Tuesday, October 14, 2014 by Patrick PelanneTonight Google announced a flaw in the design of SSL v3. We have been tracking this issue after we heard whisperings in private security circles last week. Upon disclosure of the details we began remediating immediately. The vast majority of end users should not experience any issues as a result of the changes we’re making. In fact, Google estimates this change will affect less than 1% of the internet. (The SSL 3.0 protocol is almost 15 years old but has remained in place to support users running older browsers.) The attack vector for this vulnerability has prerequisites and is very sophisticated. As such, the real world severity is far below the recent Heartbleed & Shellshock vulnerabilities. Check out Google’s Security blog for details. If you would like to be 100% protected, you can disable SSLv3 in your browser settings. Information on how to do this in a few popular browsers can be found here.
*****Patrick Pelanne is Endurance’s Vice President in charge of System Operations. Previously he has served as HostGator’s Chief Operating Officer and HostGator’s Deputy Chief Technical Officer.
Thursday, September 25, 2014 by Sean Valant
The bad guys are unfortunately at it again. Today the Internet lit up with news of a new vulnerability, officially named "CVE-2014-6271," but more widely-known as "Shell Shock," a reference to the environment exploited, known as a shell.. The shell in question is called BASH, itself an acronym for Bourne Again SHell. Nearly all Linux servers in the world have BASH installed; it is the most common shell in use today. A shell itself is what is used to interact with the operating system via command line.
Before we proceed, you should know that all HostGator servers have been patched as of this writing. We identified the issue very early-on and developed the necessary solution for our environment. We are, of course, continuing to monitor the situation and will react appropriately should the need arise.
As with any security or vulnerability risk, it is important to reiterate the importance of practicing good security to the extent of your ability as an end user. Always use secure passwords (you know the drill: upper- and lowercase letters, numbers and special characters), always keep any third-party scripts (such as WordPress, Joomla, etc.) up-to-date, and always uses the latest version of any software that you utilize... because the truth is that often software is updated strictly for security patch purposes.
Should the need arise, we will update this blog post accordingly. Otherwise, stay safe out there on the Interwebs!Try HostGator Today!
Monday, June 30, 2014 by Brandi BennettOver the last year the news has been filled with more and more information on the TPP, or Trans-Pacific Partnership. Some people are for it, some people are against it, and some wish to receive more information about the TPP before they decide. There are a few issues with this. The TPP is, at its core, a trade alliance, one that if agreed upon will create a partnership between twelve countries. Now, we have many different trade alliances between the U.S. and countries around the world, and there are those that argue that this is just one more. It is someone else’s responsibility to know what’s going on, they might argue, or they, mistakenly, believe that it doesn’t concern them. We let you know about SOPA back in 2011, and now we’re letting you know about TPP, or, to be more accurate, we are letting you know what it is possible to know about the TPP. There are many different areas covered, from food to imports and exports, but the reason we bring it to your attention is due to its potential effects on the internet.
A Secret?As a precursor, it is important to note that there is a distinct lack of transparency associated with the TPP; unlike other trade agreements of the past, this one is being done in secret, and very little information is making its way to the public eye, all of which has been leaked. From those documents, however, it is possible to see that many of the principles of SOPA that we disagreed with so strongly have been included in the TPP. Though it will do far more than this, and affect far more areas than just the Internet, the most important thing for Internet users to pay attention to is the fact that it will work to decrease the online rights of companies and users alike, reducing Internet freedoms and working to increase the likelihood of net neutrality disappearing into the mists of time, something spoken of as a myth that never was. These online freedom restrictions would not only work to restrict, and in some cases, remove freedom of speech from the internet, but, in essence, the parties who are in agreement with the TPP would have to abide by the same laws as the country with the strictest control over their users' internet usages; an approach that would include the necessity of users to take down pages without question and remain down until such a time as the site owner could prove the right to post it, instead of applying the traditional laws that require the hosting provider to provide proof to the owner that the site must be removed and must provide the owner with a reasonable amount of time to do so before blocking access to the site itself.
Things Continue to UnfoldAs more and more information on the TPP is leaked, more users are working to take action, lobbying politicians to take action against approval of the TPP. Google’s placed considerable time and effort into doing so, and now the AFL-CIO (American Federation of Labor and Congress of Industrial Organizations – a national trade union center) is pushing for the government to decline to participate as well. As we said back in 2011 – “We here at HostGator support a free internet. An internet in which free information and unhindered distribution of said information is an unalienable human right.” We still stand by this statement and we believe that you need to know what is occurring in regards to this most troubling piece of legislation. Image Source: Electronic Frontier Foundation. (2014). TPP Banner. [image online] Available at: https://www.eff.org/sites/default/files/TPP-banner.png [Accessed: 27 Mar 2014].
Friday, May 16, 2014 by Taylor HawesEveryone knows that Google is a big deal. Each year, news of Google’s new acquisitions makes headlines across the world and across the web, stunning analysts and everyday consumers alike. From little start-ups to longtime titans of industry, so many companies have been picked up that users often forget (or don’t realize) that their favorite app or software is now part of the Google machine. For some, this just means better service, better quality, and better integration on mobile platforms; for others, watching a beloved site or service get stripped for parts and silently assimilated into the inner workings of Google’s infrastructure can be disappointing to say the least. For better or worse, Google is making waves not just online, but in nearly every facet of our lives. Here are five companies you didn’t know Google owns and what that means for you: here. As with a few other apps, merging with Google bodes well for both Flutter veterans and newcomers alike. As Google engineers hone and develop gesture recognition for more and more programs, it will become a smoother, more universal experience across the board.
Wednesday, May 7, 2014 by Brandi BennettNet neutrality is fundamentally the basic premise that all online data should be treated equally. In a nutshell, this means that information should flow freely without, discrimination, blocking or throttling internet usage by all ISPs (Internet Service Providers) or any governmental intervention; uncensored access, equal access, and unrestricted access for everyone. As Senator Franken (D. - Minn.) has been quoted, “Net neutrality is the First Amendment issue of our time.” The Internet was designed as an open medium of communication, in which all users are able to access all content without being restricted from doing so (with obvious exception being given to certain legalities related to certain types of content that fall beyond the scope of this blog post).There are many arguing that net neutrality no longer exists. The FCC’s previous rulings on the matter were recently struck down, but in light of the publicity that the "citizens of the internet" have brought to this issue (including protests), the FCC is taking steps to create new net neutrality rules and ostensibly working to keep the public’s desires at heart (a first for the FCC, one could argue!). The FCC’s actions are not entirely altruistic, being concerned with the creation of monopolies and the like, but, the fact of the matter is that net neutrality is not yet dead... and that means that it's not too late! If net neutrality ceases, we could be looking at an internet bogged down by fees, where users must pay to access certain types of content. One in which the various streaming services available today, from NetFlix to Amazon would be imposed additional tolls that of course would then be passed onto the end users of their services. This would not affect just streaming services, but all content. Say you wanted access to the news websites, you could be charged a fee, and another fee could be charged if you wanted to look at internet memes. The sky would be the limit if net neutrality dies out completely. So yes, pay attention to anything involving net neutrality, and remember, as we said back in 2011 – “We here at HostGator support a free internet. An internet in which free information and unhindered distribution of said information is an unalienable human right.” We still stand by this statement and we believe that you need to know what’s going on in the world of the internet today! Image Source: Color Lines. (2014). Net Neutrality. [image online] Available at: http://colorlines.com/assets_c/2013/09/net_neutrality_081310-thumb-640xauto-629-thumb-640xauto-9121.gif [Accessed: 27 Mar 2014].