Online Privacy - What You Need to Know Overall rating: ★★★★★ 5 based on 23 reviews
5 1

BlogSimplio Labs Blog

“Once we accept our limits, we go beyond them.”

Albert Einstein

Online Privacy – What You Need to Know

Uncategorized No Comment

Most Websites Already Know a Lot About You. Here’s What You Need to Know About Online Privacy.

Information that you share on an online platform can often be used by third parties without your consent, and it can even be used to track your whereabouts. Now, most of the secure sites will not collect any sensitive information like identification details or financial details. However, your posts on social media, internet searches, and browser history can be accessed, and your computer’s IP address can be used to trace your location as well.

`

Therefore, you should always be aware of all the privacy protocols that a site has before entering any information. Given below are a few tips that will help you keep your information safe when you are on the internet.

  • Always update your browser. The web browser is the one thing that you use most often and your browser history can easily be accessed if there are any glitches. To avoid such disasters, it is important to run the available updates. These will check for any potential attacks and take measures to secure your information.
  • Many online services like Gmail and Facebook have a two-step verification system. This provides extra protection as you will have two passwords instead of just one. When you sign in, you will have to enter your chosen password and a generated password will be sent to your mobile number. This reduces the risk of your account getting hacked.
  • More often than not, you will notice that several advertisements are popping up and they are related to what you have browsed for. This is because these ads place cookies that can track and remember what you have searched. Now, you can remove the cookies by clearing your browser history at regular intervals.
  • There are some online privacy tools available that help secures your information. These are not effective against massive attacks but they try to hide your cookies, location and browser history from third party websites.
  • Whenever you are using a new site or creating an account on some online platform, make sure to read the terms and conditions they have regarding a client’s privacy, carefully. Most of the time, we miss this section, taking it for granted that our data is secure. But if you read between the lines you will see that many sites clearly state that they collect your information to sell to advertisers. Also, there are many companies that do not stick to their privacy policies and this places their clients in danger. If anything like this happens, then it becomes very difficult to maintain privacy and protect your personal data. So always keep yourself informed and give your information only if you are absolutely sure.

There are many internet browsers that allow “private browsing”. However, this does not mean that your information cannot be tracked or collected. When you use this mode, cache, browsing history and cookies are deleted, so your privacy is protected but only for those who use that same device.

 

Source: [1] [2] [3]

Facebook Launches Two New Features to Help Small Businesses Grow

Uncategorized No Comment

The holiday season is just around the corner and everyone is going crazy over shopping. Now is the high time when top brands and local sellers earn the most from customers. As small businesses, it is difficult for them to earn more customers through local strategies, which is why Facebook is taking amazing steps to help them build a strong internet presence.

As holidays are coming near, many people are looking for online options to purchase gifts for friends and family. If small businesses have a strong internet presence and helpful tools, they can easily make new customers without any hassle.

As a result of this, Facebook recently introduced two new features,

1. Customizable story option on Facebook, Instagram and Messenger – It is not easy for small businesses to create new ad campaigns for every product. By using this feature, small businesses can save a lot of money and time that they could have spent on advertising.

2. Improved Instagram Messaging for Businesses – To help small businesses grow rapidly, it is necessary for them to be organized. This new feature will help businesses to send instant replies during busy season and organize chats in separate folders to avoid any mishap.

By launching these new features, small businesses will be able to reach out to maximum customers and attract many people by their fast service. Apart from it, Facebook is also helping such small businesses to learn how to improve their business strategies to gain more audience.

Small business owners can take part in the training held by Facebook to learn where they are lacking and improve them accordingly. If these businesses can learn to adequately handle their business, there are more chances for them to enjoy benefits all year and not just during the holiday season.

These small businesses can bring a lot of growth to the local economy by investing their skills in the proper advertising and amazing customer service. Facebook’s action towards helping small businesses might seem like a pebble stone right now but it can give enormous advantages in the future.

Magento Commerce 2.2.X is Nearing the End of Support, it is Time to Upgrade!

Uncategorized No Comment

You must have a current Magento subscription or license to receive software support. Additionally, it is recommended to always have the latest Magento version installed for optimum security and to leverage Magneto’s advanced features.

