Web + Log = THE BLOG

Northern Monument

This week Pro Web Marketing has launched the new website Northern Monument. Dave and his compassionate team are dedicated to helping you through your difficult loss of a family member or loved one with their large section of grave markers, monuments, and commemorative plaques.

Check it out here: http://northernmonument.com/

Our goal with Northern Monument’s website was to showcase their wide variety of monuments and memorials. Thus, we installed a front page gallery that lets their work speak for itself. If your business is looking for a photo-oriented website, contact us today!

Elixir

Fresh, vibrant, and bold, we’ve designed the new Elixir Cafe’s website this month, and it matches up to the eatery itself. With organic and healthy ingredients, Elixir gives its customers the ability to eat nutritiously with natural juices and wholesome foods.

Check it out here: http://coffeeshoptraversecity.com/

Simple and clean, Elixir Cafe catches the eye with large, beautiful pictures. Let Pro Web Marketing help your company catch the eye of potential clients. Call or email us with your website project today!

New York Luxury Limos

This month, Pro Web Marketing is excited to launch New York Luxury Limos. Whether you need a classic limo ride for your wedding party, for a wine tour out on the peninsula, or just for a night on the town, NYLL has got you covered. With limos for parties of all sizes, owner, Mike Bryan, will make sure that you enjoy your event in style.

Check it out here: http://traversecitylimos.com/

With a user-friendly layout and a clean and classic style, New York Luxury Limo’s new website is a clear upgrade from their previous site. If your business has a web presence, but it needs a makeover, contact Pro Web Marketing today. We can help you redesign or improve your old website today.

In Great Taste

By far the most delicious and tempting website we have created thus far, we launched In Great Taste this month. Tracey has taken her grandmother’s special recipe and produced it for the world to enjoy. Treat your loved ones to this delectable treat that’s “in great taste”.

Check it out here: http://ingreattaste.com/

Fun and bright, our team at Pro Web Marketing had fun creating this lighthearted site. With colors and styles to match the hot fudge sauce labels, we made sure that Tracey’s product stayed consistent through all stages of the project. Let us help you market your new product today!

Mr. Halloween Spirit

This month we launched a website for a new company, Mr. Halloween Spirit. More lighthearted than some of our recent projects, it was a fun website to design and develop. They have all your Halloween needs for costume accessories and haunted houses!

Check it out here: http://mrhalloweenspirit.com/

Programming in WooCommerce to this site is the simplest and user-friendly cart system, allowing their customers to buy products with ease. If you need an e-commerce website, look no further than Pro Web Marketing. We can help you meet and exceed all your online business goals.

Rhino Linings

This month, Pro Web Marketing has launched the new Rhino Linings’ site! Rhino Linings is a local, Traverse City retailer of the world’s number one spray-on liner. The owner, Jake Eaton, is committed to helping you with any residential, commercial, or industrial project.

Check it out here: http://rhinoliningstc.com/

With a cleaner layout, concise content, and eye-catching graphics, this site is more manageable and effortless to navigate. Customers will be able to locate the products they need with ease, thus increasing Rhino Lining’s business overall. If our team at Pro Web Marketing can help Jake reach new business potential, think of what we could do for your company!

Heartbeat Power Products

This month Pro Web Marketing has launched Heartbeat Power Products’ new website. A company dedicated to all your power sports and equipment needs, they are located in Elk Rapids, Michigan. Owner, John Matthews, grew up with a passion for all things motorized. Transitioning from racing to repair, he opened his business to help his clients with new purchases and repairs.

Check it out here: http://www.heartbeatpower.com/

Pro Web Marketing is a website development and design company based in Traverse City, Michigan. We offer services ranging from graphic design, to content writing, to e-commerce sites, to search engine optimization. Our experienced team of developers will help you make your ideal website a reality.

Rain, snow, or sleet Locally targeted SEO matters.

