IT news and events that may affect your business.
For anyone using ECWID – the #1 eCommerce tool of choice for new and existing online businesses. There is an exciting new App. It allows the business owner to accept as many currencies as they want – it also allows the customer to select their currency of choice. The rate is automatically set – so you do not have to continuously alter the exchange rates.
Ecwid is used by over 1 MILLION businesses worldwide and is the #1 eCommerce tool of choice for FaceBook. The Ecwid backend lives in the secure Amazon cloud, is super easy to setup and install. You can then put that code on any website anywhere – by Copy and Pasting a few lines of text
See the product below – we have 2 currencies for you to choose (many other currencies are available). To select a currency just click on the product. This is a fantastic app and even better it’s FREE
Basic security practices seemingly failed to have been put in place. Mossack Fonseca set to become yet another MASSIVE example of how a few small mistakes can lead to disaster.
- MF using vulnerable WordPress Plugin – Revolution Slider
- Got access to database holding email login info
- All emails accessed
- Web Server not behind a firewall
- The MF web server on same network as email servers
- Sensitive data was accessible from customer portal
Unless you have been living under a stone for the last week (some may have moved there already…) then you will be aware of the massive data loss incurred by Mossack Fonseca (MF). MF seems to have confirmed that the data loss was down to a hack, rather than an ‘inside job’.
It has since been claimed the hack came from 1 of 2 sources – or possibly both.
WordFence Security have identified that they believe MF were compromised by using a plugin, which had a (known) security flaw and that MF had not patched it to the latest version.
Forbes have reported that MF were apparently allowing their customers to access data via a website which just happened to using a vulnerable version of Drupal. WordFence did some analysis and found the following :-
MF runs a website on WordPress that was running a version of ‘Revolution Slider’ that is vulnerable to attack and will grant a remote attacker a shell on the web server.
MF were running version 2.1.7 – however it is known that the plugin has security issues up to version 3.0.95 . WordFence have identified that MF have now put their site behind a firewall and patched to the latest security fixes for Drupal and WordPress – but this has only happened recently. Hopefully they have amended their network setup and put their email server on a seperate physical server. This story is far from over yet it seems.
What seems to have happened
There was a working exploit published regarding the Revolution Slider plugin here . This means it is open to anyone to view and play with, if they so desired. Because the MF was wide open it would have been very easy to exploit. Once any would be hacker establishes the the weak point they will simply exploit it and log it into a database , grab the data and try and make sense of it all offline. Iy may also be possible that the hackers then discovered they had access to the whole server and as a result access to other vital corporate information – rich pickings indeed.
It seems the attacker had gained access to the MF WordPress site via the widely known Revolution Slider vulnerability. This would have given them access to the WordPress database. WordFence research has shown that MF were running two additional plugins that store login information for their email server in plain text in the database. The attacker would have read this information from the WordPress database and used it to gain access to the email server
The amount of data taken is huge it seems the information will published as and when data trails have been identified. So far it seems it is yet another ‘Hatton Garden’ type data heist that may ruin careers and force resignations of politicians.
WordFence Vulnerable Plugin Video
What you should be doing on your website
- It seems so easy to say but always make sure your are patched to the latest security versions that your website uses.
- If you are running more than just a website make sure it is on a different server and on a different network.
- Obviously use a Firewall.
- Run penetration tests on your network servers and any internet interfaces you use.
WordFence is one if not THE security plugin for WordPress, approx 1,000,000 downloads so far. And should in our opinion be installed as standard on every WordPress website. There are paid versions as well which offer more functionality.
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
Blocking Features, Login Security, Security Scanning, WordPress Firewall, Monitoring Features, Multi-Site Security, Caching Features, IPv6 Compatible, Major Theme and Plugins Supported, Free Learning Center
Pervade Software is very different from any other solution on the market. Their OpView product can match the functionality of all of the major monitoring systems on the market and their OpAudit product can outperform other IT-GRC and auditing systems.
Pervade Software can go head-to-head with any product in this space because there is very little functionality that cannot be configured through the incredibly intuitive user interface. What separates Pervade software from other similar tools is that all of the data, that would normally be handled by separate products, can be combined, correlated and displayed in ways that no other system on the market can achieve.
Seeing as the iPhone 5 has just been released then maybe this is a good time to ask yourself a question. The question is not – should I get an iPhone ? but instead
Can your website be viewed on mobile devices ? – probably not
All Cellweb websites are now built with mobile technology in mind. Whether it’s a Blackberry, iPad, iPhone, tablet PC we make sure that when one of those devices views your website – then the website will be responsive enough to cater for the screen size of your customers new ‘gadget’.
Mobile internet local searches are currently estimated at around 40%. That is a figure that nobody can ignore – unless they are happy with customers going elsewhere.
If you want your website converted so that it’s open to be viewed by everyone – not just PC / MAC users – then contact us to find out more.
What is a Search Engine
What are SERPs – Search Engine Results Pages
What are Keywords and to get the right ones
How they rank your webpage
Why Keyword Research is the building block of ANY website
(get it wrong and everything else is wrong)
You may know what a Search Engine is – but do you know how they work ?
First things first – a Search Engine (Google, Yahoo, BING, Blekko) is an interface that allows you to type something in (keywords) and it then provides you with a list of webpages which it thinks best fit your request (SERPs – Search Engine Result Page)
The Internet, just like space is forever expanding – so you wont be able to keep with all the new websites out there – so a Search Engine will do it for you.
When you type something into a search engine the result it gives you back is known as SERPs – Search Engine Results Page.
The bit that most people dont realise is that SERPs are created from Google’s Index of the Internet.
Every second of every minute of every hour – 7 days a week, Google ‘spiders’ are busy looking for new and updated website content. When they visit your website – they will run various checks against it. They do this, firstly to try and understand what your website is about and what each webpage is about, secondly they will give you a score based on over 200 different checks and then hopefully they add your website to their Index.
If Google has trouble indexing your site or finds issues with it – it will soon give up and move on to your competiton
To help demonstrate this here is a short video from Matt Cutts at Google