Joomla 3.4.2 was published a day before yesterday, unfortunately several high priority issues were found as people upgraded live sites which never occurred throughout the testing phase – therefore Joomla 3.4.3 was published to address these.
Even when you have upgraded to Joomla 3.4.2 already, we suggest 3.4.3 to secure your Joomla site as usual.
At VASTSPACE, we do not deploy and sell XEN based virtualization solution. Our Cloud services are based on OpenVZ and KVM, thus you are in safe hand. To find our more about the security vulnerability : http://xenbits.xen.org/xsa/advisory-108.html
Many organizations require mandatory password changes, consider this is best practice in security. However, this might not be the case anymore and there are many pros and cons to this practice. For those has been changing password regularly, maybe it’s time for you to have a look having your password changed often makes sense and when it does not, and for who has done little on securing the password what should you do next.
Let’s get started with strong password
Using a strong password is the most important thing you can do to help keep your account secure. Here are a few tips on how to create a strong password:
Use combination of letters, numbers and symbols if permitted
At least eight characters long.
Never use names of spouses, children, girlfriends/boyfriends or pets.
Never us your phone numbers, ID numbers or birth dates.
Never use the same word as your log-in, or any variation of it.
Never use dictionary words.
Avoid using the same password for all your accounts
Enforce Password duration policies but wait..
Many companies enforce their users to update their password every few months, it limits usefulness of the stolen password. If your password has been stolen and you weren’t aware about it, the hacker could eavesdrop for an unlimited time and gather all sorts of information about you slowly or laboriously and cause damages to you. Thereby, for last decades many security policies have recommended frequent password updates. But it might now be outdated policy to recommend and it’s highly debatable that updating password frequently does actually increase security.
Updating your passwords often has became a waste of time?
A study from Microsoft found that mandatory password updates cost billions in lost of productivity for little payoff in security and some other security resources point out that the security best practice is doing little security improvement but causing a lot of frustration. End of day, users typically end up choosing or resorting to sticky notes and any form of easier and quicker ways to access their “secure” password but could actually increases “risk”.
Experts pointed out that in many cases today hackers or attackers won’t be passive. If they get your account login, they probably won’t wait and hang round for months but likely they will access you account right away. In some cases, hacker might be sticking around eavesdropping, not using your password but with installed backdoor access instead.
The next thing you would do to reduce your risk is to reduce the password update duration. But hold your horses, hackers have machines that can break 348 billion NTLM password hashes a password encryption algorithm used in Windows per second and any 8 character password could be broken in 5.5 hours, and if your account are being targeted, what make you think that reducing the password update duration would possibly reduce your risk? It’s not possible and not worth doing this crazy event that kills your brain cells as a daily basis.
Good reason to beef up your security with Two Factor Authentication
Two factor authentication is one of the best things you can ensure your account don’t get hacked and invest less time and frequency updating your password, eventually less hassle and frustration. It’s more important and above that you choose a unique and strong password for your accounts. Two factor authentication is a simple feature that asks for more than just your password. It requires both something you know and something you have in personal belonging like cell phone. After you enter your password, you will get a second code sent to your phone or an application like google authenticator generates 2-step verification codes on your phone, only after you enter it will get into your account and keeps unwanted snoopers out of your online accounts.
At Vastspace, apart from the encryption layers on all our web channels for communications with clients. Our client portal is installed with Two Factor Authentication, if you have an account with us follow this guide to enable it now.
Google researchers announced the discovery of a vulnerability that affects servers with SSL 3.0 enabled. This vulnerability has been named POODLE (Padding Oracle On Downgraded Legacy Encryption). The POODLE vulnerability does not affect your SSL Certificates and you do NOT need to reissue/reinstall your SSL Certificates. DigiCert and other security experts recommend disabling SSL 3.0 or CBC-mode ciphers with SSL 3.0 to protect against this vulnerability.
You can use SSL Installation Diagnostics Tool from DigiCert to check if SSL 3.0 is enabled on your servers. For servers that have SSL 3.0 enabled, Security experts are recommending that you disable SSL 3.0 for the time being and use TLS 1.1 or 1.2 instead. Most modern browsers will support TLS 1.1 and 1.2.
If you use a hosting provider, we recommend that you call them and request that they disable SSL 3.0 on your server. Servers that do not have SSLv3 enabled are unaffected.
We are using cookies to give you the best experience on our website.
You can find out more about which cookies we are using or switch them off in settings.
You can adjust all of your cookie settings by navigating the tabs on the left hand side.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.