Category Archives: Web Security

With great technology comes the need for great security.

Keep Customer Data Safe On Your eCommerce Site

keep your eCommerce data safe

Ways eCommerce store owners can keep their customers’ data safe.

No matter what eCommerce solution you’re using, as a website designer, integrator or e-commerce business, online data security is one of your greatest priorities. Cybercriminals want your customers’ private information, and most consumers don’t take proper steps to protect themselves. For example, a CreditDonkey survey found that more than 68 percent of consumers use the same password for multiple sites.

Continue reading

300,000 Affected by JoomDonation Hacker

I have your data - JoomDonation Hacker

When a hacker holds your small business for ransom, what would you do?

Late last week Tuan Pham Ngoc, developer of JoomDonation, a product of OS Solution, confirmed there was a security incident which ended up affecting over 300,000 Joomla users, most of them associated with JoomDonation.  A hacker broke into an OS Solution e-mail server, stole account information, and distributed a nastygram email to account holders (see the letter below, for context). Continue reading

6 Things Your Business Should Know About NFC and Mobile Payments

Image via Flickr by Joe Ross

NFC or ‘near field communication’ is the latest tech trend aiming to consolidate the consumer experience. The mobile technology uses a connection between two actors: a NFC device and some sort of information receiver or emitter. Despite its perceived simplicity in explanation, businesses often encounter uncertainties when discussing the possibilities for adding NFC infrastructure to their businesses. Here are a few things your business should know about this fast-moving, widespread business trend, particularly its use for mobile payments.

1. NFC Devices Make Mobile Payment Easy

The NFC technology makes paying for goods even more convenient than credit cards. Reaching for a wallet will be a forgotten habit if the technology reaches widespread popularity. All consumers have to do is tap their NFC device against an NFC terminal or signal receiver and the transaction is complete. These automatic connections simplify the consumer experience and aid in the further evolution of monetary exchanges. If NFC isn’t an option, consider one credit card digital wallet to complete all of your purchases and transactions. Safety is always a priority when making mobile payments, so make sure that you’re protecting yourself the right way.

2. Short-Range Communication Is Safer

NFC technology sounds like Bluetooth due to its mobile connection abilities and sharing compatibility; however, NFC sets itself apart from Bluetooth in two keys ways. First, Bluetooth pulls information from devices up to ten meters away. NFC connections need a shorter distance of four to ten centimeters. Second, Bluetooth requires a mediator to help set up the connection between two devices, while the connection is instantaneous (about 1/10th of a second) with NFC. This shorter distance and instant communication prevents unwanted interception of sensitive information that is seemingly flying through the air.

3. NFC Lacks Mainstream Use Due to Competing Development

Unfamiliarity with NFC technology is not unlikely in today’s general population. NFC’s popularity has been severely stunted by banks, credit card companies, and phone carriers competing over NFC development. Google, Apple, and PayPal are all finding ways to develop the widespread, branded NFC technology. Meanwhile, in Japan, businesses have highly integrated NFC systems for mobile payments and consumer recognition.

4. NFC Allows You to Track Consumer Behavior

An indirect and valuable feature of NFC is its ability to track and predict consumer behavior. While savings card and frequent buyer cards already track what customers buy at their businesses, the unique two-way communication ability of the NFC device allows businesses to track, categorize, and instantly turn this personalized information into a marketing strategy unique to the consumer. NFC terminals can relay coupons and directly transmit marketing incentives through a single touch.

5. There Are Security Concerns with NFC

While the short-range of NFC interactions does offer superior protection from unwanted interception compared to longer-distance technologies, especially in crowded areas, there are almost no universal safeguards to protect your information when using NFC.

Consumers must trust banks, credit card providers, and companies like Google, to encrypt their information. Other suggestions for preventing the always possible security breach involve consumer behavior, such as turning off the phones’ NFC capabilities when not in use; however, this may decrease its desirability as the instantaneous trait is particularly pleasing to the mobile world. Consumers should be advised to look into identity theft protection services if they decide to use NFC enabled devices.

6. Many Businesses Will Adopt NFC Infrastructure

NFC developers and technology companies are still wrestling with many of the concerns about the security of NFC; however, technology forecasters are predicting widespread usage within the next six years, akin to that of Japan. Already in 2014, one in every five phones has NFC capabilities. Businesses will benefit from adding the NFC terminals and infrastructure to their businesses, including replacing earlier one-way RFID readers, which limit communication to ‘person to company’ and not vice versa.

The future is bright for NFC and easy, quick mobile transactions. The technology is already moving us towards a more intimate relationship with the businesses, retailers, and marketers who sell the goods consumers know and love. As companies work towards the perfect NFC device, businesses adopt infrastructure that make NFC payments possible, and as consumers learn about the accessibility and ease of use, NFC will infiltrate the mainstream and become a household name in technological development.

