Hacked! Or Not?

April 9, 2015

“I was hacked!”

As people continue to spend more of their time online doing more of their day to day work, I hear people talk about hacking more than ever. But that raises the question: what is “hacking”? And do people use the term correctly?

Depending on who you ask, hacking can have a couple of definitions. Some attacks can be considered hacking without a doubt, while others… not so much. In this post we’ll give an overview of some of the cases when people or businesses might say they were “hacked”.

Security vulnerabilities

The classic form of hacking often has to do with security problems in software or operating systems. By exploiting these flaws cybercriminals can access data that isn’t intended to be public. This is why it’s important to keep your software up to date! These kinds of attacks are often called “cracking” by the technology community to distinguish them from other forms of hacking.

Viruses, worms, and Trojan horses

Instead of formatting your computer or displaying messages on your screen, today’s malicious software often sits invisibly in the background, using your computer to carry out attacks. A computer might be used to send out spam, cause a denial of service attack (see below), or other crime. Good anti-virus and computer security software helps defend your computer against these kinds of attacks.

Phishing

Phishing happens when a criminal tries to trick you into sending your personal information – whether it’s a login to a site, your credit card information, or something else – to a criminal. This can happen if you click on a link in a forged email, on a bad website, or sometimes even on social media. Always be sure to check the validity of a site before you enter your login or other personal information on it, and never send your personal information to anyone unless you know they’re authorized to request it. We’ve covered phishing a number of times before on the blog.

Unauthorized access

Sometimes “hacks” don’t have anything to do with login information or security problems with software; they happen because a person who isn’t supposed to have access to an account finds a way in. This can happen if you leave a device open on a table without a password or if you use a public computer (for example, at a library) and forget to log out of a site like Facebook or your bank. It’s important to make sure employees who are no longer employed from a company don’t have access to the company’s social media or other administrative accounts, too.

Denial of service

A denial of service attack (and its big brother, the distributed denial of service attack, or DDoS) happens when a criminal overloads a site with requests to view pages. This bogs down the server and essentially creates a traffic jam, preventing other people from accessing the site. Typically in these cases no user data is at risk. Read more about DDoS attacks on our blog post, “Why a Site Doesn’t Load“.

Saying something stupid

Of course, saying an account was hacked can be a convenient excuse as a cover for saying something stupid. “I would never say something like that,” someone may say. “It must have been an old employee with the password, or someone hacked our site!” In these cases being cautious with what you say before you post is your best bet.

Building and creating

The unfortunate part about the word “hacking” is that it is so often associated with criminal acts. In fact hacking is a much broader field than just trying to steal personal information; it’s a desire to make something work in an unconventional way. If you’d like to learn more about the benefits of positive hacking, including the expanding field of civic hacking, listen to Catherine Bracy’s great TED Talk, “Why good hackers make good citizens“.

When you hear about a site or person being hacked, it’s important to remember that not all “hacking” is the same. It’s important to ask if your user data or other personal information was compromised. And do your part by making sure your software is updated, your passwords are strong, and you’re being cautious about the email and messages you receive!

avatar

Justin is a web and mobile developer at Sephone. He’s interested in user-driven design, social media, and web services. He also enjoys learning and exploring new ways for businesses and people to use the web.

Making the web more secure

January 27, 2017

We talk a lot about security here in our blog, but we can’t stress it enough.  Online security is such a huge talking point now as more and more things that we use on a daily basis are connected to the internet.  For sometime now Google, and other browser providers, have been making a push to make the web a more secure place.  Well, here comes a big change to that effect.

Coming this month (January 2017), with the release of Google Chrome 56, any website that has a password field or collects credit card information, and is not protected with an Secure Socket Layer (SSL) already, will be flagged by Google as insecure. 

read more

avatar

Brady is the voice on the other end of the phone line when you call Sephone. He graduated from the New England School of Communications in 2009 and assists Sephone in building and maintaining our sites.

Why Choose Google?