Any business owner knows that in this beautiful spring we’re having customers are less likely to walk in the door through inches of snow. Getting the customers in the door, even in bad weather is the goal of any business and for many companies using search engine optimization is the best way to increase this traffic. With the classic ideas of trying to rank higher in the search engine many companies end up behind dozens of national companies on the coveted front page of google. Here at Proweb Marketing we are focusing on local optimization, so instead of battling it out with national sites you are only competing for space against other local businesses.

In a study by Pew Internet statistics 1100 Americans were surveyed about their local shopping preferences. In this study over half of all surveyed said they most relied on the internet when looking for local business options, more than newspapers or even word of mouth. This means that right here in Traverse City more people googled fine dining than asked their friends for reccomendations of where to go on that special night out.

Instead of being part of the millions of businesses out there vying for the national front page results of google, take a que from us and target the local area first. Because at the end of the day getting 5 customers from the TC area is always better than getting 1 potential customer from across the country.

If doint the research and spending hours coming up with potent local strategies doesn’t sound like a fun way to spend the next few weekends you can always contact us via this page or by phone at.  877.577.6932.

Just what is WPS and why is everyone talking about it?

It all started on December 27th when a white paper was released by Stefan Viehböck on his blog .braindump. This was quickly picked up by the security community and then the global community at large. Unfortunately many of the people that then reported on this vulnerability were not security experts or even all that knowledgeable about wireless technologies in general. Too often these news articles gave a, “the sky is falling” air of impending doom. Many, including a big name technology magazine which shall remain nameless, even got the abbreviation wrong when they first posted about the problem which didn’t help matters.

The mistake this magazine, and others, had made is assuming WPS has anything to do with WPA(2), the underlying security mechanism of current wireless products. We all remember when WEP was so completely compromised that it made its use a polite gesture and little else. WPA(2) was a response to the weaknesses with WEP and the worry was that this too had become useless. Fret not! This is absolutely not the case. The vulnerability has nothing at all to do with the encryption methods employed by WPA(2).

So, just what is WPS then? For that matter what is WPA(2) and why do I keep adding a 2 in parenthesis? Here’s it is, the history of wireless security in one paragraph. When wireless first started to make inroads it was obvious pretty quickly that transmitting all your personal data in clear text out into the ether for anyone with a strong enough antenna to pick up was going to seriously limit its adoption so WEP was created. WEP stands for “Wired Equivalent Privacy”. The title ended up being ambitious to say the least. Research into WEP quickly revealed glaring faults that over the years has turned cracking WEP into a 5 minute or less endeavor. In response the IEEE (the standards body that defines networking protocols) started work on 802.11i which was then integrated into the 802.11-2007 standard. The important part of 802.11i (at least for our discussion) was the creation of RSNs (Robust Secure Networks). The problem was that the IEEE is not exactly known for their speed so we had this proposed standard that was going to take forever to get ratified and a seriously broken security protocol. This is where the Wi-Fi Alliance stepped in. You may have see Wi-Fi plastered all over your new wireless device. It’s important to note that the primary goal of the Wi-Fi Alliance is merely to certify products. They take the products produced by various companies and make sure they work the way those companies say they do and can all talk to each other. Well, the Wi-Fi Alliance looked at the 802.11i spec and created WPA (Wi-Fi Protected Access) as a stopgap measure until the standard could be ratified. When 802.11i finally did make it to a full fledged standard the Wi-Fi Alliance went back and created WPA2 to take advantage of all the aspects of 802.11i.

If these are all the security methods used with wireless then what is WPS? WPS stands for “Wi-Fi Protected Setup” and you’ve probably never heard of it because almost nobody actually uses it. The idea was that setting up routers and client computers could be difficult for even the most tech savvy of end user so what if they could make it simple enough for a 2 year old? There are 4 methods you can use with WPS: PIN, push button, NFC and USB. As it generally works you have a button on your router/access point and a button on your wireless card. You push the button on the router to initiate the protocol and and then push a button on the wireless card and everything is set up for you automagically. Now, I used the word “button” but it may not always be an actual physical button, it could be a software button you click. It’s not always practical to have a physical button, especially it laptops, cellphones and tablet devices.

