News Room

News from Wintercorn about Joomla!, WordPress and other tech subjects

Unhappy PigMoonpig, the online personalised card company, has been accused of a shockingly sloppy attitude to security, after apparently leaving a serious hole in its security unpatched.  
 
The vulnerability, which was said to have been first reported to Moonpig back in August 2013 (yes, 2013) allows anyone with a modicum of programming knowledge to access the names, dates of birth, email and home addresses of the company’s 3.6 million customers.  
 
All that it takes is to change the Customer ID number sent in an API request. No authentication is required.

ChromeThe Chrome Security Team propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. They intend to devise and begin deploying a transition plan for Chrome in 2015.
 
What does this mean for web users? Essentially the only indicator a user gets now is if a site is using a secure certificate over SSL or TLS, (like wintercorn.com does) which is certainly not the majority of sites. It's possible then that a user might only see a secure indicator when visiting their bank or payment provider and not associate it as part of the normal browsing experience.
 

Domain Name SystemWe've had a few clients affected by the ongoing problems at 1and1 as they either have domains registered there or use their DNS services. The Distributed Denial of Service attack seems to have taken down the 1and1 DNS servers and stopped email services, but some services are working again.
 
If you are reading this you might be interested to know that you can move your DNS to a third-party provider and prevent, or at least migitate the worst effects of, an attack. Using third-party DNS may even be faster as they have distributed servers around the world and therefore closer to your sites visitors. 
 

Online ShoppingClare Rayner apparently.
 
No, not the agony aunt, the other one with a confusingly similar name.
 
Small and Medium Enterprise (SME) retailers should open at evenings and weekends because that is when their customers want to shop, says Clare Rayner, the small business mentor and high street campaigner, without realising that's exactly why they have websites which can do this for them.
 

Contact Us

Wintercorn Consulting Limited,

The Union Building,

51-59 Rose Lane,

Norwich, Norfolk,

NR1 1BY

0800 228 9933

Wintercorn Norwich