The Password is PASSWORD

                     Highlights from the last few months in cyber-chaos

cyber security, password

  • April, 2014 – The “Heartbleed Bug” strikes, affecting as many as 500,000 websites.
  • November, 2014 – Sony Pictures Entertainment hacked by person/persons unknown; leads to a complete and total meltdown in Hollywood,  forcing people in the “biz” to actually pick up a phone and talk to their cubicle mate and for the rest of us to stream a bro-stick comedy over Christmas that we all probably would have been better off waiting for on Netflix.
  • December, 2014 – North Korea’s Internet service undergoes a “DDOS attack” (distributed denial of-service) by person/persons unknown.
  • January, 2015 – US Central Command’s Twitter and YouTube accounts hacked by Islamic State sympathizers
  • Retailers such as Target, Neimann Marcus, Michaels, Aaron Brothers, PF Changs, UPS, Home Depot, Chik-Fil-A – ALL HACKED!!

A recent study found that 13.1 million U.S. adults are victims of fraud, with a total somewhere in the $18 billion range of fraudulent activity accounted for annually.  Earlier this month, President Obama proposed legislation that would encourage companies and government agencies to share information about security threats and vulnerabilities with each other.

Remember when you got that email from your bank, your social media website, your email server to change your password in the wake of Heartbleed. Did you actually do it? A Pew research study last year found that only 61% of those who knew about Heartbleed changed their passwords.

Just how lazy are we?

 A survey from 2012 by Research Now for CSID on password habits among American consumers found:

  • 61% of us reuse passwords across multiple websites.
  • 54% of us have 5 or fewer passwords for all of our internet usage.
  • 44% of us change our passwords once a year or less.
  • 89% of us feel secure with our current passwords and security habits.
  • 21% of us have had at least one online account compromised.

Splashdata’s annual list of most commonly used passwords found that “password” had been supplanted by the surely uncrackable“ 123456” as the most popular password of 2013.

 So what kind of passwords should we be using? 

The latest and greatest recommendations from cyber experts, including Blizzard’s own Hosting Manager, Tish Lockard, agree on the following guidelines for creating strong passwords:

  • A strong password should contain AT THE VERY LEAST 8 characters, combining upper and lower case letters, numbers, punctuation marks and symbols; there should be no inclusion of words found in the dictionary or the names of your friends and family.
  • Never use easy to discover dates like birthdays or anniversaries; you’d be surprised what is clearly visible on our personal and business social media pages these days.
  • You should have a unique password for all of your important accounts.
  • You should change your passwords every 90 days and not reuse them for different sites.

There are password generating sites that will create strong passwords for you. Tish says, “Can’t think of a good password? There are tools out there, such strongpasswordgenerator.com that will cook up a good one for you.  You can even decide the length of your password and what type of characters to use.  I use this Every. Single. Day.” Hear that? Every single day! I am listening Tish!  Some others generators  are random.org and freepasswordgenerator.com.

  How the B!33P am I supposed to remember that gobbledygook?

cyber security, heartbleed, passwords

Keep your Hello Kitty in a secure location, NOT near your computer!

How are you supposed to remember these nonsensical passwords? I know I have  been  loath to use passwords like those described above because there is no way I  am ever  going to remember them. Most security experts recommend the use of a password manager such as Dashlane.com, LastPass.com or 1Password.com which have apps that can go with you from your computer, phone and tablet. YES, you will have to have a password  for these heavily  encrypted secure sites, but if you can’t remember ONE goofy  password, well, maybe this  World Wide Web thing just isn’t your bag.

DO NOT store your passwords in a public cloud, in a Google doc, in emails that  can be  hacked, on your phone’s notepad app or maybe not even in that little spiral  Hello Kitty  notebook that you carry around with you everywhere unless you have really bad  handwriting.

According to Tish, “If everyone could make these criteria a priority and truly commit to changing their passwords regularly, there would be a lot less chaos in  the world. Well, ok, chaos caused by hackers, anyway.” If we listen to Tish, at  least we all can do a little something about this cyber chaos. The hacker free-chaos, Tish and I will endeavor to deal with that another time.

Whatever method you decide upon to have truly secure passwords, remain ever vigilant as you cruise along the world-wide-web. There are hackers around every bend and it’s up to you to keep an eye on your online accounts. And don’t forget that old adage, if you don’t have something nice to say in an email about someone, maybe just jot it down in your Hello Kitty notebook.

Give Your Website the Finger

We have been saying for quite some time that the shift toward mobile devices is absolutely revolutionary across all online channels. It is no less than a tectonic movement, and is one that is shaking up the internet. Earlier this year, the number of searches on mobile devices surpassed PCs for the first time. In a world where many businesses are still struggling to comprehend the importance of mobile use, 1.75 billion consumers worldwide used smartphones in 2014.

