Archive for the ‘Security’ Category

Celebrating 10 Years

Filed under: E-Commerce,Email,Hosting,Performance,Security,This & That,Web Development — Art Zemon on November 1, 2011

Ten years ago, on November 1, 2001, Hen’s Teeth Network was born. The past decade has seen tremendous technological change and let me work with truly amazing people and companies. Take a trip down memory lane with me.

When I started Hen’s Teeth Network, I never imagined the broad range of clients with whom I would work. Fascinating clients: from jewelry to medical marijuana, from children’s books to adult products, from swaddling blankets to grief counseling, from wedding invitations to anger management, from spiritual to religious to political and back again, from stylin’ shoes to hiking trails to bicycling, from podcasts to public libraries, from airplanes to trains to cars, from women’s fashion to medical uniforms, from art galleries to theatrical stages, from rubber stamps to air conditioners, from coffee to lobster to health supplements, from fishing tackle to board games, from financial forecasting to transportation planning, from dating help to parenting help, from home schooling to college course materials, from natural birth classes to Halloween costumes, from one-person start-ups to multi-national corporations to governments. It never ceases to amaze me how complex and interesting every business is, when you take the time to look at it carefully and understand how one business person is differentiating him or herself from his or her competition.

Among HTN’s clients, computers and the web are tools, simply a means to an end. Our mission, from the very beginning, has been: We help our clients improve their businesses by turning the internet and the web into useful tools.

2001

Launching a business less than two months after 9/11 might not be considered stellar timing but it was the right thing at that point in my life. I offered my time way below a living wage but it is better to earn something than nothing and, in those days, full fare work was darned hard to come by. Our web hosting was done on machines in my basement and reliability depended on my constant, personal availability. (more…)

June 2011 – Privacy

Filed under: Newsletters,Security — Candy Zemon on June 10, 2011

[HTN News] Privacy

What Do We Do About It?

Protecting Your Privacy

It used to be that we felt a certain level of protective anonymity as we went about our daily lives – particularly if we lived or worked in urban areas. As the internet has changed the way we communicate, work, learn, play and shop, it has also changed how we think about (and value) privacy.

If you do any internet business, either as a consumer or as a provider, privacy is a code word for security of personal information. We expect our personal details – particularly our passwords and financial data – to be kept secure, not shared, not leaked, not lost, not abused and not stolen. In a world where we can’t really know who has access to details about us and our lives, we are nervous. Identity theft does happen. Credit cards do get compromised. And personal account details, including date of birth and home address, do get breached.

It’s not all about credit cards, either. There have been debates about school badges or emplyee badges that can track the wearer’s location. Is it an invasion of personal privacy for others to know explicitly where you go in a building and for how long? Is it an invasion of privacy for your boss to monitor your computer activities?

We all know that telephone records are detailed and personal. We also know they can be accessed by the authorities in investigations. Similarly, the records of when and where toll passes for cars are seen are also collected and available to the authorities. We accept this because, unless there is cause for the authorities to see those records, we assume they are unseen and private.

There are really two levels of concern under the heading of privacy. One is about how secure the collected personal information is – who can use it, who can see it, how securely is it kept? The other is about how the collected information is used. Some of the furor over Facebook privacy rules centers in how Facebook chooses to use the data about a person and his/her actions and friends’ actions to shape what he/she sees.

There is a fine balance at work here. Much personal convenience comes from increased corporate knowledge of our habits and preferences. Think of all the ways the world is made more accessible and relevant to you online. From Google Suggests search fill-ins to Amazon suggestions of related items, to Netflix predictions of what movies you may like, to weather maps for our current location, our use of the internet is shaped to a surprising extent by what the browsers, search engines, and corporations already know about us personally. That makes it easier for us to find what we want when we want it.

And it also lessens the likelihood that we will change our habits. We are less likely to see opposing points of view, different types of stories or alternative products. We are kept in the comfort zone of what we normally like to see and do and use.

When the decisions about what results we see from a search, what news stories are posted on our Facebook page, or what entertainment is presented to us are driven by non-altruistic corporate design, then we may well wonder whether the convenience is always worth the cost. Amazon is interested in selling us something. Google is interested in knowing more about us so it can use that information for advertising. They are not alone. We have long lived in an advertising-driven world. It is no different on the internet than in the more traditional advertising media.

So what, if anything, can we do?

When someone wants information from you, you might want to find out how that information will be used before providing it. Companies will tell you why they collect information if you ask.
When someone asks a question, think before answering it. Do they need that information? Can you do what you need to do without providing it?
You might invent a “public use” birthday, much like the Queen of England has. As long as you are not being untruthful about your age, most sites don’t need to know the actual month and day.
You should use strong passwords (not readily guessed, short, or in the dictionary). Yes, they are harder to remember.
You might use different passwords for each site requiring a password. Yes, it is hard to keep track. However, one stolen password will only open that site’s account instead of everything you use. Try a tool like LastPass to manage your password library.
You should change your passwords often. Find some trigger that makes sense for you and really change your passwords.
Don’t share your passwords. If you must share a password, change it before sharing and change it again when the need for sharing ends. Be sure it is not a password you use for anything else.
When communicating in email or on Facebook or in other social internet venues, be aware that what you say is available to others, often for long periods of time, often out of context. Before hitting that “send” or “publish” button, imagine your words as a newspaper headline.
Be cautious about detailing travel plans before a trip. Not everyone reading that you will be away from home wishes you well. Wouldn’t it be as much fun to share the news after your return?
If you are on the provider side of the equation, you also need to think about what information you ask for, why you are asking, and how you will use and safeguard that information. Be able to explain when asked. Be sure your employees know, too.

