Category Archives: Mastermind Blog

Mastermind Blog – Himaro’s Mastermind Blog about non-categorized topics.

Canadian Student Arrested in Heartbleed Hack

He’s 19 years old, a student of computer-science who reportedly
took advantage of the Heartbleed Internet breach to hack into the Canadian IRS and steal 900 social insurance numbers from the CRA (Canada Revenue Agency). While it has not been clear yet when the theft took place, Canadian authorities promise to notify all those affected.

For sure, there is much more to come as a result and a consequence of…

The Heartbleed bug

A few days back, a massive security bug left much of the Internet
exposed. As we learned, the Heartbleed bug has affected OpenSSL Protocol for about 2 years now.

"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs)." (Source: http://heartbleed.com/)

According to the Huffington Post, as much as 66 percent of the web may have been compromised by Heartbleed.

How to protect yourself from the Heartbleed hack

Let me tell you upfront, the Heartbleed hack IS a very serious issue with wide ranging consequences. And there is almost nothing that “normal” users can do against it. Being also a global issue, the Heartbleed-bug-cleanup is extremely difficult.

It’s not just your email address you need to worry about. One of the worst parts is the untraceable aspect of the possible “hack”. So stop thinking “that won’t happen to me”.  Start protecting your Internet
assets and more importantly, start protecting your identity now.

Here are some steps you should consider:
Watch for

  1. emails from people or companies saying “click here” to change your password or update your account information
  2. phone calls promising to fix your problem but only if you give them your password(s), account access or a credit card information
    right away
  3. phone calls or text messages from unknown people or from weird numbers, especially if your cellphone isn’t widely known.
  4. Use a reliable Internet security software that helps you clean up your computer.
  5. Delete all cookies from unknown websites or sites you’ve never visited.
  6. Run security scans on a regular basis.
  7. Change your passwords.

All that requires some additional work but if you want to avoid a “Heartbleed hack” you should take action now. Stay safe!

 

Related Stories:
OpenSSL has a critical security vulnerability that needs to be patched right away
Android devices await Heartbleed fix
Half a million widely trusted websites vulnerable to Heartbleed Bug

Related Videos:
Hackers and cyber security
What is Heartbleed

 

Advertisements

How to get rid of third party spam ads on your website

Chances are, that you’ll never see third party spam ads on your site:
those misleading ads that are misusing your content while trying to syphon traffic from your site. Chances are that you’ll never get into
a similar situation. But chances also are that you will.

And therefore, I decided to make this story public to warn you and
show you ways out of it. So, what happened?

Fair warning from third party ad spam

Just like many others, I usually use Firefox. Ready to launch a new website, I wanted to see what it looked like on another browser and switched over to Chrome. The site looked great, the links worked, everything was perfect.

A few days later, after some more content and some changes  on the layout, I switched again to Chrome to check the site.

I couldn’t believe my eyes… on the first page, about 10 words underlined and linked to ads I’ve never seen before, ads that I’ve never had set up or linked to myself. I switched back to my Firefox browser… no ads, no links. Back on Chrome, the ads and links were there…

I checked my site on another computer and got the same results.
On Firefox: nothing, on Chrome: links and rotating spam ads from
an unknown third party.

I took some screenshots to prove myself I was not dreaming,
to prove the trouble was real. Here is one of them:

How to get rid of third party scam ads on your websiteCan you imagine
how I felt?!
I felt helpless, frustrated, and slowly,
I got really, really
angry. I was not willing to accept that kind of “advertising” linking to my site.

After weeks of research and emailing back and forth with the customer service on WordPress.com (by the way, thanks again guys!)
I was able to finally, specify where all the trouble came from.

I remembered that

1. I downloaded FileZilla from the Internet – you know that
open source software that allows you upload files to your hosting account, don’t you.

