Service Overall rating: ★★★★★ 5 based on 23 reviews
5 1

BlogSimplio Labs Blog

“Once we accept our limits, we go beyond them.”

Albert Einstein

Instagram Starts Removing Posts ‘Like Counts’ In 6 More Countries

Uncategorized No Comment
Image from: TechCrunch.com

Most of the social networking sites these days have become highly attentive towards introducing the best possible security standards and making the platform more user-friendly. Following the same trend, Instagram is also taking steps to provide more safety, security and making the app more amicable for its millions of users.

Taking a step forward towards these things, Instagram decided to expand its test to hide like counts. It has decided to give more users the options to hide the counts on their posts publicly. Recently it made an official announcement where it decided to expand the test regarding hiding the like count to six more countries- Ireland, Italy, Japan, Brazil, Australia, and New Zealand.

The test initially was started in Canada. At the initial stage of the test, only some people were included and they had their likes hidden by default. They had to choose to opt-out the likes publicly. But, there is another aspect to this, the people who had their likes count hidden can still see the likes on their own content.

Well, this is a known fact that a number of likes have become a de facto way of providing value on user’s posts. But Instagram decided to hide it due to the reason that it wants its audience to focus more on the posts, videos, and content and not on the number of likes. It can be said here that they do not want you to judge the posts by the number of likes it receives.

There is another aspect to this test undertaken by Instagram as to why it has decided to expand it. There are times when a photo of yours might not receive much appreciation or likes. This often lowers the confidence of the respective user and in the future, he/she is attentive about posting similar posts, for example- a selfie in a swimsuit, food photos, etc. This is because more likes signify that the post is more impressive than others and getting lesser likes makes you feel terrible.

But, this latest feature of hiding the public count will give all the users the permission and confidence to post whatever content, photo or video they may like and seem fit to post. The post won’t be based on the basis of a number of likes or hits. This will be fruitful because people would stop caring too much about the likes on the post and will put whatever they feel like to post.

Thus, hiding the likes from feeds, posts, videos but making it visible to the person who posts it, would give people sensibility about what is working. And, they don’t have to worry about what opinions people form regarding their personal feeds. Overall, it boosts their confidence to post whatever their heart says to and not what people want would hit like on.

So, if you live in the countries where this test is been carried out, then your Instagram would only show the name/username of the person who likes your post but not the number of people who hit the like button.

Facebook Found a Major Privacy Flaw in Messenger Kids

Uncategorized No Comment

In 2017, Facebook launched Messenger Kids which is a child-friendly version of this app. Even at that time, there was a great protest against Messenger Kids and it wasn’t considered to be amicable by various health professionals.

If we look at the recent cases regarding the privacy and security of Facebook, it won’t be wrong to say that something was bound to go wrong at some point in time. And, it happened recently when Facebook found a major privacy flaw in messenger kids.

Facebook took the responsibility of informing all the parents of the children using Messenger kids about the flaw due to which their children were exposed to some users who were not approved by their parents. The irony of this situation is that- Facebook’s Kids Messenger app was built around a simple premise that children should not be able to talk to those users who were not approved by their parents.

But due to this major privacy flaw the very basic premise of the Kid’s Messenger is outlawed and is being questioned by experts and parents all around the world. In order to correct the flaw and until any further notice, the affected chats were turned off and parents were also provided with additional resources on Messenger Kids and online security. 

The Back-Story of the Bug

According to some experts, the bug was a result of a flaw in the process of applying Messenger Kid’s unique permission in the group chat. The issue in this area led to the major privacy flaw where the chats of users/ kids got exposed to unauthorized users who were not approved by their respective parents.

In normal day-to-day life, children who are using Messenger kids can only start a conversation with other users who have been approved by their respective parents and the unapproved users can’t reach out to the kids and either way, is also not possible. Now, the permission setting process became more complex and hassle-full when it was applied to group chats where many users were involved.

