Posts

CAA bug revokes 3 million Let’s Encrypt certificates

Happening Now: Over 2 Percent of Sites Using a Let’s Encrypt TLS Certificate May Throw Security Warnings Wordfence.com Mar 3, 2020 On Wednesday, March 4, 2020, 3 million Transport Layer Security (TLS) certificates issued by Let’s Encrypt will be revoked because of a Certificate Authority Authorization (CAA) bug. This is 2.6% of the over 116 million active certificates issued by Let’s Encrypt. Let’s Encrypt has contacted all certificate holders affected by this bug, and they’ve created a tool and a list of serial numbers to determine if your TLS certificate is affected by the bug. Let’s Encrypt created a tool where you can check your site’s host name and determine if your Let’s Encrypt-issued certificate is affected by this bug. Let’s Encrypt can also see the list of all affected serial numbers. On a Linux/BSD-like system, you can also run the following command to show your domain’s current certificate serial number. Replace example.com below with your own domain name: openssl s_client -connect example.com:443 -servername example.com -showcerts /dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d : Read more… Related posts: Chrome Extension Attacks Target Site Owners Seeing more contact form spam? Contact Form 7 now requires reCaptcha 3 Google S-Day Arrives: Chrome warns about non-HTTPS sites Firefox Users Alert: New TRR feature: why and how to disable it Avast antivirus spying on and selling user data Plugins to Enhance WordPress Security ... more....

Avast antivirus spying on and selling user data

I have used Windows Security (formerly Windows Defender) as my only real-time anti-malware and firewall protection for years on all my PCs. Coupled with some common sense about which websites I visit and which emails I click on, it has yet to fail me. Occasionally, I will double check my system with a scan by Malwarebytes but so far it has not found any threats missed by Windows Security. Over the years, Windows Security has improved and the version shipped with the latest versions of Windows 10 is excellent. Here’s one more reason to avoid third-party options. Avast antivirus caught spying on user data by AshishMohta, TheWindowsClub.com January 28, 2020 Avast antivirus is one of the popular antiviruses for Windows 10, which has been offering its services for free for many Home users. Shockingly, they had been caught spying on user data. A joint investigation by PCMag and Motherboard reports some scary findings. It turns out they had not been offering their service for free, but trading by first collecting sensitive user data, and then selling it. All through subsidiaries, but it is happening. If you are using Avast Antivirus, we highly recommend you to switch to Windows Security for complete security. The report from  PCMag and Motherboard comes via leaked documents. These documents talk about how they use the user data is collected, and confidentially sold to some of the biggest tech giants in the industry. The leaked data came from Jumpshot, a subsidiary of Avast. It is responsible for making the data presentable and available to clients, including Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Condé Nast, Intuit, and many others. The data includes information about user movement across the internet, what they click, and more. The data collected is so granular that clients can view the individual clicks ... more....

Improving load times for WordPress websites: Research and recommendations

Load Screen for Slow Sites Google recently announced plans to start “shaming” slow websites by labeling them as slow in their Chrome browser, using either a “badge” or a load screen that specifically warns the visitor that the site loads slowly. Even if, like me, you don’t like Chrome and don’t use it as a default browser, this is something all website owners need to be concerned about: According to W3Counter’s browser stats for July 2019, over 55% of web traffic comes from the Chrome browser. In effect, this means that it’s even more imperative for you to ensure that your website loads as quickly as possible. Seeing that loading screen, especially for mobile users, is very likely to mean they’ll click away and you have just lost a potential customer. With this in mind, I undertook my own research into the available WordPress strategies for minimizing load times. I looked primarily at options commonly highlighted by utilities like Google Page Speed Insights, WebPage Test, GTmetrix, and Pingdom: defer loading scripts that aren’t immediately needed as the page loads, minimize image sizes, and various WordPress caching plugins. As I tried the various (free) plugins available at WordPress.org, I retested each of three different sites of varying complexity, including one ecommerce site, using the speed tests listed above. Here’s what I learned which allowed me to bring these sites into the 95-100% range for Desktop and the 57-70% range for Mobile (mostly using 3G or 4G connections): Disabling unused or rarely used plugins does not help in these speed tests. The various scripts and CSS used by the plugin are still loaded by WordPress and included in the speed tests. If you don’t need it, deactivate and then uninstall the plugin completely. For general caching, what produced the best result for ... more....

Old wireless card preventing Windows 10 updates

On one of my computers, I have experienced multiple problems with Windows Feature updates since about 1703. I tried everything I could find online to fix the problem (e.g., Windows 10 Creators Update common installation problems and fixes) and really nothing worked. The only way I could get a feature update to install at all was to use the Microsoft MediaCreationTool utility and the option to “Create installation media for another PC“, and even then it generally took three or more tries before I could get the feature installed successfully. However, my most recent attempt with the 1909 feature update gave me a more specific error message than previously when it failed: 0xc1900101-0x4000D The installation failed in the SECOND_BOOT phase with an error during the MIGRATE_DATA operation. Well this seemed like progress. This error points to a driver issue. I had already checked for all driver updates more than once and going through each driver listed in Device Manager painstakingly) both with Windows and with the manufacturers website. Everything basically told me I had the latest drivers and no updates were available. But eventually, following Google links and then links in the sites listed by Google, I was led to one paragraph. Sadly, I did not record the link but it was from a Dell computer owner who talked about solving the problem by removing an old PCI wireless card that came with his computer, had never been used, and even had the antenna broken off a few years previously. PCI Wireless Card Now, this quite literally jumped off the web page for me. I don’t have a Dell computer but I certainly had one of those old never-used broken-antenna PCI wireless cards that came with the computer. The writer noted that it was not enough to just disable the ... more....