2. I got a message on my main computer to update my iTunes – and was confused why they ask me to do that because the updates are set to auto-updates. But, in the usual hurry, I clicked on the update link – but nothing happened. And I forgot about that…

You see where we’re heading to? Pay attention to system messages and how and where you search for download links from the Internet. And here is why: those first pages that show up on the first places in Google search “containing” the download links you’re looking for, could  be some scam pages that outrank the original pages with the original content and links (see also my previous article about
The Scraping problem).

Now, what to do?

How to get rid of all those 3rd party spam ads and links on the website?

I have to mention that yes, I have a very reliable anti-virus and internet safety protection software running in the background
day in day out that usually works like a clockwork catching viruses, trojans and all kind of scammy stuff.

However, I installed a second one from another company to see what results they come up with. And the really surprising thing
was to see how many scammy sites I’ve never visited myself were identified as cookied…

As the problem must have been caused by some extensions and nested on my main computer, here is what I did on Firefox AND
on Chrome:

1. I’ve gone through all the unknown sites manually and
deleted all of them;
2. I deleted all the cookies and
3. I deleted all their “saved content” from my computer
4. Scannned the entire computer system to make sure
there’s nothing left out
5. Checked the website on Firefox AND Chrome:
no more ads, no more links.

As you see, sometimes anger can be your best friend when it comes to put yourself to work…

Third party spam ads on your website can damage your reputation as a serious entrepreneur and with that, ruin your online business.
They can contain scripts to spy on you, misuse your data and can cause you many sleepless nights and a lot of work trying to figure out where they come from and what their true intention is.

Hope you get the value in this article and use the information to
pay more attention to how you use the Internet and to check your system on a regular basis even if you’ve not seen yet those third party scam ads on your site.

Did you like this article?
Like our new page on Facebook –  thank you!

PS. By the way… Heard about StealZilla? Experts say StealZilla is
doing what FileZilla does but “actually contains a hardcoded FTP stealer which send user FTP connection information to the hackers behind the attack“. Learn more here.

Guest Blogging For SEO

A few days ago, I stumbled upon Chris Crum’s article talking about a blogpost from Google’s Matt Cutts.

Strange story… about a marketer who sent Cutts an offer for “content marketing”… meaning guest blogging for SEO and – for money.

As you may notice, content marketing has more than one meaning. But that’s just how some marketers use content marketing and guest blogging for SEO purposes.

Do you do guest blogging for SEO?

Then please stop doing it.

Over the time, Matt Cutts created more than one video warning bloggers about overusing that strategy to get more links to improve rankings. Watch the latest video messages here:

Well, that’s not what Google wants marketers do. More than that, this kind of content marketing violates Google’s Terms. No wonder that Matt Cutts said about guest blogging:

“Stick a fork in it: guest blogging is done;
it’s just gotten too spammy.”

At the moment, Google still loves guest blogging for branding and building authority. But not spammy, paid guest posts on other sites.
If you do guest blogging be careful how you do it.

Also, be careful when you’re offered software to automate guest blogging. The newest one is 3 days old and from a well-known software developer and marketer. I’ve bought some of his products for my own business and for sure, the newest tool is a great one as well.

However, no one knows what Google’s plans are and when they start changing algorithms again or releasing some more “animals”. Therefore, I prefer to stay away from guest blogging for SEO as well as from the software handling all that. Although, I have to admit it’s hard to keep away my fingers from the BUY-button…

P. S. Just in case you want to read the original blogpost on Matt’s blog, click here.

Welcome to Himaro’s Mastermind

Welcome to Himaro's Mastermind

I’d like to welcome you to my new blog here on WordPress.com and thank you for stopping by.
Himaro’s Mastermind will lead and guide you through the process of succeeding online.

As a coach and consultant, I’m often asked what the most important skills are, how to set realistic goals or how to deal with all the stress, overwhelm and frustration everyone has to experience before they become really successful on the net.

These are some of the themes we will be talking about. Interested? Let’s get started…