Small Snap! Logo Snap! Websites

Work in progress
Snap! C++

Incredible Websites for Incredible People

Security

Snap! News: Google Search using SSL!

Alexis Wilke's picture

Pines under SnowOn October 18, Google announced that all the searches for logged in users (say you have a G+ account...) will make use of their secure pages (i.e. using encrypted data.) Our new upcoming Snap! Websites version will also let you log in your account using SSL.

This is important for users of Google+ since a bar appears at the top and the functionality of that bar includes a cookie. This is a security issue since your account could get hacked since your cookie is traveling on the Internet in clear while doing searches (unless you log out of G+ each time you use it?)

We work hard for Snap! to be secure

Alexis Wilke's picture

I am glad to inform you that once again I had a reported security fix patched by the Drupal Security Team.

You can read the security problem in details on the Drupal.org website:

SA-CONTRIB-2011-020 - Taxonomy Access Control Lite (tac_lite) - Cross Site Scripting

This is how we work here. Security is our prime goal and we work hard to make our system secure at all time.

Although this XSS problem was mitigated in several ways, it was still a problem.

Websites and security, big guys always being attacked!

Alexis Wilke's picture
Hackers are most often refered as Black Hats programmers.
A Black Hat—coming from black magic—is often used as a
reference to programmers hacking systems for no good.1.

Last Thursday, SourceForge.net was attacked again2.

You would think that they would be safe from such attacks since SourceForge.net offers a free service for users to offer their free (open source) software online. Yes! That's where you download many of the free tools you are using everyday. For instance, if you have an archaic type of a website, you probably need to FTP3 your data to your account. On Microsoft Windows,Mac OS/X, and Linux, this can be done with FileZilla. Although they have their own website, the download comes from SourceForge.net4.

Security is one of the area where our base CMS system is very strong at and we also ensure that our own Snap! code is secure. This starts with your password, but it includes very much more than just that. This being said, we are not looking for hackers to visit us. Well... it's not like that doesn't happen, but so far so good.

  • 1. This hat comes from a picture of Coolidge who helped the Smoki in 1924.
  • 2. Yeah... Unfortunately, that's not the first time, and it will go on and on and on, and not just for SourceForge.net. See how you can start by protecting your account using a strong password.
  • 3. The FTP protocol is notoriously insecure, but a very large number of people are still using it (if you can, at least try to use the SFTP so the data is encrypted, including your log in and password.)
  • 4. Note that if you were plaining to create a free software, that's a good place for the download because they have access to very large pipes (many T3) and thus thousands of your users could be downloading your data simultaneously.

Tiny URLs dangers and your solution!

Alexis Wilke's picture

If you've been around the Internet for some time, I'm sure you've seen a tiny URL. The name comes from the very first website that offered tiny URLs to the world. The service has always been free and has evolved quite a bit with time. Today, we have a name for such website service:

URL Shorteners

Although many people still refer the first company name for this service.

Why tiny URLs?

The idea is rather simple, it's easier to send a URL that's less than 32 characters rather than those at length URLs, especially those with random numbers (although the numbers are randomly generated, obviously, they have a meaning in regard to your usage of the site that gave you that URL and are generally called Session Identifiers.)

For example, there is a tiny URL for this very page:

http://tinyurl.com/4994dst

Google "We're sorry" message...

Alexis Wilke's picture

I don't usually run Google searches on FireFox only to see some detailed information as provided by SEOQuake. Yet, today I was searching for some potential answer to a problem I'm running into with MS-Access which crashes a database and ran those on FireFox instead of my favorite: SeaMonkey.

As I was testing, all of a sudden I got the screenshot as shown in the figure below. Although it did not feel like I was sending automatic requests to Google, the SEOQuake toolbar does so on all the results! That means each time I do a search "I" send at least 11 requests to Google. After 3 or 4 searches with pretty much the same terms each time, that's well over 40 requests within 2 or 3 seconds.

That's the first time I got this screen, I'll have to think of turning off the SEOQuake bar whenever I do intensive searches like these.

By the way, our Snap! Websites system has a similar protection: MO Anti-pounding. Most of our websites, if hit too many times, will give you an Error 500 asking you to slow down. This ensures everyone can enjoy the experience of using our systems.

What happens when you have a Firewall

Alexis Wilke's picture

The newest MS-Windows Operating Systems have come with a built-in Firewall. This was very important from the start of the Internet, but since the year 2000 or so the need grew faster and faster. Windows XP is the first system that automatically turned on the Firewall. Of course, your Snap! Website is also protected by a firewall.

What does that Firewall really do?!

The firewall simply blocks connections from any external networks (by default you may have some features such as the Remote Assistance and Network Diagnostics turned on1

  • 1. Note that you should probably turn off all exception and

Your Facebook, Snap! Websites and other passwords...

Alexis Wilke's picture

Password Strength

I'm sure that, if you've been around for some time, you've heard of someone's account being hijacked. Half the time, that's because the password was something too simple. Although all companies could force you to enter a safe password, only banks really do it (and a few geek websites that you have probably never even heard of!) At least, Snap! Websites have a counter that let you know the strength of your password as you type it.

There are many tools that will help you check whether your password is considered safe. For instance, password1 is not safe. So are all the words found in any dictionary (especially English, but whatever the language, all the same.)