You may have heard the buzzwords HTTPS and SSL flying around more lately. That is likely because beginning January 2017, Google began flagging sites as “not secure” if they collect passwords and credit card numbers over HTTP.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It allows for your web browser and a web server to relay information between each other.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. Unlike HTTP, the S in HTTPS indicates that the information from your web browser is encrypted before it is sent to the web server.
What is an SSL Certificate?
SSL is an acronym for Secure Socket Layer. An SSL certificate encrypts the data that is sent to the website you are interacting with from your computer, proving the identity of the website. Here’s how it works: your web browser requests a web server to verify the identity of the website you’re on. If verified, the web server will respond by sending an SSL certificate. When the website is deemed trustworthy, the HTTPS symbol will appear in the URL bar as a digitally signed acknowledgement that the site’s identity has been verified by a trusted authority.
How can I tell if a site is verified?
In the URL bar of your browser, a lock symbol will be displayed and the URL will begin with https://www…
Why do I want to interact with sites that use HTTPS?
Imagine you are the web browser and your bank is the web server. If you were in a public place and had to shout out your credit card numbers to your bank across the room, would you rather shout those numbers in plain English, or in a coded language that only you and your bank could understand? HTTP is plain English to snoops and hackers, whereas HTTPS is the coded language that makes your information much harder to crack.
Why should I Care?
Not only does Google label non-HTTPS websites as non-secure, they penalize these sites by dropping their ranking in search results. This directly affects your customers’ ability find you. In addition, beyond search ranking concerns, HTTPS is the security standard, and adopting it on your website helps keep you and your website’s visitors protected.
Are you ready to set up SSL on your website? Contact Feynman Group for more information.
You walk into a conference room with your laptop and a 55-inch tablet on the wall automatically recognizes you through ultrasonic wireless pairing technology. If you thought you were sitting in a meeting with George Jetson, I’d believe you.
The all-in-one cloud-based digital whiteboard, videoconferencing, and collaborative presentation platform, Cisco Spark Board allows for your team to have a shared and productive workflow experience onsite or on the road.
The Spark Board features an elegant aesthetic, integrating real-time visual, audio, and connectivity components into one sleek device. Connected through the cloud and secured by encryption, Spark Board makes it possible for any user with a Spark app-enabled device to be interactively present in a meeting from virtually anywhere. With intuitive navigation and flow, the Spark Board’s capacitive touchscreen operates nearly identically to smart phones and tablets. Additionally, it uses two-point multi-touch technology that allows two people to work on the board simultaneously.
The 55in Spark Board features a 4k video camera that captures everything from an entire room with an 86-degree wide angle mode, to focusing in on a presenter with its short-range setting. With 12 embedded microphones that use beamforming, a form of 3D audio technology, Spark Board isolates and amplifies the active speaker in a room of 8 to 10 people while suppressing background noise.
Between its sleek industrial design and ultimate collaborative capabilities, Feynman Group is ready to help your business team collaborate more effectively with Cisco Spark Board. Please contact us for more information.
Few people know Oregon’s rivers better than brothers Clay and Ty Holloway. The duo has been fishing since they were young boys, and their love for the sport has only grown over the years. The Holloways eventually decided to share their passion by leading guided fly fishing trips along the beautiful McKenzie River. They were working with an outstanding business idea; however, the brothers recognized their need for a stronger online presence to reel in more clients.
Feynman Group created an entirely new website for Holloway Bros using the newest version of WordPress. Feynman’s web professionals began by gaining a comprehensive idea of Clay and Ty’s vision, and customized the design to fit that vision. The Holloway’s fly fishing business has no shortage of visual appeal, so Feynman harnessed it with stunning photos and a color scheme that captures the beauty of the McKenzie River. “Our primary goal with the Holloway Bros site was to convey a sense of adventure and excitement in order to spark the interest of potential clients,” said Nathan Johnson, a website developer at Feynman Group, Inc.
To make the Holloway Bros site easy to navigate, Feynman used a modern and clean setup. It’s even mobile friendly, so that potential clients can have an equally outstanding experience viewing from their phones. Since Feynman used the newest version of WordPress, it’s both up-to-date and secure. The site features a blog, photo gallery, personal testimonials, social media information, and more in order to gain maximum traction with potential and returning clients.
After seeing the final product, Ty Holloway said, “Working with the Feynman Group was a real pleasure; they were extremely helpful throughout the entire process. The service was very personal, and any questions that I had were met with a quick response. I would recommend their services to anyone looking to improve their web presence.”
