Industry Buzz

Jetpack Critical Vulnerability Fixed on SiteGround Servers

SiteGround Blog -

Yesterday, on April 10th, a critical security flaw in the popular Jetpack plugin was made public in an official statement by the Jetpack developers. If the vulnerability was exploited, an attacker could publish new posts in any WordPress installation using Jetpack and possibly get even more access to that site. Although we did not detect any hacked sites through that exploit on our servers, that was a critical security hole and we took several actions to patch it. Adding a Rule to Our Firewall System Normally, some of the actions of the Jetpack plugin should be executable only through a finite number of IPs that are part of the Jetpack official network. The vulnerability allows other IPs to execute these actions too. That is why the first thing we did was to add an additional rule to our firewall that prevents non-Jetpack IPs to execute such actions. Updating the Jetpack Plugin of Our Users We have also updated most of the nearly 12 000 Jetpack plugins detected on our servers to the latest security version released by its developers and applicable for the version branch used. Email, informing about the issue and the update needed was also sent to all users whose Jetpack update was not under our control.

Labeling the Purpose of Links in HTML could Reduce Link Spam

BizTechTonics -

In order to help search engines like Google & Bing understand the weight and importance of links on a page, and to reduce link spam, perhaps we need to start labeling the purpose of the links on our websites and blogs. In a previous article, we talked about “Is linking dead for SEO?” and Matt Cutt’s statement that guest blogging for SEO is dead.  Search engines are finding that using links to determine the relevancy, importance and value of a page is getting harder and harder due to link spam. But perhaps if we labelled what the links were for, we could assist Google in calculating the value of the links, while at the same time discouraging link spam. To make things simpler, some of this labeling could be done automatically by content management systems such as WordPress and forum software like phpBB. Proposed Attributes Here are some suggestions for how to label links in HTML so Google and other search engines will know what they are for.  The label would be added to your standard link /anchor <A> HTML tag.  Some of these are already part of HTML5, while some of these are my suggestions. Most of these have not been adopted by anyone yet, but hopefully some of these suggestions will get adopted in HTML5 and by Google, Bing and others. rel=”sponsored” Instead of just labeling a link as rel=”nofollow” perhaps we go a step further and declare that a link is an actual sponsored link. This would allow websites to earn income from advertisers without fear of a Google penalty for the advertiser or publisher, since these links are clearly labelled as sponsored links.  Search engines could simply ignore them for ranking purposes. On websites that adopt this, these links would naturally tend to become more relevant to the website visitor, since the purpose of the link is exclusively for the visitor to click on, and not there for SEO purposes. After all, if the link is not relevant or interesting, visitors will never click on it. This also helps bring links back to their original purpose, which is for people to use to get to other related and/or interesting webpages. rel=”topic” Using this attribute would indicate that the publisher and/or author is declaring that this link is related to the topic of the page.  In many ways, this serves as an endorsement by the publisher and author. Google could look at these links and give them more weight if organic, and issue a Google penalty if abused. Google would also have a better chance of finding link spam, because anyone using this tag is declaring that links marked with this attribute are relevant to the topic somehow.  Irrelevant links would be easier for Google to spot. If Google finds publishers purposely stuffing irrelevant links marked with rel=”topic” in a page, it could justify a strict penalty since the publisher is purposely declaring these links are relevant when they are in fact not.  This may reduce link spam, since there are strict penalties for link stuffing with this attribute, while at the same time, giving publishers the freedom to link to anything they want using the other attributes mentioned on this page. If strict penalties are in place for its misuse, honest publishers would be more likely to adopt it, and spammers would more likely not use it at all. rel=”comment” A website or blog could mark all links in comments with this attribute telling search engines that these links are not endorsed by the publisher and/or author. Comment spam would drop considerably on blogs that label which links are from the comments, if search engines started ignoring comment links or penalizing excessive comment spam. For example, if both Google and WordPress adopted this, the whole reason for posting comment spam would go away overnight (at least for WordPress) since there would be no SEO benefits whatsoever to posting links in comments.  It may take time for spammers to realize this, of course, but taking away any incentive for posting links in comments for SEO purposes would help reduce comment spam, especially the kind that has no relevancy to the topic whatsoever. rel=”discussion” This one is similar to rel=”comment” except it would be used in forums, discussion boards and other situations where there is an ongoing discussion.  This would allow publishers to declare that links in the discussions are user generated content, and are not endorsed by the publisher.  This is especially useful for websites that have both user generated content and publisher generated content, to distinguish them from each other. This reason this is different from rel=”comment” is that it is possible that the links are relevant to the discussion. but it is also possible that it is not, since it is user generated content.  Google could take this into account when analyzing a page, and give such links less weight than links that are endorsed by the publisher. Since many of these spam links are automated, patterns could be detected allowing search engines to filter out spammy user generated content.  This would allow search engines to ignore certain links, or even entire discussion boards that are know to house a lot of spammy comments. rel=”author” This one is already part of HTML5 and recognized by Google and others.  It is used to tell search engines and bots that you are linking to the author’s profile page.  This profile page can be a page on the website itself, or can be an external profile on another website or social network. Google has started to use this tag with Google Authorship, where if you link to the Author’s Google+ profile and perform a couple of validation steps, Google will know which Google+ user is the author, which gives several benefits including building credibility for the author, and displaying the author’s profile picture in Google search results (SERPs). Authors with a better reputation would see their content show up higher in search engines. rel=”contributor” This would be a link to the profile or website of someone who contributed to the creation of the page or article, but who is not the primary author.  This gives a way to give credit to graphics designers, researchers, web designer, video producer, and co-authors who created the content.  Especially since Google currently prefers that there only be one author to an article. People should get credit for their work, even if they are not the primary author, and this would be a way to be fair.  It would not give as much weight as an author attribution, but it would help Google have a better understanding of who is actually creating the content, especially content that is co-created. This would also allow the linking to contributors without fear that it be confused with link spam.  Google could simple take into account that this is a link to a contributor, and not meant to be a relevant link related to the topic, and weigh it appropriately. rel=”publisher” This would tell search engines who the publisher is, either by linking to the publisher’s website and/or to the publisher’s social network pages.  This would allow search engines to figure out who the publisher is, and which websites are related by publisher. Google has started recognizing this attribute for indicating which Google+ profile belongs to the publisher, when a Google+ page URL is entered as the URL. Publishers with consistently good content across multiple websites could get a boost in their search engine rankings, which would encourage good content. rel=”publisher-sites” This attribute would allow a publisher to link to its sister website, without fear of being penalized by Google for irrelevant links. Google could use this to determine websites with a common publisher, and also use that to calculate a publisher’s reputation.  Google would also understand that these links are, in fact, organic and not sponsored links, despite possibly being irrelevant to the topic.  Proper use of these links would avoid a Google penalty, but be given a different weight due to their nature. How this can Reduce Link Spam If labeling the purpose of links starts gaining widespread use, it could reduce link spam by: Allowing Google to distinguish between user generated links vs. publisher generated links vs. sponsored links, and weighing them accordingly. Removing the incentive of posting links in comments for SEO purposes. Reducing the incentive of posting links in forums and discussion boards for SEO purposes, since it carries less weight than publisher generated links. Making sponsored links more relevant to visitors, since sponsored links would not have any SEO benefits, but be purely for the traffic the links themselves create. With a possible Google penalty for misuse of the rel=”topics” attribute, publishers would think twice about using it for SEO purposes. Allow Google to give a boost to rankings to publishers and authors who have consistently good content. Links marked by a reputable publisher and/or author with rel=”topic” would carry more weight. Hopefully something like this catches on.  If you agree (or disagree), please comment below and share this post on social media.  Let’s get a discussion started around this topic. Image courtesy of  Stuart Miles / FreeDigtialPhotos.net.

