How to Survive a Data Breach

Screen shot 2015-04-14 at 12.19.10 AMData breaches are fairly common occurrences these days – just last year alone, nearly half (43%) of all companies experienced a cyber attack. Even worse is that most data breaches take weeks or even months to discover, which can have devastating effects on a business since the average cost of a compromised record is worth more than $194.

What can businesses do to prepare for and mitigate the inevitable cyber attack? Neill Feather, president of SiteLock, recently wrote an article on Smart Data Collective to help businesses put the proper recovery and response plans in place. You can read it by clicking here.


SiteLock® and Logjam: What You Need to Know

Logjam is the code name for a cryptographic weakness in the Diffie-Helman key exchange algorithm used by TLS, commonly used in HTTPS connections. The Diffie-Helman Exchange (DHE) allows two parties – a browser and server in our case – to exchange prime numbers in a secure manner which are then used to create a shared secret used to encrypt a session.

A team of computer scientists and security researchers found that precomputing the prime number groups that DHE uses allows faster computation of the discrete logs used to find the shared secret. With academic-level resources, the researches precomputed a 512-bit group used by 82% of vulnerable servers. The researchers posit that nation-state level resources could precompute 1024-bit Diffie-Helman groups, affecting even larger swaths of the internet.

Ultimately, the Logjam attack would be launched with a man-in-the-middle attack which downgrades a session to use export grade, or 512-bit, encryption, the attacker computes the unique log, and then finally determines the session’s key, allowing once encrypted traffic to be read. This means HTTPS communication, such as online shopping, using weak Diffie-Helman key exchange is not properly secure.

What should SiteLock customers do?

SiteLock customers using the TrueShieldTM web application firewall (WAF) are protected by default. SiteLock terminates, or handles, HTTPS sessions and in turn blocks vulnerable key exchanges as SiteLock servers are configured to support only the most secure cipher suites.

Administrators are urged to configure their servers to deny the use of vulnerable Diffie-Helman key exchange algorithms. Researchers provided a guide for system administrators, and the SSL Server Test can verify configuration results. We also urge users to be on the look out for future updates to popular browsers which will mitigate the Logjam vulnerability.

SiteLock not only secures your website from vulnerabilities and malware, we secure your customer’s valuable data in transit, so they stay customers and your business flourishes. Stayed tuned to the SiteLock Blog for the latest security developments.


Must-Know Privacy and Security Compliances

compulsory securityWith cyber attacks and data breaches on the rise, privacy and security compliances are more important than ever. What are compliances? Generally, they’re laws designed to protect private consumer and company data from being stolen and exposed.

Privacy and security compliances span across many industries – education, government, health and high-tech like cloud and SaaS. You may have even heard of a few of them, like HIPAA or SOC.

Neill Feather, president of SiteLock, recently wrote an article highlighting the top 3 privacy and security laws that you should know, along with some tips to help organizations improve website compliance. You can read it on Govloop by clicking here.


How to get your website hacked

Web application firewall
SiteLock prevents harmful visitors and malicious attacks on your website.

Websites and web applications are being hacked more than ever these days (especially with the rise of online businesses and B2B SaaS-based platforms). If a hacker gains access to the system, they can compromise financial records, medical records and other personal information such as Social Security Numbers and credit cards.

SiteLock president Neill Feather recently wrote an article on B2BNN, covering 5 security issues that many websites and web applications face, with solutions, including handling payments  (PCI compliance), malware and password enforcement. For the full article, click here.

SiteLock and the WordPress Genericons XSS Vulnerability: What You Need to Know

Earlier this week a security researcher reported a cross site scripting (XSS) vulnerability in the WordPress icon package, genericons. Genericons included an HTML file, example.html, which had the cross site scripting flaw, and the icon package is used with the default installed WordPress theme, Twenty Fifteen, to give you an idea of the broad impact.

The XSS vulnerability was DOM, or document object model, based meaning it could potentially control how the browser handles a requested page. The victim would have to be coaxed into clicking a malicious link, reducing severity, though the exploit remains widely deployed all the same.