Windows 10 Freezes on Shutdown or Restart

Windows 10 users have been reporting this very annoying issue since 2015 or earlier: Just Google “Windows 10 hangs on shutdown” or “Windows 10 freezes on shutdown or restart“. Page after page of complaints and suggestions, including many by Microsoft.   Several of these have promising titles such as Fixed: Windows 10 Hangs or Stuck on Shut Down [SOLVED] Windows 10 Stuck On Restarting Windows 10 Won’t Shut Down? Here’s How to Fix It! There are numerous suggested fixes including update all your drivers update the Intel Management Engine Interface turn off fast startup in Power Settings stop Chrome running in the background even if Chrome is not your default browser check for disk errors using chkdsk or corrupted files using built-in Windows utilities sfc /scannow and DISM /Online /Cleanup-Image /ScanHealth disconnect all the external devices (printers, scanner, USB devices, etc.) except mouse and keyboard and restart by holding down the power button run the Windows 10 Power Troubleshooter run the Windows 10 Update Troubleshooter reset or reinstall Windows and numerous others including probably the dumbest of all: “start Task Manager with Ctrl-Alt-Del to find out which service is not shutting down” – Hello? How do you do this if your system is frozen? Well, I tried almost all of these, other than a complete Windows reset or a clean install of Windows, and none of them worked. I finally found a suggestion I hadn’t seen before (my apologies but I can’t recall the source for this): Reset your BIOS settings to the Default Settings. Okay. What do I have to lose? (Famous last words, I know.) This just involves pressing F2 or F8 or F10 or Del when booting up your computer (it varies with the manufacturer) to get into your Settings screen, and then looking for an option ... more....

How to Find a Direct Link for Customers to Leave a Google Review

It is often helpful to post a link in emails or on a small business website for customers or clients to post a review on Google Reviews. If you have enabled the new Google Short Name for your business/website in Google My Business (GMB), you don’t need the rest of this post: you can get the link right there in your GMB dashboard. It will look something like this: https://g.page/psychlinks-web-services/review. If you don’t have a GMB account set up, or for some reason you havben’t set up a Google Short Name, here’s how to get a direct link to leave a review for your business: Go to https://developers.google.com/places/place-id Google Placeid   Enter the name of your business and you’ll get a dropdown to confirm the location (or I think you can use the address as well). Press enter and you’ll get a popup with the the placeid, which will be a long string of letters and numbers looking something like this: ChIJrTLr-GyuEmsRBfy61i59si0 Simple copy that placeid and append it to the end of the following URL: https://search.google.com/local/writereview?placeid= That’s your direct link to leave a Google Review for your business. Unfortunately, this method does not seem to work for a Service Area Business (SAB) or a business which is not yet on Google Maps. For that, there’s a bit of a convoluted work-around outlined here: Can’t Find Your Google Places ID? Learn The Trick To Find Any Place ID – Launch 2 Success   Related posts: Google Reviews Widget for WordPress Customers avoid businesses with poor mobile websites Does Your Local Business Still Need a Website? Social Media Outperforms Google for Small Business Local Search: Blogging will Help Your Small Business Google Rankings and Your Business ... more....

Using Events and Wacky Holidays to Attract Customers

Use Events and Wacky Holidays to Attract New and Returning Customers by Dan Magill, Woocommerce Blog June 27, 2019 Wacky Holidays and Months Looking for something to say in the next few months to boost your eCommerce marketing? Find a weird holiday that can connect to your business in some way. Sure, you can go after major holidays like Labor Day and July 4th in the US, or back to school week. And you probably should. But what about July 6th – International Kissing Day? Or how about these: July 2nd – World UFO Day July 7th – Tell the Truth Day July 12th – Simplicity Day July 28th – Milk Chocolate Day If July is too soon for your planning, here are some great ones in August: Aug 2nd – International Beer Day Aug 13th – Left Handers Day Aug 21st – Spumoni Day Aug 31st – Eat Outside Day July is also Ice Cream Month. And, if you’re in finance, July is Bank Account Bonus Month. Have a salon business? August is Anti-Frizz Month. It’s also Peach Month and Inventor’s Month. Where to Find Weird Holidays and Months So many goofy months and holidays exist these days – you’re sure to find several creative ways to capitalize on them. You can find complete lists of wacky holidays on Days of the Year and Time and Date.    Read more… Related posts: Websites to sell crafts How to Find a Direct Link for Customers to Leave a Google Review Google Public DNS turns 8.8.8.8 years old No Business Is Too Small to Have a Website Does Your Small Business Need a Website? Customers avoid businesses with poor mobile websites ... more....

