Post from

Daryl Phillips

All posts by Daryl Phillips

We have moved…

Its business as usual, but from a new home!

Exciting things are happening at Tickbox and we wanted to share the news with you. Our existing client base has fuelled our growth and with Volunteer Makers expanding very quickly we have made the decision to be one step ahead and move into some new, slightly warmer and larger, offices. Snazzy eh!

We’ll still be based in south Bristol but in the comforting offices of the Tobacco Factory.

New officesFeel free to drop by for some freshly brewed coffee or for some lunch in the Tobacco Factory Café. It’s not an excuse to just go to the bar – we promise!

From November 18, 2016 we will no longer be operating from our old address (Baynton Road, Bristol, BS3 2EB).

Now pass me the scissors, lets get unpacked!

Goodbye SHA-1, Hello SHA-2

At the forefront of all websites which use and store customer information will require some form of security. That’s a fact.

From January 1, 2016 the majority of browsers will start removing support for SSL certificates that use an outdated form on encryption: SHA1 (commonly known as “Secure Hash Algorithm”). Furthermore, it seems payment providers are also getting in with the act. SagePay have recently released a statement indicating that their services will only accept SHA2. The younger, better brother, of security – well until the next release comes along!

Why is it necessary?

Due to security concerns (and we know of a few recently!) over computing power, 1024-bit (SHA1) certificates have been coming under scrutiny invoking a move towards a newer and more secure data transmission which uses 2048-bit encryption.

Google Chrome (and similarly FireFox) is deprecating support for SHA-1 before the year is out. So the time to check and upgrade is paramount. All SHA-1 support will be removed by the end of 2016. Your site will continue to be served, but with that unruly error: “Your website is not trusted.”.


Hackers/attackers never sleep therefore system administrators should not either.

What do I need to do?

If you have a website hosted with us, be it shared or on a dedicated machine, rest assured we already have this protection in place. Your SSL renewal will take place as normal and there wont be an additional charge. If your renewal has just passed…don’t sweat it. You’ve already been taken care of.

If you are not a client of ours, not a problem – contact us on 0117 325 0091 or support@tickboxmarketing.co.uk to discuss your set up. Although if you do have a current server or hosting provider, your best option would be to contact them to see if you need to upgrade.

Screen Shot 2016-10-21 at 15.51.14

DirtyCow moooo-ving to a server near you

Screen Shot 2016-10-21 at 15.51.14No you read that right. DirtyCow – or copy-on-write for those inclined – is the latest hidden vulnerability to hit unprotected servers and in some cases Linux driven smartphones.

What is DirtyCow?

DirtyCow, or officially called CVE–2016–5195, has actually been in existence for 9 years. It actively allows attackers to target permissions to allow for privilege escalation in the Linux Kernel. Ultimately handing over control to the attacker.

Phil Oester was able to detect this as it was used in an attempt to take over a server that he was running.

Although not as bad as previous exploits (Heartbleed, OpenSSL) security experts do say that if you have a patch available to update it anyway. Even though this is less likely to be exploited, Dirty Cow should still be taken seriously because there is evidence of abuse. Although, as its not your standard update to Linux packages, updating the Kernel does require a server reboot.

Here at Tickbox, and working with our hosting partners Rackspace, we actively seek to make sure our servers remain up to date, to control critical issues that can plague unprotected web servers. Our servers were patched, cleaned and back up and running within a blink of an eye!

If you have concerns about your hosting environment and/or need an agency to aid with any issues like this, please do contact us on 0117 325 0091 or email us support@tickboxmarketing.co.uk - and we will be more than happy to help. We will be able to cater for any needs be it web hosting or Service Level Agreements (SLA’s).

Recruiting: Various Roles

We’re expanding our development team to support our growing client base and looking for self-motivated and enthusiastic coders to join our ranks.

We have a number of roles for developers to join our team.

Skills required include:
Experience of developing in Drupal and WordPress (or other Content Management Systems)

Not essential, but advantageous:
Knowledge of hosting environments

Absolute requirements are a genuine enthusiasm for coding, a willingness to learn, attention to detail and a strong work ethic, along with evidence of high-quality coding work in a commercial environment.

Please reply with a brief CV, contact details and examples of your work, to jobs@tickboxmarketing.co.uk

Absolutely no agencies please.