Whether you need a simple solution for your website or have more complicated security needs, GeoTrust SSL certificates are a great way to enhance the security of your website.
Webnames.ca would like to notify all customers that our servers have not been affected by the Heartbleed SSL vulnerability and that your information, data and privacy remain uncompromised.
The Heartbleed SSL vulnerability is a serious bug that has affected the popular OpenSSL encryption software. The bug has compromised information that under normal circumstances is protected by powerful encryption. The compromised versions are OpenSSL version 1.0.1 to 1.0.1f.
I was recently added to a mailing list for an organization and I started to get a few emails that I wasn’t used to seeing, email scams.
Most of these scams are what the industry calls a “phishing” email. Phishing emails are emails that you receive that attempt to get your usernames, passwords, credit cards and other personal information by masquerading as a trustworthy organization that you have dealt with or currently use. Phishing emails may contain links to websites infected with viruses or more often, redirect users to sites that look and feel like the real organization. The follow are some steps on how you can identify an email scam and not get tricked by one.
A few weeks ago, we published a blog on how to determine if a website is a fake, fraud or a scam. The blog was informative, with great content and advice; and we felt that it deserved a follow up post. This follow up post comes from the perspective of a business, rather than the the online shopper.
While working at Webnames.ca, I have investigated numerous fake, fraudulent or phishing websites, and they usually have a number of common traits to look for. Here are some easy steps on how to determine if a website is a fake, fraud, or scam:
Attention to all Internet users, a new scam is running around, using the Canadian Internet Registration Authority’s (CIRA) name. The targets have been mainly .CA domain holders, but those with other domains should also be aware.
The scam begins with a phone call, allegedly from CIRA. The caller will then ask for your computer’s information and will then guide you through a process that ultimately provides the scammer remote control over your computer and the sensitive information contained within.
If you do receive a phone call like this, please do not respond to the phone call or provide any information to the caller. Please report any incidents of this new scam to the Canadian Anti-fraud Centre.
PRISM sounds like an acronym from the cold war. I think about Get Smart or Man from UNCLE; secret handshakes and the dome of silence. The difference now is that the top spies are spying on us.
The Internet is an integral part of our society, and continues to be a great research tool that can be accessible anywhere around the world. Since the internet is accessible to anyone, it presents potential risks that “hackers” can exploit.
Here are a few internet safety tips directly from our customer support team member, Sean Lavasani about how to keep yourself secure online.
UPDATE: Security Threat to WordPress
Last week, we informed customers of a security threat to WordPress websites, which is being facilitated by a very large and well connected botnet.
In the past week, we have fared reasonably well against the attack by mitigating the volume of login attempts to customer’s WordPress websites. Unfortunately, a more focused and massive attack was executed this morning, which did partially impact the availability (up-time) of some websites.
After our review of this attack, and weighing the likelihood of future attacks, we are opting to take proactive steps to mitigate the damage from such future attacks, and ensure that customer websites remain up and running.
Effective today, April 25th, we will be inserting an additional login page prior to being able access the traditional WordPress dashboard login page.
The username and password required to proceed will be shown on the page. Adding this extra login is a simple but effective method of preventing the botnet attack from reaching your true WordPress dashboard login page. This additional page will afford you an additional layer of security to your website, and will also prevent the massive number of requests to the dashboard login page which are at the heart of the attack.
The front-end or ‘public’ portion of your website will not be affected by this change.
We are uncertain as to how long this additional measure will need to remain in place; however it is expected to be in place for the medium to long-term.
For assistance, please contact our Support Dept. at 1-866-221-7878 or firstname.lastname@example.org
Webnames.ca Technical Support
The seedy underbelly of the Internet is at it again. This time, their target is WordPress, with the aim of taking control over such websites for the proliferation of spam, the hosting of phishing websites – or both. To facilitate such an attack, a massive and well-connected botnet has been assembled, consisting of some 90,000 compromised computers and websites. These unwitting participants will have been programmed to attempt access to hundreds of thousands of WordPress installations across the globe (not only at Webnames.ca) through the administrator login and weak login passwords.
While Webnames is taking precautionary measures to limit the impact of the actual login attempts (referred to as brute-force attacks, which when especially voluminous form a distributed denial of service attack (DDoS)), any WordPress installation which utilizes an easily guessed password is now, more than ever, at serious risk of becoming compromised.
Protection from this risk is as simple as utilizing a complex password.
A complex password can come at the cost of some convenience; however the convenience factor pales in comparison to the cost of losing your entire website.
What constitutes a weak password is subjective, however if your current password favors convenience or simplicity, then it should be considered weak. Passwords containing sequential numbers, owner names, usernames, domain names, addresses etc. or one of 500 easily guessed passwords , are all easy fodder for a compromised computer (ala the aforementioned botnet) to systematically guess – it is simply a matter of time.
We strongly encourage all WordPress website owners to update their passwords – either directly or with the assistance of a trusted party. We have provided instructions on our website and are happy to assist customers with this update.
Please contact our Customer Support team at 1 866 221-7878 or email@example.com
Canada’s Anti-Spam Legislation (CASL), also known as Bill C-28, has received a lot of support from consumers, businesses, professionals and legal and consumer groups. However, there was some ambiguity that could cause legal uncertainty when interpreting key terms and the impediment to the ability of businesses to market to their clients.
