Select Page

October, 2022 Desktop View

by | Oct 30, 2022 | CSS3, Industry News, JavaScript, Web Accessibility, Web Security

It has been some time since I posted some thoughts on the current state of web technologies. A lot has happened during recent months. Let’s focus on several key areas:

  • web accessibility,
  • security,
  • JavaScript,
  • and CSS.

More areas may be the focus of subsequent articles. Stay tuned. As always, we at Web Professionals Global are interested in what you think. Let us know in the comments or contact us directly.

Web Accessibility

WCAG 3 has been released as a draft (published in December, 2021). Latest editors draft updated as of July, 2022. The approach is iterative with content ranging from temporary (just a placeholder for future content) to mature (ready for publication). This version is somewhat evolutionary in that it will be easy to understand and provide guidance. A key differentiator is that this version has a broader scope (beyond web content). I encourage you to view the above links and consider helping develop the next version of Web Content Accessibility Guidelines.

Of course, there is also a new ARIA authoring practices guide website. Lots of patterns and resources. Check it out.

Security

This is a bit beyond web security, but definitely something readers should be aware of – ransomware attacks which target home PCs (delivered by fake Windows 10 or anti-virus updates). This is called Magniber (details can also be found at this ZDNet article). Essentially, a visitor is directed to a website (although it looks legitimate, it is controlled by malicious individuals). That site informs the visitor their computer operating system or software is out of date and they need to update it as soon as possible. The visitor is tricked into downloading a malicious JavaScript file which contains the malware payload. Once installed (via as technique called DotNetToJscript) the individual’s hard drive is encrypted. They are directed to a link to negotiate payment to recover their contents. More details can be found in the above article.

As web professionals, we should remind ourselves (and our clients of some fundamental tactics which help mitigate these sorts of attacks.

At a minimum, never act on anything that purports to have an extreme sense of urgency. That is what malicious individuals want. Act before you have a chance to think about the implications. It is also good practice to never click on links in emails or text messages. Instead, open a browser and type the site directly (or use a reliable search engine). Lastly, only install updates from trusted sources (and use the traditional channels where those updates are distributed).

JavaScript

The creator of JSON made an interesting comment about JavaScript a couple months ago. Douglas Crockford stated that “The best thing we can do today to JavaScript is to retire it.” Yes, JavaScript is the world’s most popular programming language (used by over 65% of developers according to a StackOverflow survey). Yes, it is bloated (and is becoming more so over time. However, it powers the majority of web sites. Of course, JavaScript is supported in every browser so making a change to something else would be a monumental undertaking. We are curious what your thoughts are about JavaScript. Is Douglas Crockford correct? Please discuss in the comments below.

CSS

Remember the days of aural style sheets (yes, they were a thing). Of course, no browsers supported them. However, a recent article (October, 2022) has raised some hope for me again. Why we need CSS speech is the article. What are your thoughts about CSS speech? Again, reach out to us in the comments.

Of course, there are many enhancements in the works for CSS. These include items such as:

  • The ability to nest selectors is presently in the works. This is possible a good way to organize your CSS code. Of course, no browsers yet support this.
  • Cascade layers (which give authors the ability to group their CSS and affect how the cascade applies). The linked article should give you a much better understanding. This is like nesting selectors, but much more. Is this feature ready for prime time? No, but you might want to start learning about them.
  • CSS subgrid allows for styling on a page to inherit the parent’s grid styling. MDN has a nice overview with examples. That is the reference linked at the start of this bullet.

Now you know a little more about what is happening with respect to web accessibility, security, JavaScript, and CSS. Please let us know if you find this information helpful and provide more thoughts in the comments below.

Best always,
Mark DuBois, Executive Director
Web Professionals Global (a.k.a. World Organization of Webmasters)

 

 

Taking a Look at Passwords and Security

Taking a Look at Passwords and Security

by | Jun 1, 2022 | Web Security

We often talk about web security because we believe it is an extremely important topic that will remain relevant for as long as the internet is around. If you missed it, we touched on it in our article on the next 25 years of the web. One of the most important aspects of security is password security.

Let’s dive into what security actually means. If you look at an environment like Moodle, your username and password are not only encrypted, but they are also encrypted with a salt value. A unique string of numbers, letters, and special characters are added, which is fairly long. And that is used to encrypt your username and password to begin. So when you log in, the data store retrieves the salt value, takes what you typed in, and marries those two together in a rather unique manner. It then encrypts it and compares that value to the value stored in the Moodle database. If they match (bit for bit), you’re in. And if not, you can’t get in. That in itself is a fairly high level of security. It is as close to military-grade security without two-factor authentication. 

