News Room

News from Wintercorn about Joomla!, WordPress and other tech subjects

Facebook HackedHackers from the online group Lizard Squad have claimed responsibility for taking down social media sites Facebook, Instagram, dating mobile app Tinder, as well as AOL Instant Messenger and Hipchat.
 
Facebook and Instagram were down worldwide for around an hour today after an alleged attack.  Hackers from the online group Lizard Squad have claimed responsibility for the attack, which took the two social media sites down at around 6am GMT.  
 
Both sites, which have a total of 1.5billion users, appeared with error messages in the United States, Europe and Asia for around an hour.  But despite hackers claiming they took the social media giants offline, Mark Zuckerberg's Facebook, which also owns Instagram, refused to say what the fault was.
 
Read the full story at the BBC
 

PasswordIt seems you never learn. Despite us fixing websites which have been hacked through poor security practices, users still use weak passwords. We see them all - 123456, letmein, password1 and our favourite batman.
 
SplashData have released the results their of 2014 password survey and it's grim news. The champ from 2013, "123456," is once again top of the pops. Nine of the top 25 worst passwords are strictly numerical, featuring variations on a theme, with "12345," "123123" and "111111" all landing on the list.  
 
The runner-up for worst password is also the same as for 2013. You guessed it. It's the highly imaginative "password."  The list was culled from an analysis of 3.3 million leaked passwords that came out during 2014. Most of the passwords are from North American and Western European accounts.

Unhappy PigMoonpig, the online personalised card company, has been accused of a shockingly sloppy attitude to security, after apparently leaving a serious hole in its security unpatched.  
 
The vulnerability, which was said to have been first reported to Moonpig back in August 2013 (yes, 2013) allows anyone with a modicum of programming knowledge to access the names, dates of birth, email and home addresses of the company’s 3.6 million customers.  
 
All that it takes is to change the Customer ID number sent in an API request. No authentication is required.

ChromeThe Chrome Security Team propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. They intend to devise and begin deploying a transition plan for Chrome in 2015.
 
What does this mean for web users? Essentially the only indicator a user gets now is if a site is using a secure certificate over SSL or TLS, (like wintercorn.com does) which is certainly not the majority of sites. It's possible then that a user might only see a secure indicator when visiting their bank or payment provider and not associate it as part of the normal browsing experience.
 

Domain Name SystemWe've had a few clients affected by the ongoing problems at 1and1 as they either have domains registered there or use their DNS services. The Distributed Denial of Service attack seems to have taken down the 1and1 DNS servers and stopped email services, but some services are working again.
 
If you are reading this you might be interested to know that you can move your DNS to a third-party provider and prevent, or at least migitate the worst effects of, an attack. Using third-party DNS may even be faster as they have distributed servers around the world and therefore closer to your sites visitors. 
 

Contact Us

Wintercorn Consulting Limited,

The Union Building,

51-59 Rose Lane,

Norwich, Norfolk,

NR1 1BY

0800 228 9933

Wintercorn Norwich