Name.com Extended Family: Meet Brandfolder

Name.com Blog -

We want to spread the word and shed some light on the great products coming to life on name.com domain names, which is why we’ve decided to start a new video series called Name.com Extended Family. The first extended family member we’re highlighting is Brandfolder. Brandfolder is located right in our backyard here in Denver and they’ve built a useful tool for managing brand assets online. With their website, all your marketing assets can live in one spot, or, as they explain, “Brandfolder is your convenient source to visually organize, quickly find, and easily share all your final brand assets.” The company, which graduated from TechStars’ Boulder 2013 class has crafted a great looking and useful product. We’ll let Brandfolder CEO Brian Parks take it from here: loadYouTube();

"Heartbleed Bug" OpenSSL Vulnerability Affecting Internet Community

WHMCS Blog -

Summary The Heartbleed bug (http://en.wikipedia.org/wiki/Heartbleed_bug) is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1.f. This vulnerability allows an attacker to read chunks of memory from servers and clients that connect using SSL through a flaw in OpenSSL's implementation of the heartbeat extension. OpenSSL provides critical functionality in the internet ecosystem, and therefore vulnerabilities, such as Heartbleed, have a significant impact on digital communications and their integrity. What does this mean for WHMCS installations? SSL is an important protocol for securing web traffic, and thus securing web requests for logins, order transactions, etc.. WHMCS, like all web applications, must rely on web servers to correctly implement the SSL protocol. WHMCS as a web application cannot patch the Heartbleed vulnerability, nor can we mitigate its effects. However as a member of the internet community, we feel it's important to raise awareness of the risk and ensure that our users check that their server is protected. How do I check...

Where Does Your Time Go?

Bing's Webmaster Blog -

Time is the one thing we all want more of, yet no one can create more of. It limits what we can accomplish all too often, and it forces us to work faster and smarter. There’s way too much of it when you’re trying to boil water, and not nearly enough when planning vacation. It’s safe to say that humans, generally speaking, can be obsessed with time. We pay attention to it. Numerous devices exist to help us track it, “manage” it and remind us of its passing. Time is elusive, but finite. It’s elastic, but unforgiving. It can be our friend, or our enemy. And one thing is for sure…we could all do better when it comes to managing it and investing it in places. There has been a trend for some time now, specific to managing time with email, to close your email down, and only reference it a couple times each day. Email is a time suck. Your inbox will rarely be empty, there will always be something unresponded to, and everything will always be an emergency (or so those sending emails often claim). And it makes some sense, too. If you want to get something done, you need to focus on it. often a straight run on one project of 45 minutes or so will see you get more done than a couple hours trying to get work done between bouncing in an out of your inbox. On a personal level, this makes a lot of sense. But on a business level, how do things look? Where do you invest your time? Content By far the number one area to invest your time in is around your content. This is what people are actually looking for online. And most websites can improve the quality of their content. Not saying it isn’t already good, but wouldn’t great be better? And yet, so many websites seek shortcuts. Guest blogging (so I don’t have to write it), content farms (see last excuse), User Generated Content (repeating the excuse and adding “it’s more topical”), content feeds for ecommerce sites (I have too many items to tweak every one individually). So again, time can be against you in some of these cases. It does take time to create unique, useful content. But if you focus on the things visitors are really searching for, you’ll find a narrower area to start from, making the work much more manageable. Social Media This one can take time, and at the very least, you want to pay attention here to respond in a timely manner. Funny thing, though, is that most of us in the industry tend to think of response times via social media as needing to be measured in minutes, when it’s unlikely the average consumer thinks that way. They might be upset, and sure they’d like you to respond immediately. But in situations where genuine problems exist, even responding within 24 hours is often more than enough to help turn the situation around. Most consumers are just happy you responded full stop. And creating content for social media takes time. Where does it come from? Well, I can think of a couple areas: link building and seo for starters. By learning to streamline your social media program, or even outsourcing it to trusted companies, you can see real time savings and still engage directly with people who respond. Usability (User Experience) Now we’re probably all guilty of not spending as much time as we could focused on UX testing. But it’s a critical area. So critical its worth rerouting time and money from other projects to nail this one. Many websites face a common issue, though: it’s too big a job. Here’s a moment when you need to realize time is your outright enemy. The longer you don’t invest in this critical work, the farther behind you fall as your own site grows, and your competition moves forward. You will have ever more work in this project, which takes longer and costs more. If your biggest competitor did UX testing and reworked their website based on that feedback, however, and suddenly started taking your rankings and traffic, would that make it a higher priority? If you’re saying yes, just wait a bit for your old nemesis “time” to work it out…because this scenario will probably come to pass and force your hand. Link Building People still focus on this. They invest time and money in the pursuit of links. I get it, as links are still useful. Both as signals to search engines and for direct traffic. But ask yourself if the amount of time you invest in chasing links justifies the returns those links get you. What if your content and UX were so good people loved you? And they shared your URLs across social media all the time? You’d get all kinds of useful links, naturally. So lean on those areas to build links. Put your time into them and see the rewards. SEO Still gotta be done, but…how much time is actually needed? In truth, for many businesses, not a whole lot these days. This doesn’t mean companies should ditch their inhouse teams or drop their consultants and agencies. The work being performed is important and needs to be done. But again it comes back to balance. If you have a person working full time on SEO, do you have 3 people working full time on content creation? Do you have a team doing usability work? Across the business, how does the balance look? Let’s look at bloggers as an example. Most don’t do SEO. Of those that do, many simply devote minutes to the activity via a plugin in Wordpress, for example. The point here is their focus. It’s on creating content, not SEO, or link building. And it works for many as their traffic grows, visitor numbers increase, etc. In the end, how you invest your time is your choice. But I’d encourage you to think about what expected returns you’ll get from the work you do invest in. The landscape for businesses is constantly changing online. Mobile is big, local is big and wearables are set to explode. How is your time investment in planning or executing in those areas these days? More work, same amount of time. Which do you choose? Maybe grab a coffee, take a little time and think it through…but don’t take too long, of course. Duane ForresterSr. Product ManagerBing

