCH.
  • The definition and generation of “labels” (possible domain names without TLD for protection and use in Sunrises.)
  • The management of trademark information stored at TMCH (e.g. switch on/off Sunrise service.)
  • The participation in new gTLD Sunrise phases.
  • Receiving Trademark Claims Notifications via API and email.
  • Defensive registrations (receiving only Trademark Claims Notifications, no use of Sunrise service.)
  • The technical pre-validation (check if labels are correct or not.)

Q: RRPproxy is also offering non-binding and free pre-applications for domain names for about 700 new gTLDs. How has the response been so far? Also, what are some potential advantages, both from an operational and technical perspective, RRPproxy new-gTLD Registrars and Resellers will have when compared to many others in the market out there?

A: The response has been quite satisfying so far, we’ve received pre-orders for new gTLDs in a six-digit range.

There are several advantages, from the operational as well as from the technical perspective.

Operational advantages:

  • Pre-orders stand for a high interest in gaining the respective domains, so they give a good hint to define the business potential of new TLDs for us and for our resellers.
  • By offering pre-orders you show your customers that you are a pioneer in this new business area.
  • On the other hand, pre-orders give all customers the security to avoid missing out the respective new TLD launches, because they will be informed in time and asked to change their non-binding pre-order into a binding pre-application.
  • Furthermore, we, and of course also our resellers, gain an overview of the most popular new TLDs by analyzing the development of the pre-orders, which is helpful to define our future marketing and sales focus in this area.

Technical advantage:

  • For all new gTLDs, customers only need to implement one interface for all launch phases (Sunrise, Landrush, Go Live)

Q: Can you please throw some light on HOMER, RRPproxy’s resalable web hosting product?

A: RRPproxy offers immediate access to favourable and easy to book hosting packages with the resalable web hosting HOMER. The name HOMER stands for Hosting Management Environment Repository.

The operation of a hosting platform requires high investment in infrastructure, maintenance and development of the relevant systems. HOMER reduces these costs to a minimum. It provides a highly scalable, flexible and approved system and enables you to order and manage static and interactive web space in real-time. It can also be easily integrated into your existing system by using our APIs. Some other features are:

  • Master FTP access / master log-in.
  • Reliable servers in a redundant environment
  • Multiple secure locations
  • Individual solutions possible: dedicated hosting on demand.
  • Use of web space for all domains regardless of the registrar.
  • Apache server standards including mod_rewrite + full PHP support.
  • Access to statistics and real-time server log files (Common Logfile Format) including traffic report.
  • Traffic flat: 100% traffic included (assuming fair use), no hidden costs.
  • Qualified support via phone and email.

Q: Are there any other divisions of Key-systems that are of great value and resellers should know about?

  • SKYWAY DataCenterSKYWAY
    The SKYWAY DataCenter, a fully-owned subsidiary of Key-Systems, offers professional colocation, vCloud hosting, root/managed server and hosting services. The TIER III data center is located near the Key-Systems headquarters in St. Ingbert, Germany. The data center also offers backup solutions, which can be interesting for our resellers, too.
  • KSregistry
    With the new gTLD program many registrars also entered the registry business. Our KSregistry subsidiary provides backend services for the successful operation of a registry. Furthermore, KSregistry recently became the .gd registry provider and will be engaged to further develop the TLD in the future.

Q: A little crystal ball gazing 🙂 How do you see the future of domain industry? And which new gTLD, in your personal opinion, has the most potential?

A: With regards to the number of pre-orders from our customer base, we can see that .web, .shop, .berlin, .hamburg, .koeln, .site, .hotel, .store, etc. will have a very good chance to be under the top new gTLDs.

We also believe that geographical & community TLDs in general have a good potential for becoming successful because most of them have a well-defined target group with a high interest in domain registrations.

Q: To wrap up, what’s in the bag for Q3 & Q4 of 2013?

A: To mention a few, the launch and marketing of the first new gTLDs will be a central topic for RRPproxy. We’re also relaunching RRPproxy website and introducing further external plugins as well.