The permission setting feature failed and didn’t work properly. This lead to security issues on the Messenger Kids app. As a result of all this, the person who originally launched the group could invite any user. In fact, he/she could even invite those users who were not authorized by the parents. Thus, thousands of children were left in chats with many unauthorized users. And, above all this was simply a violation of the core promise of Messenger kids.

Well, there is no denying the fact that Facebook’s original intention was to create a safer and secure environment/platform for young children. But, due to this security flaw, their intent and functionality are put to question by experts all around the world. This has also alarmed the parents and has broken their trust regarding the app as well.

Many experts have criticized Facebook and quoted that Messenger kids are nothing but a product to target young children. They find it totally unwanted and absurd.

The Google June 2019 Core Update

Uncategorized No Comment
The Google June 2019 Core Update

In order to roll out the June 2019 core update, Google took 5 days and in order to diversify the updates, it took about 3 days. The rolling out process started on June 3 and finished on June 8 of this year. This information was confirmed by Google employee Danny Suvilian.

The process of rolling generally takes this much time due to the reason that it has various data services and servers all around the world, and it takes time to update all these data services and servers as well. Thus, the span of 5 days for this massive scale roll-out process is not long enough. There have been incidents in the past when these updates have taken a few weeks of time to get completed. Thus, comparatively, it was quicker this time.

The June 2019 core update did overlap with diversity update because the diversity update was initiated on June 4 and finished on June 8.

There is a very important point to note- The Google headquarters does not release the information on how large the impact of these updates is like. Their work is only to announce these core updates as they are massive and noticeable as well. Also, this time the field of domains that were affected by the core update process are more and wider as compared to the previous updates initiated by Google.

Some major changes and advancements enabled due to June 2019 rollout is as follows:

  1. The processing of noindex and other related directives in robots.txt file was changed by Google.
  2. It also submitted robots.txt file as a real web standard.
  3. Google also opened sourced Googlebot parser so that it is accessible to other users.
  4. One of the major changes initiated by Google via this core update is that it stopped supporting and assisting social profile markup for knowledge panels.
  5. Google also announced to crack down on leased sub-domains on third party sites.
  6. Google Search Console dropped the preferred domain setting this month and with that, it got mobile-first indexing tools.
  7. Google confirmed the fact that Googlebot does not support HTTP pipelining.
  8. It still shows hidden content in Accordians and Tabs. They are featured as Snippets.
  9. Due to the latest update, now the Site migration process can take about a day or two if done correctly.
  10. The dis-allowed URLs via robot.txt does not affect crawl budget.
  11. It has officially launched the new Search Menu Bar with icons.
  12. The Google bug knowledge panel was also updated. The updated version does not have any attribution.
  13. There are speculations that Google may also drop the function of removing features from Google Search Console.

Thus, the above-mentioned points are the major changes that took place due to June 2019 core update. These changes and upgrades are supposed to increase the accessibility of Google users. Most of the people from SEO forum noticed and experienced about 25-30% changes in their traffic and were positive about this June 2019 core update. It has been fruitful for the users across the globe as well.

Massive WordPress Infections Reported!

Uncategorized No Comment

PublicWWW finds the most common patterns of this malware on thousands of sites:

Database Injections

Multiple variations of the injected scripts have been found. For example, when the attackers have access to the WordPress database, they inject the following script into blog posts (wp_posts table):

It loads an obfuscated script, which then loads a sequence of scripts from hxxps://www.learningtoolkit[.]club/link.php, then hxxps://mp3menu[.]org/mp3.js, and eventually redirects to tech support scam sites.

 

Reinfections of the Same Posts

On some sites, hackers aren’t even bothering to remove older versions of their scripts. You can find multiples scripts injected into the same posts by different waves of the malware campaign.

 

Malware in wp_options Table

The obfuscated learningtoolkit[.]club script that begins with “var _0xfcc4=” can also be found in the wp_options table. This happens when hackers exploit vulnerabilities in certain themes and plugins. The most common victims are sites with old tagDiv themesor unpatched versions of the Smart Google Code Inserter plugin.