Some Heartbleed Bug advice for Name.com customers (and pretty much everyone with SSL)

Name.com Blog -

In the past few days security researchers discovered a serious vulnerability in OpenSSL Certificates that has existed for more than two years. It’s called the Heartbleed Bug, and you can read more about it here. The basic problem is that personal information, like passwords and credit card information, could have been compromised on sites that were using OpenSSL. The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL: Step 1: Generate a new Key / CSR (certificate signing request) from within your name.com hosting account Step 2: Re-issue an SSL certificate on your domain name. For more detailed instructions you can reference this tutorial. Also—and this is very important—if you have users that log in to your site, we suggest that you notify them to reset their passwords.  Please don’t hesitate to reach out to us if you have any further questions. Our legendary customer support team is here and ready to take your call or email. Also know that: If you purchased the SSL Certificate through us, we will do the re-issue regardless of whether it’s hosted at Name.com. A re-issue allows you to create an entirely new certificate after generating a new private key and CSR. You can do this! For a more detailed tutorial, Sky Diegel in our customer support created these steps: 1. Visit this link. 2. After watching the video, click the link at ‘Step 2′. 3. On the next page, enter the fully qualified domain name. This is the sub-domain that the original certificate was issued on (i.e. www.domain.com, login.domain.com, secure.domain.com, *.domain.com etc.). 4. Enter the email address you used when you signed up for the certificate, or the whois technical contact email address. 5. Enter the ‘Image Number’ (Captcha) and click ‘Continue’. 6. On the next page you will need to verify the expiration date of the certificate if more than one comes up. 7. Once you have verified, click ‘Request Access’ and the re-issue will be sent to the supplied email address. 8. This email is used to create the new CRT file (the actual certificate) using the new CSR. 9. Once the CRT is installed on the hosting server, the installation of a new certificate is complete. **Note that a re-issue does not modify the expiration date of your original certificate** Reissuing your SSL Certificate is something that can be done from the convenience of  your own computer, but if you run into any issues or have questions, we are here to help.

A New SEO Feature and a New Account Level

Everything Typepad -

We know that search engine optimization is important to all of our Typepad subscribers, so we wanted to let everyone know about a neat little feature we've recentally released - meta descriptions for Pages. We've had meta descriptions for posts already, but now your Pages have the same option. When composing your Page, the Excerpt field can be used to generate a short summary of it. If you do not write an excerpt yourself, one will be generated automatically from the first 100 words of the post or the number of words you have set in Settings > Posts & Pages, under Auto-Generated Excerpt Length. This excerpt will also be used as the Meta Description for the Page and picked up by search engines like Google. It's just another great way that Typepad helps your and your blog get the attention it deserves. We've also added a new account level, Enterprise. Enterprise is aimed at small companies and other organizations who would like to add a blog administrator to their blog but for whom Typepad Business Class has been out of their budget. You can sign up for the Enterprise level here.

It’s Not Intentional, It’s Just Their Personality

LinkedIn Official Blog -

Every workplace has its own unique cast of characters who drive the overall culture of the organization. Regardless of how harmonious this culture may appear, we must keep in mind that every cast member is different and has the ability to contribute to or detract from that harmony. The challenge is that when it comes to spotting what sets us apart, we tend to focus on superficial differences such as gender, race, and ethnicity. Although it’s natural to focus our attention on the obvious, it’s not always the right path, particularly when it comes to building relationships and fostering team cohesion. The fact is one of the greatest drivers of misunderstanding and conflict between individuals is personality. One of the key reasons for this is that we often mistake personality for intent. In other words, we have the tendency to assume a colleague is intentionally acting different from us, when in fact she is actually different from us. For example, some people are more extroverted and assertive whereas others are more introverted and reserved. In meetings, this can be a challenge when the extrovert feels the introvert isn’t contributing as aggressively as desired, when in fact, the introvert is just processing, reflecting, and waiting for the right moment. Other less obvious differences can include an individual’s need for structure, routine, and control vs. someone who is wide open, fluid, and collaborative or how agreeable someone is vs. someone who tends to stick to their guns. The key point to remember here is that these differences are natural preferences that will often drive behaviors counter to what is natural for you. They are not intentional acts designed to undermine you. When it comes to understanding personality differences, one of the most researched models is the five-factor model also known as the Big Five. The theory is that there are five major trait categories that describe our personality. According to the Big Five, we all consistently fall somewhere along each of the following five continuums that many refer to as OCEAN: Openness to experience, Conscientiousness, Extraversion/introversion, Agreeableness, and Neuroticism. Openness to Experience: At the open end, individuals are highly interested in experiencing new things and are flexible in their thinking, where at the opposite end, individuals are more closed and rigid in how they approach new experiences. Conscientiousness: Those who are high in conscientiousness tend to be diligent and dutiful in the way the approach work and life. Individuals who are lower on the conscientiousness scale tend to be big picture thinkers and less interested in the details of how things get done. Extraversion/Introversion: Probably the most recognizable personality trait is extroversion because it’s easy to see. Extraverts are socially assertive and gain energy from performing for and interacting with others. Introverts draw energy from reflection and tend to prefer working alone or in small groups. Agreeableness: This scale looks at the level of friendliness versus hostility that someone tends to display when interacting with others. Those high in agreeableness are more trusting and modest whereas those low in agreeableness are more suspicious and oppositional. Neuroticism (Emotional Stability): Those who are highly neurotic tend to be less stable and frequently demonstrate negative emotions. Those who are more emotionally stable are generally more pleasant and tend to be more resistant to stress. Diversity of personality is often a key component to building a successful team. Take the time to get to know and understand the personalities of those you work with. There are numerous personality assessments out there on the market, most of which are about as useful as taking the latest Cosmopolitan quiz. So, when looking for an assessment, be sure to work with a trained professional and seek out those assessments that have some foundation in or strong overlap with the Big Five. Photo Credit: Flickr/hang_in_there