There’ll be an extension of the ccTLD offerings and of course, Key-Systems’ 15th Anniversary 🙂

Categories
Articles Marketing News Social Media Social Media Technology Web Security

Exposing SnapDeal.com: India’s largest Online Shopping platform is unsafe and vulnerable to theft

Indian e-commerce is growing at an incredibly frantic pace. There are tons of new e-commerce sites mushrooming in variety of verticals spanning electronics, books, gift items, vitamin supplements, foreign importers etc.

Unfortunately the awareness among Indian customers and e-commerce site owners regarding the risks of online scam, phishing and what not remains concerningly low.

SSL Security is one basic step that every e-commerce site must take at the very minimum. Doing so will at least ensure that transactions between an e-commerce site and its customers remain private. This is critically important in India, especially because a large portion of the population there uses shared internet (i.e. cyber cafes).

It has come to our attention that a very famous site known as SnapDeal.com which is essentially India’s Amazon, has not been using SSL properly at all. Just imagine one of the largest shopping sites in the entire country with over 1.2 billion customers transferring confidential details such as address, email, phone number, credit card, and online banking details in just plain text! To say that we were shocked would be a vast understatement. Just take a look at the screenshots to follow as proof :

Why is SnapDeal.com non-trusted with their security?

  • They don’t have “HTTPS” or a “SSL Certificate” installed on their website.

SnapDeal does not have HTTP” or a SSL Certificate installed on their website.

  • They use a text to gain trust of security, “100% secure shopping guarantee”. A website simply cannot be secured without any “HTTPS” or “SSL certificate” security installed, anything else is an indication of an online scam or fraud.

Online shopping Platform SnapDeal is not secure.

  • Even visitors know they should only enter credit card information on a secure page, something that can easily be identified by the LOCK Symbol located with the frame, status or address bar of a trusted browser. Just by gathering user credit card information on their unsecure payment processing pages, SnapDeal.com is putting their users’ private information at extreme risk. How could they say they are secure and don’t store credit card details without using ““HTTPS” or “SSL Certificate” security?

Credit Card information is not safe on SnapDeal.com

Finally, we confirm without a single doubt that Snapdeal.com, one of India’s largest e-commerce platforms, simply doesn’t care about user safety on the web. They have been displaying a logo of Trust Pay everywhere on their website, however, Trust Pay is not a Security Authority. It’s actually what is known as a Financial Conduct Authority which only deals with payment processing and has no responsibility whatsoever for web page security.

As you can see this is one giant disaster waiting to happen. Just imagine what could happen if a fraudulent site called “SnopDeal.com” pops up, perfectly imitating the website design and all their products in order to lure customers into a huge phishing SCAM!

How they can secure their business and users information with SSL Certificate security?

Conclusion:

In today’s world where sensitive information so routinely traverses what is known as the internet superhighway, SSL Certificates have become an increasingly crucial part of e-commerce. It is for that very reason that one should never hesitate to make the online business experience a much safer and secure one for users on the web with an SSL certificate.

Update: This write-up has been edited following SnapDeal’s official response, which goes as:

We totally understand the concern that a customer would have in making a purchase online. As we promise, we ensure secure shopping for all our customers. No financial data is gathered without a secure layer transaction. The iframe that gathers financial data is completely secure and is posted through a HTTPS url as you can notice in the screenshot here: http://bit.ly/Secureshopping

Also, please note that Trustpay has always been a promise to protect customers with 100% moneyback guarantee if there is an issue with product quality, size or delivery.

Once again, we would like to highlight that 100% secure shopping is being ensured through secure payment gateways implementing SSL for all financial transactions. Hope this clarifies your concern and we would be glad to answer any further queries you might have.

