Many SSL certificates issued from vendors will require re-issuance by certain deadlines to ensure continuity for your members and customers. This only effects SSLs that were purchased after June 1, 2016 and before December 1, 2017.  The SSL vendors that are impacted by this distrust are Symantec, Geotrust, Rapid SSL, and Thawte [1].

On or around September 13, 2018, a Chrome 70 beta release will distrust all Symantec SSL certificates issued between June 1, 2016 and December 1, 2017. Google plans to release the Chrome public version mid-October 2018.

If your SSL certificate was issued after June 1, 2016 and before December 1, 2017 and expires on, or after September 13, 2018, replace it before September 13, 2018. It is strongly advised to reissue certificates within these dates as soon as possible to avoid risk or delays. These certificates can be replaced at no cost from your vendor. Contact the vendor that you purchased your SSL through, and they should be able to help you free of cost.

Don’t wait until September 2018 to replace your affected certificates. Domains and organizations need to be validated before the vendor can issue certificates. And don’t forget you’ll need time to install the new certificate so your website avoids Google Chrome security warnings.

If you let the deadline pass, anyone traveling to your website will be denied access and will see an error prompting them that the site is no longer safe or that the connection is not private and to continue at their own risk. They will see this if they are using a Chrome or Firefox browser when going to your website, there will be an ‘X’ in red through the https:// of the URL link.

For certificates that do require replacement (purchased between June 1, 2016 and December 1, 2017), please submit for a free replacement ahead of the distrust dates mentioned above. You can contact the vendor who issued the SSL[2]. At E-Tech if we manage your SSL, we’ll take care of handling the procedure of getting a new SSL reissued.

Feel free to Contact Us for more information.

The moment our world went online, and we started conducting business using websites, we became the primary targets for hackers. The situation worsened with the emergence of Content Management System(s) (CMS) – like WordPress, Joomla, Drupal etc., – which while offering an effortless way to build as well as customize websites, many loopholes like for example, plugins which could be easily exploited by the hacking community.

We’ve put together a list of the top 5 website security vulnerabilities that you should be aware of with your website:

1) Abandoned website and/or services: If your website is not being updated, it could get easily infected with vulnerabilities like SQL Injections or Viruses. A SQL injection is a type of web application security vulnerability in which an attacker attempts to use application code to access or corrupt database content. If successful, this allows the attacker to create, read, update, alter, or delete data stored in the back-end database.

2) Using untested or “hacked” applications/scripts: Applying an untested or “hacked” application/script eventually will break a critical application on your website. Bite the bullet and purchase the applications/scripts, but also build a test environment to make sure everything works before implementation on your live environment.

3) Lack of security products, such as firewall or SSL certificate: SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. If you do not have an SSL certificate, a secure connection cannot be established, that means, your company information will not be digitally connected to a cryptographic key. If the website is secure it starts with ‘https’ before the website link – so be aware of this.

4) Using antiquated technologies (old versions of ASP or PHP): All new versions of ASP or PHP come with security improvements, so the older a website version is, the more time an attacker has which they can take advantage of.

5) Improper server setup/configuration: Security misconfiguration encompasses several types of vulnerabilities all centered on a lack of maintenance or a lack of attention to the web application configuration. A secure configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. Security misconfiguration gives hackers access to private data or features and can result in a complete system compromise.

In conclusion, it is important to keep your website updated from everything from the theme, to the plugins, to the SSL certificates – it must all be current to the technologies of today. Here at E-Tech, we have a team of dedicated web developers ready to make sure your website is not vulnerable, whether you’re looking to have your website redesigned or just a brand-new website we got you covered.

Another good idea is to do quarterly website vulnerability scans (depending on the size of the website it could be more frequent). This scans your website and checks for any suspicious activity and any security problems. The moment the scanner comes across anything suspicious, it raises the appropriate alerts and brings the issue to the attention of the security experts, so that they can investigate and resolve it without affecting your business.

Feel free to Contact Us for more information.