50 Viral Photos Posted by Fitness Facebook Pages (Killer Examples!)

Post Planner -

Are you in the fitness industry? Do you want to crush it on Facebook? Good… you’re in the right place. This post will give you deep insights into which kinds of Facebook photos go viral for fitness related pages. And these insights aren’t based on my opinion.  They’re based on cold hard numbers — specifically, the Like, Comment & Share numbers from thousands of fitness photos. I selected 50 fitness pages from multiple sectors in the fitness industry, including: Magazines Celebrities / Personalities / Coaches Websites Blogs Supplements Then I used Post Planner’s crazy powerful Viral Photos feature to crunch the numbers & show me the #1 most VIRAL photo from each of the 50 pages. The results are below. So if you’re in the fitness industry & you want your next Facebook post to go viral, then post a photo similar to the ones below. 50 Viral Photos Posted by Fitness Facebook Pages These are the #1 most viral photos from each of the 50 pages. 1. Jillian Michaels Jillian Michaels is America’s Toughest Trainer American, talk show host & entrepreneur. >> Click to Tweet // Post by Jillian Michaels. 2. BodyRockTv BodyRockTv is a daily fitness show that focuses on fat burning strength training workouts. >> Click to Tweet // Post by BodyRockTv.   3. Shredz Supplements Shredz Supplements provides naturally sourced ingredients & gluten-free fitness supplements to customers in over 45 countries >> Click to Tweet // Post by Shredz Supplements. 4. Blogilates Blogilates is a site that focuses on fitness, food & pop pilates. >> Click to Tweet // Post by Blogilates. 5.  Cellucor Cellucor is a supplement brand known for its premier weight loss & sports nutrition products. >> Click to Tweet // Post by Cellucor. 6. Zuzka Light Zuzka Light is the leading fitness personality on YouTube. >> Click to Tweet // Post by Zuzka Light. 7. Beast Sports Nutrition Beast Sports Nutrition  is an award winning supplement company based in Boca Raton, Florida established since 1995. >> Click to Tweet // Post by Beast Sports Nutrition. 8. Elliott Hulse Elliott Hulse is a strength coach at Hulse Strength >> Click to Tweet // Post by Elliott Hulse. 9. Jay Cutler Jay Cutler is a 4 time Mr. Olympia winner & 3 time Arnold Classic Champion >> Click to Tweet // Post by Jay Cutler. 10. Rob Riches Rob Riches is a London-born fitness personality & 2009 World fitness model champion. >> Click to Tweet // Post by The Official Rob Riches Fitness Group. 11. Phillip Heath Phillip Health is an american IFBB professional bodybuilder and current Mr. Olympia. >> Click to Tweet // Post by Phillip Heath. 12. Greg Plitt Greg Plitt is an American fitness model and actor. >> Click to Tweet // Post by Official Greg Plitt Fan Page. 13. Flex Lewis Flex Lewis is a 2 times Mr Olympia 212lb Champion. >> Click to Tweet // Post by Flex Lewis IFBB Pro. 14. Alex Body Revolution Alexander Pauwels is a fitness trainer & founder of alexnobsfatloss.com fitness program >> Click to Tweet // Post by Alex Body Revolution. 15. Paige Hathaway Paige Hathaway is a celebrity fitness model, trainer & a Shredz sponsored athlete. >> Click to Tweet // Post by Paige Hathaway. 16. Gym Flow 100 Gym Flow 100 is a fitness, healthy & lifestyles blog. >> Click to Tweet // Post by Gym Flow 100. 17. Bodybuilding.com. Bodybulding.com is the #1 most visited fitness website with over 1.1 million visitors daily. >> Click to Tweet // Post by Bodybuilding.com. 18. Muscle & Strength Muscle and Strength is a muscle building & fat loss educational site & online supplement store. >> Click to Tweet // Post by Muscle & Strength. 19. Fitness Baron Fitness Baron is a blog that publishes articles on building muscle, getting fit, cardio, yoga & nutrition. >> Click to Tweet // Post by Fitness Baron. 20. Sprint Fit Sprint Fit is a supplier of fitness gear, footwear & sports nutrition based in New Zealand >> Click to Tweet // Post by Sprint Fit. 21. JackedPack.com. Jackedpack is a monthly subscription supplement company. >> Click to Tweet // Post by JackedPack.com. 22. Training For Warriors Training For Warriors is a physical & mental training program created by Martin Rooney. >> Click to Tweet // Post by Training For Warriors. 23. Underground Wellness Underground Wellness  is a blog for nutrition & exercise information. >> Click to Tweet // Post by Underground Wellness. 24.  The Fitnessista The Fitnessista is a lifestyle blog emphasizing on quick workouts, healthy recipes & adventures. >> Click to Tweet // Post by The Fitnessista. 25. Nerd Fitness Nerd fitness is a website for nerds & average Joes who wants to be fit. >> Click to Tweet // Post by Nerd Fitness. 26.  Lift Like a Girl Life Like a Girl is a strength training & nutrition information website. >> Click to Tweet // Post by Lift Like a Girl. 27. Breaking Muscle Breaking Muscle is a team of experienced professionals dedicated to providing fitness news. >> Click to Tweet // Post by Breaking Muscle. 28. Men’s Health Men’s Health is one of the world’s largest men’s magazine for fitness, sex, women, workouts, weight loss, health, nutrition & muscle building. >> Click to Tweet // Post by Men’s Health. 29.  Men’s Fitness Men’s Fitness is a magazine that focuses on giving complete guide to exercise, health, lifestyle & nutrition. >> Click to Tweet // Post by Men’s Fitness. 30.  Flex Bodybuilding Magazine Flex is the bodybuilder’s source for bodybuilding news, competitions, athletes, training, nutrition & supplements. >> Click to Tweet // Post by FLEX BODYBUILDING MAGAZINE. 31. Muscle Insider Muscle Insider is Canada’s #1 muscle-building magazine which covers training, nutrition, supplement & drug research. >> Click to Tweet // Post by MUSCLE INSIDER. 32. Women’s Health Women’s Health is a magazine for women who want to be healthy & fit. >> Click to Tweet // Post by Women’s Health. 33. Oxygen Magazine Oxygen Magazine covers women’s fitness training, nutrition, fat loss & health. >> Click to Tweet // Post by Oxygen Magazine. 34.  Critical Bench Critical Bench is a power-building, strength training & weight training workouts website. >> Click to Tweet // Post by Critical Bench. 35. You Are Your Own Gym You Are Your Own Gym is a site that focuses on bodyweight exercises for fitness. >> Click to Tweet // Post by You Are Your Own Gym. 36. Body Fortress Body Fortress is a maker of premium bodybuilding & weight-lifting supplements. >> Click to Tweet // Post by Body Fortress. 37.  ATHLEAN-X Athlean-X is a fat burning & muscle building workout program by Jeff Cavaliere >> Click to Tweet // Post by ATHLEAN-X. 38. Optimum Nutrition Optimum Nutrition is a leading manufacturer of 2 brands of nutritional supplements: ON & ABB Performance. >> Click to Tweet // Post by Optimum Nutrition. 39. Fitness On Toast Fitness on Toast tackles fitness, nutrition & fashion. >> Click to Tweet // Post by Fitness On Toast. 40. Mark’s Daily Apple Mark’s Daily Apple focuses on health, nutrition, fitness, low-carb & paleo lifestyle >> Click to Tweet // Post by Mark’s Daily Apple. 41. PopSugar Fitness PopSugar Fitness shares weight-loss tips, approachable workouts, healthy recipes & the latest in health. >> Click to Tweet // Post by PopSugar Fitness. 42.  BSN BSN is a bodybuilding, fitness & physique supplements company founded in 2001. >> Click to Tweet // Post by BSN. 43.  Ainsley Rodriguez Ainsley Rodriguez is a fitness model & Shredz athlete >> Click to Tweet // Post by Ainsley Rodriguez. 44. LHGFX Fitness Model Photography LHGFX provides unique blend of styles in fitness, fashion, glam, editorial & commercial photography services. >> Click to Tweet // Post by LHGFX Fitness Model Photography. 45. Bella Falconi Bella Falconi is a fitness model, personal trainer & USN ambassador >> Click to Tweet Post by Bella Falconi. // 46. FitnessBlender.com Fitness Blender offers full length home HIIT, cardio, strength training,  Pilates & yoga videos for free. >> Click to Tweet // Post by FitnessBlender.com. 47. Mike Chang’s Six Pack Shortcuts Six Pack Shortcuts is all about getting a ripped body & six pack abs. >> Click to Tweet // Post by Mike Chang’s Six Pack Shortcuts. 48. Lionsgate BeFiT Lionsgate BeFit offers exercise workout & fitness videos & DVDs >> Click to Tweet // Post by Lionsgate BeFiT. 49. Muscle Pharm Muscle Pharm is a nutritional supplement company headquartered in Denver, Colorado >> Click to Tweet // Post by Muscle Pharm. 50. USPlabs USPLabs is a nutritional supplement manufacturer founded by Jacob Geissler >> Click to Tweet // Post by USPlabs. Takeaways Going through all these photos, here’s my take on what tends to make fitness Facebook photos successful: Your personality is key! Be personal and inspire others Humor is your best friend Quotes works Contests are always a good idea Want to see more Viral Photos from pages like these? No problem. It’s so easy! Just click here to install the Post Planner app. Once you’re in the app, just click “Viral Photos” and add any page you want. There’s no better way to shorten the learning curve & start posting viral content on your own page. What do you think? Why do you think these photos did so well? Please leave a comment below & let me know your opinion. Then GO TO THE GYM! The post 50 Viral Photos Posted by Fitness Facebook Pages (Killer Examples!) appeared first on Post Planner.