The attack is carried out by the attacker crafting a link to the vulnerable example.html file including malicious JavaScript, and persuading a victim to click the link. The server responds to the request, serving the page with crafted code. The browser then runs the code in the DOM object of the page, performing any number of malicious actions. Logged in admins, as you can imagine, would be vulnerable to site takeover.

As a SiteLock customer, here’s what you need to do.

First, don’t worry. Even though the exploit is run directly in the browser, SiteLock TrueShield customer sites are virtually patched against the exploit. Plus, further extension of an attempted attack will be caught by the TrueShield WAF or the SiteLock SMART scanner if malicious code makes it on the site.

Next, update WordPress to the latest version released yesterday, 4.2.2. Most WordPress installations will update automatically, though we recommend backing up your database and site files all the same. You can also remove the example.html file or files which will remove the vulnerability without impact to the site.

(It’s a good idea to remove example, test, and development files from a production site anyway. Run a ‘$ sudo find / -name example.html’ to find and review all files named example.html.)

WordPress is a powerful, yet simple to use CMS ideal for many blogs, portfolio or e-commerce sites. The widespread adoption and scrutiny of WordPress’ code base is an absolute positive, and SiteLock’s security products work in perfect conjunction with WordPress’ growth. Stay tuned to The Website Risk Lockup for the latest in WordPress and internet security.

Who Else Is Reading Your Email? A Guide to PGP Encryption

prevent data breachWe teach our kids not to share anything on the internet that they wouldn’t want their grandmothers to see. We tell our employees to be mindful of private information shared via email. But are we really doing all we can to protect this method of conversation? There are over 204 million emails sent each minute, yet email is one of the most overlooked technologies when it comes to cyber security. A recent study by Domo showed more than 53% of employees receive unencrypted and risky corporate data through email or an attachment. How can we help ensure that the information we’re interacting with is secure?

PGP, which stands for Pretty Good Privacy, is a great first step. PGP works by encrypting email between two people who each have unique digital fingerprints known as PGP keys.

There are two types of PGP keys, private and public. Private keys are just that – they are protected and kept private to each PGP user. Public keys are shared with each recipient, if not the world. These two types of keys allow those with your public key to decrypt mail encrypted with your private key. This encrypted channel keeps unwanted observers out of the email conversation.

The technology has existed since before the Windows era, and hasn’t changed much since. Setting up PGP can be slightly confusing at first, but there are a couple guides online that outline the setup process.

As long as your recipient is all setup with PGP and your public key on their end, they should be able to decipher and read the message. Anyone else that tries to read it will see garbled, encrypted characters. Remember, not all emails are sent securely and are only viewed by the intended recipient. Make sure you are taking the proper precautions to safeguard yourself from security breaches at all times.


SiteLock Sponsors WHD.usa 2015

WHD.usa (WorldHostingDay USA) is an upcoming networking event for the hosting and cloud service markets, bringing together local service providers and international IT companies. WHD.usa will be WHD’s first event in the United States, and is taking place on May 19-20, 2015 at the 7Springs Ski & Mountain Resort in Pennsylvania.

WHD.usa will feature forums, panel discussions, breakout sessions and networking activities from industry leaders, including executives from Weebly, cPanel and ICANN. SiteLock will be joining companies like NEC and OpenSRS as a Gold Partner for the event.

“We want WHD.usa to be exceptional – for our partners, as well as their customers and visitors. Thus we are creating exceptional opportunities for a different customer approach and a completely new event experience. Sometimes it’s about re-thinking what’s possible.”

-Thomas Strohe, Founder of WHD

You can register for WHD.usa here. Standard tickets are $349, and VIP tickets are $999. As part of our sponsorship with WHD.usa, you may use code LXX8TJT for discounted rates.

SiteLock and the WordPress 4.2 XSS Vulnerability: What You Need to Know

malware surgesRecently, a security researcher released a zero-day stored XSS vulnerability in WordPress, meaning it was previously undisclosed and, at the time, unpatched. The vulnerability affected the latest versions of WordPress at release, including 4.2.

