All posts by Patrick Nohe

10 Pro Security Tips to Stop Virus, Malware, and Trojan Threats

3 votes, average: 2.33 out of 53 votes, average: 2.33 out of 53 votes, average: 2.33 out of 53 votes, average: 2.33 out of 53 votes, average: 2.33 out of 5 (3 votes, average: 2.33 out of 5, rated)
Loading...

How can a computer be protected from viruses?

I was recently handed a writing assignment on how to protect a computer from viruses, malware and trojan threats. The project description asked for “10 pro security takes.” I’m not really sure what a security take is, but the article that was cited included 8 security tips.

We need 10.

This is what’s wrong with mixing SEO with security advice. Well, that, and the fact the other article started: “This era is one of instantaneous information, immediate communication and lightning Internet.” If a voice in your head doesn’t start shouting “la migra! la migra!” about midway through that sentence, then you haven’t been living in America.

This article is going to strive to give you sound security advice on defending your computer against cyber threats. What it’s not going to do is strive for ten tips just for the sake of beating eight. In fact, it’s not even going to give eight. Security advice should be a bit more dignified than a Buzzfeed checklist. If you disagree, here are five techniques to help you cope with the fact that I don’t care.

Different Kinds of Cyber Threats

There are myriad different threats facing computers at any given time. Unfortunately, popular culture has taken a lot of these terms and given them their own meaning, or blended them with other threats. In reality, there are distinctions between types of threats that help to differentiate them. Here are some of the most common types of cyber threats.

Viruses

The term virus is perhaps the most overused in the entire threat lexicon. In reality, virus refers to a very specific kind of program that alters, or possibly even deletes data on your system. Typically viruses arrive on a system via malicious downloads and have to be executed to begin operation.

Malware

The way people mistakenly use the term viruses as a catch-all, is actually the way malware should be used. Malware refers to malicious software and encompasses pretty much any threat to your computer. It’s trivially easy to end up with malware on your system.

Trojans

Trojans are a specific kind of program that appears to be genuine, but ends up causing disruption. The term trojan derives from the Trojan Horse story from the sacking of Troy, where soldiers infiltrated by hiding in a large wooden horse statue that was initially presented as a gift. If you aren’t familiar, I highly suggest you check it out. It’s way more interesting than anything else you’re going to read in this article.

Worms

A worm is simply a file or element that continues to replicate itself once it’s in your system. Typically, you’ll see a file continue to pop up even after it’s been deleted or else you might even have an entire drive say it’s full despite the fact that you know it can’t be. These are worms. You definitely don’t want worms in your computer. Or your bowel movements. Or your computer’s bowel movements. What? Everyone need Data Security. [Editor’s Note: Carl…]

Protecting yourself from malware and other cyber threats

Here’s some helpful advice on how to avoid all these worms, trojans, viruses and malware…

Invest in good Antivirus Software

This one should be pretty obvious, but let’s start here anyway. Get a legitimate, professional-grade antivirus program. Update it regularly. It’s just basic security hygiene.

Be Wary of Email Attachments

Again, this isn’t rocket science, but make sure that you scan all email attachments before downloading anything. Email is an incredibly effective attack vector. Always be wary downloading attachments or following links.

Avoid Third-party Downloads

Unless you are 100% certain of what you’re downloading, avoid third-party downloads. Legitimate downloads will be code signed and come from known websites. If it’s hosted on some fly-by-night site, chances are it’s infected with something.

Turn off Auto-run

If you’re going to be loading any kind of external drive or hard disk on your computer make sure auto-run is toggled off so that you can scan before executing anything.

Back up your data regularly

Here’s another obvious one, back up your data regularly. This way if your computer is infected with a virus you can restore any data that is lost.

Avoid bad security advice

Some marketers throw the term ‘security’ as if it were an advertising slogan. Some SSL sellers shoehorn about these things in the form of “security checklists” and sneak in their products somewhere in the content to get their sales up. To be honest, this is a pretty stupid idea, and that’s why we don’t do it.

It is quite necessary to check authenticity with SSL (Secure Socket Layer) while dealing with the website as cyber culprits can sniff the information or it may happen that the website has already any Trojan or virus. It is safe to deal with an online website that has implemented SSL security.