Hiring By Audition Expanded

Matt Mullenweg Blog (Founder of WordPress) -

The guest blog on Automattic’s hiring process for the Harvard Business Review ended up being pretty popular and thanks to Michelle Weber and Dan McGinn it’s been expanded into a longer version that’s now on shelves in the actual magazine! Very excited about this. If you are in an airport and see it on the stands (as above) definitely pick it up, it’s a great issue.

Important – Impact of Heartbleed bug on your ResellerClub Account

Reseller Club Blog -

It’s been a while since there was a computer security bug that we all had to worry about. Unfortunately, it seems like we may all have been facing one for two years and not even realized it. Earlier this week, security researchers announced a security flaw in OpenSSL, a popular data encryption standard, that gives hackers who know about it the ability to extract massive amount of data from the services that we use every day and assume are mostly secure. This isn’t simply a bug in some app that can quickly be updated – the vulnerability is in on the machines that power services that transmit secure information, like Facebook and Gmail. Read on to know more about how this affects you as a ResellerClub Reseller.   Steps that we are taking: We have updated the OpenSSL packages installed on all our Linux shared hosting servers At 05:30 hrs (GMT) on 11 Apr, 2014 Orderbox will face a brief downtime of upto 5 minutes to allow us to make some security upgrades During this 5 minute period, no orders on Supersite or API will be processed and any existing sessions on the Control Panel will be logged out, requiring you to login again Steps that you have to take: The Heartbleed bug makes it practically impossible to detect history of abuse, but to be on the safer side, we strongly recommend that you change your Reseller Account passwords and also announce to your customers that they should change their passwords. Hosting and/or SSL Certificate customers with Resellerclub: If you have purchased both hosting and SSL Certificates for an installation from ResellerClub, follow steps a and c below If you have purchased hosting from ResellerClub and have SSL enabled  on it with an SSL Certificate from a 3rd party vendor for your installation, follow steps b and c below If you have purchased SSL Certificated from ResellerClub but host with a 3rd party provider, follow step a below and reinstall the Certificate according to the instructions of your hosting provider You will need to re-issue the SSL certificate from the Orderbox control panel by referring the steps mentioned in the following KB article : http://manage.resellerclub.com/kb/servlet/KBServlet/faq1094.html You will need to contact your vendor to re-issue the SSL certificate. Once the SSL certificates are re-issued, you need to install the new certificates under the hosting packages. You will need to install the reissued SSL Certificate by following the instructions relevant to you from the below options:For cPanel: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/ActivateSSLOnYourWebsite For Plesk :- http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-administrator-guide/index.htm?fileName=70920.htm In case you use the ResellerClub API, we strongly suggest that you regenerate your API key by logging into your Control Panel and navigating to Settings >> API and clicking on ‘Regenerate’ icon to get your revised API key. Update your API calls to use the new key. If you resell hosting through us, you can use the force password reset option in WHM to ensure that all your hosting customers change their passwords What is the Heartbleed bug? Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the majority of sites on the web that need to transmit data users want to keep secure. It basically gives you a “secure line” when you’re sending an email or chatting on IM. Encryption works by making it so that data being sent looks like nonsense to anyone but the the intended recipient. Occasionally, one computer might want to check that there’s still a computer at the end of its secure connection, so it will send out what’s known as a “heartbeat,” a small packet of data that asks for a response. Due to a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end of a connection into sending over data stored in its memory. How bad is that? It’s really bad. Web servers can keep a lot of information in their active memory, including user names, passwords, and even the content that user have uploaded to a service. But worse even than that, the flaw has made it possible for hackers to steal encryption keys, the codes used to turn gibberish encrypted data into readable information. With encryption keys, hackers can intercept encrypted data moving to and from a site’s servers and read it without establishing a secure connection. This means that unless the companies running vulnerable servers change their keys, even future traffic will be susceptible. Additional details can be checked at: http://forums.myorderbox.com/index.php?/topic/4952-massive-security-flaw-thats-taken-over-the-internet/ and http://www.heartbleed.com If you have any doubts or queries, please let us know in the comments below!