October 23, 2014

Over the past few years we have been slowly making the transition to Google’s business class services, Google Apps for Work, here at Sephone.  We have become a Google Apps Authorized Reseller, and work with our clients to help provide them with Google’s full suite of cloud based services.  These services include things like Gmail, Google Calendar, Google Drive, and more.  As an authorized reseller we work with Google to provide you with these services. So what does that mean for you?  Well, you get better services backed by Google, and the same awesome customer service you have become accustom to from Sephone.

read more

avatar

Brady is the voice on the other end of the phone line when you call Sephone. He graduated from the New England School of Communications in 2009 and assists Sephone in building and maintaining our sites.

WordPress Plug-Ins: Our Toolbelt (Updated)

April 14, 2017

WordPress is one of those omnipresent forces around the internet – and with so many plug-ins and themes, it’s easy to understand why. According to the CodeInWP blog, there are about 15,886,000 sites running the Content Management System (CMS). If you were to try and visit each of those websites, spending exactly 1 minutes at each, it would take over three decades to finish browsing.

read more

avatar

Gary is a team member at Sephone, helping to design, build and maintain websites. He is also a web design student at the New England School of Communications of Husson University.

Our Go-To WordPress Plugins

March 18, 2016

Over the past couple of weeks we’ve seen a huge spike in the number of attempts to compromise WordPress across a number of sites that we host. WordPress is a great platform, but its popularity makes it a fairly constant target for attacks.

Have no fear: the plugin architecture in WordPress provides an easy way to add extra features to your site – including extra security. Here are a few plugins we’ve been adding to many of the sites we host:

  • Jetpack: Created by the same company that built WordPress, Jetpack contains some really great additions for your site: visitor stats, contact forms, carousels, and more. It also includes some security features like preventing people from trying to force their way into your site.
  • Imsanity: Web sites don’t need all 20 megapixels of those images you take with your nice digital camera. Imsanity easily resizes images to make sure you’re not using too much space on the server.
  • WP Super Cache: For sites with a lot of traffic, caching speeds up the amount of time it takes to load the page and also allows more people to view the site at once.

If you decide to install plugins on your site, be careful and make sure they’re safe and secure before you add them. Plugins can have holes of their own that can be used by people looking to gain access your site or post spam comments on your blog!

Of course, we don’t want you to have to worry about this kind of thing – you’re busy enough running your own business, and you probably don’t have time to stay informed about the latest techniques and exploits for compromising a website. That’s fine! When you host your site with us, we stay on top of patches, updates, and techniques to keep your site safe. After all, we want to make managing your site or app as easy as possible so you can focus on your business!

avatar

Justin is a web and mobile developer at Sephone. He’s interested in user-driven design, social media, and web services. He also enjoys learning and exploring new ways for businesses and people to use the web.

The Internet: 25 Years Later

August 29, 2016

For those that missed it last week, on the 23rd of August, Sir Tim Berners-Lee’s Internet was officially publicly accessible for 25 years. (Keep in mind that this is the birthday of the public Internet, not the technology that makes it possible). Certainly an event worth celebrating – so here are (in no particular orderSephone’s notable moments involving the Internet thus far!

The Dot-Com Bubble

The historic economic bubble, which took place from about 1997 to 2000, saw the quick rise of equity values in various stock markets. Related to the rising popularity and prevalence of the Internet, many business were born and died in this period (especially when the bubble burst). But some persevered, and are still well-known to this day – like Amazon! For more information on this event, check out this video series.

April Fools!

Every year, on April the 1st (better known as April Fools Day to some and Justin Russell’s birthday here @Sephone), the Internet becomes a vast expanse of jokes and pranks. The people behind the curtain do not lack a sense of humor, and each year is prone to relevant gags. Some are funny, but make no impact beyond the date and a good laugh – for instance, Google’s 2016 Mic Drop. Others, like the Tauntaun sleeping bag that was a joke item featured for the day on ThinkGeek, were met with such a response that the ‘joke’ had to become real.