For starters, reread that first sentence. Ignoring its crimes against English for a second, the information it contains is utter BS. Cyber culprits can sniff the information? What this bastard form of speech may be attempting to say is that if you are on a website WITHOUT SSL, someone can eavesdrop on the data you transfer. But frankly, that’s giving this miscarriage of English a little more credit than I’m willing to extend. And if the website already has a virus or trojan, SSL isn’t going to help. At all.

And finally, telling someone it’s safe to deal with an online website that has implemented SSL is actively dangerous advice. Criminals can implement SSL, too.

Wrapping this Up

The internet is a dangerous place if you have no common sense. But, you can stay safe if you just try to be mindful. Don’t follow random links. Don’t download programs from unknown sources. Keep your antivirus updated and listen to your browser filter.

It’s really not hard.

3-Year SSL Certificates will go Extinct on March 1, 2018

4 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 54 votes, average: 3.00 out of 5 (4 votes, average: 3.00 out of 5, rated)
Loading...

The new maximum validity is now 27 months

Starting on March 1, 2018 you will no longer be able to purchase 3-year SSL certificates. This wasn’t our decision, it was made by the CA/Browser forum.

If you’ve never heard of the CA/B Forum before, that’s OK. Not many people have. It serves as the de facto regulatory body for digital certificates. That sounds a whole lot cooler than it really is. In reality, 95% of the time it’s just a bunch of nerds arguing about by-laws. Occasionally they meet in person, which leaves whatever conference space they’re in smelling like condescension and Clearasil.

But the other 5% of the time they make decisions that affect the entire industry. Like continuing to shorten the maximum validity period for SSL certificates. There was a time, back when the SSL industry was like the Wild West [Editor’s Note: Sorry, Carl has been on a Cowboy kick lately] that you could even get a five-year certificate.

But certificate lifespan is actually one of the only places where, in terms of size mattering, shorter is better.

Why Are Shorter SSL Certificate Validity Periods Better?

Technology changes frequently, it’s always advancing. So having a five or even a three-year certificate means you’re going to be going 3-5 years between updating your ciphers with stronger encryption. Case in point, a five-year-old certificate would still be using SHA-1. SHA-1 was deprecated a couple of years ago and then last year Google spent considerable resources to create a SHA-1 collision, which underscored the need to move to SHA-2.

With a three year certificate, some users would be going three years between updates. That’s never a good idea.

Beyond that, certificate authorities need to re-validate you regularly, this is so you can continue to be trusted. It’s not unlike how you occasionally have to back to the DMV to update the information on your driver’s license. Or at least you’re supposed to.

At any rate, your validation information is only good for 825 days. If it’s been longer than that you’ll have to pass validation again.

Explain this to me like I’m five, Carl

Ok, here goes:

  • Starting March 1, 2018, you can no longer purchase 3-year SSL certificates.
  • RapidSSLonline.com will stop selling 3-year SSL certificates on February 20.
  • Shorter lifespans allow for more up-to-date algorithms and ciphers
  • CAs can only use validation information for 27 months (825 days)
  • If it’s been longer than 825 days since your last validation, you will have to go through it again
  • If you purchase a 3-year certificate before the deadline and have to reissue it for any reason, it will revert to a two-year certificate and you will lose any remaining time beyond 825 days.

Stay cautious, my friends.

If you’re still serving your site over HTTP, Google hates you

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Starting in July all unencrypted web pages will be given a “Not Secure” indicator

If you haven’t installed an SSL certificate on your website, then you’re running out of time. Over the past couple of years, Google (and Mozilla) have been pushing HTTPS in a variety of ways.

Treatment of HTTP Pages

 

Continue reading If you’re still serving your site over HTTP, Google hates you

Solve it Yourself: Your Certificate Is Not Trusted Error

3 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 5 (3 votes, average: 3.67 out of 5, rated)
Loading...

SSL Certificate Not Trusted Error – Troubleshooting common SSL certificate mistakes

You’ve gone through all the trouble of researching what SSL certificate to purchase, you’ve been validated, gotten it issued and even installed it on your server. But now you’re receiving an error message, “Your SSL Certificate is not trusted.

