Tag Archives:

web development

Screen Shot 2016-10-21 at 15.51.14

DirtyCow moooo-ving to a server near you

Screen Shot 2016-10-21 at 15.51.14No you read that right. DirtyCow – or copy-on-write for those inclined – is the latest hidden vulnerability to hit unprotected servers and in some cases Linux driven smartphones.

What is DirtyCow?

DirtyCow, or officially called CVE–2016–5195, has actually been in existence for 9 years. It actively allows attackers to target permissions to allow for privilege escalation in the Linux Kernel. Ultimately handing over control to the attacker.

Phil Oester was able to detect this as it was used in an attempt to take over a server that he was running.

Although not as bad as previous exploits (Heartbleed, OpenSSL) security experts do say that if you have a patch available to update it anyway. Even though this is less likely to be exploited, Dirty Cow should still be taken seriously because there is evidence of abuse. Although, as its not your standard update to Linux packages, updating the Kernel does require a server reboot.

Here at Tickbox, and working with our hosting partners Rackspace, we actively seek to make sure our servers remain up to date, to control critical issues that can plague unprotected web servers. Our servers were patched, cleaned and back up and running within a blink of an eye!

If you have concerns about your hosting environment and/or need an agency to aid with any issues like this, please do contact us on 0117 325 0091 or email us support@tickboxmarketing.co.uk - and we will be more than happy to help. We will be able to cater for any needs be it web hosting or Service Level Agreements (SLA’s).

Website Hierarchy of Needs

At the initial web requirements stage of any development, we often find it helpful to slice a website into three different layers in order for the client to understand what they need to be thinking about when planning their website. We need to understand what the core functionality will be, what marketing messages the site needs to reflect and how the website will work as a marketing tool for the client (i.e. how does it fit with their overall marketing strategy). We call this a website hierarchy of needs.


Core functionality and usability

As part of a thorough requirements analysis, we will begin to plot out what the site areas, or sections are. The core functionality (or functional requirements) inform the web design company what user processes the site needs to support from within each section.

Usability and proven web conventions play their part at this stage, because core functionality must always be user-focussed, ie do users need this functionality in order to fulfil their objectives on your site?

Marketing Messages

Your website communicates marketing messages to a targeted audience. What are your key marketing messages, how are you differentiating yourself from your competition for instance? The design, content and information architecture of the site need to support and reinforce your marketing communications.

How you will use your site

The final layer is thinking about how your site will work as a marketing tool for your business. Your site will only work as part of your overall marketing strategy, it is a tool and any tool will only work well if it is used well. So how does your website support your marketing and work as part of your overall marketing strategy?

Does your website support the sales conversation by acting as a referral via search?. Do you point people to your site to reinforce your proposal? Does it reflect your creditability and market position?

Think how you will actually be using your site, how it can function as a tool for your organisation and what you need it be doing to work at its best for you.

The “3 Ps” (Purpose of your website, Profile of your target audience and the Processes your website needs to support) work on every layer and need to be your starting point for any web strategy.

How to recruit and train your website

When we begin the web planning process with our clients, we tell them to think of their website as an employee.

Just as you wouldn’t take on a new member of staff without having a defined role for them, so the website needs to have a “job description” from day one. Unless you define what you want from your website, it’s almost impossible to see if it is doing its job properly.

Just like an employee, your site also needs:

To have a line manager
Someone needs to be responsible for the performance of the site, to support it and ensure it is working as well as it can. Managing the site needs to be a defined role, rather than something given to your marketing or IT support team to do in their spare time. The manager needs to understand exactly what the site needs to be doing and be pro-active in helping it do that.

To be a team player
The site needs to work with people across the whole of your business. Although you will have an individual or team directly responsible for the site, it needs to support and be supported by a whole range of people, whether that is the sales team, personnel, management or the shop floor.

To have a training programme
The site needs to grow into its role and with the business. Ensure that as the needs of the business change, the website grows to meet these needs. This means keeping content up to date, but also reviewing functionality as the online world and/or your business changes – for instance supporting Social Media, or mobile web, adding e-commerce etc.

What do you want the site to do? Set sales targets, or targets for efficiency savings. Perhaps you want it to answer a certain number of questions per month, or generate a certain number of telephone enquiries. Measure and review these targets regularly and if they are not being met, find out why and maybe review the training programme.

A proper recruitment process
Commissioning a website is a major investment for any company – and one that should be treated in the same way, and with the same attention to detail, as taking on a senior member of staff. You need a proper interview process to select the right candidate – establish what the site has to do and ensure that it will be able to do it. What your site needs to be doing – its job description – should be the bedrock on which it is built. Design should always support functionality, never the other way round. Get the interview process wrong, or fail to ask the right questions, and you could have a very expensive time replacing the website you have taken on.

Career development
The most important thing to remember when commissioning a website is that its job only really begins when it is built. You wouldn’t recruit someone and then simply leave them to get on with their job without accountability. Similarly, you need to use analytics, user feedback, targets etc to monitor the work your site is doing. When it meets targets, set it new ones. When it proves it is paying for itself, invest more in it.

A salary
You should set a budget for ongoing support, hosting and maintenance of the site. Be realistic in what you expect to pay. Just as you can get free hosting, you can also recruit a head of department on minimum wage. But in both cases, you’d probably get what you paid for.

Regular appraisals
As well as reviewing stats and targets, get feedback from the website’s “co-workers” – the people in your business who deal with the site directly or indirectly (and that should mean all of them). How easy do they find the site to work with? How is the site helping them? What could it do better? And remember, just like an employee, not everyone will always like or get on with your website – so get a balanced picture before deciding to make any changes.

In summary
Ensuring a website performs at its best needs ongoing investment in terms of time and money, just as employing a member of staff does. When you get it right both pay for themselves many times over. When you get it wrong, it can be a very costly mistake.

By thinking about your website as an employee, you can help ensure that more often than not you get it right.

Why results-driven matters

At Tickbox we define ourselves by the results we deliver for clients. A great example of what we mean by “results-driven” can be seen in our work to create a business-focussed web marketing project for a local authority in the South West.

The local authority in question has just had its Organisation Inspection report for 2009 – the Government’s performance audit for local authorities.

Facing challenging times, the council’s report was heavily critical of performance for the year, giving the lowest possible ratings in almost all areas – Managing Finances, Managing Resources and Governing the Business.

The one area where it received praise was for Managing Performance – and the web marketing project we helped create for them was singled out as an important reason for this.

The report stated: “supporting people and businesses through the recession is one of the Council’s goals and it does well at this. Its new website contains useful local information, promotes business events and shows commercial properties which are available to rent.”

It is gratifying to see our work with the council in helping them support business has been recognised – and the council’s willingness to engage in business support through the web, backed by a coherent strategy, is delivering benefits not just for the council but most importantly for the businesses it supports.

Results-driven means that when we work with a client we establish measurable goals and then drive their web strategy to meet those goals. In this case, we’re delighted to see those results measured, and approved, by rigorous third-party inspection.