Customer Site News

Ice Cream Party is a new HTN e-commerce customer whose product is everyone’s summer favorite. We are working with this site to enhance and improve its custom interface. There are several phases yet in the works, but we wanted to share the yummy site now. Doesn’t an ice cream party sound like great fun?

Wholesale Boutique had HTN build them an iPad app for taking PDG Commerce orders on the trade show floor. The point is to let floor personnel take orders easily and on pages that look good to customers peering over their shoulders. We customized product and category pages specifically for this iPad format.

AC-Quest had HTN build a mobile app for their PTAC conversion tool (mentioned in a previous newsletter). Though final details are still being polished, it is available in the Android market. Search for AC-Quest.

Other News

Browser Version Support

Google recently annouced that, as of August 1, 2011, it will no longer support the following browser versions: IE7, Firefox 3.5, and Safari 3. HTN follows the general consensus of “current” browsers in its testing. We will also stop routinely testing these three versions. We suggest that folks consider putting a browser version courtesy message on their sites so that folks visiting with older unsupported browsers are alerted to the fact that the site is not optimized for their version and giving them a pointer on where to get updates.

New Profits Plus Adopt-A-Cart Module

The latest Profits Plus module gives your staff the ability to help a customer in real time in the customer’s own cart with their checkout process. If you offer this feature, you would have a message in the cart display to the effect that a customer can call for help if they want. It posts a “cart number” to give to your staff (who answer the phone). Using this number, the staff can work on the customer’s cart while the customer is still working with it, too. When your staff finishes helping the customer, the customer can complete the purchase, save the cart, or abandon it entirely if they like. You can see this feature at work at StageSpot‘s site, as well as at our Profits Plus demo store. The Adopt-A-Cart module is available for a one-time fee of $100. It requires the Base 2 module.

HTN Affiliate Program

HTN is pleased to announce the HTN Affiliate Program. This is an opportunity for our customers to earn some cash – and help other folks enjoy great HTN Cloud Hosting services and products. There is no cost to sign up. There is no minimum required. The only requirement is that you yourself be an HTN customer.

Payments to you continue for as long as the referred account is with HTN. It is not a one-time or limited-time situation.

Who might be interested in this? If you are a web developer with customers who need hosting referrals, you are a natural candidate. If you are a corporate body with related subsidiary companies who have hosting needs, you might refer those subsidiaries to HTN hosting. If you simply have lots of business acquaintances who have websites, you might mention HTN services at appropriate times. Do your friends a favor (and earn cash while you’re at it) by signing up as an HTN affiliate.

April 2011 – Security Technology

Filed under: Newsletters,Security,This & That — Candy Zemon on April 28, 2011

Security – When Technology Isn’t Enough

Protecting Yourself from Theft

It’s about as newsworthy to note that the sky is blue as it is to say that spam and phishing attempts plague everyone who has an email account. These are the technologically enhanced offspring of the nuisances that plagued the pre-online world – confidence men, flimflam artists, social engineering and outright theft. Both then and now, the goal of those shady actions is to obtain valuable information (personal or corporate) and money.

No threat exists for long without folks inventing ways to combat it. Firewalls, spam filters, Faraday cages and captcha forms are some of the technological tools arrayed in defense of our email boxes, our businesses and our privacy. They are modern replacements for employee training, locked desks, personal assistants and local in-person banking.

These technological devices ward off a large proportion of the unwanted attempts, but some individual messages will get through. At some point you, the human, will need to weigh the risks of your action and decide whether or not you want to open that email, follow that link, send funds to that organization, or answer that question. Take the time to be aware of the situation and to think for a moment – particularly if something seems unusual about the message arriving from that source. If you ask yourself why did they send me this, pay attention and think before acting.
(more…)

Don’t Talk to Strangers, 21st Century Version

Filed under: Community News,Security — Art Zemon on April 14, 2011

Be careful! If you shop or spend money and you use email, you probably received several messages in the last couple of weeks advising you that your email address and name may have been obtained by unauthorized persons. The notes further advised you to be careful to protect your credit card and social security numbers, that no legitimate email message will ask you for this information. Over 100 companies sent such notices, including Walgreens, Target, US Bank, Sears, Red Roof Inn, Ritz Carlton, and Citigroup. Those notices downplay the risk, which is not surprising since they were sent by the companies which (indirectly) leaked your information.

