Flash and Facebook

Adobe Flash PlayerYou may have seen this headline recently:
Firefox blocks Flash, and Facebook calls for its death

Firefox has been blocking outdated versions of Flash for quite some time now. This isn’t news; it’s click-bait.

You can update the version of Flash that you do have by visiting https://get.adobe.com/flashplayer/

You also can test/check to see what version you currently have installed at https://www.adobe.com/software/flash/about/

Update to the newest version of Flash, version 18.0.0.209 (as of this moment), and Firefox will remove the block automatically.

Length > Complexity

from https://xkcd.com/936/A long password is, generally, more secure than a complicated one.

According to GRC’s Search Space Calculator

“%n7yP!zza” can be cracked in under 2 hours.
“ilikepeasandcarrots” takes around 2.53 thousand centuries.
Include spaces, and it leaps to 7.66 hundred million trillion centuries.

I know this is a gross oversimplification of factors that can influence a password’s guess-ability, such as entropy. But in almost all cases, password length contributes more significantly to overall password strength than complexity (see also Password Strength at xkcd).

I’ve mentioned KeePass and LastPass elsewhere, but if you’re not already using a password manager I highly suggest giving one of those two a go.

CAPTCHA is Broken

CAPTCHAA CAPTCHA is that obfuscated or skewed image that a website asks you to type to attempt to verify that you’re a human. CAPTCHA actually stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Since many programs hackers use are quite simple, they get a little stumped because they can’t interpret the picture.

Unfortunately, that’s changing. For one, anyone can hire out the work of solving CAPTCHAs (or “reward” their efforts in, ahem, other ways). Plus, about a year ago, Vicarious, Inc. released the video seen below of their software easily cracking CAPTCHAs (and yes, they’ve not limited to Latin characters). Sometimes the software has an easier time than humans do.

So… what now?
We’ve been experimenting with several different options and had some success. We’ve significantly reduced the volume of comment and contact spam that gets through. But… there’s still more to do. There are a lot of companies working on alternatives, but not many that are robust and reliable enough just yet. One that we’re considering is PlayThru by Are You a Human (here’s a demo). You may see it soon on a few of our more oft targeted sites.

…try, try again.

login_320x307This month has brought record number of hacking attempts on the websites we manage (over 7000). This is not terribly unusual in the wild-wild-west world of the world-wide-web, but we really beefed up our anti-hacking efforts this month. We want you to know that we work hard behind-the-scenes to keep your website up and running for your business.

One of the most common methods we see hackers use is called brute force hacking. Brute force hacking is when someone tries to access the “behind the scenes” stuff of a website by literally attempting several username and password combinations (usually hundreds every second) to try and see the super-secret insides of websites.

It often goes something like this:

Your Website: Oh, good morning! Would you like into the admin areas of this website?
Hacker: Um, yes….please.
Your Website: Sure! The first thing I need to know is your username.
Hacker: Admin
Your Website: Okay, now what is your password?
Hacker: “password”?
Your Website: no
Hacker: “password1”?
Your Website: no
[some time later, usually after trying out each password on lists like this one…]
Hacker: “123456”?
Your Website: (*sigh*) no
Your Website: Wait. You don’t look like Frutke to me. Are you really supposed to be in here?
Hacker: Yessssh. I mean Yes! Here, let me try again.

You get the idea. We’ve helped our clients’ websites out by giving them ways to say “No, and get outta here!” a whole lot sooner.

If you have any questions about hacking, don’t hesitate to ask. We love to answer questions.

WP, DDoS and the NFL


Error 500Another update to WordPress, the content management system that we use heavily, was released in December (version 4.1). I installed it on all of the websites we manage just before the New Year rolled over.

In addition to the WP update, we had some other excitement last month. On the 9th, some of the DNS servers we depend on were hit with a DDoS attack. A DDoS (distributed denial-of-service) attack is sort of like what would happen if an NFL quarterback attempted to get suggestions for the next play from the neatest 75,000 screaming fans.

Not surprisingly, some of our websites were offline for about 2 hours. The whole thing was resolved by the next morning, but it made for a pretty late night here. Such is the interdependent nature of the web, I suppose.

Six of One, Half a Dozen of the Other


mmm... turkeyI had a funny interaction at the grocery store this morning.

“Eight ounces of sliced turkey breast, please,” I requested of the employee behind the deli counter.

“We can’t do ounces. Would a half-pound be okay instead?”

“Um… yes, that should be fine.”

I figured: eight ounces or a half-pound; it’s all the same to me.

Love Letters


Love LettersWhile not as crazygonuts as September, October was still a pretty fun month. A few of our sites were hit with hacking attempts and spambots, but that’s not too unusual.