In the latter case, the malware is injected into the “sgcgoogleanalytic” option where the plugin stores the Google Analytics tracking code.

 

Backdoors

If the attackers manage to get access to the file system, after uploading backdoors, they try to infect .php and .js files of the compromised sites.

The infection process begins with uploading a backdoor. We find them in site roots, in wp-content/uploads, or within other directories where the exploited vulnerability allows it.

Here are some typical names and paths of the backdoors:

The backdoor saves base64-decoded contents of the “q” parameter into the “cleartemp” file, then includes it to execute. It then immediately deletes the created file.

All the backdoors have similar content, just different parameters and names of the temporary files: cleartemptempotempltempleb, fgdfgdfg. Sometimes, the temporary files are created in /tmp or /var/tmp directories.

 

Worried That Your Website Might Be Infected? Click the Button Below to Call Us!

call-now

Second Level of the Backdoor

The code of the temporary files described above is another level of the backdoor. This time, it loads the content of a remote file (p4.txt or tpn2pp.txt) from a server with the IP address 190 .97. 167. 206, and saves it to yet another temporary file with name hjghjerg or minteasd.  It then includes the saved file to execute its base64-decoded code and deletes the file. For some reason after that, the backdoor executes the same code again, this time using the eval function.

 

Malware Injectors in Hjghjerg

Code in the hjghjerg file is responsible for injecting malware into website files. Over time, we have collected quite a few variations:

Currently, the most common version of the new infection injects the “var _0xfcc4” script into all files that have the <head> tag (for example, header.php in WordPress themes or almost any .html file).

The script is injected right after the opening <head> tag and right before the closing </head> tag. A side effect of this attack is that permissions of the infected files are changed to 777 (full permission for everyone). Keep this in mind when cleaning sites – you might want to revert their permission back to something like 644, or even a stricter file permission.

 

Payload to Infect JavaScript Files

Here’s another variation of the hjghjerg file injecting the same script into any JavaScript files with names containing jquery.

In this case, the malicious script is injected at the very top of the files immediately before their legitimate content.

The find command for the jQuery-related .js files has improved since the August version where we reported a bug that resulted in malware being injected into non-.jsfiles, including WordPress core CSS files.

 

Coding Style and Dealing with Reinfections

The coding style is very sloppy. There are no checks for errors or any fallback mechanisms.

Note: These versions try to inject new scripts into all suitable files. They don’t check if they have previous versions of the malware, which results in multiple infections of the same sites. Sometimes, the hjghjerg file contains code to replace previous payload with a new one. e.g. the examhome[.]net script to the learningtoolkit[.]club script. However, even in this case, it only takes care of one specific variation of their previous injection and neglects all other waves that used different scripts.

 

Hotopponents Version of the hjghjerg File

Some versions of the hjghjerg file inject different variations of the scripts.  In this case, it’s an external script from hxxps://hotopponents[.]site/site.js?wtr=1injected into files with the <head> tag and an obfuscated code that loads “hxxps://hotopponents[.]site/site.js?wtr=2” injected into jQuery related JavaScript files.

 

Cross-site Infections

As you might have noticed, the injector uses the find command that starts searching for victim files from the server root level: “find / …”. This means that if the site and account isolation on the server is not good enough, even one compromised site will be enough to infect all sites that share the same account – or even the whole server, in a worst-case scenario.

Of course, it’s hard to break out of the account level using this approach, even if the find command locates files that belong to different accounts (which doesn’t happen on most properly configured shared servers). Most likely, the script will not have sufficient permissions to modify them – unless the files had too broad permissions (e.g. 666 or 777) in the first place. This could happen, for example, if those third-party sites had been infected with the same malware and then cleaned without restoring the original permissions (remember, the injector changes permissions to 777?).

Another approach used by the same campaign can theoretically be successful in breaking out of the compromised account on a small number of misconfigured shared servers since it only needs read permissions.