The vulnerability involves how WordPress stores comments in its MySQL database. Comments are stored as text and the size of that text is limited to 64 kilobytes, or 64,000 characters. Given a previously approved comment, an attacker could create a malformed comment using approved HTML tags and tack on 64 kb of any character (perl -e ‘print “a” x 64000′). The 64 kb of junk is truncated and what’s left is a malicious comment in the database which will run whenever it’s viewed. And what can run is up to the attacker – creating backdoors, stealing credentials, malicious redirects and more.

If you run WordPress, here’s what you need to know.

WordPress versions 3.9.3, 4.1.1, 4.1.2, and 4.2 are confirmed to be vulnerable. WordPress 4.2.1 was released yesterday to address this vulnerability and users are urged to backup their database and site files and upgrade to the latest version as soon as possible.

If an upgrade is not feasible, disable comments and do not approve any comments until the update is applied.

Next, deploy a web application firewall (WAF). The SiteLock TrueShield™ WAF protects against cross site scripting attacks, like the WordPress stored XSS vulnerability, regardless of platform patch level. All traffic to the site is analyzed and requests which contain malicious code are dropped, never reaching your site.

Finally, enable the website scanner. This type of scanner crawls your WordPress site looking for malicious links and code. Any malicious code stored in the database and rendered on the page as comments or site content is flagged as malicious and the site owner is immediately alerted. For SiteLock customers, Expert Services are available to step in and quickly remove the malicious code.

As always, stay up to date on the latest WordPress patches, and stay locked in to The Website Risk Lock-Up for the latest security news.


OTA Receives SC Magazine Editor’s Choice Award

rsa-2015-7OTA (The Online Trust Alliance) was awarded SC Magazine’s Editor’s Choice award earlier this week, thanks to the input from SC Magazine’s editors and over 40,000 readers. SC Magazine chose to award the OTA based on its efforts to improve SSL best practices, botnet frameworks, integrity in email and data breach readiness.

OTA was also cited for its work in public policy and success in convening multi-stakeholder efforts. When asked about the award, SC Magazine’s Vice President of Editorial Illena Armstrong said “The Editor’s Choice Award is presented to the company or organizations that best exemplify the continued hard work and dedication to educating the industry on best practices for IT security and leading meaningful initiatives to positively impact the lives of our community.”

“The Online Trust Alliance truly lives up to their mission to create and promote innovation, best practices and key technologies that enhance trust and promote principles vital to technology adoption, growth and global access to information.”

SiteLock President, Neill Feather, is a current board member of OTA. For more on the partnership, visit this page.

SiteLock and the Magento Vulnerability: What You Need to Know

Screen Shot 2015-04-27 at 8.37.24 AMEarlier this week, a remote code execution vulnerability against Magento, the Ebay-owned free and paid ecommerce platform, was released. Security researchers chained together multiple smaller vulnerabilities to ultimately run arbitrary code on the server Magento is hosted on.

As you can imagine, being able to run any code you want on an ecommerce site is bad. Customer and credit card data, prices and inventory, all become controllable with this exploit “chain.”

After responsible disclosure of the vulnerability this week, attacks on Magento sites ramped up, with the attackers adding surreptitious admin users and likely leaving other backdoors for future access.

If you run a Magento site, here’s what you need to know.

First, update Magento as soon as possible. A patch for the vulnerability was released in February – SUPEE-5344 – and the patch and instructions are available here and here respectively. Backup your database and site files before patching.

Next, if you don’t have a web application firewall (WAF), consider getting one. WAF’s block attacks and stop them from accessing your site to begin with. The SiteLock TrueShield stopped attempted exploits of even unpatched Magento sites, and for already exploited sites, TrueShield stops backdoor access so the bad guys can’t get back in.

Finally, scan your Magento site files to ensure all issues are patched. The SiteLock SMART scanner analyzes the source code of sites themselves, and often finds the payload, or results, of an exploit before it’s released. For more information on how SiteLock can help secure your site, visit



Get every new post delivered to your Inbox.

Join 57 other followers

%d bloggers like this: