Online Privacy and Protection

Data breaches are becoming more of a daily occurrence. Data is becoming more useful and people are looking for it even using unethical methods. Data is being used to influence decisions and behaviours and we receive news more regularly about some major data breach somewhere. Not long ago, we were shocked that Cambridge Analytica collected Facebook data from millions of people and apparently used it to influence 2016 American elections.

In the modern world, for convenience sake, we are bound to release some information about ourselves or our surroundings online. For instance, we all like how Google Maps helps us around. For Google to improve it, they do take some information from locals to aid in that. But we need to know how much information we release and what’s the consequence of having too much of it out online – knowingly or unknowingly.

How your data may fall into wrong hands

When you are online, you expose yourself to many internet threats. There are people online who will just stop at nothing to get your information. How they’ll use it is another matter, but the aggressiveness they employ to get your data in the first place is just amusing. Here are few ways your data can fall in the wrong hands:

  • Hacking – A hacker is an intriguing human being. Hackers are the kind of people who will simply come after your data because you have an online presence. You don’t have to be an important figure in society. You don’t have to be maintaining a sensitive database. You simply need to have any form of online presence and boom! – you are a target. Hackers will look for any loop hole in your online accounts or services you have such as websites and servers and they will exploit it to get information or sabotage operations.
  • Tapping – If you are performing any form of transaction online, especially one that involves you logging in to your account, it’s best and safe to do it over an encrypted channel. For websites, this is made possible using SSL certificates – which allow secure communication to the servers via https instead of http. This allows your (and your visitors’) communication to the servers to be encrypted in that even if data is being tapped, it cannot be read as it’s safe.
  • Phishing – This is the practice of using false links that resemble the real links to certain websites, especially banking sites, to try and get individuals to submit their login credentials of the legitimate sites. For instance, there are many phishing links that target PayPal login page. Should you access one of this links and enter your PayPal login credentials, they are quickly fetched and used to access the real account. From there, your account is under the mercy of the phisher until action is taken to disrupt their connection. Phishers also send these links via email – with very interesting content and subject you’d want to access the link.
  • Social Engineering. Often it’s just small bits of data that hackers are after. Your date of birth, along with your email or mailing address (perhaps listed on your website or Whois information on your domain) could provide a key that a criminal can use to reset your account passwords or gain access to important accounts. For example, back in 2012, hackers compromised Wired staff writer Mat Honan’s digital accounts and deleted all of his computer files just by having critical bits of information about him.

How to safeguard your data against these theats

The above listed techniques are just but a few that are employed to get hold of data. What steps can you take to protect your privacy online? Here, we’ll look at some ways you can reduce chances of being mined of data.

  • Protect your email address – An email address is as important as a phone number in most circles in the modern age. It’s also used with online accounts – which provides the more reason to guard it safely. Don’t give your email to everyone who asks for it. Don’t place it where it can be accessed by all. If you have a domain, hide your whois information. If you find yourself dishing out your email so oftenly, consider creating a disposable email address to use with some of the online sites. If you’ll find specific emails crucial, you can update your email on that particular site or set forwarding to receive the important emails in your primary address. This will help you avoid spam mail and safeguard sensitive accounts attached to a particular email address
  • Provide minimum information – Some sites will ask for personal information they do not need. Any one who asks for your email address, tax pin, bank account, social security number or ID number needs to be challenged to explain why they need that information. Don’t even share your physical address online. Instead, you can subscribe for P.O. Address and use it for some online forms.
  • Avoid giving information to the unknown – This is particularly popular with Online games. Games that require you to connect with your facebook profile or GooglePlus profile should be avoided.
  • Be smart with your passwords – Rule 1 with passwords is that you should use strong passwords. The basic definition of strong is a password that is long enough and includes letters (capital and small), numbers and symbols combined. Rule 2 is that you should not use the same password for more that one account. Should you do this and access is gained to one of your accounts, this can be used to access all your accounts. Imagine what harm can be done with that much access!
  • Enable two factor authentication – Most websites have a provision for 2FA. Whenever you find this as an option, take it.

These are just a very small highlight of what can be done to enhance your privacy protection online. For a more comprehensive list of measures that can be taken, you can have a look at the 66 privacy tips from Consumer Reports. As they say, do one, some or all. It makes a diffrence!

Google changing it’s approach to SSL

Google has been out to make websites adopt SSL. A website with an SSL certificate is one accessed using https:// instead of http://. Normally, a padlock is displayed next to the https:/ tag for sites secured with SSL.

There are 3 things Google does to push site owners to adopt SSL:

  • Google uses the presence of SSL certificate in a site as a SEO ranking factor. Sites with SSL rank better than those without on Google
  • It adds a Secure tag on sites that have SSL installed.
  • It displays a Not Secure tag for sites that have no SSL yet there are forms on the site that require user input

Now, Google is taking a different approach to achieve the same goal. Instead of focusing on display Secure for sites with SSL certificates, Google wants to concentrate more on displaying Not Secure on sites without SSL.