Thanks to Feynman’s website design, development, and hosting the Holloway brothers now boast a modern and user-friendly online presence perfectly tailored to their business.
On Friday, October 21, 2016, Internet performance management company Dyn suffered a series of three distributed denial of service (DDoS) attacks, beginning at about 4:00 AM Pacific time and concluding at about 1:00 PM. The attack involving tens of millions of IP addresses affected users’ abilities to access the websites of many of Dyn’s customers, such as Twitter, Reddit, Spotify, Etsy, and others. Experts believe the attack was targeted at Dyn with one source of traffic sourcing from devices infected by the Mirai botnet.
What is a DDoS attack?
A DDoS attack is when an overwhelming amount of web traffic is directed at an online service (such as a website) in an attempt to make the service unavailable to legitimate users. In this case, tens of millions of IP addresses flooded Dyn’s Managed DNS infrastructure with requests, causing Dyn’s customers’ sites to either fail to load or load very slowly. In other words, many users attempting to do their morning scan through Twitter were disappointed when Twitter did not load.
What is DNS? Note that the following has been simplified for the sake of simple explanation.
The domain name system (DNS) is what’s responsible for converting a domain name into its associated IP address when a website is accessed. Think of it this way: if the IP address is a set of GPS coordinates (latitude and longitude) for a business, the domain name is the street address (123 Street Ave).
When any URL is typed into the address bar of the web browser, a request is sent to a DNS server (many actually) to translate the URL into its IP address, which is then sent back to the browser, telling it how to access the website at the specified URL.
The incident on the 21st occurred when a large number of devices (many infected by the Mirai botnet) attempted to make too many requests to Dyn’s DNS servers, and the overloaded servers could not send back information to fulfill any requests.
It’s important to note that DNS hosting (the service provided by Dyn in this case) differs from website hosting. The latter generally refers to the location on a web server where a website’s files are stored.
What is Mirai?
Mirai is a new type of malware that targets “Internet of Things” or smart-devices – things like CCTV cameras, DVRs, the Nest smart-thermostat, even Internet-connected cars and refrigerators. Mirai is able to take control of such devices and use them to flood a target with traffic. When millions of infected devices are directed toward a single target in a DDoS attack, it’s enough to bring the target down across the web for both legitimate and malicious users.
How can I keep my smart-devices safe?
Be selective with which smart-devices you use. Not all devices are created equally when it comes to security. Research before you buy, and always opt for the most secure devices, even if they cost more.
If possible, disconnect your smart devices from an internet connection when you’re not actively using them. If there is not an option to disconnect your device from the internet, make sure it is powered off and not in a “standby” state.
Keep your devices up to date with the most current software.
Always use strong passwords. Some devices such as webcams and CCTVs use default passwords and settings, making them especially attractive targets for malware. Read your manual or do a Google search on how to change the passwords for these devices.
If your smart device has been infected by Mirai, you may be able to clean it by rebooting the device, however this action alone will not protect your device from being re-infected.
Disable WPS connection on your wireless router, and make sure your Wi-Fi network is password protected.
Contact Feynman Group if you have any security concerns and we will work with you to implement solutions relevant to your specific needs.
Does a DDoS attack pose a threat to my website?
If you’re concerned about the resiliency of your hosting environment, contact Feynman Group to discuss whether or not changes to your current situation may be necessary.
Google plans to hammer another nail into Adobe Flash Player’s coffin, according to a recent publicly available proposal. The multimedia platform, which has faced a swathe of criticisms over it’s 20+ year lifespan, will presently face stifled support in Google’s popular Chrome browser.
According to the proposal, Google will continue to bundle Flash with Chrome, however when users visit webpages containing Flash content, they will now be prompted to allow the content before it is loaded, shifting closer to an “opt-in” type of model.
If the user chooses to load Flash content on a webpage, Chrome will remember the user’s settings for the domain, meaning Flash must only be allowed once on a webpage to continue serving content in the future. In addition, Chrome will initially default to allow Flash content on the top 10 sites (based on aggregate usage) for one year.
When these changes go into effect, users will still have the ability to set their own preferences, including an option to always run Flash content.
The end of the year is always a natural time for reflection, and as 2015 comes to a close, I’d like to share a bit of what the past year looked like for Feynman Group. One of the tenets we focused on this year as an organization was strength; strength in our actions, remaining strong through change, and of course strength in the services we provided. We also chose to concentrate on the ways we communicate, both in terms of the technological tools we use as well as how our communication helps us relate to each other as people. In these respects, Feynman Group has grown significantly over 2015 as an organization and as a team of skilled individuals.