Mobile friendly website example

Example of search result on smartphone

As you read this, Google has fully implemented the  new “mobile-friendly” label as part of its mobile search results. To qualify for this label, the GoogleBot must detect the following criteria on your website:

  • Site avoids the use of software that is not common on mobile devices, i.e. Flash or Java
  • Site uses text that is readable without manually zooming in and out
  • Site sizes its content to the screen so users don’t have to scroll
  • Site places links far enough apart so that each may be tapped easily

In a nutshell, what does this mean to design for mobile?

How would you design your website if it ONLY would appear on mobile phones?

Google also recently announced a new feature for Google Webmaster Tools that tracks common usability issues on mobile devices. The tool alerts you to problems with the criteria listed above. Google would not introduce a tool like this without the implication that, in the near future, these elements will become part of Google’s ranking algorithm. You can test your site’s “friendliness” at Mobile-Friendly Test. The test even shows you an example of how your site looks on a smartphone.

mobile friendly smartphone view

Smartphone view

When developing a website to be seen on a mobile device, simplicity is crucial. The interface must  be clean, without extraneous text, graphics or video.  These types of add-ons will only serve to      slow down your load time.  Short and sweet content, the use of conventional mobile icons, images  that are optimized for responsiveness, all of these elements are going to make the user experience  far more positive on your mobile site. And don’t forget fat fingers! Those buttons need to  accommodate ALL finger sizes, not just those that are “piano fingers.”

Also, don’t forget that one of the best features of mobile devices is that a potential customer may  simply call you or get GPS directions to you directly from your website as they are viewing it. That  is IF they can find your phone number and address!  Placement, font size and color of your basic  information should always be taken into consideration for mobile use.

With all of this in mind, the time has come to consider implementing mobile responsive design at  the beginning of the creation process instead of going back later to enhance a site’s mobile-ability  Simply resizing a website to fit on a small screen or assuming that the customer will pinch or  zoom the view on their device is not enough to satisfy those who may never view your website any  other way.

Stop resisting. The future and the present IS mobile. Start your design with this in mind this and you will have a clean, simple and responsive site that looks great and is easy to use, no matter what size the screen, or finger. You’ll be glad that you did.

Amazon Travel to Compete with Expedia, Priceline

Travel Photo with Orange HatOnline travel industry news source, Skift.com,  is reporting Amazon’s entrance into the travel market. So far, it’s but a toe in the water for Amazon, with offerings only near major US cities and a handful of independent hotels with good reviews reported on TripAdvisor.com. Nonetheless, for those of us in the travel industry, having a new distribution opportunity from an entity with the might and muscle of Amazon is pretty big news, and something definitely worth watching as it unfolds!

Facts:

  • Who:
    • Independent hotels with good TripAdvisor ratings, with only a few places per city.
    • By Invitation Only. Amazon Travel is inviting a few independent hotels and resorts to participate. There is no online sign up area.
  • Where:
    • near major US cities, including New York, Los Angeles, Seattle, Boston and Dallas
  • When:
    • January 1, 2015
  • Why:
    • 15 percent commission vs. the average 25 percent rate paid to Expedia.
    • There are about 20 million members in Amazon Prime. Hotels can give special deals to Amazon that undercut the deals that they give to all OTAs, because these specials deals are offered just to Amazon’s Prime Members.
  • How:
    • Amazon already offers local deals at its local.amazon.com website; these travel deals are supposed to be another offering in that area of Amazon.
    • Pretty rudimentary booking procedures. Booking notifications will be via email, and hotels need to update their calendars on the Amazon extranet site.
    • Amazon gets paid first, then will pay the hotel in two payments, less its 15% commission

Stats for comparison:

  • Booking.com (owned by Priceline) has over 550,000 properties, including over 210,000 vacation rentals globally.
  • Expedia has over 300,000 hotels globally.
  • According to Seeking Alpha, Amazon has
    • 20 milllion Prime Members
    • Over 230 million active user accounts
    • About 80 million people using its website to shop each month

Amazon has ventured into the travel arena in the past:

  • With Expedia in 2001, when they partnered in an online travel store. This foray ended in a nasty breakup between Amazon and Expedia.
  • With SideStep (later acquired by Kayak) in 2006 which allowed searches in Amazon’s travel store for flights, hotels, car and vacation packages.

Google Hops Down from the Carousel and Shows Off Its Three Pack

Google is dropping the somewhat controversial carousel display of local search results, which was used for hotels, restaurants and entertainment venues, in favor of a “three pack” of top ranked organic listings.

The Carousel hasn’t been very popular with SEO experts who had difficulty figuring out how the Carousel could change the way users searched for businesses. It was also unpopular with the businesses themselves, as the business owners couldn’t control which image would be used for the display. The Carousel never even launched in Europe.