The type of WPS that was found to be vulnerable lies on the PIN method. Basically the problem is PINs are short and WPS lets you try as often as you want without getting locked out. You should see where this is going. It was fairly trivial to create a program (Reaver) that lets you try every possible PIN and effectively bypass the security of the network. Reaver is pretty simple to use and several tutorials and videos have already been put together to show just how easy this flaw is to take advantage of.

So what’s our take away here? The underlying security mechanisms of today’s wireless networks, namely WPA(2), are as safe as they ever were. I also implied that while WPS is trivial to take advantage of it’s also rarely used. This is true… but it also doesn’t take one important piece of information into account. You don’t have to actually be using WPS for it to be turned on and thus exploitable. Unfortunately many consumer routers and access points ship with this “feature” enabled by default. To effectively secure your network just make sure WPS is turned off (assuming your hardware even supports it, it is optional after all). This process is usually as simple as going to the hardware’s management interface and changing a radio button from “yes” to “no” or “on” to “off” and saving the configuration. The problem here should be fairly obvious. The people using WPS were exactly the people that didn’t want to deal with the management interface to begin with. WPS was designed specifically to keep consumers out of that area and make everything as simple as possible.

So, is this security risk the end of the world? Clearly not, but it’s also not something that can just be ignored. As is often the case the reality lies somewhere in the middle.

Password Security

Another year has come to pass. With everyone making lists around this time of year it’s important not to forget a very important list that many people take for granted. If you read the post title you already know what I’m talking about, passwords. These days more and more of our lives are spent on line and we rely heavily on passwords to confirm our identities. Everything from your twitter account to your bank account requires a password and if you’re not practicing good password security you could be in serious trouble. The three main aspects of a good password policy are as follows:

  1. Change your passwords often
  2. Never use the same password in more than one location
  3. Use complex passwords

Let’s break these down and address them individually.

1. Change your passwords often

What does this mean? It seems simple enough but what does “often” really mean? If you look at the Microsoft Live service they have an optional checkbox that would require you to change you password every 72 days. Some IT departments require you to change your password every 2 months. Some people have been using the same password for 10 years and don’t see any need to change. You may be wondering why this is important in the first place. If you’re following rule 2 you may be wondering why you need to change your password at all. Should someone figure out your password for a particular site it won’t effect anything else so what’s the big deal?

The reasons are two-fold. On the one hand just because a service was compromised doesn’t mean your password was… right away. Most places store your password in a cryptographic hash so that if their database is ever compromised the attacker still won’t have be able to log into your account and make changes. Hash functions are one way by design but they are still vulnerable to a number of attacks. Most commonly these are brute force and so-called “rainbow table” attacks. The attacker can load all the hashes into a program that will try every word in the dictionary, or every word found on wikipedia, or any number of permutations and amalgamations thereof. So the database may have been compromised in May of last  year but it took until now before they were able to crack the password and gain access to your site. On the other, the attacker may have access to your account but not do anything to let you know it. Perhaps they gained access to your e-mail account but don’t send out any e-mails or change your settings they just use it to send password resets forms from your bank for example. I tend to think 2 months or even 3 is a little paranoid but 6 is is a pretty good balance. At the least I would suggest changing passwords once a year.

2. Never use the same password in more than one location

This may seems obvious, but it’s amazing how many people pick one password and decide to use it for everything. Or maybe they have a handful that they switch between. The reason this is so important is because the reality is security breaches happen. Just look at the news this past year. A giant company like Sony faced millions of dollars in damages when the playstation network was compromised. If you were using the same password to log in and play your video games that you do to manage your bank just think about the consequences. You may be saying that there’s just too many sites now that you need to remember passwords for. I agree! There’s no way I could remember a unique password for every website and services I use. That’s why I use a password management solution which I’ll discuss in more detail at the end of this article. Even if you don’t use a robust password management solution there are tricks you can use to set unique passwords per site and still have them memorable. Let’s say your default password is “pass”. Highly secure, I know. One way you can create a unique password for facebook for example would be to use “fbook:pass” as your password. You can see I didn’t just use “facebookpass” or something like that. You don’t want to have a predictable method so that if someone gets your facebook password they can then figure out your hotmail password is “hotmailpas.” Exploring that concept our hotmail password might be “hotm-pass”.

