Google Chrome Logo

Don’t be evil” was a motto originally used by Google. A lot has changed!

A former Google employee is blowing the whistle on his former employer’s business practices. The whistle blower claims that Google has created algorithms to hide its political bias within artificial intelligence platforms – in effect targeting particular words, phrases and contexts to promote, alter, reference or manipulate perceptions of Internet content. This former employee has delivered roughly 950 pages of documents to the United States Department of Justice’s Antitrust division Friday, August 9th, 2019. He has also sat down with Project Veritas in a revealing interview which we highly recommend you view below.

Regardless of your political leanings, if companies are permitted to lie to the public and to congress about their business practices it opens the way for them to become malevolent. We all can agree that this would help no one and, due to their size, may hurt millions of unwitting participants.

 

 

Read more

Firefox Logo

Web site domain names, like endurtech.com, are simply a human friendly representation of Internet Protocol Address (IP Address). Rather than typing in or memorizing the four sets of three numbers (IP4) for Google.com, developers came up with the Domain Name Server (DNS) protocol. When you type in any domain name, this protocol looks up the associated numerical address and tells your browser where to go. Think of it as a hidden operator directing traffic on the world wide web.

The DNS over HTTPS (DoH) protocol works similarly to how the normal DNS protocol works. The major difference is the added privacy that it provides by encrypting your web related request and traffic. DoH takes your DNS query and sends it to a DoH-compatible DNS server via the encrypted HTTPS connection.

This way, DoH “hides” your DNS queries inside regular HTTPS encrypted traffic and bypasses the default DNS settings that exist at the operating system level. In most cases these are the ones set by your local internet service provider (ISP). What this means is that third-party “observers” won’t be able to “sniff” your web traffic and tell what DNS queries you have run and discover what web site(s) you are accessing. Best of all, the DoH protocol works at the App level as well!

Currently, only Mozilla’s Firefox browser has released instructions for enabling use of this protocol, but you’ll have to manual enable it. See instructions below on how to do just that.

 

Read more

WooCommerce WordPress eCommerce

A design flaw within the WordPress permission system and the eCommerce plugin, WooCommerce, could allow someone to alter account privileges on your WordPress website.

According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, when WooCommerce is installed it will create a Shop Manager role. The Shop Manager user role has the “edit_users” WordPress capability/permission enabled. This capability allows users to edit any WordPress user.

 

Read more

IDNS Internet Domain Name Services SCAM Letter

 We recently sent out a domain name renewal reminder to a client who replied that they had already renewed.

Suspecting a game was afoot, we requested a copy of the letter they received. Upon receipt it was apparent they had fallen for a common internet scam.

The letter they received was from a company called iDNS or Internet Domain Name Service. Sounds legitimate and the letter (as seen in this article) looks professional and legitimate. A closer look at the fine print you’ll notice that it is just a trick to get you to switch your domain registrar to them. On top of that, they are charging three times (3x) what we and most registrars charge for annual domain name registrations and renewals.

 

What should I do If I get a letter from iDNS?

Read more

Gmail New Confidential Message Feature

Google’s Gmail service recently released a new feature called “Confidential Mode“. This allows you to set how long an email is available for viewing by your intended recipient(s).

As you can imagine, after the set expiration date, the email message is simply and automatically removed from the recipients inbox. Recipients will not have the option of forwarding this email, coping the email contents, or even printing it out.

 

However, it is still possible for a recipient to simply take a photograph or screenshot.

 

Read more

Free SSL Secure Socket Layer Certificte Website Host Naples, Florida

As you may be aware, Google has begun enforcing their ‘secure by default‘ initiative. This means that they have begun marking all non-HTTPS websites, meaning websites without a secure socket layer (SSL) certificate installed, as ‘Not Secure‘ as of July 2018.

This ‘Not Secure‘ warning, visible within the address bar of Google Chrome, may scare off less technology savvy visitors. More importantly, not having an SSL installed on your website may negatively impact your website’s search ranking. It is rumored that Google may now be using the existence of an SSL certificate as a search engine ranking metric.

 

With this knowledge, our Naples based website design, maintenance and hosting firm has decided to provide free secure socket layer (SSL) certificates to all of our existing and future clients who have a hosting and maintenance account with us.

Manny Rodrigues, CEO @ENDURTECH

 

Read more

WordPress Content Management System Icon
  • THIS SECURITY ISSUE WAS RESOLVED WITH THE LATEST WORDPRESS RELEASE

PHP security researchers from RIPSTECH recently disclosed details about an unpatched security flaw impacting WordPress websites up to and including version 4.9.6.

This vulnerability affects the WordPress core, and not any plugin or theme. More precisely, the flaw was found in a PHP function that deletes thumbnails for images uploaded on a WordPress website. This flaw allows for the insertion of malicious code which may traverse the servers’ directories allowing for the deletion of crucial files. Something which isn’t possible without FTP or server access.

The severity of this vulnerability is reduced by the fact that only users of a certain access level (Author or higher) can attempt an exploit. However, if an attacker manages to register even a low-level “Subscriber” account on a site and then elevates its privileges, they can exploit this vulnerability to hijack the site.

Thanks to the security researchers over at RIPSTECH, they not only disclosed this issue but they also created and provided a temporary hotfix.

 

Would you like prompt assistance? If you don’t have time or are not comfortable taking the risk of adding custom code to your website, let us get this done for you now!

 

Read more