Here at the Web Professionals Organization, we maintain information in our learning management and certificate testing system. However, we are careful not to keep track of personally identifiable information. We only keep the student’s first name, last name and email. This is the minimum we need to allow students to self-enroll. We do not allow users to attach any phone number, address, social media links or profile names. In some cases, schools will ask that we completely anonymize the accounts, and for this we will create complex passwords and dead drop emails for each user. 

If a hacker were to actually steal our data store, it would be useless because they would need to know the salt value. The salt value is stored in a different place—not in the database. The hacker would then have to be able to do a reverse lookup by using a rainbow table or something similar. And it would be impossible to do a binary reverse lookup. It’s just not possible today to crack those username and password combinations—and that’s by design. 

How do hacks happen?

Let’s imagine we have a WordPress site that uses a MD5 hash. MD5 is a message-digest algorithm and cryptographic protocol that can be used for authenticating messages, content verification and even digital signatures. MD5 is quite secure. To hack it, you could create a rainbow table and start with lowercase “a” as the password. You would then encrypt that. Then you would store the value that you started with and the encrypted value in two separate columns. And then go on to lowercase “b”, “c”, “d”, and encrypt each of those. Then go on to uppercase “A”, “B”, “C”, and so forth. And then 1, 2, 3, and continue on (for example, a1, b1, c1). Obviously, the table gets larger and larger as you get more and more characters. For even eight characters, you are looking at a significant amount of data—multiple gigabytes, if not a terabyte. 

So now you have these two fields—one field contains the safe value, and the other contains the encrypted value. Then you can download a data store from a WordPress site that’s been hacked. You would be able to see that there is an encrypted value and do a binary search on that encrypted value. Once you have the encrypted value, it can be found in the large table. And as easily as that you could have the username of “admin” and password of “123456” which you can use to log in. 

password security

Ensuring password security

It’s important to make it as difficult as possible to hack your accounts. Many people like to use their initials or identifiable information so that they remember the password. However, you can use random letters, numbers and characters in your usernames and passwords. In fact, many security experts recommend 15-20 characters. You can even go up to 40 or more these days. Sites like Correct Horse Battery Staple are helpful to create randomly generated passwords and allow you to set parameters. And encrypted password vaults like NordPass and LastPass are a good way to ensure password security without needing to write them down and keep track of each one. 

There are all sorts of bad actors out there who have wide-ranging hacking capabilities and could likely hack into any of your accounts. However, most hackers will have trouble hacking into your accounts if you use unique passwords. It’s like someone walking down the street at night and trying to open car doors. If yours is locked, it’s likely they will move on to the next car that is open and leave yours alone. That’s what you’re doing by making it more difficult for people to get into your website or your information. You can even put your list of passwords on a USB stick or hard drive and avoid connecting it to the internet, thereby creating an extra level of security.

You can also make up answers for password security questions—for example, your mother’s maiden name—to make your accounts even more difficult to hack. Alternately, you could add a word like “flower” to the answer to each security question. For example, make of car “fordflower.” And you can use passphrases that you will remember (unrelated to your personal information), which can be helpful when utilized correctly. It should be said that you should be careful about revealing sensitive information anywhere on the internet—including social media. And you can use two-factor authentication and authentication apps for an added layer of security.

We should mention that we have never—and will never—sell student and member information to anyone. 

Wrapping up

Whatever happens in the coming years in the world of security, the Web Professionals Organization will be here to help web professionals however we can. If you are interested in learning more about our mission, contact us today.

 

Taking a Look at Cybersecurity

Taking a Look at Cybersecurity

by | Mar 14, 2022 | IT, Web Security

With Russia’s invasion of Ukraine, there has been a renewed focus on one of the most important web topics: cybersecurity.

Cyberwarfare has been a major focus of Russia’s efforts to disrupt daily life in Ukraine. While there have not been large-scale attacks yet, there have been reports of smaller attacks. Last week, Google’s Threat Analysis Group (TAG) said that it has discovered phishing attacks from Russia aimed at Ukrainian and Polish officials. In fact, hundreds of threats emanating from Russia over the past twelve months resulted in warnings being issued to Ukrainian users. One of these threats is WhisperGate, a malware that displays a fake ransomware note to users, encrypts files and can destroy data and disable devices.

