Category Archives: Security

OpenSSL Vulnerability – Update Required

OpenSSL identified a high-risk vulnerability over the weekend and released a patch on November 1st. If you are running OpenSSL on any platform (highly likely), you’ll need to run an update to ensure your connections and infrastructure remain secure. Note: this only affects the OpenSSL library, you do not need to update your SSL certificate(s).

Update immediately if you’re running OpenSSL version 3.0.0 through 3.0.6.

Version update information: https://www.openssl.org/source/.

DNS flag day — we are ready

On February 1, the updated name server standard, EDNS (Extension mechanisms for DNS), will be finally deployed.

In this regard, we inform you that our servers are ready for these changes. All necessary settings are made.

All domains that are served on Core Hosting servers are in order. To check your domains served by other providers, use the link: https://dnsflagday.net/

We register and service domains in more than 400 domain zones. You can choose and register yourself a domain on our website https://core.eu/en/domain/

5 Reasons Your Business Needs HTTPS

The rules have changed about what good website security means — starting with a new minimum requirement for all website pages to support encrypted connections. The good news is you’ll gain other valuable benefits by adhering to this new standard. First, let’s get on the same page by reviewing a few basics.

What’s HTTPS?

When your customers land on a web page that’s not protected by any type of SSL Certificate they’ll see http:// at the beginning of the website address in the browser bar. This used to be perfectly fine unless your webpage involved a login ID, password, form or payments. Enter the era of mega cybercrime.

HTTP has one glaring flaw — it’s not secure. Any information transmitted via an HTTP connection is vulnerable to being tampered with, misused or stolen. Your visitors deserve to know any data they share with you is safe from prying eyes.

Installing an SSL Certificate changes the browser bar address to https:// to clearly show visitors the connection is encrypted, meaning the server is authenticated and data is protected in transit. No wonder web browsers have made HTTPS the new standard for website security.

HTTPS Is Good for Your Bottom Line

Enabling encrypted connections is one great reason to protect your website with an SSL Certificate. But, it’s not the only reason. Here are some other ways HTTPS brings value to your business.

Speeds Up Performance

Being the slow kid on the block and the last one picked for dodgeball is a bummer. Being slow online could cost you everything. HTTP is being replaced by a newer faster version — HTTP/2. Encrypted connections are required to unlock the latest speed and security features.

Increases Search Engine Traffic

Google includes SSL as a ranking factor. How’d you like to boost your search visibility up to 5%? Be found above the competition by encrypting every page of your website.

Enables Mobile Options

Salesforce reports 71% of marketers believe mobile is core to their business. Mobile’s most popular features — geolocation, motion orientation, microphone, fullscreen and camera access — require HTTPS to be enabled by most browsers

Protects Your Brand Reputation

A recent CA Security Council Report shows a mere 2% of customers would proceed past the “Not Secure” warnings that are due to kick in July 1 for all webpages without HTTPS connections. Show visitors your brand values their security by protecting your website with an SSL Certificate.

Delivers a Seamless Experience

Don’t let visitors engage with several pages on your site only to be get broadsided with a “Not Secure” warning on pages you haven’t protected. They’ll reward you for taking the extra steps to give them an end-to-end encrypted experience.

Identity Validation Matters

HTTPS is no longer optional if you want to build relationships and a business online. The good news it adds a lot of value to your business. But, SSL Certificates do more than enable HTTPS. They also authenticate, or validate your identity so visitors know it’s really you on the other end of their connection.

We’re here to help you find the right level of validation based on your goals.

Core Solutions offers 76 different types of certificates from major certificate authorities: RapidSSL, GeoTrust, Thawte, Comodo, Certum, Symantec.

You can buy a Certificate not only to protect any server or hosting that is provided by us, but for any other services/servers that you use from different providers. You can also order SSL installation service from us to get your Certificate installed correctly.

The Clock is Ticking—Act by July 1 to Avoid “Not Secure” Warnings

If you’ve been following website security industry changes, you may know that the move by browsers to warn visitors of webpages served via HTTP as “Not Secure” has been in the works for a while. And, if you’re like most organizations, preparing for the inevitable has been dead last on your to-do list. Unfortunately, pretending there’s no fire doesn’t mean you won’t eventually get burned.

Implementation has been gradual and the end date has been moved out a few times but, according to the Feb. 8 announcement by Google, you’ll need to get an SSL certificate for all your webpages — not just the ones with login requirements or forms — by the time Chrome 68 launches. Starting July 2018, Chrome will universally alert visitors that land on any HTTP webpage. What began as a nudge from Google and Mozilla that only impacted pages with unencrypted password or text fields has become a no-exceptions requirement. We’re guessing this isn’t what you want your visitors to see.

Why HTTPS?

HTTP served Internet users well for many years. Unfortunately, given today’s cybercrime-ridden web, it has one crucial flaw — it’s not secure. That means data in transit can be stolen or manipulated.

HTTPS is secure and shows visitors https:// in the browser bar indicating encryption is authenticating the server and protecting transmitted information. So, it’s easy to understand why web browsers are now requiring it as a basic standard.

How do I get HTTPS?

SSL Certificates enable HTTPS — so the sooner you install one on all your webpages, the better. But, remember, website security is about more than encrypting data. Ensuring who’s on the other end of the data transfer is equally, if not more, important so making sure you have the right level of identity validation matters.

Choosing the right SSL certificate can be confusing, but it doesn’t have to be. We’re here to help you sort through your options and find the most cost-effective way to meet the July 1, 2018, deadline and boost your bottom line.