Magento continues to improve releasing updated versions. Please review the chart below for the end of software support dates for previous Magento versions:

Magento Release End of Software Support
Magento 1.x 06/2020
Magento 2.0.x 03/2018
Magento 2.1.x 06/2019
Magento 2.2.x 09/2019 (Open Source) & 12/2019 (Magento Commerce)
Magento 2.3.x – Magento 2.3.2 Latest Version

Magento has stated: Support for Magento Commerce 2.2.x ends on December 31, 2019.

Merchants or customers who are still using Magento Commerce 2.2.x should upgrade to the latest Magento Commerce release 2.3. If you continue using Magento Commerce 2.2.x for your website, this may impact website security and compliance.

YouTube Is Making Hard For the Copyright Holders to Make Unfair Claims Against The Creators

Uncategorized, What's New No Comment
youtube copyright claims

YouTube Company found that most of the copyright holders are using unfair means to take revenue away from the creators. The news appeared first on Search Engine Journal.

For most of the people, YouTube’s copyright system is a mess as it places the burden on the creators to dispute the copyright claims, in turn, the copyright holders use the manual claiming tool to seize revenue arising from the videos often before the YouTuber (creator) takes a chance to respond.

But now YouTube from continuous requests form the content creators is updating this tool so that creators do not face any loss. This shall take place in the mid of September and YouTube will do this by changing its Content ID policy, YouTube mentions this in their blog post that by doing so many of the copyright claims shall be cut down. In other words, the right holders will not be able to size money from the YouTube videos by filing any claim and especially when the video is registered in someone’s name and appears for a small period of time on the channel or appears in the background of certain video.

YouTube has now made it mandatory for the people who are filing copyright infringement claims to provide a timestamp for the exact part of the video or the video’s they are reporting. The company also states that they will revoke user’s access to the manual claims if they continuously fail to provide accurate manual timestamps. An advantage of timestamps is that the manual claim recipient will see the timestamp as indicated by other party/parties that will make it easy to find out which part of the video needs to be edited.

To solve this issue they can either dispute the claim or can alter the video by using YouTube’s updating editing tools. Other than this the creators can shut down or remove all sounds, they can even swap them out easily with one of the platforms free to use songs from their audio library.

YouTube has a database of files on which it scans the video uploads so as to find the audio and video matches through its Content ID technology. Any copyright infringement found automatically leads to automated content ID (it’s a video platform system that detects an upload uses another person’s intellectual property claims, then they can earn from it as well) claims.

YouTube believes that by doing so many of the manual claiming privileges of labels or other right holders that get continuously breached will be stopped.

The changes made by the company will only effect manual claims and will have no impact on music found automatically by YouTube’s Content ID system. The company states that since it was implemented it has cleared many claims and has paid many right holders an amount of dollar 3 billion a very big amount.

The company states that they will continuously design ways to improve the creator’s copyright experience without altering the rights of the copyright owners.

LinkedIn Users Can Now List the Services They Offer On Their LinkedIn Profile

Uncategorized No Comment
Image Source: http://www.socialsamosa.com

LinkedIn has probably become one of the most trustworthy and popular app/websites in recent years. It is the ultimate stop not only for job seekers but for employers as well.

With more technological advancements, new features have been introduced on LinkedIn. In fact, users can now easily list the services they offer on their LinkedIn profile.

This feature allows various freelancers and small scale businesses to feature their services on their profile.

This means you can spot a new option where you are required to fill a section labeled as- “Services” on your profile now. This is a great tool for thousands of freelancers to showcase their strong points and ability in the form of the services they provide. Along with this, it gives them or the other users to mention that they are ‘open for business’ which matches their profile.

Steps to Add services to your LinkedIn profile

Turn on the Services feature

At first, you need to open the mobile app or website on your desktop. Now, you need to check whether the Services feature is enabled on your profile or not. If not, turn it on.

Once you do that, you will notice a box under your profile photo. This box contains information about the process to showcase the service you want to provide.

Add services

Once you have read the information, you need to click on the ‘Add Services’ tab and a form will be displayed on the screen. Carefully, fill out all the required fields and details about the services you provide in the form.

