Building smart websites for small businesses

Tag: security

1 to 10 of 60 posts tagged with securityview tags

Panopticlick - a research project designed to better uncover the tools and techniques of online trackers and test the efficacy of privacy add-ons. Run the test to see if your browser is safe against tracking.

Major sites running unauthenticated JavaScript on their payment pages. The article title says it all. The TL;DR is this: if your payment page requests external files, this is most likely JavaScript or CSS files from CDNs, then you need to ensure that those files have not been tampered with before or during the payment process, because a malicious hacker could very easily intercept payment card details. This is precisely what happened to British Airways!

The solution is to use SubResource Integrity (SRI) which basically involves adding an "integritiy" attribute to your script or link element, like this:

<script src="" integrity="sha384-eP2mZH+CLyffr1fGYsgMUWJFzVwB9mkUplpx9Y2Y3egTeRlmzD9suNR+56UHKr7v" crossorigin="anonymous"></script>


Like most people who make use of the web, you probably use some free services like Facebook, Twitter, Google Chrome, Outlook, Gmail (the list goes on... basically we're talking about a product or service provided by an oversized tech power that demands your personal data in exchange for whatever they're peddling). Free services appear great on the surface but you are essentially selling your soul to these data tyrants so they can sell on your personal details to the lowest bidder. As the inventor of the web Tim Berners-Lee (TBL) states:

the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas

It's 2018 and we find ourselves in this dire situation, largely due to greed. It's toxic. Thankfully TBL has been working on a solution, called Solid, that aims to give web users more control over how their data is used and abused:

Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we’ve all discovered, this hasn’t been in our best interests. Solid is how we evolve the web in order to restore balance — by giving every one of us complete control over data, personal or not, in a revolutionary way

The main idea behind Solid is:

It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time.

So while you may still need to disclose a certain level of personal information to use the services of Facebook for example, at least you will be in control of your own data, not Facebook. You set up a profile (known as a POD) on the Solid platform and then choose what info you want to share. I like it! And like TBL I'm looking forward to welcoming in the next era of the web.

Treat your passwords like your underwear

  • Never share them with anyone
  • Change them regularly
  • Keep them off your desk

Courtesy of @ml2mst

The ICO blog has a great post on ransomware, the despicable act of holding a business to ransom by preventing access to the files on their computer. These things always begin with a virus, usually through a spam email. Once infected your computer is locked down and access to your important files restricted. The pirates then issue a demand for payment to permit access again... or they will delete them. This is when having external backups comes in handy! Of course, the best defense is to avoid catching the virus in the first place.

Read the post: Being held to ransom?

  1. accessibility
  2. social networking
  3. security
  4. software
  5. usability
  6. copywriting
  7. browsers
  8. email
  9. technical
  10. marketing
  11. seo
  12. ecommerce
  13. news
  14. css
  15. law
  16. help
  17. design
  18. business
  19. blog
  20. analytics
  21. mobile
  22. spam
  23. hardware
  24. cms
  25. domains
  26. fun
  27. brand
  28. misc
  29. social media
  30. advertising
  31. blogging
  32. typography
  33. podcast
  34. clients
  35. rss
  36. services
  37. privacy
  38. html

©Doepud 2006–2020. All rights reserved.