Update 2: Mr. Jim Armstrong, Founder and CEO, RapidSSLonline responds:

Snapdeal: Certainly, if you gather data through HTTPS iframe within a page served over HTTP, then it will not assure users that they are dealing with secure page. The following iframe can be hijacked or altered in a simple attack such as an iframe injection. And the following attacks can be implementing through a virus, a Trojan, visiting a malicious websites.

here is the conversions report from http://security.stackexchange.com/questions/894/are-there-security-issues-with-embedding-an-https-iframe-on-an-http-page

Disclaimer: The views expressed, and any inferences drawn herein are those of the author alone, and do not necessarily represent the policies, positions, strategies or opinions of DailyHostNews.

Categories
Articles Domain Technology Web Security

Understanding Types of SSL Certificates, Their Validation Process and Points to Consider Before Buying Them

When someone purchases anything over the internet and pays through online banking or via other payment options like PayPal, 2checkout, etc., his/her personal information is transmitted, which if not encrypted, is at particularly high risk. The SSL (Secure Sockets Layer) protocol secures the transmission of information between a domain name and the visitors. This means that the account information entered by an individual while shopping online should safely arrive on the server of the shop owner without any third party gaining unauthorized access to it.

Also, many of you would’ve noticed a sudden increase in the number of online attacks happening over the web recently. There are numerous types of attacks like phishing, spamming, eavesdropping etc. than can jeopardize your website, causing an irreversible damage to your online reputation. SSL Certificates not only provide a security shield against such attacks, but also help create an aura of trust and a sense of security in your customers’ mind that you’re a credible organization validated by a proper certification authority and that it’s safe for them to share their data with you. The video below will help you get a detailed idea of how an SSL certificate works, and will likely solve most of your queries:

However, a blind trust in SSL Certificates can be dangerous. A website that displays an SSL certificate should be reliable and recognized by an authorized certificate authority.

Self-Signed SSL does not provide complete protection
There are many self-signed SSL encrypted websites out there that aren’t safe for secure transmission of your sensitive data. A Self-Signed Certificate is less trustworthy because it is signed by an individual and not by a trusted authority.

  • Such certificates have nothing to do with the identity of the person or organization that actually performed the signing procedure.
  • Self-Signed certificates aren’t trusted by other applications/operating systems. This may lead to authentications errors when a visitor lands on a website.
  • They use low hash and cipher technologies. Due to this, the security level implemented by self-signed certificates may not satisfy the current Security Policy etc.
Self Signed Certificate disadvantage
A likely occurrence if you use a Self-Signed Certificate

So, when you buy an SSL certificate for your e-commerce business, always pay attention to two main points:

  • SSL certificates provider – When you decide to purchase SSL certificate for your ecommerce business, you should check the review of certificate provider and examine which company is serious about the security of your data. Also, check some other criteria like whether the IT processes with in the company are ISO 27001 certified or not.
  • Choose right product – Always remember, expensive ? quality. There are various types of SSL certificates available in the competitive market, and not every one of them is right for you. So evaluate your business requirements properly and then so come to a decision as to which certificate can fulfill them best . There are many SSL wizards out there that can help you with this.

Once you’ve bought an SSL Certificate from a reputed organization, take care of two things:

  • When your certificate is going to expire, your SSL provider will send you a notice for its renewal. You should not be careless about such warnings. Visitors tend to move away from websites having expired security certificates. While renewing your certificate your email address or web address should be the same as you had while applying for the SSL certificate. A continuous ignoring of such warnings can have a negative impact on your business in long time.
  • Buying an SSL certificate is not enough. You must take proper steps to ensure proper implementation of the SSL protocol on your website. Have a look the common errors people do while installing SSL Certificates on their website.

Differences in certificates validation:

There are different processes for examining the authenticity of a website owner’s identity; some authorities do verification via telephone, while some examine the documents of an organization. Without checking or examining the identity, a certificate cannot be issued. Different types are SSL certificates have different validation processes:

Different types of SSL Certificate validation
Different types of SSL Certificate validation
  • Domain validation certificates: For domain validation, the certification body only checks whether the applicant is the owner of the domain. A message is sent to the administrative e-mail address of a domain, and it must be acknowledged to confirm ownership. The risk of deception for these certificates are relatively high.
  • Organization Validation certificates: In these cases, additional corporate data, like name and full address of the organization etc. are thoroughly checked.

