At the forefront of all websites which use and store customer information will require some form of security. That’s a fact.
From January 1, 2016 the majority of browsers will start removing support for SSL certificates that use an outdated form on encryption: SHA1 (commonly known as “Secure Hash Algorithm”). Furthermore, it seems payment providers are also getting in with the act. SagePay have recently released a statement indicating that their services will only accept SHA2. The younger, better brother, of security – well until the next release comes along!
Why is it necessary?
Due to security concerns (and we know of a few recently!) over computing power, 1024-bit (SHA1) certificates have been coming under scrutiny invoking a move towards a newer and more secure data transmission which uses 2048-bit encryption.
Google Chrome (and similarly FireFox) is deprecating support for SHA-1 before the year is out. So the time to check and upgrade is paramount. All SHA-1 support will be removed by the end of 2016. Your site will continue to be served, but with that unruly error: “Your website is not trusted.”.
Hackers/attackers never sleep therefore system administrators should not either.
What do I need to do?
If you have a website hosted with us, be it shared or on a dedicated machine, rest assured we already have this protection in place. Your SSL renewal will take place as normal and there wont be an additional charge. If your renewal has just passed…don’t sweat it. You’ve already been taken care of.
If you are not a client of ours, not a problem – contact us on 0117 325 0091 or email@example.com to discuss your set up. Although if you do have a current server or hosting provider, your best option would be to contact them to see if you need to upgrade.
No you read that right. DirtyCow – or copy-on-write for those inclined – is the latest hidden vulnerability to hit unprotected servers and in some cases Linux driven smartphones.
What is DirtyCow?
DirtyCow, or officially called CVE–2016–5195, has actually been in existence for 9 years. It actively allows attackers to target permissions to allow for privilege escalation in the Linux Kernel. Ultimately handing over control to the attacker.
Phil Oester was able to detect this as it was used in an attempt to take over a server that he was running.
Although not as bad as previous exploits (Heartbleed, OpenSSL) security experts do say that if you have a patch available to update it anyway. Even though this is less likely to be exploited, Dirty Cow should still be taken seriously because there is evidence of abuse. Although, as its not your standard update to Linux packages, updating the Kernel does require a server reboot.
Here at Tickbox, and working with our hosting partners Rackspace, we actively seek to make sure our servers remain up to date, to control critical issues that can plague unprotected web servers. Our servers were patched, cleaned and back up and running within a blink of an eye!
If you have concerns about your hosting environment and/or need an agency to aid with any issues like this, please do contact us on 0117 325 0091 or email us firstname.lastname@example.org - and we will be more than happy to help. We will be able to cater for any needs be it web hosting or Service Level Agreements (SLA’s).
We’re holding a user testing workshop for a new site we are launching and are looking for people to take part.
The workshops are being held on Thursday 9th April at our offices in Park Street, Bristol, and testing subjects will receive £15 for taking part.
Testers will be asked to work through a series of scenarios using a website while being observed, with a total time of between 30-40 minutes per person.
If you are available between 11:30 and 4:10 on the 9th April and would like to take part in the testing, get in touch with us here or call Claire on 0117 3250091.