Problems with Microsoft Outlook 2016: It’s a dud!

I have been using Microsoft Outlook for years through a number of iterations, starting I think with Outlook 2000, then Outlook 2003, then Outlook 2007, and then Outlook 2010. Outlook has always had its quirks, some of which I’ve addressed here in other posts. But it basically worked, most of the time, the way it should, and the few annoyances weren’t too difficult to correct once you knew how. Last year, with my previous version of Outlook rapidly aging and at or approaching end of life, I thought it was time to upgrade and purchased Outlook 2016. TL;DR version: Outlook 2016 was a total lemon! It is the Vista of the Microsoft Office series! Avoid at all costs! It never really worked very well for me (under Windows 10 with all the operating system upgrades as they were released as well as driver and software upgrades. From the outset, it was slow. Slow to load, slow to switch folders, slow to do anything. Often, when I switched between Outlook folders, it would display a “Nothing to see here” message so I’d have to go to another folder and then back to get the emails to display. Yesterday was the last straw. I had rebooted the computer the night before and followed my usual morning routine of coffee and checking to see what email had arrived since the previous evening. My reaction: “What fresh hell is this now?” Most, although curiously not all, of the new emails would not display in HTML but only in plain text – not very useful in my line of business. As usual, I went to Google to search for “Outlook 2016 will not display emails in HTML format”. What I learned was that this was a very common problem with Outlook 2016, that Microsoft was ... more....

Going Online to Win in Canadian Business

Businesses in Canada, especially small local businesses in Canada, cannot hope to compete today unless they have a strong online presence. Read on for advice from Google Canada. Future proofing your business: Why digital is the way to win in Canada Think With Google June 2019 By 2023, Canadian digital commerce will grow by 30%.1 That’s a $60-billion market. The opportunity is there for the taking — and there’s room for all retailers to thrive whether they’re traditional, pure play, or brand-focused. When it comes to online shopping, Canadian consumers are, in fact, already leaders in many ways. According to new research by Google and Deloitte on the eCommerce landscape, 77% of Canadians go online to discover the things they want to buy, compared to 72% of Americans.2 And 82% of Canadians research and purchase online, which is on par with the U.S. at 85%.3 Plus, Canadian consumers want to buy Canadian products. Are you making it easier for them to purchase yours? There’s a great divide out there between the retailers who can quickly adapt to and thrive in this environment, and those who can’t. But the good news is, your business has more opportunity to build on than ever before. Sources: 1 eMarketer, May 2019, Retail Ecommerce Sales, Canada 2019 – 2023 2 Deloitte/Google, “”Future proofing your business: Why digital is the way to win in Canada”, Canada and USA, March 2019 – April 2019, n = 1009 Canadian Shopper 18+ and n = 1000 US Shoppers 18+ 3 Deloitte/Google, “”Future proofing your business: Why digital is the way to win in Canada”, Canada and USA, March 2019 – April 2019, n = 1009 Canadian Shopper 18+ and n = 1000 US Shoppers 18+ 4 Download Google/Deloitte Whitepaper, June 26, 2019 (PDF)   Read more… Related posts: Why ... more....

Yuzo Related Posts Plugin Security Threat

If you have this plugin installed, even if it’s not active, delete it immediately! Yuzo Related Posts Zero-Day Vulnerability Exploited in the Wild by Dan Moen, Wordfence.com April 10, 2019 The Yuzo Related Posts plugin, which is installed on over 60,000 websites, was removed from the WordPress.org plugin directory on March 30, 2019 after an unpatched vulnerability was publicly, and irresponsibly, disclosed by a security researcher that same day. The vulnerability, which allows stored cross-site scripting (XSS), is now being exploited in the wild. These attacks appear to be linked to the same threat actor who targeted the recent Social Warfare and Easy WP SMTP vulnerabilities. The XSS protection included in the Wordfence firewall protects against the exploit attempts we have seen so far. Both free and Premium Wordfence users are protected against these attacks. Based on a deeper analysis of the security flaws present in the plugin we have also deployed protection against additional attack vectors. Premium customers will receive the update today, free users in 30 days. We recommend that all users remove the plugin from their sites immediately. Today, eleven days after this vulnerability was irresponsibly disclosed and a proof-of-concept (PoC) was published, threat actors have begun exploiting sites with Yuzo Related Posts installed. Exploits currently seen in the wild inject malicious JavaScript into the yuzo_related_post_css_and_style option value. When a user visits a compromised website containing the above payload, they will be redirected to malicious tech support scam pages. Three Vulnerabilities with a Lot in Common Our analysis shows that the attempts to exploit this vulnerability share a number of commonalities with attacks on two other vulnerabilities discovered in other plugins: Social Warfare and Easy WP SMTP. Exploits so far have used a malicious script hosted on hellofromhony[.]org, which resolves to 176.123.9[.]53. That same IP address was ... more....