3. Use complex passwords

This particular pillar of the password trinity has been under recent debate. Some security experts believe too much emphasis has been placed on “complex”. Complex has generally been defined as “a minimum of 8 characters including numbers an letters.” Some sources will also add a distinction between upper and lower case letters, and/or include special characters (i.e., $*@&). The real test of a passwords security is called its entropy. The debate can best be illustrated in this xkcd comic

password strengthSo basically using “[email protected]!*FJ$” for a password would be technically less secure than “turkeymexicopassword”. Of course I use the word technically with some qualifier. The entropy may be higher, but many brute force scripts have several options when dealing with wordlists. They can mangle the words or combine words so it could still be faster to crack. I personally like to go as crazy as possible. I stick with a minimum of 20 characters including upper and lowercase letters, numbers and special characters. Of course, there’s no way I could remember all that which leads me into the last part of our discussion today:

 

Password management solutions

There’s several out there: KeePass, LastPass, PassPack and 1Password to name a few. You’ll notice I didn’t mention your browsers built in “remember password” feature. There are myriad security issues associated with using those “features” that I don’t have time to go into. Suffice it to say, don’t ever use them.  The obvious advantage of using a password management program is being able to set secure passwords for every site without having to worry about remembering anything. All of the options mentioned store the passwords in a cyrptographic vault that is unlocked with a master password so you still have to remember at least one password. It’s very important to make this as secure and memorable as possible. The last thing you want to do is finally set up all your sites to uses these fantastically complex passwords only to forget your password or resort to writing it on a post-it note stuck to your monitor completely defeating the point.  These solutions also have built in password generators that you can set to provide a random password of a specific length based on different options (Upper/lower letters, numbers, etc).

Here at Pro Web Marketing we use PassPack to manage our passwords largely because they make it easy to share the passwords without clients which is one of its main features. At home I personally use KeePass which is supported on all platforms (Windows, Mac, Linux, iOS and Android) plus it’s open source. One of the perks of using KeePass is that it’s been around for awhile now and has just about everything you could want. You can organize your passwords into folders (Website, e-mail, etc.). The password generator has very specific options differentiating special characters further because some sites will let you use special characters just not spaces. It lets you set an expiration date, website URL and offers a section for notes. One of the things I’ve come across is that websites intentionally limit your passwords. My bank, of all places, has a 16 character limit on passwords so I keep that in the notes section to remind me when I update my passwords.

Keepass also has some nice features that work under the hood. You can set a “global hotkey” (default is ctrl+alt+a on windows) which allows you to set a custom hotkey that will automatically enter your login credentials on sites for you. It uses the title bar of the window and compares that against the title of the entry, because that doesn’t always work there’s also browser plugins to help you get the right match. If you still can’t manage to get it working for whatever reason you can pull up the keepass client, find the entry and hit “ctrl+v” just like you normally would to paste and it will automatically fill in the details in whatever window is directly behind it. By default the auto-type feature uses the pattern Username <tab> password, but suppose you need username <enter> password or username <tab><tab>password? Fear not you can set a custom auto-type in the notes section! Let’s say none of the above will work for some reason, as a last resort you can always open the client, highlight the entry you want and use the icons at the top to copy your username or password to the clipboard. The nice thing about that is even if you do use this feature the clipboard will be automatically cleared in 10seconds so you don’t accidentally paste your password in the IM with your friend. One last feature of keepass I’d like to highlight is that when you update a password it automatically creates a backup of the old password for you which can be a real life saver.

There you have it, with a fresh new year ahead of us you should really think about either switching to a password manager or updating the passwords in yours.