U.S. Army Cyber Command has been aiding Ukraine in improving its cyber defenses since the 2015 Russia-led attack on the Ukraine power grid that temporarily shut down Kyiv. The U.S. has continued to work with Ukraine in recent months to prepare for the types of cyber attacks occurring now as well as potential large-scale events like infrastructure attacks that would make it much more difficult for Ukraine to defend itself. 

There have also been reports of coordinated Russian campaigns aimed at disrupting U.S. firms that supply natural gas, as natural gas has become increasingly valuable in recent weeks following sanctions against Russia that affect exports.

Additionally, there have been reports of the hacking collective called Anonymous hacking Russian targets in retaliation, as well as Chinese hackers using the Ukraine crisis to target European officials for a variety of purposes. It’s clear that cybersecurity continues to be one of the most important web issues. 

One of the biggest cyber attacks in the U.S. took place in May of 2021, when the Colonial Pipeline suffered a ransomware attack carried out by the Eastern European hacking group DarkSide. The Colonial Pipeline supplies half of the East Coast’s gasoline, making it a high-value target for hackers. The pipeline was down for several days, which caused gasoline price spikes, shortages and panic buying. It was reported by Bloomberg that the hackers launched the attack after gaining access to a leaked password for an old account that had access to the virtual private network (VPN) used to remotely access company servers. 

The company eventually paid the $4.4 million ransom in bitcoin, and the U.S. Department of Justice has since tracked down and recovered roughly half of it by successfully tracing the bitcoins. However, the CEO of Colonial Pipeline Company admitted that the hack ended up costing the company tens of millions of dollars to restore systems.

Taking Action 

With cyber attacks on the rise, now is a good time to do a security check-up to make sure you and your organization aren’t susceptible to hackers. Many believe that these Russian-led cyber attacks will soon spread to businesses and individuals in other countries. Make sure that your organization has budget resources dedicated to ensuring your cybersecurity strategy is robust.  

Make sure you use private connections, inspect your code regularly, be cautious of suspicious-looking emails, employ a strong password strategy and have multiple backups of your information. Make sure that all employees, including new ones, understand the organizational strategy and policy for protecting against cyber attacks. Remember that hackers don’t always need to exploit multiple vulnerabilities—sometimes they only need one to do serious damage. 

Although the crisis in Ukraine has brought awareness of cybersecurity to the forefront, having a cybersecurity plan and committing to executing it year-round will help to ensure you and your organization stay protected from hackers and avoid costly disruptions.  

Read More: The Importance of Web Accessibility

 

July, 2021 Desktop View

by | Jul 1, 2021 | Cyber Crime, Industry News, State of the Web, Web Security

This month, I thought it appropriate to post some of my thoughts concerning web and security. Unless you have been unconscious for a while, you have seen so many news articles about ransomware attacks on various corporations. Since many readers work with clients (both internal and external), here are some of my thoughts regarding security. The sad thing is that most of these attack vectors are nothing new. They have been employed for some time, yet some people still fall victim.

I am focusing on what you can do as an individual. Obviously, this is a very large topic and I am just touching on some of the highlights as I see them. I look forward to your comments and encourage further discussion in our member Slack channels where we can focus on more specific items).

Passwords

  • Passwords should be long and complex. If in doubt, length wins over complexity. Consider using passphrases.
  • Passwords should be changed on a regular basis. You decide on what is comfortable for you.
  • Passwords should never be reused on more than one site. Never. There is no reason why you need to do this.
  • If you can’t recall passwords, use a password vault. There are a number of alternatives. Just make certain it is secure and your passwords are updated in the vault as you change them.
  • Passwords should never be shared with others. Never. If there is some unusual situation where another must access your information, change your password, give that party the new one, then change the password again once the need for their access has passed. Frankly, I can not think of any situation where this is warranted, but…

email

  • Never open links included in email messages. If you receive a link to a website (such as a banking site), open a browser and type the URL. It is so easy to spoof website addresses these days. That is why you should manually enter any site URL where you are required to authenticate.
  • Unless you are expecting an attachment from someone, never open email attachments. Never. This is where most malware gets started. I recommend using some form of online storage (which is virus checked) if you must share documents these days.

2FA

  • Whenever possible employ two factor authentication as part of your login. In a nutshell, there are three ways to prove you are who you say you are – something you know (like a password), something you posess (like an authentication app), and something you are (like facial recognition or fingerprints). I recommend using the first two in combination since it is very difficult to change your bio-metrics.