With that said, the heart of our strength of course relies on our partners. We say our job is to give your business superpowers, and we truly value the opportunities you have presented us with to help you prosper through technology. On behalf of the whole Feynman Group team, I’d like to thank all of our partners, both new and familiar, for the chance to collaborate over this past year!
Looking ahead, I’d like to concentrate on consistency as a principle in the coming year. Consistency can be a nebulous concept, however to us, this stands for maintaining our high standards for superiority in service, staying present to ensure every detail is thoughtfully considered, and dedicating ourselves to following through on our word. And so my promise to you, as our partner, is to maintain consistency in 2016 as we continue to give your business superpowers!
President and Co-Founder
Adobe has confirmed another major vulnerability in its Flash Player just one day after releasing its monthly security update. The exploit, which affects Flash users across all platforms, including Windows, Mac, and Linux, allows attackers to crash and seize complete control of the user’s system. This grants attackers full access to users’ webcams, files, browsing history, online banking information, and any other sensitive data contained on the machine, opening the door for full-scale identity theft.
Adobe Flash is a software platform commonly used for animations, browser and mobile games, applications, interactive media, online advertisements, streaming video, and more. Though its popularity has dwindled consistently in recent years (in large part due to known security issues), many websites and applications still employ Flash for a variety of uses.
As of the time this posting, Adobe has issued a security bulletin containing an update to the vulnerable version of Flash, however the safest option for all users is to uninstall Flash. Thankfully, most users should be able to get by without the software installed on their machines, as many modern platforms have been slowly moving away from Flash.
SEO Cannibalization is when websites compete with their own keywords and content for traffic across search engines. This can be highly detrimental to them for two reasons:
Search Engine crawlers will be confused on how to effectively index and rank websites in results
Users themselves will be confused on which search result link to choose, or simply not find anything
Generally, SEO Cannibalization occurs within a single website containing duplicate keywords and content across the site’s internal pages. However, this applies across separate websites as well. For example, a company could have a franchise with two separate locations, Location1 and Location2. They want to have a strong brand, so naturally, they create a website for both locations; www.brandname-location1.com and www.brandname-location2.com. To add to this scenario, the company wants consistency within the franchises so all content across both websites are the same, the only differentiating factor consisting of their location-specific information.
Although these sites are optimized to perform well in search, the unfortunate mix of duplicate content, keywords, and URLs are causing the company to compete against itself across multiple facets. Considering search engines take the issue of Duplicate Content very seriously, it’s important to keep everything unique, even across separate websites. If one site is fully optimized, it seems intuitive to simply port all of this information over into Location2’s website to focus targeting efforts on geo-specific information. However, it’s important to fight this urge. Through simply porting all content over to a new website, it will inadvertently cause the company’s two websites to begin competing and “cannibalizing” each other in search, ultimately hurting both sites’ rankings.
How to fix it
The best approach to optimizing each location is to first decide on a single domain that will effectively and intuitively contain all content and locations. Ideally, this means having the url www.brandname.com, then creating a unique page for each individual location. In doing so, a company can promote the brand customers are familiar, while keeping their website fully optimized.
A great way to think about this is through looking at other big brands, such as Home Depot. They have locations all over, but they have a single, primary site under the domain url, www.homedepot.com. Meanwhile, each of their stores has its own location page, even stores within the same town. Take their South Beaverton location for example. They have created a unique page for this store, with location-specific information:
“The Home Depot S Beaverton – #4018 can help with all of your home improvement needs. Our address is 4401 Southwest 110th Ave, Beaverton, OR, 97005 and our phone number is (503)469-4242…”
This location-specific page allows search engines to index the page based on geographic location, centered on keywords specific to the local area without the unnecessary risk of pulling away ranking power from the primary branding domain. On top of this, it prevents them from getting penalized due to duplicate content issues. In other words, all keywords will remain intact on the main site, while separate locations will be ranked and found based on the main site’s primary keywords mixed with searchers’ location-specific keywords. Not only will this create a single powerful site for your business, but it will also mitigate any confusion for potential customers seeking the service.
Some approaches to correcting cannibalization issues include:
Selecting the most powerful domain across all current company URLs, i.e., observe which domain ranks higher overall in search, as well as which has the highest quality clientele.
Select a new domain that can effectively contain these two locations, while remaining intuitive to potential customers.
Once a primary domain has been selected, the next step will be to place 301 redirects on the secondary domains, redirecting them to the new primary domain. In doing so, all future SEO efforts will be focused to optimize the brand of one site using relevant keywords while creating and optimizing separate location pages using geo-specific keyword descriptors.
