Security Archives | Page 2 of 3 | Webnames Blog

Webnames.ca Security Update: Heartbleed SSL Vulnerability

Webnames.ca would like to notify all customers that our servers have not been affected by the Heartbleed SSL vulnerability and that your information, data and privacy remain uncompromised.

The Heartbleed SSL vulnerability is a serious bug that has affected the popular OpenSSL encryption software. The bug has compromised information that under normal circumstances is protected by powerful encryption. The compromised versions are OpenSSL version 1.0.1 to 1.0.1f.

Read more on Webnames.ca Security Update: Heartbleed SSL Vulnerability…

How to Identify an Email Scam

Beware of Email Scams
I was recently added to a mailing list for an organization and I started to get a few emails that I wasn’t used to seeing, email scams.

Most of these scams are what the industry calls a “phishing” email. Phishing emails are emails that you receive that attempt to get your usernames, passwords, credit cards and other personal information by masquerading as a trustworthy organization that you have dealt with or currently use. Phishing emails may contain links to websites infected with viruses or more often, redirect users to sites that look and feel like the real organization. The follow are some steps on how you can identify an email scam and not get tricked by one.

Read more on How to Identify an Email Scam…

9 Tips on Building a Trustworthy Website for your Business

By: Mark Hunter

A few weeks ago, we published a blog on how to determine if a website is a fake, fraud or a scam. The blog was informative, with great content and advice; and we felt that it deserved a follow up post. This follow up post comes from the perspective of a business, rather than the the online shopper.

Read more on 9 Tips on Building a Trustworthy Website for your Business…

Phone call security scam warning

Attention to all Internet users, a new scam is running around, using the Canadian Internet Registration Authority’s (CIRA) name. The targets have been mainly .CA domain holders, but those with other domains should also be aware.

The scam begins with a phone call, allegedly from CIRA. The caller will then ask for your computer’s information and will then guide you through a process that ultimately provides the scammer remote control over your computer and the sensitive information contained within.

If you do receive a phone call like this, please do not respond to the phone call or provide any information to the caller. Please report any incidents of this new scam to the Canadian Anti-fraud Centre.
 
 

Read more on Phone call security scam warning…

Internet Security Tips from Webnames.ca Support Team

The Internet is an integral part of our society, and continues to be a great research tool that can be accessible anywhere around the world. Since the internet is accessible to anyone, it presents potential risks that “hackers” can exploit.

Here are a few internet safety tips directly from our customer support team member, Sean Lavasani about how to keep yourself secure online.

Read more on Internet Security Tips from Webnames.ca Support Team…

Potential Security Threat to WordPress – Update your Password!

The seedy underbelly of the Internet is at it again. This time, their target is WordPress, with the aim of taking control over such websites for the proliferation of spam, the hosting of phishing websites – or both. To facilitate such an attack, a massive and well-connected botnet has been assembled, consisting of some 90,000 compromised computers and websites.  These unwitting participants will have been programmed to attempt access to hundreds of thousands of WordPress installations across the globe (not only at Webnames.ca) through the administrator login and weak login passwords.

While Webnames is taking precautionary measures to limit the impact of the actual login attempts (referred to as brute-force attacks, which when especially voluminous form a distributed denial of service attack (DDoS)), any WordPress installation which utilizes an easily guessed password is now, more than ever, at serious risk of becoming compromised.

Protection from this risk is as simple as utilizing a complex password.

A complex password can come at the cost of some convenience; however the convenience factor pales in comparison to the cost of losing your entire website.

What constitutes a weak password is subjective, however if your current password favors convenience or simplicity, then it should be considered weak. Passwords containing sequential numbers, owner names, usernames, domain names, addresses etc. or one of 500 easily guessed passwords , are all easy fodder for a compromised computer (ala the aforementioned botnet) to systematically guess – it is simply a matter of time.

We strongly encourage all WordPress website owners to update their passwords – either directly or with the assistance of a trusted party. We have provided instructions on our website and are happy to assist customers with this update.