No HeartBleed at BigRock

BigRock Blog -

A groovy name but a threatening personality, such is the nature of a brand new bug found in OpenSSL, the open-source software package broadly used to encrypt Web communications. This bug allows attackers to steal information off your emails even if your site is SSL secured. All communication channels including email, Instant messangers (IM) and VPN are all vulnerable to this attack. This means once stolen the attackers can use this data to impersonate services, websites and users too. This super serious vulnerability has the web in a fix but thankfully the smart folks at Google have already dispatched a fix for this bug and the real good news is that we have already adatped to the fix so your website and data are totally secure now. Here’s what you need to know about this threat and the measures we’ve taken to address the threat. How does the Heartbleed bug work? Any site that is secured using OpenSSL works using a Public key and a Private key to encrypt any data trasnfered to and from the site. This makes all data on a site encypted and safe. The Heartbleed bug has leaked the Private key itself so any data on your website becomes visible to the keyholder who can now decrypt it. This means, if in a worst case scenario your Private key was copied by someone they can continue reading data even though we have fixed the bug from our end. What you need to do is get a re-issued SSL certificate from your current certificate provider. Are you affected? Given the fact that OpenSSL is the most popular open source cryptographic library and TLS (transport layer security), loads of websites use it in some form or function. The good news though, is that we’ve applied the fix and any data hosted with us is totally safe. What have we done to fix it? As soon as this threat was discovered, a few super awesome folks took it upon themselves to fix the problem. The fixed version of OpenSSL was thus made live and rightly called “Fixed OpenSSL” (we never said they were creative, just super smart and super awesome). We’ve adapted to this newly Fixed OpenSSL that makes all data hosted with us totaly secure. What’s next for you? We have no evidense that suggests any of our issued keys were compromised but as a security measure we’d recommend getting a re-issue of your SSL certificate. Do reach out to if you’ve purchased your SSL certificate from us. If you’ve purchased it from some other vendor, get in touch with them to get a re-issue. For all you techies who want the real scoop on this bug, here’s a link that will satisfy your tech appetite on this matter: http://heartbleed.com As usual, feel free to reach out to us should you have any concerns regarding this.

New gTLD Testimonial: New Angle Media

1&1 Online Success Center -

New Angle Media is a marketing technology agency that specializes in creating software, solutions, and studio productions for a number of high-level clients. President of the agency, Kristopher Brandt, understands the importance of keeping up with the newest technology trends, since he is always recommending the same thing for his clients. With the introduction of hundreds of new generic top-level domains to the market, Brandt jumped on the opportunity to secure a new, relevant domain name for his business. “With better search placement and a whole new world of branding opportunities opening up with these next-generation domain names, we are excited to see the possibilities going forward,” said Brandt. “This new era of domain extensions will really allow us to micro target our marketing efforts and help us clearly distinguish who we are and what we do.” Brandt plans to set up the new NewAngle.Solutions domain name to redirect to a specific landing page on the existing agency website. This way they can target a specific audience for marketing purposes, and clearly measure how effective their efforts are. “The new TLDs provide virtually limitless opportunities for highly-targeted branding that will allow small businesses to acquire domain names that identify their specific industries or areas of focus,” said Brandt. Brandt also encourages other business owners not to miss out on the opportunity to a secure a new, relevant domain name for their website. “The Web and its underlying technology and now infrastructure are constantly changing, and businesses large and small must proactively adapt or risk being left behind,” he said. “As usual, 1&1 is ahead of the curve in staying on top of the latest Web technology and we are pleased with their industry leading service.”

Heartbleed Bug

HostGator Blog -

The post Heartbleed Bug appeared first on HostGator Web Hosting Blog | Gator Crossing.You may have now heard of the “Heartbleed Bug.” Before we continue, we want to reassure you that if you are hosting on a HostGator shared or reseller server, that your server has already been patched. For everyone else, HostGator customer or not, we have created the following tool to assist you with determining whether or not your site is presently vulnerable and what further action to take, if necessary: https://heartbleed.hostgator.com/ Now, what exactly is the Heartbleed Bug? Technically speaking, it is a serious vulnerability in the popular OpenSSL cryptographic software library. In layman’s terms, it allows the ever-present nefarious individuals the ability to intercept and decode encrypted data. The following quote comes from heartbleed.com: “The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.” The bug is so-named due to a normal function between two computers across a network (such as the Internet) sharing an encrypted connection. The “heartbeat” is simply a pulse, or packet of information, sent from one machine to the other to ensure the connection still exists. This functionality is what allows the exploit to occur, in that the heartbeat is simulated by a third party in such a way as to allow them access to the memory of the receiving server. What this translates to is virtually unlimited, and untraceable, access to a myriad of private information which potentially can include usernames, passwords, and even credit card information. The full extent of the situation is not presently known. What is known is that we should all consider all of our passwords to be compromised. As a result, you absolutely want to update any passwords for anything and everything you log into online. However, if you change your password for an account on a server that has not been patched, then you can consider the new password compromised as well. For full information regarding this situation, we recommend reading the associated Wikipedia article. web hosting

Now Available - New Memory-Optimized EC2 Instances (R3)

Amazon Web Services Blog -

I talked about the upcoming memory-optimized EC2 instance type (R3) last week and provided you with configuration and pricing information so that you could start thinking about how to put them to use in your environment. I am happy to report that the R3 instances are now available for use in the following AWS Regions: US East (Northern Virginia) US West (Northern California) US West (Oregon) EU (Ireland) Asia Pacific (Tokyo) Asia Pacific (Sydney) Asia Pacific (Singapore) Memory-OptimizedR3 instances are recommended for applications that require high memory performance at the best price point per GiB of RAM. The instances include the following features: Intel Xeon E5-2670 v2 "Ivy Bridge" Processors Hardware Virtualization (HVM) only SSD-backed instance storage, including TRIM support Enhanced Networking with lower latency, low jitter, and high packet-per-second performance The R3 instances are available in five sizes, as follows (prices are in US East (Northern Virginia); see the EC2 pricing page for full information): Instance Name vCPU Count RAM Instance Storage (SSD) Price/Hour r3.large 2 15 GiB 1 x 32 GB $0.175 r3.xlarge 4 30.5 GiB 1 x 80 GB $0.350 r3.2xlarge 8 61 GiB 1 x 160 GB $0.700 r3.4xlarge 16 122 GiB 1 x 320 GB $1.400 r3.8xlarge 32 244 GiB 2 x 320 GB $2.800 You can launch the r3.xlarge, r3.2xlarge, and r3.4xlarge instances in EBS-Optimized form, with additional, dedicated I/O capacity for EBS volumes. The r3.8xlarge instance features 10 Gigabit networking. Customer ReactionSeveral AWS customers have been working with the R3 instances in preparation for today's launch: Netflix is the world’s leading Internet television network with over 44 million members in 41 countries enjoying more than one billion hours of TV shows and movies per month, including original series. Coburn Watson, Manager of Performance Engineering at Netflix told us: We run many memory-hungry applications to support the volume of content our customers access. These applications require instances with high memory footprint and high memory bandwidth. By delivering high memory capacity, and high performance, R3 instances address these needs at a low cost and we are already planning to utilize them to support many of our applications and services. MongoDB is one of the most popular NoSQL options on AWS. It uses aggressive memory caching for its data file management and benefits from access to copious amounts of memory. Matt Asay, VP of Marketing and Business Development at MongoDB, told us: R3 instances provide a broad spectrum of compute and memory scaling options for our customers to realize full memory caching potential of MongoDB.  Our customers can start with a smaller instance for testing and early development, and scale to larger R3 instances as they move to production. Metamarkets enables buyers and sellers of digital advertising to understand and visualize large quantities of data in real-time. Patrick McBride, Head of Technical Operations for Metamarkets, told us: A key part of our analytics platform is Druid, our open source datastore that’s built to analyze tens of billions of records in under a second.  For certain query types, R3 instances help us reduce Druid’s median query time by nearly 50%. That means a better experience for our clients, who rely on us to deliver insights right when they need them. Partner SupportMany APN (Amazon Partner Network) Technology Members are working to make their offerings available on the R3 instances. Here's a sampling: Buddha Labs - Hardened Red Hat Enterprise Linux 6 x64 for Cluster Instances and DISA STIG Red Hat Enterprise Linux 6.4 x64 For Cluster Instances. Parallel Universe - Parallel Universe with Cluster Instances (Red Hat Enterprise Linux, SUSE LES, Ubuntu Server, Amazon Linux, GPU Amazon Linux). SoftNAS Cloud - High Performance Cloud NAS and SAN. MathWorks - MatLab and Simulink. -- Jeff;