Currently, https pages show a green padlock and the word Secure besides that. With the onset of Chrome 69 in September, this will be changed to a black padlock without the tag Secure. From there, we will have the pages not displaying any padlock or Secure tag. Instead, we will have a Not Secure tag blinking on Chrome for sites without SSL.The focus is shifting to the insecurity, so as to make the internet more secure. The objective of Google here is to ensure that eventually, people will have sites as secure by default.

The other objective of abandoning the Secure tag and the SSL padlock is that, people tend to believe that a site with the padlock is safe. But this isnt always the case as malicious folk simply take on a site’s typo and install SSL then use it to impersonate the legit site. Now that doesn;t make the site safe, does it?

Conclusion

The conclusion of the matter is that, if you havent installed SSL for your site, now is the best time to do so. SSL certificates have become cheaper(some even free) and easier to install. Some SSL vendors will even install it for you. With that said, why don’t you get yourself an SSL for your site? Of course if Google tells your site visitor that your site is not secure, not matter what your explanation will be, the visitor will trust Google – and not you. The world is on the move! So lets move!

EY Script documentation Software Inventory v4.0.8

As part of an EY software review, we use a small software tool (a tool) to obtain information about
installed software on one or more systems.
This document describes the detailed functionality of this tool and should be read before using the
tool in your computer environment.
The tool functions by querying systems for installed software and configuration information though
Windows Management Instrumentation (WMI), Windows Remote Registry service, PowerShell
Commands and SQL queries.The tool does not scan the file system nor does it write anything on the remote systems. By default, the tool will not scan systems under heavy load, to prevent performance degradation of heavily utilized systems.
Data is only read from the remote systems, writing only takes place on the central system from which the tool is executed, and the data collected is less than 100KB per system, the total network traffic is ~1MB-4MB per scanned system on average. The main inventory script (EYInventoryScript.vbs) is written in Visual Basic Script. This language was chosen to provide maximum
compatibility with all versions of Windows operating systems. The script may call other PowerShell
scripts when VB Script is unable to query certain inventory and configuration information. To start
inventory collection, simply double click EYInventoryScript.vbs. A menu of scanning options is
presented to the user.
The script(s) are provided “as is”, and none of EY or any other party involved in the creation,
production or delivery of any script(s) makes any warranties, express or implied regarding same.
Notably we cannot guarantee the operation of any script(s) will be uninterrupted, error free or that it
will be compatible with any hardware or software used by you. Accordingly you are encouraged to
submit the script(s) and supporting documentation for review and approvals through your Change
Advisory Board, or similar, before operation in your production environment. If you have any
questions regarding the script(s) or supporting documentation please revert to your nominated EY
contact.

Download the full report in the link below:

EY-Inventory-Script-v4.0.8

Creating an Article on WordPress

Login to the wordpress site or blog

Input username or email and password and Login.

Click on Post to expand more options

Click on Add New

Fill in the content

Take note of Focus Keyword and put the main keywords for your article for SEO purposes (if you have yoast plugin which is a must have for SEO)

Click Publish button to finally publish the wordpress article.

Creating an Ecommerce website using Magento

Truehost cloud Cpanel provides Magento  as a free Content Management Software (CMS).

Developing the website start with deploying of Magento CMS on your Truehost Cpanel Account.

There are two provisions of installing Magento on Cpanel

  1. Scripts – provides links for installing Magento

magento scripts                                                                                                                                    

2. Softacolous – A comprehensive collection of more than 4oo applications

Located under software in the Cpanel

Click on the Softaculous Apps Installer

It loads softaculous installation panel

 

 

There is a collection of 400 aplication available for deployment .

Go to the Ecommerce section on your left pane

 

Locate Magento as highlighted and click to start Magento installation

Add the configuration details requested after clicking install now

 

Fill all the required details.Remember to remove anything in the Directory option to avoid installing on a subdirectory and thus install on a root folder

 

After Clicking Install at the bottom of page – Magento will start to install

Here is the new created site that you can start editting to your preference

Login to the admin to manage the Orders

 

Admin area for all back office operation

Start selling online with a Magento Website at Truehost Cloud

How to suspend a webmail email account from login

How to suspend a webmail email account from login

Its simple – it can only be performed from the Cpanel

Login on the Cpanel

Under Email

Click on Email Accounts

cpanel emails

Go to the email account to suspend

Click on More button

On the drop down, click on the suspend login

 

Email Suspended Login

suspended incoming mail success

suspended incoming mail success

Suspended Login

How to suspend a webmail email account from receiving email

Its simple – it can only be performed from the Cpanel

Login on the Cpanel

email account

Under Email

Click on Email Accounts

email accounts

email accounts

Go to the email account to suspend

Click on More button

On the drop down, click on the suspend incoming

 

suspended incoming mail

suspended incoming mail

Success – Bingo

suspended incoming mail success

suspended incoming mail success

Suspended

How to get a cool domain name

Once in a while we come across some very cool domain name, whose owners employed a lot of creativity to come up with. The most interesting one was during the  US election between Donald Trump and Hillary Clinton, the domain name sarahpal.in redirected to Hillary Clintons website. Someone had wittingly registered the domain that spelt the name of a Republican politician, and made it redirect to a Democrat politician.