Now, you can use a very useful tip here- try to be as detailed as possible. This is due to the reason that for the recruiters and other members that is a synopsis of the summary of your field of work, services you are ready to provide, businesses you are ready to do or invest in.

Continue

The final step includes clicking on the ‘Continue’ button and the information gets added on your profile.

You must be wondering how does this help? It will help members who are searching for professionals. The recruiters or the members need to filter their general LinkedIn searches. This will help them to find only those professionals who fit their needs.

The users who have added the required services in their respective profiles, their names will be shown in the search engine. For example- if you have noted that your Service is- website designing and a member searches for the word ‘designing’ then your name will be displayed in their search result.

Now, it’s the choice of the members or recruiters to message a freelance professional directly to inquire about their services and business they provide.

This latest feature has given a great opportunity and platform not only to freelance professionals but recruiters/members as well. It has become very easy for people to find the perfect person or business to get associated with. Above everything, it’s all safe and legal because LinkedIn provides that trust to all its users.

Instagram Starts Removing Posts ‘Like Counts’ In 6 More Countries

Uncategorized No Comment
Image from: TechCrunch.com

Most of the social networking sites these days have become highly attentive towards introducing the best possible security standards and making the platform more user-friendly. Following the same trend, Instagram is also taking steps to provide more safety, security and making the app more amicable for its millions of users.

Taking a step forward towards these things, Instagram decided to expand its test to hide like counts. It has decided to give more users the options to hide the counts on their posts publicly. Recently it made an official announcement where it decided to expand the test regarding hiding the like count to six more countries- Ireland, Italy, Japan, Brazil, Australia, and New Zealand.

The test initially was started in Canada. At the initial stage of the test, only some people were included and they had their likes hidden by default. They had to choose to opt-out the likes publicly. But, there is another aspect to this, the people who had their likes count hidden can still see the likes on their own content.

Well, this is a known fact that a number of likes have become a de facto way of providing value on user’s posts. But Instagram decided to hide it due to the reason that it wants its audience to focus more on the posts, videos, and content and not on the number of likes. It can be said here that they do not want you to judge the posts by the number of likes it receives.

There is another aspect to this test undertaken by Instagram as to why it has decided to expand it. There are times when a photo of yours might not receive much appreciation or likes. This often lowers the confidence of the respective user and in the future, he/she is attentive about posting similar posts, for example- a selfie in a swimsuit, food photos, etc. This is because more likes signify that the post is more impressive than others and getting lesser likes makes you feel terrible.

But, this latest feature of hiding the public count will give all the users the permission and confidence to post whatever content, photo or video they may like and seem fit to post. The post won’t be based on the basis of a number of likes or hits. This will be fruitful because people would stop caring too much about the likes on the post and will put whatever they feel like to post.

Thus, hiding the likes from feeds, posts, videos but making it visible to the person who posts it, would give people sensibility about what is working. And, they don’t have to worry about what opinions people form regarding their personal feeds. Overall, it boosts their confidence to post whatever their heart says to and not what people want would hit like on.

So, if you live in the countries where this test is been carried out, then your Instagram would only show the name/username of the person who likes your post but not the number of people who hit the like button.

Facebook Found a Major Privacy Flaw in Messenger Kids

Uncategorized No Comment

In 2017, Facebook launched Messenger Kids which is a child-friendly version of this app. Even at that time, there was a great protest against Messenger Kids and it wasn’t considered to be amicable by various health professionals.

If we look at the recent cases regarding the privacy and security of Facebook, it won’t be wrong to say that something was bound to go wrong at some point in time. And, it happened recently when Facebook found a major privacy flaw in messenger kids.

Facebook took the responsibility of informing all the parents of the children using Messenger kids about the flaw due to which their children were exposed to some users who were not approved by their parents. The irony of this situation is that- Facebook’s Kids Messenger app was built around a simple premise that children should not be able to talk to those users who were not approved by their parents.

But due to this major privacy flaw the very basic premise of the Kid’s Messenger is outlawed and is being questioned by experts and parents all around the world. In order to correct the flaw and until any further notice, the affected chats were turned off and parents were also provided with additional resources on Messenger Kids and online security. 