Please contact our Customer Support team at 1 866 221-7878 or support@webnames.ca

Read more on Potential Security Threat to WordPress – Update your Password!…

Canada’s New Anti-Spam Legislation: Regulation Update

Canada’s Anti-Spam Legislation (CASL), also known as Bill C-28, has received a lot of support from consumers, businesses, professionals and legal and consumer groups. However, there was some ambiguity that could cause legal uncertainty when interpreting key terms and the impediment to the ability of businesses to market to their clients.

In order to address these issues, Industry Canada conducted public consultations and as a result received 55 submissions regarding the proposed CASL regulations.  The first consultation period ended on September 7, 2011 and the second phase of consultations are now open.

Consultations were held in the hopes that all recommendations, concerns and issues would be clarified in preparation for Bill C-28’s implementation.

The regulations that were clarified were:
 
a) Family relationships and personal relationships
b) Limited exemptions for certain types of messages
c) Limited exemptions for protecting, upgrading and updating computer networks
d) Third-party referrals
e) Membership definition

Definition of “Family Relationships” and “Personal Relationships”

Family relationship has been clarified to mean individuals that are:
 
a) related by blood or are descended from a common grandparent;
b) married couples;
c) common-law partnerships and;
d) adopted children are counted as family relationships.

Personal relationships on the other hand, are classified as relationships that are between individuals that have had direct and voluntary contact with one another over a specified amount of time. 

Limited exemptions for certain types of messages

The CASL does not apply to individuals that communicate with another individual in the same organization; this includes employees, representatives, franchisees and contractors.

Similarly, messages that are sent between two organizations are exempt from the CASL as long as a prior business relationship has been established. Messages also become exempt if the information contained within have an effect on the performance and duties of the individuals and their organizations. 

Messages sent as a response to requests, inquiries, complaints or other forms of solicitations of a company’s products and/or services.

Messages sent are exempt if it satisfies a legal obligation or provide notice of an existing or pending right, obligation, court order, judgement or tariff.

Limited exemption for protecting, upgrading and updating computer networks

Initially, the CASL stated that all computer software are prohibited from being installed on a computer if consent has not been given. This has now been revised. For the purpose of conducting business, all telecommunications service providers or TSPs are exempt from the CASL provided that software installed is intended for the security of its networks. This also means that TSPs are exempt from acquiring consent when conducting system updates and upgrades to its clients.

Third-party referrals

Electronic messages that are sent as a result of a referral are exempt from the CASL; this is however, limited to the first message sent. There are also certain limitations to referrals. First, there must be a relationship (business, non-business, personal or family) between the referring party and the referred party. Furthermore, the sender of the message can only send more messages, provided that consent was provided. Rules regarding the first message involve clearly identifying the full name of the referring party and an unsubscribe mechanism to prevent further messages.

Membership Definition

A membership simply means being registered in an existing non-business relationship organization. The organization must be a non-profit organization that operates strictly for social welfare, civic improvement, pleasure or recreation or for any other purpose than the generation of profit.

For all stakeholders that would like to offer a response to the consultation, simply follow the instructions here:

“Interested persons may make representations concerning the proposed Regulations within 30 days after the date of publication of this notice. All such representations must cite the Canada Gazette, Part Ⅰ, and the date of publication of this notice, and be addressed to Bruce Wallace, Director, Security and Privacy Policy, Digital Policy Branch, Department of Industry, Jean Edmonds Tower North, 18th Floor, Room 1891D, 300 Slater St., Ottawa, Ontario K1A 0C8 (tel.: 613-949-4759; fax: 613-941-1164; email: Bruce.Wallace@ic.gc.ca).”

Deadline for submitting your comments February 4, 2013.

To learn more about the Electronic Commerce Protection Regulations, go to http://www.gazette.gc.ca/rp-pr/p1/2013/2013-01-05/html/reg1-eng.html

Related articles:

Are you Ready for the New Anti-Spam Legislation?