 

Database wp-config.php Vector

The following code is also found in some variations of the hjghjerg file.

This injector searches for all wp-config.php files on the server and then reads database credentials from them. After that, it connects to the mySQL database, searches for the “wp-posts” tables there, and appends the malicious scripts at the end of WordPress posts (post_content field).

On most modern shared servers, the scope of this injector will also be limited to the compromised account. However, if the account isolation is not properly configured (which still rarely happens on some servers of small/amateur hosting providers), all WordPress sites on the server can be infected because of just one vulnerable site.

 

Conclusion

This long-lasting malware campaign demonstrates that all aspects of website security matter. Hackers don’t go for just a single vulnerability. They use a constantly updated kit of tools and exploits that help them maximize the effectiveness of their attacks.

Fully patched themes and plugins, strong passwords changed after any compromise, correct server configuration and site isolation, strict permissions of files with sensitive data – missing any of these components increases chances of a website compromise.

If you believe your site has been compromised by this attack, we can help. Contact us immediately at (888) 766-3315, or send an email by clicking HERE.

If your website is very outdated it may be for the best to do complete redesign sooner rather than later. This should also improve your security immensely. Visit THIS page to learn more and get a quote. We have special offers in store for our repeated customers.

The 10 Best Note Taking Apps (Evernote and OneNote Alternatives)

Uncategorized No Comment
best-note-taking-appsTaking important notes at crucial times is often the hardest part of someone’s work. Gone are the days when people used to carry small writing pads. Now, people refrain from using the conventional pen and paper and use the new technology to jot down important notes.

When you are at the office or at your home, the closest thing you have is either your smartphone or your laptop. So it is essential that the device is equipped with a good app that would help you take down notes quickly. We all know of Evernote and OneNote, they are the two giants when it comes to note-taking. But did you ever wonder if there are other good note taking apps out there?

Here are the Best 10 Note Taking Apps- (BEST Evernote and OneNote Alternatives)

  • Google Keep

Another quality product from Google, Google Keep allows you to quickly take down notes. The app is quite lightweight and requires less RAM. However, it is loaded with features. You can create checklists and even record audio for transcription. Like all Google Products, Google Keep works with your cloud storage. So all your data is automatically saved.

  • DropBox Paper

Available only to web users, this app quickly allows you to scribble ideas. Then you can attach photos or videos with your idea and then export it as a full-fledged PDF.

  • Bear

This application is exclusive to Mac users. One of the few apps in this sector that offer Mac support, Bear works well for people who keep getting phone calls. You can easily write down notes on your Mac. It is available at $1.49/mo and gives high storage.

  • Box Note

Available across web, Android and iOS, Box Notes offer basic editing tools. Also, it comes with a toolbar, so you can easily edit or organize the written data. This app offers cross-platform synchronization.

  • Apple Note

The best notes app for iPhone users. This app is widely available on iOS, Mac and Windows devices. Windows users can access the Apple Note through the web. It uses your iCloud credentials to sync data across all devices.

  • Quip

This app is available across all the platforms. The application boasts of a simple user interface. It gives you the option of adding another person to the note, so you both can edit it later. However, this app isn’t free and comes at a price of $30/mo.

  • Penultimate

Exclusive to iPad users, this app allows you to scribble and doodle on your iPad. This app was recently acquired by Evernote.

  • Squid

Available for android and windows users. Squid allows you to scribble notes onto your device. Also, it gives you the option to type in the notes using the keyboard. When you are done noting down, just export the file as PDF and view it later.

  • SomNote

Easy note app that allows you to sort your notes according to color. Also, it comes with password protection and encryption. Costs $39.99/mo but also offer a free version.

  • Paperwork

A free open source app that allows you to run your own server. So you can control what you want, when you want. However, it is not easy to execute and is best suited for people who have familiar knowledge of the coding.

new post

Uncategorized No Comment
now the new post working fine

17 Gmail Hacks

Uncategorized No Comment
gmailhack_feat

Gmail  has become a cultural force and not only another email program being largest email service provider. But Gmail can still get better with few hacks and apps floating around the Internet can help in making your experience with your Gmail more enjoyable. These 17 amazing add-ons will make you a Gmail pro.