The new three pack looks like this, appearing BELOW the AdWords results (the Carousel appeared above AdWords):

 

Google Three Pack Example

Example of Google’s New Search Results with the 3-Pack Listing replacing the Carousel.

The three featured destinations are ranked by Google, using algorithms. Hotels will have their pricing and review results listed in the three pack listing, along with a calendar feature allowing the searcher to check on availability. Night club and restaurant results are similar, with reviews and price points. The ”More” link takes the user to a page of local results, along with an interactive Google map.

The  great improvement the three pack delivers for hotels is that by clicking on one of the featured listings, the user will be taken to a business profile page, something very similar to the Google Knowledge Graph panel. The business panel appears at the top of the new page, along with alternative photos, reviews and a Google map. If the hotel offers online booking, the user is able to start the booking process directly from that page.

For now, the three pack results will only appear in PC queries, not mobile.

This new display result gives users an easy way to navigate the top listings in the category they are searching for, while still feeling integrated into Google search; the features can make the booking process nearly seamless.

This improvement should be much more popular than the Carousel, especially for those whose organic results place them in the top three!

International SEO – Google Offers a Helping Hand

Out of Beta and into the real world, international real world that is! Google has just announced adding a new section to Google Webmaster Tools, labeled “International Targeting”. If you operate a website that targets visitors from more than one country, and in more than one language then this may be of serious interest to you.

Webmaster Tools Dashboard

Dashboard in WMT showing the International Targeting Option

In an effort to respond to the public out-cry for help identifying issues with hreflang annotations (the markup that enables search engines to serve the correct language or regional variation of a page in order to provide more targeted results for searchers), Google offers webmasters a tool that makes note of two of the most common problems associated with language targeting and hreflang annotations:

Missing Return Links

The first issue Google helps identify is related to missing return links; if an annotation is not confirmed from the page it is pointing to, there will be an error. For example, if page A links to page B, then in-turn page B must link back to page A, otherwise the hreflang may not be properly interpreted by search engines. For each of these errors, Google identifies where and when detection took place as well as where the expected return link should be.

See the Example Provided by Google:

Example from Google Webmaster Tools of Missing Return Links

Identifying missing Return Tags

Incorrect Hreflang Values

The value of the hreflang attribute must either be a language code in ISO 639-1 format such as “es”, or a combination of language and country code such as “es-AR”, where the country code is in ISO 3166-1 Alpha 2 format. If the language or country codes are not in these formats then Google reports the issue and provides an example URL to assist with fixing the problem.

Unknown Language Code Report from WMT

Example of Unknown Language Codes in WMT Reporting

For more information on getting hreflang right checkout this recent article from David Scottimano detailing examples & insights for those who need and use international SEO for their website.

Attention All WordPress Users: Update Your All In One SEO Pack

Wordpress Secuirty

The All in One SEO plugin’s security has been exploited. Hackers have found a new entry method into your website via the All in One SEO WordPress Plugin. Specifically, hackers can now use privilege escalation and cross site (XSS) attacks on your website. If you update your plugin you will be, at least temporarily, immune to these attacks that hackers are currently exploiting. If you’re looking to make a switch, Blizzard recommends WordPress SEO by Yoast plugin, which is a similar SEO plugin with more functionality that has not been exploited

Do I really need to update my plugin? Yes. With this exploit, hackers can edit your meta title and description, which in turn could decrease your SERP rankings. Not only can this exploit hurt rankings, hackers can maliciously attack your website by executing JavaScript code on the administrator control panel.

You have three options; delete the All in One SEO plugin, update the plugin to the latest version or install the WordPress SEO by Yoast plugin. Please take action immediately to avoid any attacks on your website. If you have any questions regarding taking action on this, please contact us.

Virus Alert: Caution Using Internet Explorer

Beware of IE Virus

The latest cyber attack is leaving over 55% of PC users at risk. Hackers have created a bug that will utilize Adobe Flash Player and viciously attack your computer’s memory. The hackers have deemed their creation “Operational Clandestine Fox.”

 

The security flaw was found on Saturday by FireEye Research Labs, who are located in Milpitas, California.

 

For the time being, there are three methods for preventing a possible attack. The first method, which is the recommended, is to use a different internet browser such as Firefox or Google Chrome. If you insist on using Internet Explorer it is important to turn off Adobe Flash. A third, less viable option, is to turn on IE’s Enhanced Protected Mode.

 

Microsoft is working hard on a fix for this bug, though as of Monday morning there hasn’t been a fix. If you are currently using Windows XP, you will not receive an update patch from Microsoft. Microsoft announced that on April 8th 2014 they would stop supporting Windows XP. It may be time to upgrade from Windows XP, because from here on out there will only be more bugs and viruses accumulating and making it riskier and riskier to use a Windows XP machine.