Site hosting news, tutorials, tips, How Tos and more

Archive for the ‘Internet’ category


Vote for Winhost!

We wanted to let you know that Winhost has been nominated in the category of Best Hosting Service in the 2011 DevProConnections Community Choice Awards. That’s kind of a big deal for us, as we’re up against some big-name, established hosts.

Want to help us give them a run for their money? Vote!

http://www.surveymonkey.com/s/devproconnections-communitychoice2011-finalvoting

We’re listed in the “Hosting Service” category, #13. Please take a minute out of your day to pull the virtual lever for Winhost and make the big boys sit up and say, “Hey, who is that?

Thanks for your time, your support, and most of all, thanks for using Winhost!



Phishing for Tweets

A recent Twitter virus has re-surfaced, and we were sent the link via a direct message on Twitter:

@jkruessel to Winhost dm: Someone is posting a pic of you all over twitter ;( link2pic here http://no.thanks/yZkg
August 24, 2011 at 11:37 AM
 
 

Don’t let the bad guys hook you!

 

Clicking that link (which we’ve changed, of course) takes you to a Twitter login page that is really a phishing site. Once the bad guys have your Twitter login, they use it to phish in more of your friends and contacts and spam moneymaking schemes all over Twitter.

We’re all used to being cautious where email attachments and links are concerned, but these newer social media exploits rely on people being less suspicious of links that show up via Twitter or Facebook. But of course you should still be wary when clicking any link that comes to you out of the blue, especially when it’s been cloaked using a URL shortening service. One way to check on such links is to use a site like http://real-url.org, which shows you the real URL behind the shortened version.

Since we’re talking about Twitter, be sure to follow @Winhost. We’ll never steer you wrong!



Open sesame

insidewinhost

We have a lot of discussions and meetings about security. Not only back-end network security, but security of the customer interface, and security policies as far as communicating with customers.

If you have ever locked yourself out of an online account because you forgot a username or password, you know what a frustrating experience it can be to try to get that access back. At Winhost we have a system in place that is email and temporary password based, so you can usually regain access to your account without even contacting us. In the event that fails, you can always contact the billing department and provide the answer to your security question to regain access.

bandit

We are working on extending the authentication system even further to include a second security question. The meeting about that was interesting because there were as many different opinions on security as there were people in the room, and a common question becomes how much security is too much?

And like everyone in that meeting, every one of our customers also has a different idea of “perfect” security. The thing is, you cannot design and build a system that accommodates everyone’s idea of perfect security. It would have so many barriers to entry that it would be unusable. So we have to design systems that meet most people’s needs. Which means some people will find flaws with it…

“Why don’t you require a password change every thirty days for Control Panel?”

“Why can’t I enter a 255 character password?”

“Send me my login information, but do NOT send my username via email!”

“Can I register my retina scan with you, and then you don’t allow access to my account unless it is accompanied by a live retina scan that matches the retina scan that you have registered? Oh, and I’ll register a new retina scan with you every seven days. Please? Why not?!”

Okay, I made the last one up. But we’ve heard all the others. Some more than once.

We take security very seriously, but there is a line somewhere between ultra-strict security and usability, and we have to straddle that line to provide a usable service to a large number of people. That isn’t to say our security isn’t strict – I won’t bore you with our multitude of internal security policies regarding customer data and information – but we hope we provide a secure, yet user-friendly, experience.

And whatever you do, don’t make your account password, “password.” Okay? Really, just don’t do it.