Thursday, April 19, 2018

Do web hosts provide enough security against phishing: FTC says no.

The Federal Trade Commission (FTC) of the US has stated that after checking 11 web hosting services for small businesses, its staff has discovered that they lack in providing default email authentication and anti-phishing technologies.

Many of these web hosts failed to provide the authentication and anti-phishing technologies.
The report, Do Web Hosts Protect Their Small Business Customers with Secure Hosting and Anti-Phishing Technologies?, coming from a highly trustworthy source gives a valuable hint to small clients towards a potentially damaging security slippage. The report has not received the publicity it deserves.

According to the report, only a few web hosts offer straightforward access to email authentication and anti-phishing technologies to small clients, through their domain-level authentication systems.

None of the web hosts tested offered a tech that would instruct receiving email service to reject messages that wrongly declare their source. Support for email authentication technologies is far less extensive: few of the host we examined notify users of these technologies, and several do not support some technologies.

Websites must have security layers, also anti-phishing features.

The takeaway for small businesses, individual website owners and bloggers is that they should pay close attention to the offers of their web hosts and choose the hosts that would protect their websites and email accounts with not only SSL/ TLS but also with email authentication technology. That would help them effectively avoid phishing attacks.

Tuesday, April 10, 2018

Which was the best web hosting service in March 2018?

In a study, claimed to be impartial and with many parameters minutely checked, Indivigital [] has judged the following web hosting services as the best:

  1. Bluehost: 100% uptime, 437ms response time
  2. FatCow: 100% uptime, 1967ms response time
  3. GoDaddy: 100% uptime (1 minute of downtime), 594ms response time
  4. Hostgator (cloud): 100% uptime (3 minutes of downtime), 438ms response time
  5. Dreamhost: 100% uptime (7 minutes of downtime), 1008ms response time

Uptime, speed are the top qualities for a web host.
Indivigital says, except for Hostgator, economy packages of all web hosts were compared. Factors such as scheduled maintenance and performance over many locations were taken care of.

Sunday, April 8, 2018

Amazon Web Services continues to lead cloud services industry

Amazon is the global leader in cloud storage and applications, and its web services suite, AWS [Amazon Web Services] has been quite popular among users of data, web hosting, networking and web development services.

Being scalable and priced as per use, this service is getting popular in price sensitive but growing market, e.g. in Asia. In India, AWS  is reported to be growing at an exponential rate. Resellers are supposed to be giving a big boost to its expansion, by offering customized services at low rates. A recent report says, Amazon is now making more money from AWS than from its more popular mainstay, retailing.

GoDaddy is going to load its web hosting and other services on Amazon. The two will also look at synergies in some areas.

Amazon has recently announced higher security features for its cloud services.

Hope, its close competitor, Microsoft Azure, which is supposed to have bigger presence in large-scale solutions, is  listening.

Sunday, March 25, 2018

Must get HTTPS certificate for better SEO

Is HTTPS security layer really that important?

Yes, it is.  It shows that the communication between the user's browser and the website will not be prone to misuse by miscreants. It also ensures that the user visits the actual site he has been wanting to, not a fishing site. Google has publicly stated that it would deprecate non-HTTPS sites in future.

What is HTTPS?

HTTPS simply denotes that your website has been verified to be 'secure'. There are many levels of HTTPS security and not all are of the same level. When you type the web address of a reliable bank site, it shows the entire ID of the website given in full, with a lock preceding it. Now, use another website with HTTPS (not a bank or such high security website) and you find a lock before the URL. Non-HTTPS sites do not have a lock. Some browsers have started showing 'Not secure' before the URL when the site does not have a security certificate.

Both these types of websites with a lock preceding the URL are behind SSL (Secure Sockets Layer). What this layer does is that it encrypts all communication between the user's browser and the website server. In the case of banks etc, the security is even more, in the sense that the HTTPS certification agency has ensured that the website belongs to a verified high-veracity entity.

So, when a site shows that it has HTTPS security, it is taken as safe by the visitor as well search engines. That is a huge credibility improvement over non-HTTPS websites and blogs.

Chrome has announced that it would start showing non-HTTPS websites are 'not secure' starting later this year, that would keep the users under guard.

It has also been found that HTTPS sites have better conversion.

These all factors - trust and credibility, search engine favor, better click and conversion rates - run a virtuous cycle in which search engines start liking HTTPS sites for more than one reason.

How to implement HTTPS on your website or blog?

Most web hosts started with charging heavily for providing HTTPS security, but now they are learning to give at least the basic security free.

There is an easy way to get HTTPS certification for free. Lets Encrypt, a free certification organization supported by some top companies, provides it free to websites and self-hosted blogs. You can visit this post on Lets Encrypt for more details.

Google has implemented HTTPS on all its Blogger blogs. So, by default, blogs with .blogspot domain are behind HTTPS security layer. Blogger now also allows mapped domains to have this security.

All (free), LiveJournal and Tumblr blogs also come now with HTTPS security. It is high time to give your blog or website at least the basic HTTPS security if it still lacks it.