Much of this past month was actually spent practicing for a play at our local theater. It’s a 2-person cast, so there was a good bit of memorization involved. The Pee Dee Post interviewed my co-star and I and posted it on YouTube (they also gave us a glowing review afterwards). Our final performance was on Nov 1, but I wanted to share the bio they printed in the program.

Jason Buckner makes a return to the RCT stage, after a thirty-year hiatus, in the role of Andrew Makepeace Ladd, III (no relation). A native of Rockingham, Jason was born at a young age and cannot spell ostrich without looking it up. He enjoys singing (no… really), canoeing, constructing wheelchair ramps with a local ministry, flirting with his wife, Merrielle, and homeschooling their two children. When people inquire why he recently moved back to Richmond County after living in majestic Colorado for several years, he typically replies, “I missed the oppressive humidity and mosquitoes.” Jason knows exactly where to find Waldo and Carmen: San Diego. You can tell Jason is kidding about something by watching his face: if his lips move, he’s probably joking.

WordPress 4.0


wordpress-logo-stacked-rgb_300x186A significant update to the content management system that our website uses, WordPress, was released this past month. WordPress powers about 13 million other websites and continues to be the world’s most popular content management system.

While development on the next version is already underway, we went ahead and upgraded our website (and all of our clients’ websites) to the latest and greatest stable version of WordPress: version 4.0 (a nice summary of updates is available on the WordPress Codex).

Along with that update, we also upgraded tons of bells and whistles that keep all of those websites running smoothly. Then, we backed everything up to our off-site servers.

It was a pretty busy month for us here at Frutke, but a good one. We hope things have been going well for you too.

CyanogenMod


Every new computer I’ve ever purchased has arrived loaded with tons of junk software. I recently upgraded to a smartphone and noticed the same thing was true: tons of junk applications that I didn’t want or need. Cid

Getting rid of them all was not easy. I went with CyanogenMod, an open source operating system for your phone. Actually, it’ll run on tons of devices – ranging from the Kindle Fire, the Nook, Droid devices, to Samsung (sorry, no iPhones yet).

The rabbit hole goes pretty deep, but may be worth a look if you’re ready to separate the wheat from the chaff.

Wikipedia and Dell join Frutke in accepting Bitcoin


BitcoinIn May, Frutke became the first business in our county to accept Bitcoin. We made the local paper too (here’s the article). Yesterday, I learned that Dell and Wikipedia both now accept Bitcoin also (see Wikipedia Now Accepts Bitcoin Donations With Coinbase). It feels really good to be “ahead of the curve”.

The second article linked above mentions Coinbase as a payment processor for Bitcoin. I’m still researching it, but so far it seems like a PayPal for Bitcoins.

Kinda neat.

Domain Name Renewal Scam


Federal Trade Commission's National 'Do Not Call' RegistryIf you happen to receive any letters, phone calls or emails from “Domain Registry of America” warning you that your domain name is about to expire, you may safely ignore them.

The best thing to do is toss the letter, report the telemarketing call to the FCC (at https://donotcall.gov/ ) or delete the email.

We see spam from that company often and the letters are particularly misleading. Unless you read it very carefully and examine the fine print, the letter makes it sound like you’ll loose your domain name if you don’t register with them.

For the record, Frutke does provide domain registration and renewal services for our clients, but is in no way associated with “Domain Registry of America”.

We also like pizza (also just for the record).

RIP Win XP


I loved the headline this article featured: Windows XP dies at 12 1/2 after long illness
Bliss
A month and a half ago, Microsoft officially retired Windows XP. No further updates, security patches or fixes are being released, making those old computers wonderful targets for viruses and spyware.

If you’re stuck with an old computer and only need to access the internet, your email and the ability type a letter or two, consider switching to Lubuntu (http://lubuntu.net/). It’s a free operating system that can run on most computers that are currently running the Windows XP operating system. I’ve used it several times to breathe new life into old, slow laptops.

If it’s “gotta be XP” for you, please, please don’t use Internet Explorer. Those two are the worst case scenario combo. Download Mozilla Firefox, Google Chrome, or even Safari.

I came across this good article on the End of Life of XP:
http://www.gcflearnfree.org/windowsbasics/how-to-survive-the-end-of-windows-xp-support
It does a good job of honestly answering the most common questions I hear.

Please pass it along to anyone you know that’s still using Windows XP.

Heartbleed


No doubt, you’ve seen a bit of media buzz surrounding the Heartbleed bug. As usual, xkcd explains it extremely well.
heartbleed
It impacts nearly every website you use where you have a login (like Gmail, Facebook, your bank, Healthcare.gov, etc.).

If you’re not already using a password manager, please consider KeePass or LastPass.

We’ve been using KeePass for years, have 695 passwords securely saved and I only have to remember one password to access them all.

Their website puts it best: “KeePass… helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).”

-Jason