Continue reading Solve it Yourself: Your Certificate Is Not Trusted Error

How to Check your SSL Certificate Details in all Major Browsers

3 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 5 (3 votes, average: 3.67 out of 5, rated)
Loading...

View SSL certificate in Chrome, Firefox, Safari & Edge/IE

Sometimes it’s important to read the label. Like before you purchase food at the super market or after you’ve already downed half-a-dozen pills. On the internet, things are no different. Sometimes when you arrive at a website it’s good to read the label.

Continue reading How to Check your SSL Certificate Details in all Major Browsers

How to Protect Your iPhone from Hackers

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

The steps you need to take to keep your iPhone safe

There was a time when “keeping your phone safe” just meant avoiding water, possibly sandy areas and above all else not accidentally stepping on it. That’s because back then phones our were phones were just phones. If you wanted to send a text message you had to tap it out on a number pad. We made emojis the old fashion way—with bits of punctuation. And we weren’t just snapshooting each other pics of our diddly bits all willy-nilly. [Editor’s Note: Hell of a sentence, Carl]

But that was then, this is now. And water damage is no longer the biggest threat to your cell phone. Hackers are? I guess?

So today I’m going to teach you how to protect your iPhone against hackers. No matter the fact that I think this fear is mostly born from a millennial misperception where people think they’re more interesting than they actually are. And that most of us will probably never have to worry about having our phones hacked and our nudes leaked across the internet like Jennifer Lawrence. [Editor’s Note: This is exactly why we DIDN’T ask your opinion on it]

Here’s how to protect your iPhone from Hackers

Keep your iOS up to date

Look, I get it. Those prompts that your cell phone gives you about needing to update are annoying. And it can totally take like, an hour, to finish sometimes. Just remember those lame excuses if you get hacked because your OS isn’t up to date. Apple pushes these updates for a reason. Sure, sometimes they add new features and re-arrange things, but they’re also the only way to forward along crucial security updates. Bugs and vulnerabilities get found, patched, updates get pushed.

If you’re not updating, and promptly, you’re leaving yourself vulnerable.

Active Find my iPhone

This is pretty much a default setting nowadays, and you may be wondering how an app that gives your phone’s location away may be helpful. Here’s how, if you ever lose your iPhone you can log on from a third-party device and wipe the contents of your phone. That’s a nice tool to have in your back pocket. Also, if you’re really that worried about someone getting your location you probably have bigger fish to fry.

Pick a Stronger Password

The four-digit pin you use to open your phone is woefully insecure. I have a one in 10,000 chance of guessing it the first time I try. Upping the ante to a six-digit pin helps a little, but the best way to go is with a passphrase that lets you use letters, numbers, and symbols. That really increases the level of difficulty it takes to get into your phone. To change from a pin to a passphrase, open the Settings app and go to General > Touch ID and Passcode > Change Passcode, tap ‘Passcode options‘ and select ‘Custom Alphanumeric Code.’

Activate Auto-Wipe

Unless you’re a drunk or have Parkinson’s [Editor’s Note: Carl…] If you can competently type your password within ten attempts then this next bit of advice is for you. If you scroll to the bottom of the Touch ID & Passcode section in Settings, you can toggle on “Erase Data.” Now, if anyone attempts to access your phone unsuccessfully more than ten times, your phone will completely wipe itself, rendering it useless to the hamfisted hacker. Of course, I wouldn’t advise this if you have young kids that play with your phone or are just clumsy.

Revoke App Permissions

If you’re like me then you pay absolutely no attention to what apps are asking to access what parts of your phone. That’s a huge mistake. Apparently, this is something we should be paying much closer attention to. While it is against Apple’s privacy policy for apps to collect personal information on you, sometimes things slip between the cracks. And when that happens, it’s better to be safe than sorry. So make sure you’re keeping an eye on what apps can access what and that you’re revoking permissions where necessary.

Disable Siri

Siri is cool, if you still need to be talking to your phone when there’s nobody on the other end. But there are also some potential pitfalls associated with the virtual assistant. Namely, she can provide hackers with your personal data. Granted, she usually asks you for verifications before granting access to your contacts or other parts of your phone, but some have found ways to use Siri to work around the password screen. Fortunately, disabling Siri is pretty easy, just head to Settings > Touch ID and Passcode and then toggle off “allow access when locked.

