OpenSSL Security Bug

OpenSSL exploit and vulnerability has recently been discovered.  It is highly recommended that servers running the vulnerable version of OpenSSL (1.0.1 and 1.0.2beta) are upgraded immediately.


https://www.openssl.org/news/secadv_20140407.txt

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

Introduction to SSL / Secure Certificate

lock greenIntroduction to SSL / Secure Certificate

SSL stands for Secure Sockets Layer, and is a set of cryptographic protocols commonly used for  encrypting the data being sent between a server and a user visiting a website.  While most websites don’t require this advanced security, it is essential for others.  The following introduction to SLL and Secure Certificates will help determine whether or not you require this type of security, and show how you can obtain it.

What is Required

In order to use SSL, you will need to acquire a SSL Certificate (AKA a Secure Certificate) and have it installed on your server.  If you are an Interserver client, our technical staff can help with this installation.  In addition, you’ll need a dedicated IP address.  Finally, visitors to your website will need to use a modern web browser that supports SSL.  Virtually all browsers today do support it, including Google Chrome, Firefox, Safari and Internet Explorer.

What is it Used For?

This technology is most often used for websites that want the ability to accept credit card payments directly on the website.  All credit card companies require any site directly accepting these payments to have this type of advanced security *Note that you can have third party processors like PayPal on your site without the use of SSL.  SSL is also a requirement for a website to become PCI compliant, which is important for some specific types of companies.

The other reason some website owners want to use SSL is because they have confidential information stored on their website, which should only be accessed by authorized users.  The SSL can help protect usernames and passwords from being compromised, so the data on the website is much safer.

Types of Security Certificates

When looking into adding SSL to your website, you’ll have several different options to choose from.  Each type of security certificate is designed for different types of businesses.  If you need assistance choosing the right certificate for you, don’t hesitate to reach out to our technical support team.  The following are the different options to consider:

  • Shared Certificates – These certificates are not registered to a single domain or company name, and are shared between many sites, typically based on the hosting company.  The advantage is that you don’t have to pay to get the certificate yourself, as you’re just part of a group that is sharing it.  The disadvantage is these certificates often trigger browser security pages, and you normally can’t access the SSL technology from your main domain name.  This is a good option if you want the added security just for yourself, but not the general public users of your page.
  • Domain Validated Certificate – This type of certificate is registered to your specific domain name.  This is commonly used for accepting credit card payments and validating usernames and passwords.  This provides excellent security for any individual website.
  • Company Validated Certificate – This option is similar to the domain validated certificate, except it is tied to the company rather than just the domain.  This can provide some added benefits, but does require additional documentation concerning the company applying for the certificate.
  • Extended Validation Certificates – These certificates actually provide added checks and validations to combat fraud.  This higher level of security is required for certain businesses that have financial transactions or host highly sensitive data.
  • Wildcard Certificates – This option provides the security certificate for a main domain name, plus all subdomains that have the same second level domain name.  If, for example, you run a lot of ‘how to’ sites with domains such as, ‘auto.howto.com’ ‘home.howto.com’ and so on, this would be the best option if you need SSL.

Getting a Security Certificate

If you decide that your site or company requires a security certificate, the first thing you’ll want to do is reach out to our support team and open a ticket.  Explain that you would like to get a security certificate installed on your server.  Our technical support team will work with you to ensure your hosting package meets all the requirements, and if it doesn’t, we’ll help you get everything setup the way it needs to be.  In many cases, our technical teams can also help you through the process of obtaining a security certificate as well.

Keep in mind; this is an advanced security technology that is not required for most general websites.  If you’re not sure whether or not you need one, don’t hesitate to ask.  We can discuss your specific situation and help you make the right decision about SSL.

 

 

Cloud Computing: Predictions for 2014

Future of cloud computingIn the previous year, the cloud industry hit a major milestone. As clearly indicated by the substantial surge in users and slew of cloud service providers and vendors now available, cloud computing went from being a buzzword to a highly feasible infrastructure widely implemented by large enterprises and small business alike. 2013 also revealed how susceptible cloud users are in terms of security. This year, the cloud industry is definitely going to aim to change that.

What will 2014 hold for the cloud computing? Here are a few predictions:

Greater Emphasis on Data Privacy

The famous NSA scandal in the U.S. coupled with new data-privacy regulations in the EU has turned data protection into a hot button issue. Reportedly, there are countless companies out there that have amplified their drives into new cloud-based services in the wake of the data security scandal. While some see it as a reason to be infuriated, others see it as an opportunity.

Service Providers Finally Seem to Wake Up to the Huge Demand for Cloud

It has been revealed by a survey carried by IBA that the strategic importance of cloud computing to decision makers, like CMOs, CEOs, HR, procurement and Finance executives, is poised to increase from 34% to 72% – leaping over their IT competitors at 58%. Since the public cloud spending is expected to augment over time, more service providers are going to understand the need to enter the market quickly.  Demand for cloud computing is likely to accelerate this year since enterprises and other small businesses have started to move production workload to the cloud. Therefore, cloud-service-providers have to create offerings that distinguish against Google and AWS to become attractive to the customers.

More Mobile Usage

The mobile era seems to have arrived, and the cloud is most definitely playing a very significant role in its progression. It does not end with tablets and smartphones. Cloud computing is going to extend to wearable technology and serve as an important platform that aids social and mobile interactions.

More Emphasis on Customer Retention

Since cloud computing has started to become more widely adopted with new, innovative solutions offered by a huge number of companies, cloud computing providers will face stiffer competition in 2014. Therefore, a greater emphasis on the retention of end customers will be required.