  1. Find out if there are any Websites which are selling email addresses to marketers on adding “+” sign

Gmail will recognize the “+” sign so as to create an alternate version of email and start monitoring when you receive spam to the new address.

  1. Sortd

Sortd which is a smart skin for Gmail helps in transforming your inbox from just messages to useful lists which can be customized to fit your individual workflow.

  1. Ugly email

Ugly email will notify you regarding which among your emails are getting tracked even before you open them.

  1. Mixmax

It helps in making scheduled meetings much easier and tracks when someone has opened your email so that you will know when can you bug that Person. Also, it lets us create one-click templates.

  1. Mailburn

This is an iPhone app which automatically shows all your Gmail conversations only with natural or real people only. The idea is that all the newsletters, insurance related messages can be taken care with the system but on the phone, only real people conversations are displayed.

  1. Unsubscriber

It helps its users to unsubscribe from many newsletters and spam. This helps to get rid of unnecessary subscriptions from various companies or advertisements.

  1. Mailtrack

This is a chrome extension which helps its users to know when their email was being sent and when the mail was opened. Thus, a track can be kept of all your emails easily.

  1. Snapmail

This chrome extension adds a button right next to “send” button of Gmail which sends self-destructing emails for you. So, when the recipient person opens it, snapmail will inform that in sixty seconds it would self-destruct.

  1. Gmail offline

When the connection is not good or spotty, this feature can come in hand helping you use Gmail even when there is no connection.

  1. Gmail Giphy

Giphy being the world’s great GIF searching company now has a chrome extension which when installed, a little rainbow like Giphy icon starts popping up near formatting icons which lets us make our boring emails a little dramatic.

  1. Gmail dropbox

By using this feature a lot of space can be saved through integrating our dropbox with our Gmail.

  1. Boomerang

This is a plug in which works with Firefox,safari, chrome with the Option ” send later” which helps it’s users to type the email normally and then with the help of calendar set a date on which it should be sent.

13.Finding Big Mail searches

Big Mail is a program that scans the Gmail account and finds some largest files with some attachments etc which is eating up a lot of space. Thus, they can be deleted and space can be saved.

  1. WiseStamp

This is another chrome extension helping you to customize your regular signature  with different color,size etc adding a cool outlook.

  1. Send through Gmail

It is a chrome extension which will make sure Gmail is the default always and so whenever you type an email address it lets Compose window to pop up Gmail.

  1. Grexlt

This chrome extension will create Gmail labels. With these shared labels option, you can add a label to an email conversation in inbox showing your colleagues’ inboxes which is of great help in keeping a track of assignments given.

  1. FullContact

This is a chrome extension which will show you everything you want to know regarding any person who’s sent an email to you. Their tweets, facebook updates can also be checked through FullContact.

Web Design Terms You Need to Know

Uncategorized No Comment
web-design-terms-01

Professional web designers on a global designing platform quite essentially need to be aware of acronyms and buzz words of technicality. This aids in the development and implementation of new technologies and ideas. The frameworks, libraries and languages along with tools are more complex than ever. Thus, it’s quintessential to understand the buzz words.

Let’s take a quick look at it!

  1. HTML, CSS & JavaScript

HTML

HTML (Hypertext Markup Language) popularized with HTML5 now and is considered the web language. A piece of content is treated by a web browser with the help of HTML. It allows usage of several tags for the designer to mark the content for semantics as paragraphs can be considered as text copy, also images can be imported.

CSS

CSS (Cascading Style Sheets) is a visual rule set to formulate as to how elements should be rendered in a web page by the browser. It modifies text, background, size, position and shape of various parts of the page.

JavaScript

JavaScript a scripting language by its name. It supports designers in creating interactions in a web page. Earlier it was principally used for validation of forms and the pop-ups alert boxes that appeared when a mandatory field is empty (as a telephone number). While now it helps in providing visual effects and loads new contents with no need to reload the page.