Search Engine Optimization for your Reseller Business – A Cheat Sheet

Reseller Club Blog -

You have signed up for a ResellerClub account and have got yourself a slick storefront in the form of the Supersite, or already have your custom storefront and have tied in with our back-end through API or WHMCS. Your business needs impetus, visibility and presence in the eyes of your potential customers and you can get that by targeting one of the biggest sources of traffic on the web – search engines. In fact, when venturing into digital marketing for your business, Search Engine Optimization (SEO) should be one of the first facets to explore, before you try other paid forms of online advertising. Simply put, SEO refers to techniques that increase the visibility and reach of your website by ranking it higher in organic search results. SEO can be divided into two main areas; on-page optimization which covers everything that can be done on the pages of your website to improve the website’s search rankings, and off-page optimization which covers activity that is done on other websites which can impact the ranking of your website – positively or negatively. In this first article we will cover only the on-page optimization aspects of SEO. Now that we know what SEO means (well at least somewhat), let’s start by looking at a few things that are must-knows about on-page optimization: Keywords – The building blocks of every successful SEO effort Keywords can be defined as a set of labels/words/phrases that define the business objective and the content of a webpage. The most relevant and hence most important keywords for your website as a whole will then be the set of keywords that appear most often across all pages of your website. If you want to stand out when compared to your competitors, then it is vital to invest a good amount of time and resources into understanding your Target Audiences better. This will help you narrow down specific keywords that your target group is likely to search for on Google to get to your website. Let me help you understand this better with an example. Let’s say you are a Hosting provider in India, you would start your SEO exercise by preparing a list of phrases that are relevant to your target audience. These terms should be both brand related and generic. To organize it better, you could consider breaking your terms down into category, sub-category and specifics. For example, a category could be Hosting, a sub-category could be Shared Hosting, and a specific term would be buy hosting in India. In order to rank higher in search results, it is essential to ensure that your website contains these keywords. With targeted and relevant keywords, you can increase the click through rate (CTR) of your website, reduce bounce rates and consequently increase conversions. Now that we have identified a list of keywords for your website, you can use them in the following 5 elements of on-page optimization. 1. Page Title 48% people click on a Search Result solely based on the relevancy of the Page Title of the website as seen on Search Engine Result Page (SERP). A Page Title, very simply put, is the first thing your potential customer sees on the SERP, based on which he/she decides whether to visit your website or not. A recommended practice is to include your brand name and specific keywords in your Page Title to make it as relevant to that particular page as possible. The Page Title must be unique for each and every page of your website, indicative of the purpose of that respective page. This simply means that if your potential customer searches for “buy reseller hosting”, then your Page Title should contain “reseller hosting” in addition to your brand name. Moreover, a click on this Search Result should take him/her to the “reseller hosting” product page as opposed to a generic landing/home page of your website. 2. Meta Descriptions: Meta description refers to the description of your website which appears in search engine results. Meta description should contain a brief keyword-rich description of your website focusing on the areas that your business is specialized in. Meta description has a fairly large impact on the click-through rate of your website, and hence must be given serious thought. If a searcher finds it appealing he is more likely to click to find out more information. But if your Meta Description is too generic and isn’t written too well then there is a good chance that your site will simply be ignored. If you are using Supersite 2 refer this link to find out more about adding Meta Descriptions to your Supersite 2 for better SEO. Taking our example forward, your Meta Description could read something like: 3. URL Structure From an SEO perspective, a website’s URL structure must be meaningful and intuitive. A good practice is to ensure URL names relevant have keywords in them, not gibberish numbers, alphabets and punctuation marks. Use the syntax given below as a thumb rule for creating URLs that search engines love. businessname.com/topic-name Supersite 2 allows you to customize URLs for specific Landing Pages with utmost ease. Refer to the link below to find out how you can modify the landing page URLs on your Supersite to meet your SEO goals: http://manage.resellerclub.com/kb/answer/1897 4. Page Content We cannot stress enough upon the importance of unique, high quality, and relevant content on your website. Don’t believe us? Take a look at Google’s quality guidelines to see for yourself. It’s important to ensure that your website content is keyword-rich, as visitor time on site is directly proportional to relevancy for their search result. This simply means that visitors are much more likely to stay on a page if they can see the terms they had searched for on it. However, it’s critical you use these keywords naturally and avoid over-using keywords for the sake of SEO. If keywords are used too frequently for the sake of ranking up in SERP’s, it can appear manipulative and result in your website being demoted or even blacklisted in search results. And hey, no one wants to read content like that, anyway. Please note: In search engine optimization (SEO) keyword density is the measurement in percentage of the number of times a particular keyword or phrase appears compared to the total number of words in a page. The recommended keyword density is said to be 1 to 3 percent. Use a keyword density tool to calculate the keyword density of a webpage to avoid over usage of keywords. Refer to the link below to know more about content customization on Supersite 2. http://manage.resellerclub.com/kb/servlet/KBServlet/faq1106.html 5. Images and Alt Text You can look at including relevant keywords in a natural way in your image titles and alt text. This doesn’t have a significant impact on your search rankings, but it surely helps Google find your website in image searches, thus boosting the accessibility quotient of your website. Again, rather than adding keywords to image titles and alt text only for the sake of SEO, try and improve user experience by being as accurate and descriptive as possible with your images. While this post is by no means is an all encompassing list of principles and tactics to succeed at search engine optimization, it can definitely serve as a reference point for you to begin your SEO efforts. Take a look at our knowledgebase guidelines to learn some more about Optimizing your SuperSite for Search Engines. We hope you found this article useful. Stay tuned for our upcoming post on off page SEO techniques where will guide you through off page SEO activities that you can focus on. We would love to know your thoughts on SEO in the comments below!