More Collaboration

Online collaboration is very closely related to mobile cloud computing. Workers, in the recent times, are geographically diverse. Thus, collaborative cloud computing is expected to become increasingly embedded in different business processes.

Cloud computing will continue to grow, prompting countless opportunities for businesses. Who will lead the way? Well, we can’t predict that! Only time will tell.

Interserver Ranks on Entrepreneur.com’s Top 100 .Net Sites

nettop1 nettop2Entrepreneur.com, the website of the very popular Entrepreneur Magazine, has recently teamed up with .net (powered by Verisign) to create a list of the top 100 domains with the .net extension.  We are proud to announce that Interserver.net was ranked #76 out of the millions of .net sites.  The list was made up of all different categories of .net domains including huge gaming sites like battle.net, government run sites like korea.net and many others.

The Methodology

The rankings for this prestigious list were determined by a custom formula created by Entrepreneur.com, which factored in things like total traffic, social influence and community voting.  They began by getting a list of the top-ranked sites from Alexa.com, which ranks virtually all the websites on the Internet based on traffic and other factors.  They then allowed visitors to Entrepreneur.com to nominate their favorite .net sites for consideration.

Once this data was compiled, they factored in the social influence of each site using the Klout.com score.  Finally, they allowed their visitors to rank their favorite 10 sites, and factored that into the total ranking.   Each of the top 100 was given a cumulative score based on all of these factors.  This is one of the most in depth rankings of .net sites ever.

How we Ranked

Interserver took 76th place in this list, which is something we are very proud of.  At the time of the rankings we had 3900 Facebook Likes, a Klout Score of 26 and an Alexa Rank of 20105.  While these are excellent numbers for any web hosting company, they alone could not have competed with some of the more widely visited sites on the Internet.  This means that we must have scored very well with the votes of visitors to the Entrepreneur.com site, which is the most important factor from our point of view.

We work hard to provide exceptional web hosting services to all of our customers, many of whom are entrepreneurs.  Making it on this list is an important recognition of the fact that we provide Entrepreneurs with industry leading services.  We’d like to thank Entrepreneur.com, .net (powered by Verisign) and most of all, all of the people who nominated or voted for Interserver.net for this exciting recognition.

How to make and set a Fav Icon

How to Make and Set Your Own Favicon

Having your own custom Favicon is something most website owners should have.  It is a small bit of customization, but it can help to set your site apart from the competition.  Not only does it look nice, but it shows that you’re taking your site seriously, and can even help your website appear more professional.

What is a Favicon?

In case you’ve never heard the term before, a Favicon is the small icon that is displayed in the browser tabs, as well as in the favorites and bookmarks of your browser.  The Favicon for InterServer looks like this:

fav1

Favicons are always 16×16 pixels in size, but beyond that, they can look like just about anything you want.  Most companies use their logo, or a portion of their logo, to create the Favicon.  It can be difficult, however, to have anything that is too complex, because of the limited number of pixels you have to work with.  With some trial and error, however, you can have a beautiful Favicon created and added to your site quickly and easily.

Creating a Favicon Image

The first thing you need to do is to create the image you want to use as the Favicon.  You can start with any image, or logo that you have, and simply shrink it and format it into the proper size.  There are many free tools online that will automatically shrink any image down to the proper size, but we recommend the Favicon Generator, sound at http://favicongenerator.com.  It is 100% free, and works very well.  Follow these simple instructions to have your Favicon made in just minutes:

  1. Choose your image – Find an image that you want to turn into the Favicon.  At this point, it just needs to be perfectly square, but it doesn’t matter how big.
  2. Go to FaviconGenerator.com – Go to FaviconGenerator.com and browse to your saved image.  Once selected, hit Generate Favicon.
    fav2
  3. The site will display an ad, but undernieth it says “No Thanks, just give me my Favicon.”  Click the “Grab Favicon” button.
    fav3
  4. When you click that button, it will pop up with your newly formatted Favicon.  You can see how it will look right on the screen.  If you like it, you can right click the Favicon, and save it to your computer.  If not, just close the window and start this process over.  Repeat until you’ve found one you like.
    fav4
  5. If you right click the image, and select save image, you can choose where to save it.  Just make sure it saves as a .ico file.

Now you’ve got your Favicon created, and saved on your computer, all ready to add to your website.

Adding Your Favicon to Your Website

The way to add your Favicon to your website will vary based on the type of site you have.  The following are the most common options available.  If none of these work, please don’t hesitate to contact the support team for further assistance specific to your site.

Uploading the File to the Root of your Page

The easiest way to update your Favicon is to simply name the file ‘favicon.ico’ and upload it to the root of your page.  This can be done through any FTP program, such as FileZilla, or through most file management tools on your web server.  In almost all cases, the root of your web server will be a folder called “public_html.”
fav5

If there is an existing Favicon.ico file in there, it will ask you if you want to overwrite.  Just tell it that you do. Once the file is dropped in there, it is available to be displayed.  With many types of sites, including WordPress and other popular content management systems, the Favicon will automatically start being displayed.  *You may have to clear your cache for it to display as Favicons are typically cached by browsers*

If you’re not using a content management system, you may have to add in a simple line of code to your website’s html or php file(s).  This is extremely simple.  On the pages where you want the Favicon to display, find the <head> tags, and paste this somewhere within them. “<link rel=”shortcut icon” href=”/favicon.ico” >” Once this is done, clear your cache and see if the Favicon is displayed.

In the vast majority of cases, simply uploading the file to your Public_HTML folder will cause the Favicon to be displayed, so we highly recommend trying that first.