When you were growing up, your mother taught you not to talk to strangers. Even more so today, when heaven only knows what bad guy may have your name and email address, be sure that you are really talking to the company or person that you think you are talking to. Here is a dangerous “spear phishing” scenario, one which a criminal might use to gain access to your credit card or bank accounts: You might receive an email message, ostensibly from a company which you trust, asking you to log into their web site to read an important message or to update an innocuous piece of information. Perhaps the request is simply that you log in to verify that your email address is still correct, very low key, very innocent. For your convenience, of course, the message would contain a link that you can click to get to the web site. You click the link, arrive at a web site which looks legitimate (but is in fact criminal), and enter your username and password to log in. You have just been “spear phished” into revealing your username and password to a crook. Since many people use the same usernames and passwords on multiple web sites, the crook can try your same username and password on a credit card web site and, in many cases, successfully log in and gain access to your credit card.

You can defend yourself from such attacks by remembering your mother’s advice against talking to strangers.

When you see a link to a web site in an email message, be wary because you do not know who sent the message. It is very easy to forge the sender of an email message. Just because the message says that it is from Aunt Jane does not mean that it actually is from Aunt Jane. Read the text of the message and use your intelligence and judgement. For instance, if Aunt Jane always signs her email “Love, Jainy” then check to assure that the message you are reading ends with “Love, Jainy.”
Instead of clicking on the link, open your web browser (Internet Explorer, Firefox, Safari, etc.) and type the URL into the address bar. For instance, if you want to visit the web site of the local Community News newspaper, type www.mycnews.com into the address bar. Doing so will assure that you get to the web site that you intend to visit.
Once you arrive at the site, check that the address bar displays a padlock symbol, indicating that the site is “SSL secured.” You can click on the padlock to learn the identity of the web site owner. Check that it is the right company. (Not all sites use SSL security but most businesses use it to protect your privacy.)
Use a different password on every web site. Do not use you Facebook password for your on-line banking account. Do not use the same password for your gift registry at Target and your Walgreens prescription refills. This will assure that, even if you are successfully spear phished into revealing one password, the damage will be limited.

I use LastPass to keep track of all my passwords, and I have a lot of them. LassPass plugs into your web browser and costs nothing. It automatically recognizes each web site that you visit and fills in the right password. Best of all, LastPass magically gets your passwords to all of the places where you need them: your work computer, your home computer(s), your Android phone, your iPad, etc.

Mom was right: don’t talk to strangers. Our internet connected 21st century has made it all the more challenging to truly differentiate friends from strangers. Peter Steiner got it exactly right way back in 1993 when he penned, “On the internet, nobody knows you’re a dog.”

On the internet, nobody knows you're a dog

Registering Your Domain in China or Asia

Filed under: E-Commerce,Hosting,Security — Art Zemon on March 15, 2011

One of our clients received a note which began like this. (I have replaced his actual domain name with “yourcompany”.)

We are a Network Service Company which is the domain name registration center in Anhui, China. On March, 12th, 2011, We received HUNDI Company’s application that they are registering the name “yourcompany” as their Internet Trademark and “yourcompany.cn”, “yourcompany.com.cn”, “yourcompany.asia”domain names etc. It is China and ASIA domain names…

Our client asked, “Is this a scam?”

Unlike a lot of the spam that shows up in our inboxes, this one is rooted in enough legitimate business that it deserves a longer answer than “delete the message.”

Yes, this is a scam.

And… many companies choose to protect their brand name by registering not only the .com domain name (yourcompany.com) but also .net, .org. .us, .info, .mobi, etc etc etc. International companies may choose to purchase country top level domains (cTLD) such as .uk (United Kingdom), .ca (Canada), .cn (China), etc etc etc. If you wanted to market in China then you might find it useful to own yourcompany.com.cn or yourcompany.asia. Similarly, if you had a competitor in China, you might want to procure that domain just to “stake your ground” and avoid any cases of mistaken identity.

Should you decide to register a .cn or a .asia domain name, I encourage you to do it via your normal decision making processes and register the domain name(s) with a reputable company operating in your own country, not with the folks who send messages like the one quoted above.

Security Flaw in Apache Web Server

Filed under: Security — Art Zemon on March 9, 2010

An IT firm has found a serious security flaw in the Apache web server’s mod_isapi module. This flaw could allow a remote attacker to gain complete control of a database. All users of Apache 2.2.14 on Microsoft Windows servers should upgrade to version 2.2.15.

If you are hosting with Hen’s Teeth Network, your site is not affected by this issue.

Hacked Websites & Best Practices for Enhanced Security

Filed under: Desktop Technology,Security — Art Zemon on July 2, 2009

Several of our clients had the unfortunate “opportunity” this week to clean up the mess after their web sites were hacked. An “iframe” had been inserted into several pages which caused people viewing these web sites to also – invisibly – download malicious JavaScript programming from servers in places such as China and Russia. I have listened as people vented fury at the cost, inconvenience, and sense of violation almost akin to a physical assault. I share those feelings, believe me!

The rest of this posting gives a bit of background on the hack and some “best practices” for keeping your web site safe from attacks including this one. (more…)