The Back-Story of the Bug

According to some experts, the bug was a result of a flaw in the process of applying Messenger Kid’s unique permission in the group chat. The issue in this area led to the major privacy flaw where the chats of users/ kids got exposed to unauthorized users who were not approved by their respective parents.

In normal day-to-day life, children who are using Messenger kids can only start a conversation with other users who have been approved by their respective parents and the unapproved users can’t reach out to the kids and either way, is also not possible. Now, the permission setting process became more complex and hassle-full when it was applied to group chats where many users were involved.

The permission setting feature failed and didn’t work properly. This lead to security issues on the Messenger Kids app. As a result of all this, the person who originally launched the group could invite any user. In fact, he/she could even invite those users who were not authorized by the parents. Thus, thousands of children were left in chats with many unauthorized users. And, above all this was simply a violation of the core promise of Messenger kids.

Well, there is no denying the fact that Facebook’s original intention was to create a safer and secure environment/platform for young children. But, due to this security flaw, their intent and functionality are put to question by experts all around the world. This has also alarmed the parents and has broken their trust regarding the app as well.

Many experts have criticized Facebook and quoted that Messenger kids are nothing but a product to target young children. They find it totally unwanted and absurd.

The Google June 2019 Core Update

Uncategorized No Comment
The Google June 2019 Core Update

In order to roll out the June 2019 core update, Google took 5 days and in order to diversify the updates, it took about 3 days. The rolling out process started on June 3 and finished on June 8 of this year. This information was confirmed by Google employee Danny Suvilian.

The process of rolling generally takes this much time due to the reason that it has various data services and servers all around the world, and it takes time to update all these data services and servers as well. Thus, the span of 5 days for this massive scale roll-out process is not long enough. There have been incidents in the past when these updates have taken a few weeks of time to get completed. Thus, comparatively, it was quicker this time.

The June 2019 core update did overlap with diversity update because the diversity update was initiated on June 4 and finished on June 8.

There is a very important point to note- The Google headquarters does not release the information on how large the impact of these updates is like. Their work is only to announce these core updates as they are massive and noticeable as well. Also, this time the field of domains that were affected by the core update process are more and wider as compared to the previous updates initiated by Google.

Some major changes and advancements enabled due to June 2019 rollout is as follows:

  1. The processing of noindex and other related directives in robots.txt file was changed by Google.
  2. It also submitted robots.txt file as a real web standard.
  3. Google also opened sourced Googlebot parser so that it is accessible to other users.
  4. One of the major changes initiated by Google via this core update is that it stopped supporting and assisting social profile markup for knowledge panels.
  5. Google also announced to crack down on leased sub-domains on third party sites.
  6. Google Search Console dropped the preferred domain setting this month and with that, it got mobile-first indexing tools.
  7. Google confirmed the fact that Googlebot does not support HTTP pipelining.
  8. It still shows hidden content in Accordians and Tabs. They are featured as Snippets.
  9. Due to the latest update, now the Site migration process can take about a day or two if done correctly.
  10. The dis-allowed URLs via robot.txt does not affect crawl budget.
  11. It has officially launched the new Search Menu Bar with icons.
  12. The Google bug knowledge panel was also updated. The updated version does not have any attribution.
  13. There are speculations that Google may also drop the function of removing features from Google Search Console.

Thus, the above-mentioned points are the major changes that took place due to June 2019 core update. These changes and upgrades are supposed to increase the accessibility of Google users. Most of the people from SEO forum noticed and experienced about 25-30% changes in their traffic and were positive about this June 2019 core update. It has been fruitful for the users across the globe as well.

Massive WordPress Infections Reported!

Uncategorized No Comment

PublicWWW finds the most common patterns of this malware on thousands of sites:

Database Injections

Multiple variations of the injected scripts have been found. For example, when the attackers have access to the WordPress database, they inject the following script into blog posts (wp_posts table):

It loads an obfuscated script, which then loads a sequence of scripts from hxxps://www.learningtoolkit[.]club/link.php, then hxxps://mp3menu[.]org/mp3.js, and eventually redirects to tech support scam sites.