Turn Off AutoFill

Autofill is great because who wants to remember passwords. Just log in once, let Safari remember and you’re good to go from here on out. Right? Wrong. If a hacker gains access to your phone Autofill contains the login information to all your accounts all in one easy to access place. Don’t let this happen. Head to Settings > Safari > AutoFill and then toggle that bad boy off.

These are just a few tips to help you better secure your device from hackers. But you still have to use common sense. Opening random email attachments, following unknown links and exercising what is just generally bad behavior is still a good way to run intro trouble, even if you’ve followed these other steps.

So be smart.

Stay Cautious, My Friends.

How to Enable an SSL Certificate on iPhone or iPad

6 votes, average: 4.83 out of 56 votes, average: 4.83 out of 56 votes, average: 4.83 out of 56 votes, average: 4.83 out of 56 votes, average: 4.83 out of 5 (6 votes, average: 4.83 out of 5, rated)
Loading...

Enable and view SSL certificates on an iPhone or iPad

Do you need to know how to enable SSL on your iPhone or iPad’s email accounts? You do! Good! Because I have a way to solve that exact problem.

Why am I armed with this knowledge? Well, because I was told to research it. So I went and purchased a new-fangled iPhone and an iPad and tinkered with it until I figured it out. No, that’s not true. I asked one of our systems applications specialists and he gave me a long answer that I will now attempt to relate to you in my charming, witty prose.

So, let’s start with how to enable SSL on an incoming mail server.

Enabling SSL on an incoming mail server

  • Start by going to Settings, it’s the little gray icon with some gears on it.
  • Click on “Mail, Contacts, Calendars.”
  • Choose the email account you’ll be securing.
  • Tap the email address listed beside “Account.”
  • Select “Advanced.”
  • Scroll down to “Use SSL,” it will be in the “Incoming Settings” section.
    • Note: If using IMAP, select Server Port 993, for POP use 995.

And that does it. Next let’s discuss how to enable SSL on an outgoing mail server.

Enabling SSL on an outgoing mail server

  • Start by going to “Settings
  • Click on “Mail, Contacts, Calendars.
  • Select the Email Account you’ll be securing.
  • Click SMTP under “Outgoing Mail Server.
  • Tap the primary server where the domain server name is assigned.
  • Enable “Use SSL.”
  • Set the Server Port to 465.
  • Tap Done.
  • Restart

And that’s that. Simple isn’t it?

Join me next week when I’ll talk about how to secure your iPhone.

Stay Cautious, My Friends

Multi-Domain SAN SSL Certificate Compatibility

4 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 5 (4 votes, average: 5.00 out of 5, rated)
Loading...

What browsers support Multi Domain SSL or SAN SSL Certificate

A SAN SSL Certificate, sometimes referred to a Multi-Domain, allows you to encrypt up to 250 different domains on a single SSL certificate. That’s pretty impressive. That would be like if 250 people could share a driver’s license [Editor’s Note: This is a terrible comparison].

Continue reading Multi-Domain SAN SSL Certificate Compatibility

Certificate Authority Reviews for Better SSL Security Solutions

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Carl reviews trusted certificate authorities to help you decide on the right one

Picking the best certificate authority can be a difficult choice. Different brands are aimed at different demographics and you may not fit neatly into one. Maybe you’re a small business owner with six different companies. Maybe you’re an Enterprise but you just have a single website. Maybe you’re a yeti.

It doesn’t matter, I’m going to give you a rundown of the top CAs and help you decide for yourself which Certificate Authority is right for you.

Factors to Consider when Choosing a CA

There’s a range of factors for you to consider when choosing CAs. Before I review any, I’d like to cover the criterion I’m using to evaluate.

Pricepoint

Different CAs come in at different price points. While you have Symantec on one end offering premium products at premium prices. All the way on the other end you have Let’s Encrypt which will give a free SSL certificate to anyone. Literally anyone.

Range of Offerings

What types of certificates does the CA sell? Is it limited to just a single validation level? Do they offer wildcards? What about EV? Multi-Domain? This all matters and some CAs have broader offerings than others.