In order to address these issues, Industry Canada conducted public consultations and as a result received 55 submissions regarding the proposed CASL regulations. The first consultation period ended on September 7, 2011 and the second phase of consultations are now open.
Consultations were held in the hopes that all recommendations, concerns and issues would be clarified in preparation for Bill C-28’s implementation.
The regulations that were clarified were:
a) Family relationships and personal relationships
b) Limited exemptions for certain types of messages
c) Limited exemptions for protecting, upgrading and updating computer networks
d) Third-party referrals
e) Membership definition
Definition of “Family Relationships” and “Personal Relationships”
Family relationship has been clarified to mean individuals that are:
a) related by blood or are descended from a common grandparent;
b) married couples;
c) common-law partnerships and;
d) adopted children are counted as family relationships.
Personal relationships on the other hand, are classified as relationships that are between individuals that have had direct and voluntary contact with one another over a specified amount of time.
Limited exemptions for certain types of messages
The CASL does not apply to individuals that communicate with another individual in the same organization; this includes employees, representatives, franchisees and contractors.
Similarly, messages that are sent between two organizations are exempt from the CASL as long as a prior business relationship has been established. Messages also become exempt if the information contained within have an effect on the performance and duties of the individuals and their organizations.
Messages sent as a response to requests, inquiries, complaints or other forms of solicitations of a company’s products and/or services.
Messages sent are exempt if it satisfies a legal obligation or provide notice of an existing or pending right, obligation, court order, judgement or tariff.
Limited exemption for protecting, upgrading and updating computer networks
Initially, the CASL stated that all computer software are prohibited from being installed on a computer if consent has not been given. This has now been revised. For the purpose of conducting business, all telecommunications service providers or TSPs are exempt from the CASL provided that software installed is intended for the security of its networks. This also means that TSPs are exempt from acquiring consent when conducting system updates and upgrades to its clients.
Electronic messages that are sent as a result of a referral are exempt from the CASL; this is however, limited to the first message sent. There are also certain limitations to referrals. First, there must be a relationship (business, non-business, personal or family) between the referring party and the referred party. Furthermore, the sender of the message can only send more messages, provided that consent was provided. Rules regarding the first message involve clearly identifying the full name of the referring party and an unsubscribe mechanism to prevent further messages.
A membership simply means being registered in an existing non-business relationship organization. The organization must be a non-profit organization that operates strictly for social welfare, civic improvement, pleasure or recreation or for any other purpose than the generation of profit.
For all stakeholders that would like to offer a response to the consultation, simply follow the instructions here:
Deadline for submitting your comments February 4, 2013.
To learn more about the Electronic Commerce Protection Regulations, go to http://www.gazette.gc.ca/rp-pr/p1/2013/2013-01-05/html/reg1-eng.html
Webnames.ca would like to inform everyone that Bill C-28, better known as the anti-spam legislation, will come into effect next year. The new legislation will change how businesses and corporations market to customers. It will become illegal to send commercial electronic messages (CEM) to customers without their expressed consent.
Companies who fail to comply with the changes or violate any of the new provisions face hefty penalties that can go up to $10 million.
In order to protect the privacy of Canadians, the Canadian
Radio-television and Telecommunications Commission (CRTC) will police
Bill C-28, The Fighting Internet and Wireless Spam Act (FISA) was passed by Canadian Parliament and received Royal Assent December 15, 2010.
As Canada’s first anti-spam legislation, it empowers authorities to aggressively fine spammers (individuals could be fined up to $1 million per violation and companies $10 million per violation). The legislation has major implications on how businesses conduct their communication practices with clients and potential clients.
In my earlier post in January 2011, Canadian Parliament passes Bill C-28, Fighting Internet and Wireless Spam, I summarized some key issues about whether the Bill would really reduce spam, when businesses need to be in compliance, how will violators be punished and more.
Draft regulations have now been posted for the new anti-spam legislation and both the CRTC and Industry Canada are calling for comments.
The CRTC notice is here http://www.crtc.gc.ca/eng/archive/2011/2011-400.htm with the draft regulations appearing as an appendix.
The Industry Canada notice is here http://www.gazette.gc.ca/rp-pr/p1/2011/2011-07-09/html/reg1-eng.html.
Deadlines for comments are August 29th and 31st respectively.
All Canadian companies, organizations and individuals need to ensure their electronic communications are compliant with the legislation so do make sure you understand the rules to avoid the massive financial implications.
Most of us have, at one time or another, dreamed of escaping it all and disappearing to a Caribbean island or a log cabin in the mountains for some peace and tranquility. While this particular dream will elude most of us (and would probably get a little dull after a couple of weeks), those who value their privacy may want to look to the new dot TEL name to provide it.
It can be very difficult to know at times if the domain notices you receive are legitimate or aggressive marketing. While many legitimate registrars do contact their clients about renewals or other services, many trademark holders and domain name registrants have been receiving confusing and sometimes fraudulent emails and letters from companies in Asia, Europe and/or North America.