 

Reinfections of the Same Posts

On some sites, hackers aren’t even bothering to remove older versions of their scripts. You can find multiples scripts injected into the same posts by different waves of the malware campaign.

 

Malware in wp_options Table

The obfuscated learningtoolkit[.]club script that begins with “var _0xfcc4=” can also be found in the wp_options table. This happens when hackers exploit vulnerabilities in certain themes and plugins. The most common victims are sites with old tagDiv themesor unpatched versions of the Smart Google Code Inserter plugin.

In the latter case, the malware is injected into the “sgcgoogleanalytic” option where the plugin stores the Google Analytics tracking code.

 

Backdoors

If the attackers manage to get access to the file system, after uploading backdoors, they try to infect .php and .js files of the compromised sites.

The infection process begins with uploading a backdoor. We find them in site roots, in wp-content/uploads, or within other directories where the exploited vulnerability allows it.

Here are some typical names and paths of the backdoors:

The backdoor saves base64-decoded contents of the “q” parameter into the “cleartemp” file, then includes it to execute. It then immediately deletes the created file.

All the backdoors have similar content, just different parameters and names of the temporary files: cleartemptempotempltempleb, fgdfgdfg. Sometimes, the temporary files are created in /tmp or /var/tmp directories.

 

Worried That Your Website Might Be Infected? Click the Button Below to Call Us!

call-now

Second Level of the Backdoor

The code of the temporary files described above is another level of the backdoor. This time, it loads the content of a remote file (p4.txt or tpn2pp.txt) from a server with the IP address 190 .97. 167. 206, and saves it to yet another temporary file with name hjghjerg or minteasd.  It then includes the saved file to execute its base64-decoded code and deletes the file. For some reason after that, the backdoor executes the same code again, this time using the eval function.

 

Malware Injectors in Hjghjerg

Code in the hjghjerg file is responsible for injecting malware into website files. Over time, we have collected quite a few variations:

Currently, the most common version of the new infection injects the “var _0xfcc4” script into all files that have the <head> tag (for example, header.php in WordPress themes or almost any .html file).

The script is injected right after the opening <head> tag and right before the closing </head> tag. A side effect of this attack is that permissions of the infected files are changed to 777 (full permission for everyone). Keep this in mind when cleaning sites – you might want to revert their permission back to something like 644, or even a stricter file permission.

 

Payload to Infect JavaScript Files

Here’s another variation of the hjghjerg file injecting the same script into any JavaScript files with names containing jquery.

In this case, the malicious script is injected at the very top of the files immediately before their legitimate content.

The find command for the jQuery-related .js files has improved since the August version where we reported a bug that resulted in malware being injected into non-.jsfiles, including WordPress core CSS files.

 

Coding Style and Dealing with Reinfections

The coding style is very sloppy. There are no checks for errors or any fallback mechanisms.

Note: These versions try to inject new scripts into all suitable files. They don’t check if they have previous versions of the malware, which results in multiple infections of the same sites. Sometimes, the hjghjerg file contains code to replace previous payload with a new one. e.g. the examhome[.]net script to the learningtoolkit[.]club script. However, even in this case, it only takes care of one specific variation of their previous injection and neglects all other waves that used different scripts.

 

Hotopponents Version of the hjghjerg File

Some versions of the hjghjerg file inject different variations of the scripts.  In this case, it’s an external script from hxxps://hotopponents[.]site/site.js?wtr=1injected into files with the <head> tag and an obfuscated code that loads “hxxps://hotopponents[.]site/site.js?wtr=2” injected into jQuery related JavaScript files.

 

Cross-site Infections

As you might have noticed, the injector uses the find command that starts searching for victim files from the server root level: “find / …”. This means that if the site and account isolation on the server is not good enough, even one compromised site will be enough to infect all sites that share the same account – or even the whole server, in a worst-case scenario.

Of course, it’s hard to break out of the account level using this approach, even if the find command locates files that belong to different accounts (which doesn’t happen on most properly configured shared servers). Most likely, the script will not have sufficient permissions to modify them – unless the files had too broad permissions (e.g. 666 or 777) in the first place. This could happen, for example, if those third-party sites had been infected with the same malware and then cleaned without restoring the original permissions (remember, the injector changes permissions to 777?).