Reputation

The reputation of your CA may or may not matter to you. On one hand, if you go with a top CA like Symantec you get the brand recognition that comes with deploying the Norton Secure site seal. Other CAs lack that quality.

Reliability

How long has this CA been around? Has it faced regular punitive action from the CAB Forum? Can you trust that this CA will still be trusted next year? You need to pick a reliable CA.

Warranties

Does the CA back its products with substantial warranties or are you getting the bare minimum in protection. Some CAs offer as much as a $2-million dollar warranty. Others offer nothing.

Reviewing Trusted Certificate Authorities

Let’s take a look at the top CAs and try to decide what’s right for you.

Symantec

Symantec is the biggest player in the SSL industry in terms of name recognition and reputation. The Norton Secured seal that comes with every Symantec product has been proven as the most recognizable symbol on the internet. With Symantec you enjoy premium products at premium prices.

GeoTrust

GeoTrust is a business-minded CA with business-class solutions across every validation level and certificate type. GeoTrust has been around over a decade and has over 150,000 clients around the world. GeoTrust is owned by Symantec and is one step down its value ladder.

Thawte

Thawte enjoys a tremendous international reputation as the first CA to issue for internationalized domain names. Today Thawte has customers in over 180 countries and provides support throughout the Global workday. Thawte is a Symantec sub-brand.

RapidSSL

Rounding out the Symantec family is RapidSSL, the fastest issued DV certificates on the market. Thanks to its completely automated issuance process you can order a RapidSSL certificate and have it emailed to you within seconds. RapidSSL is perfect for small websites and companies that need gap coverage between higher-value certificates. A complete RapidSSL review will give you the perfect picture about RapidSSL CA.

Secure a website in Few Minutes

RapidSSL Logo

The Most Trusted and Reliable SSL Certificate Security for a website. Protect all website URLs with HTTPS in a few minutes.

GeoTrust SSL Certificates & Save 58%

Secure a website with world-class and the most trusted GeoTrust CA Certificates. It offers 256-bit encryption, dynamic site seal, unlimited server licenses, free reissuance, and more.

Shop for GeoTrust SSL Certificates

How to Generate a CSR Using Apache OpenSSL

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Step-by-step instructions for creating a Certificate Signing Request and Private Key

Need help creating a Certificate Signing Request (CSR) using OpenSSL commands on Apache? Good! You’ve come to the right place. A year ago, I probably couldn’t have helped you answer this question but good ol’ Carl has learned a thing or two about SSL certificates, CSRs and hopefully even something about Apache servers—or else this last part might be kind of tough.

Let’s start with your CSR. A Certificate Signing Request acts as sort of a de facto application for your certificate. The Certificate Authority that’s issuing the certificate will use the information contained in the CSR to fill out the certificate. That’s why it’s critical that every piece of information you put in your CSR is accurate. Any problem, even the tiniest grammatical miscalculation, can have catastrophic effects.

Ok, so maybe not like end-of-the-world catastrophic. I just like a little bit of hyperbole. It’s more of a “this was a waste of my time” disaster. So that’s my preface when you fill this CSR out, get it right. There’s nothing worse than having to do it all over again.

How to Generate a CSR Using Apache OpenSSL

For starters, you’ll need to have SSH access at server- and root-level permissions in order to generate your CSR and Private Key.

  1. Using Putty, connect to Apache Server SSH and login as root. Type the command below when prompted:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomainn.key -out yourdomain.csr
  1. The command should create two new files: a private key and a CSR. Keep a copy of your private key secure and then complete the CSR.

Note: The private key is thusly named because it needs to be kept safely. A compromised private key means a compromised SSL certificate.

You are now going to be asked to give some specific information:

  • Country Name (2 letter code) [XX]:
  • State or Province Name (full name) []:
  • Locality Name (city) [Default City]:
  • Organization Name (company) [Default Company Ltd]:
  • Organizational Unit Name (department, division) []:
  • Common Name (your name or your server’s hostname) []:
  • Email Address []:

Congratulations! After filling out the required fields, your CSR will be saved and is now ready for the CA.

 Other Important Resources

 

Apache SSL Certificates

RapidSSL Logo

Easy and quick issuance of Apache SSL Certificates. Protect a website through top DV SSL certificates in few minutes.