Wrapping Things Up
As I had mentioned in one of my previous articles, SSL is a powerful tool for protecting not only your user’s data, but also their confidence in you. It’s the first thing a user will look for when deciding whether or not to trust a site, but it doesn’t cover all the security issues. It’s just one aspect of a greater effort. SSL protects data during one specific period of time, but that time isn’t the only window of opportunity that an attacker has to strike. Proper installation must be done to ensure that when you employ SSL you don’t render it redundant by neglecting to examine your systems for weaknesses in other key areas. It should never be assumed that a system is secure. A system should be proven to be secure by pro-actively seeking out weaknesses and eliminating them.

Categories
Articles Domain Legal News Web Security Web Security Website Development

What is a Multi Domain EV SSL Certificate?

Maintaining a  high level of online trust and security in compliance with industry-wide security regulations can be a daunting task for organizations  as it requires timely updates to the IT security infrastructure which are sometimes very expensive. To keep a sense of trust and security intact in the minds of website visitors and at the same time keeping expenditure within manageable limits is thus a very herculian task. This is where a  Multi Domain EV SSL security certificate comes in.

 Multi Domain EV SSL security certificateis a ‘best of both worlds’ product in a way that it provides stringent and tough authentication at par with  industry standard EV SSL (Extended Validation) certificate, and has the ability to package multiple domains , thereby effectively cutting down the costs for the buyer. For example, a single EV SSL MDC can secure- domainA.com, domainB.com, secure.domainA.com, login.domainB.com and anydomainunderthesky.any-tld. The most important thing to note here is that a EV Multi Domain SSL certificate covering all these five domains will cost significantly lesser than the cost for five separate security certificates for the same five domains.

A  Multi Domain EV SSL certificate also saves a lot of time as even though it requires each domain to  go through the domain authentication process separately, the identity of the website owner has to be authenticated only once. This makes it the perfect security solution for small and medium scale business  looking to secure their online transactions.

How do I choose the best  Multi Domain EV SSL certificate for me?
Like every other security solution, the selection of a  Multi Domain EV SSL certificate best suitable for you also depends on a number of factors, such as  price, the number of domains needed initially and flexibility in adding new ones during the time period covered by the certificate. For example, you plan to secure only 5 domains now under the Multiple Domain EV SSL, but anticipate a healthy growth of your business in future and hope to secure 10 domains in an year or so, then you must go for a provider who is flexible in adding new domains under a single certificate and has sales representatives/support available for live chat 24*7. You must also do a proper research on the provider and look for online reviews of their products online.

A detailed article to choose the best SSL provider is here, but these are  some vital features one must surely check while buying a Multi Domain EV SSL security certificate:

  • Security Level: Complete Business or Organization Validation.
  • Encryption Level: The Toughest 256 Bit SSL Encryption.
  • Serve License: Unlimited Server Licenses. (Without Any Extra Charges)
  • Issuance Speed: Within 1 to 10 working days.
  • Compatibility: 99.99% the latest web browsers and mobile device compatibility.
  • Assortment: SAN / Multi-Domain / UCC option obtainable.
  • Additional Plus: Order www.domain.com & additional plus secure.domain.com.

The multiple domain packages offered by SSL security certificate authorities differ considerably. For Example, GeoTrust offers five additional multiple domains with its starting package and provides an option to  add additional domains in increments of five, up to a total of 25. This is completely different from Comodo, while offers only three additional multiple domains with its starting package but gives an option to  add up to 100 total domains, one at a time. Every Multi Domain EV SSL certificate package thus has it’s own pluses and minuses depending on their price, difficulty of installation etc., the key lies in choosing one which best suits your needs.

Page 1 of 2
1 2