SSL by default from now on
From now on, SSL will be installed by default for all websites at Pham Consulting. We will renew the certificates automatically, free of charge.
security
Sucuri hacked report Q2/2016
Sucuri is a security company, focusing on protecting open source websites. OsloNAP has been utilizing Sucuri’s database for our malware daily checking. Every quarter, Sucuri releases a report about hacked situations, based on the sites they worked on. In the Sucuri hacked report Q2/2016, in over 9000 sites, the major is still WordPress. This confirms … Read more
Remove W3 Total Cache
W3 Total Cache is a very popular caching plugin for WordPress. However, it’s reported recently with a high-risk XSS security hole. It allows hackers to insert malware into the site. The worst thing is that the plugin developer seems to abandon the plugin already. The plugin status In the last six months, there is no update … Read more
Outdated source code
We just finished upgrading PHP for a client from version 5.3 to 5.6. Even they had sent out notifications to their customers in advanced, multiple websites were not working after upgrading. The reason is that of outdated source code, which is incompatible with PHP version 5.6. There are reasons for PHP to change their core functions: … Read more
WordPress security patches
Back to April 2013, the latest WordPress major release was 3.5. When I checked the WordPress statistics, there were only 28.4% websites using WordPress 3.5. That meaned 72.6% websites contained WordPress security holes without patched, not counting to errors in themes and plugins. That was also equal to 46 million WordPress-websites in danger. I asked … Read more
Subscription model – the UX
In March, I wrote a blog post explaining why we offer subscription model for web design service, instead of one-time payment as other firms. I focused on security aspect in that post. Now, another aspect: user experiences – UX. When mentioning to user experiences, I need to say that I am not a UX expert. … Read more
Glibc security – Ghost – CVE-2015-0235
Recently, a new vulnerability in glibc security has been published. Even it is happening in a system library, hacker can use end-user application to crack servers. There is a system library, named glibc, widely used in Linux distributions such as Redhat / CentOS, Debian, Ubuntu. Two functions, gethostbyname and gethostbyname2, in that library have vulnerabilities that … Read more
Automated tasks for productivity and data security improvement
Earlier of this week, Apple released its first automatic security update for Mac users to patch the vulnerability in OSX connected to the network time protocol (NTP). A cloud survey report from KPMG (2014) shows that executives feel implementing the cloud has helped them improve business performance (73%) and improve levels of service automation (72%). … Read more