Heartbleed

Sometimes, bad things happen on the Internet. One such bad thing was the discovery of Heartbleed, a bug in server security that allowed for those proficient enough to steal quite a bit of information. Login information, messages, and the like were easily accessible thanks to a vulnerability in OpenSSL. Luckily, this bad thing led to a good thing – the issue was patched in a new OpenSSL release. This, of course, meant a lot of extra work upgrading any exposed platforms, which helps to make it so memorable. Here it is, immortalized in a relevant XKCD comic.

The Death of Internet Explorer 6

A prominent issue that arises with web browsing, design and development in general is the usage of outdated web browsers. This is why cake is baked when a prominent dinosaur of the Internet is finally put to rest. Internet Explorer tends to be a magnet for negative press, and the legacy of old versions of the software still being utilized certainly continues. The issue with this continued use of old software is both one of security, and also ease of access. As the technology that powers the web is developed, the software used to access the web must also be updated. Sadly, Internet Explorer has long held a tendency to update with explicit version numbers. This tends to make the process of upgrading a browser seem unnecessary, even though it definitely is. Luckily, Microsoft stepped in to slay their own beast, ensuring that the less than 1% of remaining users of the platform would move on, and experience the web more safely, and with a greater range of visual possibilities.

GMail and the Age of Better Email

Email has not always been a simple process – nor has it always been as beautiful as modern email clients make it seem. It is because of this that we remember the start of GMail quite fondly. Google helped to make email an accessible tool for all, but not only this – they also standardized the email experience. The layout of settings, as well as the overall appearance of the email client, has a huge impact on how businesses and people use the tool.

Kelly had this story to relate about the early days of email, to further illustrate its growth:

[…] I remember the first time I sent an email (1990-ish) to my boss who was less than impressed by the whole idea – we had a whopping speed of 9600 bps!  I was embracing the idea since we had many customers that worked for the Government, NIH, CDC, etc.  They used email to communicate.  So I sent him an email that said something like = Don’t be an old fogey.  Walked across the building and sat in his office and waited, waited. About 10 minutes later – it arrived.  He said, “See Cotiaux, I told you this whole thing is a fad.”

Honorable Mentions

  • The Launch of Google
  • The First Google Doodle
  • The Launch of Facebook
  • When Ask got rid of Jeeves
  • Saying good-bye to table-based layouts
  • The proliferation of WordPress
  • Archive.org and the WayBack Machine
  • Mobile Internet taking shape

We look forward to another 25 years of growth, frustrations and inevitable usefulness from the Internet. Feel free to share your historic stories in the comments below!

avatar

Gary is a team member at Sephone, helping to design, build and maintain websites. He is also a web design student at the New England School of Communications of Husson University.

Browser Updates

January 14, 2013

Recently there has been news about browser security, notably Java and IE updates.

Java

The U.S. government (Department of Homeland Security) issued a warning late last week asking users to temporarily disable Java on their machines. There was a large flaw discovered in a recent version.

Follow this link to disable Java on your machine and keep it safe from this vulnerability. Once a fix is supplied by Oracle, you should update your Java install, and then you can re-enable Java.

Internet Explorer

The zero-day flaw in IE6, 7, and 8 has surfaced again. Make sure that you install the latest version of Internet Explorer that your operating system supports. If version 8 is the latest version of IE you can install, make sure you apply the Windows Update Microsoft is releasing today and then reboot.

avatar

Alan has been creating websites since CompuServe was huge. Today he still is developing websites using technologies such as CSS3, HTML5, jQuery and CakePHP.

SSLs for everyone

December 22, 2015

We have been talking internally at Sephone a lot lately about SSLs.  For a basic run down of what an SSL is and what it is used for, check out this post that Alan wrote a while back.  So what have we been discussing with regards to SSLs?  Well, as things often do, they are changing, and large players in the online world are trying to make things more secure for everyone.  We at Sephone want to help in this trend, and keep all of our customer’s, and their customer’s information safe and secure when using the websites that we build.  read more

avatar

Brady is the voice on the other end of the phone line when you call Sephone. He graduated from the New England School of Communications in 2009 and assists Sephone in building and maintaining our sites.