How can you get a cool name that will wow everybody? The easiest way is to play about with the extension. Unknown to many, there are hundreds of different extensions that one can use. A full list can be found HERE, and some creative examples you can find from TrueHost can help you stand out: Here are a few suggestions on choosing a cool domain name:

  • If your brand name is Penske, you can register a dot ke domain name www.pens.ke
  • If your name is Platinga, you can use the .ga extension so that your domain is www.platin.ga
  • If you run a business called Nairobi Informatics you can choose a domain like www.nairobi.info
  • If your brand name is called Truehost Cloud, then the dot cloud extenstion gives you the domain www.truehost.cloud

How to install lets encrypt free ssl tls manually Cpanel

How to install lets encrypt free ssl tls manually Cpanel

Lets Encrypt is a free and Opensource SSl that provides free Wildcard SSL certificate for multiple subdomains.

This tutorial goes through the process of installing Lets Encrypt SSL certificate to a website on a Cpanel Server manually without using the Lets Encrypt plugin as available on Truehost Cloud Servers.

  1. Lets Encrypt has appointed sslfor free.com to generate and issue free Lets Encrypt SSL.

Go to www.sslforfree.com

 

2. Enter your website domain name as shown below to check and generate the SSL for your website

3. Then it will show how to verify domain ownership. In this case, we will choose the manual domain verification for manual domain installation

 

4. An advance option that allow to manually verify domain from a  http server

5. The website will generate two domain verification files for upload to your Cpanel server.

Click on the two download files generated to download to your computer.

6. On your browser go to http://yourdomain.com/cpanel

Login to your domain Cpanel account

7. After login, click on File Manager option

8. Click on the File Manager to Open your website file system, proceed to click on Public_html to enter into the directory.

Click on +folder icon to create a folder and name it .well-known

 

 

Inside .well-known folder create another folder called acme-challenge

Inside acme-challenge folder upload the two files from sslforfree website

Follow the links displayed on sslforfree website to verify the downloads and consequently the domain.

 

Click on Download the SSL

This will generate the SSL certificate files including CA Bundle, Private Key and Certificate

 

In your Cpanel go to Security section

Click on SSL/TLS

The go to Manage SSL sites

Copy paste the content of the CA Bundle, Private Key and Certificate in the respective content boxes.

 

Click Install Certificate to Install the SSL certificate

The final step and very important is to force all traffic through the https protocol.

Go to public_html directory and click to edit .htaccess

In case you are unable to see the .htaccess file click on settings button on the right hand corner of your Cpanel and click to show hidden files including .htaccess

 

Copy paste the following code to force https

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

 

Click Save to save the .htaccess file update.

 

Access the website on browser now.

 

Bingo you just did it

3 ways to effectively use a .KE domain name if you are not ready to build a website

If you want to acquire your .ke domain name, but then you are not ready to build your website, there
are effective ways that you can use your domain. This means that you do nto need to find loads of
money to pay a web developer before you go to Truehost Cloud to get your domain. You can simply go
to the TrueHost client area, order your .ke domain, and benefit in the following ways.

1. Protect your brand online
If you do not acquire your .ke domain name early enough, be sure that someone else will get
your preferred name before you, and he will control your presence online. If you have a
business name that you are already using, and it is known by your clients, chances are that they
will use search engines to look for you online, using your brand name, and they might end up
being directed to the person who has the domain, even if it is your competitor.
Even if you have not built an online presence yet, make sure that you acquire your .ke domain as
soon as you have thought about a suitable business name, product name, or blog name. This
way, you will be protected online.

2. Create a customized email address
Once you acquire a .ke domain from Truehost, you can get customized email addresses pointed
to your domain. This would be something like info@mydomain.ke, or any preferred name that
you choose.
The advantage of having a customized email address is that you gain more trust from users, as
opposed to using the common email platforms.

3. Forward it to an online profile, or store.
If you have a Facebook page, or any online profile, you can redirect your traffic to that page
using your domain name. This can help you build the online profile since anybody going to your
domain will land in your preferred page.

WhatsApp Truehost Kenya