Phone calls

  • I recommend activating the feature found on modern mobile devices which only allow for incoming calls from those in your list of contacts. Anyone else must leave a voice message. Most scammers rely on a sense of urgency to get you to take an action you would typically not do (for example, say “yes” or share a password. Review the voice message and only call back if you are certain you need to speak with the individual leaving the message. Most scammers will likely not even leave a voice message. I assure you, the sheriff’s department will never call you to let you know they are coming to arrest you. It is best to delete similar junk.

Final thoughts

I know this list is not complete, and should be obvious to readers. However, it never hurts to review the basics periodically. Always apply a healthy dose of skepticism when anyone contacts you and asks you to take action. The more immediate their request, the greater the likelihood it is a scam.

5 Trends in Web Development and Design

by | Aug 6, 2020 | Industry News, SEO, Web Design, Web Development, Web Marketing, Web Security

Steve Waddell, Director of Education

2020 has been an unprecedented year for businesses in all industries. Societal and economic shifts have made web professionals like you more important than ever, so it’s critical to remain at the forefront of industry trends that will shape the rest of the year leading into 2021. As a web professional, connecting with your target audience while continuing to meet the needs of your customers or clients requires spending time strategizing how your web presence will propel your business forward. Let’s take a look at 5 of the trends that are driving web design and development.

Augmented Reality (AR) and Virtual Reality (VR)

AR and VR have been growing for some time, and that will certainly continue in the coming years. People today consume web content on a variety of devices, including tablets and mobile phones. Utilizing AR and VR to show customers how products work, no matter what device they are on, puts businesses a step ahead of the competition. AR and VR tools include videos and images, with many of them available in 360 degree viewing experiences. Some of the most influential tech companies like Google and Facebook have invested in AR and VR as a technology that will drive business in the future.

Check out more on AR here

Cybersecurity and Artificial Intelligence (AI)

Maximizing the possibilities of cybersecurity and AI will continue to be important for business heading into 2021 and beyond. Web professionals need to be aware of the latest cybersecurity tools and how to best protect customer information from hacks and data breaches. AI plays a big role in cybersecurity, with AI networks and machine learning helping web and security professionals learn about the latest tools hackers are using to disrupt websites. Stay up-to-date with the latest news on cybersecurity to ensure you are doing everything you can to keep the data of your customers safe and give them peace of mind in doing business with you.  

If you missed this article you might want to catch up here:

Chabots

Companies are finding that highly sophisticated chatbots can replace humans in meeting various customer service needs. Customers love chatbots for their ease of use and instant answers to questions—eliminating the need to send an email or call you and wait for an answer. In addition to all of the technical aspects that web professionals must worry about, it’s important to not forget about keeping customer service on point so that you retain existing customers while attracting new ones. Chatbots are exploding in popularity so rapidly that Gartner estimates that by the end of 2020 85% of customer interactions will be held without a human customer support representative. Additionally, chatbots are projected to be the biggest consumer application for AI in the next 5 years.  

Voice Search

Digital voice assistants like Amazon’s Alexa and Apple’s Siri have had a huge impact on the web in a relatively short period of time. Driven by AI, which we have touched on, these are more than just tools. They are an example of machine learning, as they can learn about user habits and utilize it to improve performance. Voice search is a real example of how AI impacts our daily lives—including checking the weather, playing music, ordering groceries and staying in touch with friends and family. In fact, Alexa can perform over 70,000 skills. With people increasingly using voice search rather than typing keywords into Google, it is important for web professionals to understand how voice search will impact consumer behavior.

Here is an article we did a while back you might enjoy

SEO-Driven Content

Let’s face it: it can be difficult getting your business to stand out from the crowd. One of the best ways to maximize online exposure, and do so at minimal cost, is to focus on search engine optimization (SEO). Doing so will help improve your content in search results and put you above the competition. The higher up you are for keywords related to your business, the more traffic you will generate to your site. SEO can be achieved through optimizing your web pages and creating content frequently, such as blog posts about news in your industry. 

Dig a little deeper into SEO here

Conclusion

As you seek to develop and maintain user-friendly websites, keep these trends in mind. Consider how they are impacting and will continue to impact customer behavior. Staying informed about these trends will improve your company’s web presence and keep you a step ahead of the competition. 

Should I use a VPN?

by | Nov 15, 2019 | Cyber Crime, ECommerce, Sponsored Content, Web Security

Did you know that while you browse your favorite sites across the internet, your internet provider secretly sits on the other end of your screen watching your every move? Scary? While just makes for a funny scary story, the reality isn’t much different from this scenario.

Although there’s no one looking out for the sites you visit, there are people who can do so if they wish. Also, some internet companies record user browsing data and internet behavior to bag revenue from advertisement companies.