Canada’s Anti-Spam Legislation – Massive Fines on Companies and Individuals; Your Chance for Public Comment

Canadian Parliament passes Bill C-28, Fighting Internet and Wireless Spam

Read more on Canada’s New Anti-Spam Legislation: Regulation Update…

Are you Ready for the New Anti-Spam Legislation?

Webnames.ca would like to inform everyone that Bill C-28, better known as the anti-spam legislation, will come into effect next year. The new legislation will change how businesses and corporations market to customers. It will become illegal to send commercial electronic messages (CEM) to customers without their expressed consent.

Companies who fail to comply with the changes or violate any of the new provisions face hefty penalties that can go up to $10 million. 

In order to protect the privacy of Canadians, the Canadian
Radio-television and Telecommunications Commission (CRTC) will police
the following:

Read more on Are you Ready for the New Anti-Spam Legislation?…

Canada’s Anti-Spam Legislation – Massive Fines on Companies and Individuals; Your Chance for Public Comment

antispam.pngBill C-28, The Fighting Internet and Wireless Spam Act (FISA) was passed by Canadian Parliament and received Royal Assent December 15, 2010.

As Canada’s first anti-spam legislation, it empowers authorities to aggressively fine spammers (individuals could be fined up to $1 million per violation and companies $10 million per violation). The legislation has major implications on how businesses conduct their communication practices with clients and potential clients.

In my  earlier post in January 2011, Canadian Parliament passes Bill C-28, Fighting Internet and Wireless Spam, I summarized some key issues about whether the Bill would really reduce spam, when businesses need to be in compliance, how will violators be punished and more.

Draft regulations have now been posted for the new anti-spam legislation and both the CRTC and Industry Canada are calling for comments.

The CRTC notice is here http://www.crtc.gc.ca/eng/archive/2011/2011-400.htm with the draft regulations appearing as an appendix.

The Industry Canada notice is here http://www.gazette.gc.ca/rp-pr/p1/2011/2011-07-09/html/reg1-eng.html.

 Deadlines for comments are August 29th and 31st respectively.

All Canadian companies, organizations and individuals need to ensure their electronic communications are compliant with the legislation so do make sure you understand the rules to avoid the massive financial implications.

Read more on Canada’s Anti-Spam Legislation – Massive Fines on Companies and Individuals; Your Chance for Public Comment…

Is Dot TEL the Ultimate Online Identity Protection?

protected.pngMost of us have, at one time or another, dreamed of escaping it all and disappearing to a Caribbean island or a log cabin in the mountains for some peace and tranquility. While this particular dream will elude most of us (and would probably get a little dull after a couple of weeks), those who value their privacy may want to look to the new dot TEL name to provide it.

Read more on Is Dot TEL the Ultimate Online Identity Protection?…

Renewal Invoice, Notice of Trademark Infringement or Domain Slamming & Marketing Ploy?

It can be very difficult to know at times if the domain notices you receive are legitimate or aggressive marketing.  While many legitimate registrars do contact their clients about renewals or other services, many trademark holders and domain name registrants have been receiving confusing and sometimes fraudulent emails and letters from companies in Asia, Europe and/or North America.

Read more on Renewal Invoice, Notice of Trademark Infringement or Domain Slamming & Marketing Ploy?…

The Debate About Cybersquatting and dot-TEL

The Register.co.uk published an article last week about how dot-tel will be unattractive to cybersquatters because it does not host websites, only contact information that will be sent to Internet-enabled devices.

Cyberquatters make money by placing pay-per-click advertisements on web pages that are set up on domain names which visitors assume belong to a legitimate organization. For example, look at the advertisements set up on http://www.costcowholesale.ca/. Seeing the domain name, it’s safe to say a visitor would assume this domain belonged to Costco Wholesale Canada and that an official website for this company could be found at this URL.

Read more on The Debate About Cybersquatting and dot-TEL…

/* Adroll script */