Feynman Group is proud to introduce our brand new redesigned website! You’ll immediately notice a fresh look, but this isn’t just a facelift. We completely overhauled the site’s structure, went all-out with modern, innovative visuals, and optimized each page from the ground up. Partially inspired by Google’s so-called “mobilegeddon,” we formed a game plan to thoroughly revamp Feynman Group’s presence on the web.
In order to satisfy the ambitious goals we set for ourselves, we approached this undertaking from a completely new angle. We knew without compromise that the final product had to function flawlessly in all common browsers and on all modern devices. Laptops, desktops, tablets, and phones, including those from Microsoft, Apple, and beyond all required equal attention. On top of that, we needed enough control such that we could tweak each element individually without any kinds of restrictions.
We also took this as an opportunity to revitalize our website’s search presence. It’s no secret that, without proper planning, redesigning your website can negatively affect previous search engine optimization efforts, but we wanted to take our preparations further. This meant carefully organizing our URL structure, thoughtfully shaping our written content, addressing all metadata, and countless other techniques which would boost our site’s search-friendliness.
Going forward, we’re eager to hear your thoughts on our new look! All comments, questions, and constructive criticism is welcome as we continue to improve our presence in the digital space. If you’d like to drop us a line or inquire on how we can bolster your web presence, feel free to visit our new contact page or give us a call at 541.342.5531 (Eugene) or 971.254.9922 (Portland).
The clock is ticking for those still using Windows Server 2003. As a matter of fact, the literal clock is ticking on Microsoft’s website as they count down to July 14th, 2015, the day Microsoft will cease to support any version of the popular Windows Server 2003 server operating system.
What exactly does this mean? Consider your other devices. Most likely, your computer prompts you periodically to install updates for various reasons; bug fixes, stability improvements, and security updates are some common cases. Mobile phones are similar. Apple releases minor iOS updates every few months, and even individual apps get updates frequently (glancing at my phone, I see Twitter was updated March 28th noting, “This update includes minor improvements”). All of these regular updates are made by the developers at their respective companies in an effort to continually improve their software and keep users safe from security exploits.
Unfortunately, software companies can only continue to update older versions of their products for so long before it’s no longer viable to do so, forcing users to migrate to more modern versions. Just as this is the case now with Windows Server 2003, the very same scenario occurred with Windows XP when Microsoft terminated support for the computer OS in April 2014 (though XP had a valiant 13-year run).
It is highly recommended that all present Windows Server 2003 users migrate to a current version before July 14th, 2015 in order to protect their infrastructure. Continuing to use Windows Server 2003 puts your data at serious risk. The lack of security patches paints a big bulls-eye on these machines for those looking to exploit holes in their defense. While it’s possible in some cases to restore data post-hack, it can be difficult if not impossible to fully recover after a security breach. In addition to security concerns, Microsoft will no longer provide technical support or warranty claims for Windows Server 2003 users, and many applications, including modern 64-bit standards, will no longer support the dead OS.
Perhaps the gravest consequence will affect users in industries which are regulated or handle regulated data, as they may fall out of industry compliance. In this case, Windows Server 2003 users may be legally required to migrate. For a more in depth analysis, this International Data Center white paper provides an excellent summation of the situation as a whole.
In light of the announcement, many commentators are suggesting Windows Server 2003 users migrate directly to Windows Server 2012 R2. In addition to a host of improvements and added features, 2003 users will appreciate 2012 R2’s high application compatibility, meaning the migration will be relatively straightforward. And for those considering taking the interim leap to Windows Server 2008, you may want to note that Microsoft ended mainstream support in January of 2015, and extended support is slated to end just five years from now in January of 2020.
All in all, when faced with the end of a product lifecycle, it’s always a good idea to take a step back and evaluate our use of technology. While it may be tempting to write off this announcement solely as a tech giant’s latest money-grubbing scheme, it’s important to remember that technology drives innovation just as much as innovation drives technology. If Microsoft continued to hold the hand of an aged software until the last user replaced it, who would be working to improve and expound upon it, to pioneer new technology solutions far beyond what anyone thought was possible? Windows Server 2003 had a good run after all. Twelve years ago, Chicago won 6 Academy Awards and Harry Potter and the Order of the Phoenix was published. Twelve years from now, there’s no telling how far technology will have advanced, and so we continue moving forward right along with it.
If you’re still using Windows Server 2003, Feynman Group would like to help you through your migration. Contact us to learn more and discuss your options.