  1. Responsive design

Responsive web design is captivating the world with a standard approach of adapting to user’s device in all designs. Irrespective of the web-connected device the content is displayed most appropriately for the view. For example, a page re-paginates with changes in screen size (into multiple columns on desktop or single on a Smartphone)

  1. Semantic markup

Semantic markup a method to coding HTML to describe content and access relevant metadata on the content using markup tags. Like, part of data not directly relevant to the primary content of the page can be marked by <aside>.

  1. SaaS

SaaS (Software as a Service) provides a software platform for delivery of services from or through the cloud. A few examples are Photoshop Express, latest versions of Microsoft Office online and Google Docs. The services provide desktop-like experience to the users without the need of installation of any software, as they are directly accessed from the web.

  1. A/B Testing

A/B testing is a procedure for accomplishing the same result through experimentation and achieves the most effective solution. It tracks the number of users converting to paying customers through alternate layouts using various trail layouts for web pages.

On a continuous repetitive process of assessing, prototyping and conforming, it increases the rate of conversion of individual pages considerably.

The above buzz words and acronyms are to be learnt for better implementation and innovation of a web page or website design. These form the basis for understanding the creation of web pages without which it’s technically impossible to make any. With web- designing ruling the markets, those who seek to utilize the opportunity, try harder to understand.

Stay tuned for our Part 2 of web design terms you need to know!

20 Interesting Facts About the Internet

Uncategorized No Comment
20-interesting-facts-about-internet

Everyone has been using the internet for decades but you’ll definitely be blown out of your mind reading these interesting facts about the internet. Know more about the internet through these list of facts below.

  1. Ever wondered who holds the backup power to restart the internet in case of any catastrophic event? Well, there are seven persons who hold the key to the internet. In the case of any event which makes the internet shut down, these 7 people have a key to reboot its internal part.
  2. All of us are familiar with the browser names like Mozilla Firefox and Internet Explorer. But the very first and popular web browser was known to be Mosiac which started its services in the year 1993 and was a major part of internet till 1997.
  3. It is a known fact that the internet has taken over TV at a fast pace, but the figures will amaze you. The Internet has gained about 5 million users in just 5 years. It took 13 years for TV to gather these many users.
  4. There are over 1 billion internet users today which are about 20% of world’s population.
  5. An average surfing session lasts about only 51 minutes.
  6. Sweden has the most number of internet users across the world with about 75% of the population using it.
  7. The satellite-based internet availability has made it possible to access the internet all over the world. Still there are certain countries like North Korea and China who are denied the access by the government.
  8. It is estimated that people who use social networking sites like Facebook and Twitter are likely to spend their 10% of lifetime on it.
  9. Asia is a continent with the largest number of internet users i.e. about 42% and about 80% of the world population still not using it.
  10. A good figure of 19% married couple meets online, making it a suitable marriage bureau.
  11. ‘Wake me up’ by Avicii is the most played song on Spotify, an online playlist website.
  12. The first tweet was sent by Jock Dorsey in the year 2002, March 21.
  13. The first ever image on the internet was uploaded by Mr. Berners Lee. It was an image of a joke band of women. The picture was uploaded from the nuclear research lab CERN.
  14. About 16% to 20% of the Google searches are the searches which have never been Googled before. Now this is news!
  15. Mr. Wilhite mentions the correct pronunciation of GIF as ‘jiff’.
  16. ‘Insurance’ is the most expensive Google Adwords keyword.
  17. The first email was sent Ray Tomlinson to himself in the year 1971, he doesn’t remember the contents though.
  18. The fastest rate to log in to Gmail is recorded as 1.16 seconds.
  19. We spend more time browsing on mobile devices than on computers.
  20. The internet is 8352 days old. You can check the latest update on HowOldIsTheInter.net.

So, these were some of the amazing and interesting facts about the internet not known to everybody.