Make your website secure using Joomla

There is one and only award winning content management system utilized by millions around the globe, including probably the most regarded organizations and that system is Joomla. It is one of the web’s most prevalent open source CMS and a standout amongst the most utilized open source CMS around the world. Another good feature of Joomla is that it is easy to do SEO for your Joomla website.

joomla-hosting-server

Nobody wants to have their site get hacked. But practically everybody has some motivation to overlook efforts to establish safety. Security is a standout amongst the most imperative issues confronting both web clients and web engineers. It gets considerably more imperative when you’re utilizing a CMS, for example, Joomla. Continue reading

[Infographic] Is Your Website Safe?

If you are a website owner, then you might have faced this question at least once, “Is your website safe?

Though you might have not been directly asked by someone else, you might have at one point asked yourself this question. And you should, for this is a serious matter that you need to take care of.

In a world like this, where even the most secure websites are being challenged by smart and intelligent hackers, you should definitely make sure that you have taken enough measures to make your website secure from a majority of hackers.

To give you a rough idea of how smart these hackers are, let me state an incident which I came across recently. Continue reading

What’s happening behind the scenes on your website – II

In part one of this posting, Tom Canavan, author of CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal..”  gave us a brief introduction to what is contained in an Apache log file and how to read it. Additionally we learned by example how to identify two types of attacks that occur against websites.

In part two of this blog post, you’ll learn how to find the logs, change your retention policy and download current and archived logs, all using the immensely popular web-server control panel, cPanel®.

In addition to this, you’ll learn how by making a couple of minor changes to your log retention policy can make the difference of knowing what happened and being able to take immediate action before an attack can be successful.    

Continue reading

What’s happening behind the scenes on your website – I

Often our daily tasks keep us busy and as long as our business websites are running, we are happy. It is only when our entire website or server is taken down by a hacker, does the back room machinations of our site suddenly have interest.

In this two part blog series, CMS security expert and author Tom Canavan, will present a brief tutorial on how to read and make use of ‘Apache’ access logs.  In the second installment he’ll discuss how we find, download and adjust settings for maximum value using cPANEL® one of the most popular control applications for webservers.

Continue reading

How to Change Website Header in Joomla 3.x

This tutorial or a short guide will give you a know on how to change header in Joomla 3.x. Feel free to use it. Actually there is nothing difficult in changing headers, even if you’re seeing Joomla for the first time you’ll figure things out pretty quickly. Because you know, Joomla is a CMS created by people for people. So don’t listen to those individuals saying that it’s way hard for understanding. Continue reading

15 Advanced Security Tips To Make Your WordPress Site Bulletproof

The main reason because of which WordPress is the favorite target for hackers, is its huge user base. There are no doubts that WordPress is the most famous CMS in the Internet. It is true that many times, WordPress got its security compromised in its early years, but the WordPress Team (that is, Automattic) was prompt enough to fix the loopholes right on time.

WordPress advanced Security Tips

With my 4 years of experience as a blogger and obviously as a WordPress user, I understand the true importance of securing your WordPress blog. In this article, I have tried to put forward 15 highly effective and essential security tips to give you an advance-level of WordPress security.

It’s a perfect blend of some simple, intermediate and some advanced tips to give you an overall advanced-level of security in WordPress. It’s not only for the advanced users, as I have tried my best to make it easily understandable to the amateurs too as WordPress security is everyone’s equal right.

1)   Updating WordPress Right on Time Continue reading

cACL Update 1.3.9 for Joomla! 1.5 Access Control

We’ve released Community ACL 1.3.9. We have added several new additions with the way we handle front-end menus. There is now support for yoo_enterprise. We’ve also turned on preserve-entities in libtidy to not change   into the dreaded ‘?’s. To get the look and feel more consistent in the back-end we’ve removed the sort options for the roles. All the columns now sort alphabetically on the group, role, or function name. The “remove all” button on the functions will now work properly as well.

Bug fix version 1.3.8 corrects an issue where the category drop-downs were being replaced with incorrect information.

1.3.7 of Community ACL fixes an issue that showed up as a result of adding libtidy for front-end joomla menu restrictions.

Bug fix version 1.3.6 addresses an issue where in IE8 will not properly remove all list items by clicking the clear all button.

This will not work in Internet Explorer:
tbody.innerHTML = ”;
It’s a known bug that they (MS) have ignored.

But never fear, replace the innerHTML code with:
while ( tbody.childNodes.length >= 1 ){
tbody.removeChild( tbody.firstChild );
}

We are committed to continuing the improvement of our products. Please feel free to submit support tickets for any issues you are experiencing.

For more information on Community ACL::

Learn more about cACL

Community ACL

Community ACL has some new exciting features and 9 bug fixes in the last few months!
We have added the support for libtidy. This adds the following features:

  • Quickly add code to restrict menus
  • More accurately removes menus
  • Better support for custom Joomla! templates
  • Cleans up improper HTML to help cross browser support
  • Code is specifically created for each template, so after upgrading cACL you will not loose template support.

libtidy is normally enabled in PHP by default. So little is required to use this extension. There is an on/off toggle button on the main config page that will allow you to turn off this feature if you require broken HTML for your template.

libtidy

We would like to hear from you about what new features would help your experience with Community ACL for Joomla!