Another approach used by the same campaign can theoretically be successful in breaking out of the compromised account on a small number of misconfigured shared servers since it only needs read permissions.

 

Database wp-config.php Vector

The following code is also found in some variations of the hjghjerg file.

This injector searches for all wp-config.php files on the server and then reads database credentials from them. After that, it connects to the mySQL database, searches for the “wp-posts” tables there, and appends the malicious scripts at the end of WordPress posts (post_content field).

On most modern shared servers, the scope of this injector will also be limited to the compromised account. However, if the account isolation is not properly configured (which still rarely happens on some servers of small/amateur hosting providers), all WordPress sites on the server can be infected because of just one vulnerable site.

 

Conclusion

This long-lasting malware campaign demonstrates that all aspects of website security matter. Hackers don’t go for just a single vulnerability. They use a constantly updated kit of tools and exploits that help them maximize the effectiveness of their attacks.

Fully patched themes and plugins, strong passwords changed after any compromise, correct server configuration and site isolation, strict permissions of files with sensitive data – missing any of these components increases chances of a website compromise.

If you believe your site has been compromised by this attack, we can help. Contact us immediately at (888) 766-3315, or send an email by clicking HERE.

If your website is very outdated it may be for the best to do complete redesign sooner rather than later. This should also improve your security immensely. Visit THIS page to learn more and get a quote. We have special offers in store for our repeated customers.

The 10 Best Note Taking Apps (Evernote and OneNote Alternatives)

Uncategorized No Comment
best-note-taking-appsTaking important notes at crucial times is often the hardest part of someone’s work. Gone are the days when people used to carry small writing pads. Now, people refrain from using the conventional pen and paper and use the new technology to jot down important notes.

When you are at the office or at your home, the closest thing you have is either your smartphone or your laptop. So it is essential that the device is equipped with a good app that would help you take down notes quickly. We all know of Evernote and OneNote, they are the two giants when it comes to note-taking. But did you ever wonder if there are other good note taking apps out there?

Here are the Best 10 Note Taking Apps- (BEST Evernote and OneNote Alternatives)

  • Google Keep

Another quality product from Google, Google Keep allows you to quickly take down notes. The app is quite lightweight and requires less RAM. However, it is loaded with features. You can create checklists and even record audio for transcription. Like all Google Products, Google Keep works with your cloud storage. So all your data is automatically saved.

  • DropBox Paper

Available only to web users, this app quickly allows you to scribble ideas. Then you can attach photos or videos with your idea and then export it as a full-fledged PDF.

  • Bear

This application is exclusive to Mac users. One of the few apps in this sector that offer Mac support, Bear works well for people who keep getting phone calls. You can easily write down notes on your Mac. It is available at $1.49/mo and gives high storage.

  • Box Note

Available across web, Android and iOS, Box Notes offer basic editing tools. Also, it comes with a toolbar, so you can easily edit or organize the written data. This app offers cross-platform synchronization.

  • Apple Note

The best notes app for iPhone users. This app is widely available on iOS, Mac and Windows devices. Windows users can access the Apple Note through the web. It uses your iCloud credentials to sync data across all devices.

  • Quip

This app is available across all the platforms. The application boasts of a simple user interface. It gives you the option of adding another person to the note, so you both can edit it later. However, this app isn’t free and comes at a price of $30/mo.

  • Penultimate

Exclusive to iPad users, this app allows you to scribble and doodle on your iPad. This app was recently acquired by Evernote.

  • Squid

Available for android and windows users. Squid allows you to scribble notes onto your device. Also, it gives you the option to type in the notes using the keyboard. When you are done noting down, just export the file as PDF and view it later.

  • SomNote

Easy note app that allows you to sort your notes according to color. Also, it comes with password protection and encryption. Costs $39.99/mo but also offer a free version.

  • Paperwork

A free open source app that allows you to run your own server. So you can control what you want, when you want. However, it is not easy to execute and is best suited for people who have familiar knowledge of the coding.