Why Every Business Needs a Business Domain Name

GoDaddy Blog -

An online presence is crucial to the success of your business. Most consumers search online for local products and services. If you don’t have a business domain name, that means people are searching for — and not finding — your business online. The first step to building your online presence is to secure a domain name. For more information, see Domain Name Basics. Here’s what a domain name can do for your business: Accessibility — Your actual store might open its doors from 8 a.m. to 5 p.m., but a domain name is available 24/7. You can use your domain name to build a website that provides important information, such as your store hours, phone number, location, and descriptions and images of your products and services. You can even connect with customers personally through a blog. Brand Protection — If you don’t register a domain name and create a site for your business, someone else might. In fact, we recommend registering multiple domain names to ensure brand protection. For more information, see Why should I register more than one domain name? Professional Email — Did you know that when you register a domain name, you can create custom email addresses? For example, if your site is CoolExample.com, then you can create email addresses like Info@CoolExample.com andSales@CoolExample.com. Having your email address at your business name is much more professional that using a free email service. Promotion — Even if you aren’t selling products and services online, you can use a domain name to promote your brick-and-mortar business. For example, you can direct customers to CoolExample.com. On your website, you can advertise upcoming sales and events, offer special discounts or printable coupons, and highlight what’s new. Online Sales — To capitalize on the growing number of online shoppers, consider selling some of your products and services online. It’s the perfect way to expand your business nationally or globally. For details, see Selling Products Online. Don’t get left in the cyber dust! Register at least one domain name, and then learn about building your website. The post Why Every Business Needs a Business Domain Name appeared first on GoDaddy Blog.

Bluehost Update: The Heartbleed Bug and What You Need To Know

Bluehost Blog -

As you may have heard, an Internet-wide security threat emerged yesterday called the Heartbleed bug. Online security is a topic that we take very seriously.  Once we learned about this issue we began addressing it immediately and we’ve compiled this list of questions and answers to help you understand the Heartbleed bug, let you know what we’ve done to address it and let you know what you can do to protect your private information. What is the Heartbleed bug? The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. Because the vulnerability itself could leak/bleed information and it involved the Heartbeat function of OpenSSL, the vulnerability was nicknamed “Heartbleed.” This weakness allows hackers to steal information normally protected by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging and some virtual private networks. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content which allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. What is being done? This vulnerability was assigned an identifier of CVE-2014-0160 and was quickly patched by the maintainers of OpenSSL.  That patch was made publicly available and service providers across the globe, including Bluehost, have already patched, tested, and verified all systems are secured. The security of our customers is a top priority. We began addressing this issue immediately upon disclosure and have successfully applied patches to all of our platforms. The likelihood that private information was compromised is very minimal due to the lack of a public exploit at the time of the disclosure. As always, we will continue to work to protect the security of our customers and their data.  Is my server vulnerable? There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. At this time, our servers are not vulnerable and information is secure. Has Bluehost replaced their SSLs? Yes. Upon the disclosure of the vulnerability we immediately reached out to our SSL providers and began the process of having all of our internal and external SSLs reissued. Will the SSL I purchased through Bluehost be updated? Yes.  While the likelihood of exploitation is extremely low, we are working with our SSL providers to reissue all certificates that were purchased through the Bluehost platform.  This process will be both secured and automated, with individual customer contact as/if needed to ensure all certificates are updated. Should I replace the SSL I purchased through a third party service? That is a personal choice. If you feel it’s worth the time, or if you are dealing with sensitive data, then it’s a good idea to have your cert reissued. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure. However, if you do decide you would like to have your certificate reissued, contact your certificate issuing authority.  Once you have obtained a new private key, certificate, and CA bundle, our Bluehost support team will be happy to assist you.  Alternatively, you are welcome to purchase a new SSL certificate through your control panel and we will handle any similar vulnerabilities in the future on your behalf, without need for your direct involvement. Was my security, password or privacy compromised? There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. The likelihood that your private keys were compromised is minimal due to the lack of a public exploit at the time of the disclosure.  If you are concerned, you are welcome to use our Change Password tool to select a new password.  If you do change your password, consider that this vulnerability existed across the majority of the Internet and password changes should be done anywhere you store sensitive information. To check potential vulnerability on the Bluehost service or with any other provider, use the tool at http://heartbleedcheck.com/. Where can I learn more about Heartbleed? For more details about the Heartbleed bug, please visit heartbleed.com. The post Bluehost Update: The Heartbleed Bug and What You Need To Know appeared first on Official Bluehost Blog.

What is Heartbleed? Is Justhost Vulnerable?

Justhost Blog -

Yesterday, an Internet-wide security threat emerged called the Heartbleed bug. Online security is a topic that we take very seriously and once we learned about this issue we began addressing it immediately and we’ve compiled this list of questions and answers to help you understand the Heartbleed bug, let you know what we’ve done to address it and let you know what you can do to protect your private information. What is the Heartbleed bug? The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. Because the vulnerability itself could leak/bleed information and it involved the Heartbeat function of OpenSSL, the vulnerability was nicknamed “Heartbleed.” This weakness allows hackers to steal information normally protected by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging and some virtual private networks. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content which allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. What is being done? This vulnerability was assigned an identifier of CVE-2014-0160 and was quickly patched by the maintainers of OpenSSL.  That patch was made publicly available and service providers across the globe, including Justhost, have already patched, tested, and verified all systems are secured. The security of our customers is a top priority. We began addressing this issue immediately upon disclosure and have successfully applied patches to all of our platforms. The likelihood that private information was compromised is very minimal due to the lack of a public exploit at the time of the disclosure. As always, we will continue to work to protect the security of our customers and their data. Is my server vulnerable? There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. At this time, our servers are not vulnerable and information is secure. Has Justhost replaced their SSLs? Yes. Upon the disclosure of the vulnerability we immediately reached out to our SSL providers and began the process of having all of our internal and external SSLs reissued. Will the SSL I purchased through Justhost be updated? Yes.  While the likelihood of exploitation is extremely low, we are working with our SSL providers to reissue all certificates that were purchased through the Justhost platform.  This process will be both secured and automated, with individual customer contact as/if needed to ensure all certificates are updated. Should I replace the SSL I purchased through a third party service? That is a personal choice. If you feel it’s worth the time, or if you are dealing with sensitive data, then it’s a good idea to have your cert reissued. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure. However, if you do decide you would like to have your certificate reissued, contact your certificate issuing authority.  Once you have obtained a new private key, certificate, and CA bundle, our Justhost support team will be happy to assist you.  Alternatively, you are welcome to purchase a new SSL certificate through your control panel and we will handle any similar vulnerabilities in the future on your behalf, without need for your direct involvement. Was my security, password or privacy compromised? There was a period when anyone relying on OpenSSL was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. The likelihood that your private keys were compromised is minimal due to the lack of a public exploit at the time of the disclosure.  If you are concerned, you are welcome to use our Change Password tool to select a new password.  If you do change your password, consider that this vulnerability existed across the majority of the Internet and password changes should be done anywhere you store sensitive information. To check potential vulnerability on the Justhost service or with any other provider, use the tool at http://heartbleedcheck.com/. Where can I learn more about Heartbleed? For more details about the Heartbleed bug, please visit heartbleed.com.

Pages

Recommended Content

Subscribe to Complete Hosting Guide aggregator