What’s more? In 2017, some members of the U.S. Senate voted in favor of selling internet browsing data recording from millions of people like yourself. If you are uncomfortable with this, you may want to do something. The solution? Get a VPN for yourself!

What Is a VPN?

VPN is an abbreviation for Virtual Private Network. As the name suggests, it’s a private network that overrides your original internet connection and directs you towards, safe, protected servers.

This means the VPNs route your data through encrypted servers that work to hide your online browsing details. Consequently, the private network saves you from all kinds of dangers lurking online such as hackers, identity theft, and commercial data selling. 

We know what you’re thinking, you don’t really care who knows what you’re up to right? Here’s a secret, VPN can help you get into content and restricted web searches that you can’t access through your local network. 

How? Well, you must’ve noticed how your local internet provider directly takes you to the regional page of websites like Amazon and eBay. Meaning, they know where you’re logging in from. Your VPN gives you a whole new identity online, which means you can access online material that’s not available in your regions, such as movies and educational resources as well.  

Nowadays, VPNs are being used everywhere from corporate offices to top-secret government agencies. They are essential to organizations that need remote access to their networks on a regular basis. Also, it’s a valuable solution for people who value their privacy and get the protection they need from virtual threats.

Why Do You Need a VPN?

To make the reason as clear as possible, a VPN simply creates a direct, secure passage connecting one computer to another. If you’re not convinced yet and need specific reasons to use get a VPN for yourself, here are some situations where a VPN can mean a lot to you.

Be Safe On Public WiFi

It’s commonplace for us to inquire about the free WiFi services before choosing a restaurant to dine in. Believe it or not, connecting your device to one of these WiFi connections without a VPN can be the biggest risk to take. That’s because, these networks are open to anyone, and can provide a straight passage for malware from other devices to invade yours.

Similarly, the WiFi can also be a trap to get you into phishing scams raging through the internet these days. A VPN connection helps ensure you don’t fall prey to any of these situations.

Get Through Streaming Restrictions

Are you tired of Netflix blocking certain content because of your geographical location? The same dilemmas can get you on BBCi and even YouTube and Instagram. While browser proxies can get you through these restrictions, they slow down the streaming speed making for an unpleasant viewing experience. To get through these restrictions, a VPN is the best option.

Avoid Censorship Regulations

Some oppressive governments impose restrictions on their citizens regarding what they view and visit. These regulations are also virtually reinforced to combat any intrusion, so if you try to get into any prohibited online pages, they’ll know. 

That’s where a VPN comes in. As mentioned before, it encrypts your data and conceals your identity completely. This way, you can get through the oppressive regulations and censors without exposing yourself in any way.

Encrypt Your Online Data

When you’re using a VPN, the network creates a secure passage for you to send your data through. So any activity you conduct with the VPN app running will be private and encrypted. Every VPN connection offers an app that you can use to activate and deactivate the connection on your device according to your needs.

How To Choose Your VPN?

Convinced? Then you’ve probably started conducting your search for the perfect VPN for yourself. Attributing to the high consumer demand, there are a plethora of companies providing VPN services. If you choose the wrong one, you’ll end up exposing your data to yet another unreliable third party, which can be hazardous to your privacy. Here’s how to choose an ideal VPN network.

Price And Security

Most of the time, the level of security you’ll get with a VPN is directly proportional to the price. For normal users, mainstream VPN providers costing under $5 will work well. To choose the best one, you should go through the user reviews to get a clear evaluation of the service you’re about to purchase. Also, go with well-known and reputable companies to avoid getting into a scam.

User Data Logs

If security is your main concern when getting a VPN connection as compared to unlimited access to content, you should check whether or not the company keeps logs of their user data. These logs can be used to track you or your online activity. For extra security, you should choose one that doesn’t save your online browsing details.

Network Servers

What could be worse than paying for a VPN service that slows down your device and makes streaming almost impossible? To avoid this situation, you should do your research about the number of servers a VPN network has. This way, you won’t put yourself at risk of overcrowded servers and slow connections.

Multiple Device Compatibility And Clear User Interface

Many VPN networks allow you to sign in with your account on multiple devices. If you can get this service at an affordable price range, you should definitely go for it as it keeps you from getting restricted to one device. 

Most importantly, check the interface of the app you’re purchasing. The most clutter-free and clear the interface is, the easier it’ll be to use.

Conclusion

We hope you found this guide for VPNs useful. It’s a great personalized tool for people in favor of internet freedom and browsing privacy. Select the ideal VPN service for yourself today and go incognito for all your online operations.