Many moons ago, I wrote a blog post about properly handling 404 (page not found) errors with ASP.NET. But an often overlooked and underused approach to error handling is the custom 500 error page. For those not familiar with a 500 error, it is the error that occurs when an exception is made. An exception could be anything from incorrect logic introduced into the code by the developer (not me of course) to malicious data entered by a user into a form field. If the developer chooses not to implement a custom 500 error page, the end user will be presented with an often very unpicturesque screen containing information about the exception. Often, this information can be very revealing and can give a hacker just the right amount of information they need to compromise your website.
The solution to all of this is to properly configure your web application to display a page that is more user-friendly, pleasing to the eyes and one that conveys a custom message to the end user. Read More
There’s a new bug making its rounds and this is one we’ve all got to worry about. On Monday, a team of Codenomicon and Google Security engineers unearthed an existing vulnerability in OpenSLL data-encryption standard. The flaw allows hacker communities to exploit a ‘keep alive’ or ‘heartbeat’ script used at the transport layer in the Open Systems Interconnection model (OSI) to reveal more data from the server than intended.
In tricking the security software, hackers could write hacks to access additional server data. It was in that additional data, the hackers could steal personal information such as user and password information from the server.
While it looks like only the 1.0.1 and 1.0.2-beta releases of OpenSSL are affected, it’s important to check your site’s vulnerability. Heatbleed bug testing tools are already available here.
I hope your web site passes this test! If not, visit with your Certificate provider and inquire about revoking and renewing your existing certificate as a possible solution.
As always the case in IT, there is a bright side to a reported bug of such deep reach, and that is allocation of a programmer’s time to fix the software and update. Upgrading security software will bring stronger encryption and greater security of our privacy. In addition, many individuals will update their passwords and hopefully use software to generate one and stop using “Password123”.
With each year, internet marketing gets a little more complex – especially SEO. The strategies that worked a few years ago just won’t hack it in this highly competitive – and highly distracting – environment. But there are ways to help your brand come out on top – even if you’re in a competitive field. In this post, we’ll look at some of our favorite advanced strategies for getting found in the SERPs (Search Engine Result Pages) today.Read More