by Mike Wilson
Posted on 2016-10-25 23:54:47
On Friday, October 21, 2016, Internet performance management company Dyn suffered a series of three distributed denial of service (DDoS) attacks, beginning at about 4:00 AM Pacific time and concluding at about 1:00 PM. The attack involving tens of millions of IP addresses affected users’ abilities to access the websites of many of Dyn’s customers, such as Twitter, Reddit, Spotify, Etsy, and others. Experts believe the attack was targeted at Dyn with one source of traffic sourcing from devices infected by the Mirai botnet.
What is a DDoS attack?
A DDoS attack is when an overwhelming amount of web traffic is directed at an online service (such as a website) in an attempt to make the service unavailable to legitimate users. In this case, tens of millions of IP addresses flooded Dyn’s Managed DNS infrastructure with requests, causing Dyn’s customers’ sites to either fail to load or load very slowly. In other words, many users attempting to do their morning scan through Twitter were disappointed when Twitter did not load.
What is DNS?
Note that the following has been simplified for the sake of simple explanation.
The domain name system (DNS) is what’s responsible for converting a domain name into its associated IP address when a website is accessed. Think of it this way: if the IP address is a set of GPS coordinates (latitude and longitude) for a business, the domain name is the street address (123 Street Ave).
When any URL is typed into the address bar of the web browser, a request is sent to a DNS server (many actually) to translate the URL into its IP address, which is then sent back to the browser, telling it how to access the website at the specified URL.
The incident on the 21st occurred when a large number of devices (many infected by the Mirai botnet) attempted to make too many requests to Dyn’s DNS servers, and the overloaded servers could not send back information to fulfill any requests.
It’s important to note that DNS hosting (the service provided by Dyn in this case) differs from website hosting. The latter generally refers to the location on a web server where a website’s files are stored.
What is Mirai?
Mirai is a new type of malware that targets “Internet of Things” or smart-devices – things like CCTV cameras, DVRs, the Nest smart-thermostat, even Internet-connected cars and refrigerators. Mirai is able to take control of such devices and use them to flood a target with traffic. When millions of infected devices are directed toward a single target in a DDoS attack, it’s enough to bring the target down across the web for both legitimate and malicious users.
How can I keep my smart-devices safe?
- Be selective with which smart-devices you use. Not all devices are created equally when it comes to security. Research before you buy, and always opt for the most secure devices, even if they cost more.
- If possible, disconnect your smart devices from an internet connection when you’re not actively using them. If there is not an option to disconnect your device from the internet, make sure it is powered off and not in a “standby” state.
- Keep your devices up to date with the most current software.
- Always use strong passwords. Some devices such as webcams and CCTVs use default passwords and settings, making them especially attractive targets for malware. Read your manual or do a Google search on how to change the passwords for these devices.
- If your smart device has been infected by Mirai, you may be able to clean it by rebooting the device, however this action alone will not protect your device from being re-infected.
- Disable WPS connection on your wireless router, and make sure your Wi-Fi network is password protected.
- Contact Feynman Group if you have any security concerns and we will work with you to implement solutions relevant to your specific needs.
Does a DDoS attack pose a threat to my website?
If you’re concerned about the resiliency of your hosting environment, contact Feynman Group to discuss whether or not changes to your current situation may be necessary.
Note, Feynman Group, Inc. is not affiliated with and does not endorse any of the websites, articles, or authors referenced in this post.
by Mike Wilson
Posted on 2016-05-16 21:22:47
Google plans to hammer another nail into Adobe Flash Player’s coffin, according to a recent publicly available proposal. The multimedia platform, which has faced a swathe of criticisms over it’s 20+ year lifespan, will presently face stifled support in Google’s popular Chrome browser.
According to the proposal, Google will continue to bundle Flash with Chrome, however when users visit webpages containing Flash content, they will now be prompted to allow the content before it is loaded, shifting closer to an “opt-in” type of model.
If the user chooses to load Flash content on a webpage, Chrome will remember the user’s settings for the domain, meaning Flash must only be allowed once on a webpage to continue serving content in the future. In addition, Chrome will initially default to allow Flash content on the top 10 sites (based on aggregate usage) for one year.
When these changes go into effect, users will still have the ability to set their own preferences, including an option to always run Flash content.
The shift comes alongside Google’s continued efforts to phase out Adobe Flash content in favor of HTML5. In the Fall, Chrome began blocking Flash based ads by default and Google plans to fully ban them by the start of next year.
The updates will likely impact Flash significantly, as Chrome reportedly holds a staggering 70% of web browser usage as of April 2016.
by Scotty McConnell
Posted on 2015-12-30 21:47:11
Friends and Partners,
The end of the year is always a natural time for reflection, and as 2015 comes to a close, I’d like to share a bit of what the past year looked like for Feynman Group. One of the tenets we focused on this year as an organization was strength; strength in our actions, remaining strong through change, and of course strength in the services we provided. We also chose to concentrate on the ways we communicate, both in terms of the technological tools we use as well as how our communication helps us relate to each other as people. In these respects, Feynman Group has grown significantly over 2015 as an organization and as a team of skilled individuals.
With that said, the heart of our strength of course relies on our partners. We say our job is to give your business superpowers, and we truly value the opportunities you have presented us with to help you prosper through technology. On behalf of the whole Feynman Group team, I’d like to thank all of our partners, both new and familiar, for the chance to collaborate over this past year!
Looking ahead, I’d like to concentrate on consistency as a principle in the coming year. Consistency can be a nebulous concept, however to us, this stands for maintaining our high standards for superiority in service, staying present to ensure every detail is thoughtfully considered, and dedicating ourselves to following through on our word. And so my promise to you, as our partner, is to maintain consistency in 2016 as we continue to give your business superpowers!
President and Co-Founder
by Mike Wilson
Posted on 2015-10-16 21:40:00
Adobe has confirmed another major vulnerability in its Flash Player just one day after releasing its monthly security update. The exploit, which affects Flash users across all platforms, including Windows, Mac, and Linux, allows attackers to crash and seize complete control of the user’s system. This grants attackers full access to users’ webcams, files, browsing history, online banking information, and any other sensitive data contained on the machine, opening the door for full-scale identity theft.
Adobe Flash is a software platform commonly used for animations, browser and mobile games, applications, interactive media, online advertisements, streaming video, and more. Though its popularity has dwindled consistently in recent years (in large part due to known security issues), many websites and applications still employ Flash for a variety of uses.
As of the time this posting, Adobe has issued a security bulletin containing an update to the vulnerable version of Flash, however the safest option for all users is to uninstall Flash. Thankfully, most users should be able to get by without the software installed on their machines, as many modern platforms have been slowly moving away from Flash.
To uninstall Flash Player from your Windows machine, follow these instructions. Mac users can find instructions here. Finally, to disable Flash in your browser, see these instructions for a complete list of modern browsers.
For more technical details and deeper explanation, you may download Feynman Group’s security brief: FeynmanGroup_FlashSecurityBrief_101615
by Mark Tschetter
Posted on 2015-06-17 21:32:33
SEO Cannibalization is when websites compete with their own keywords and content for traffic across search engines. This can be highly detrimental to them for two reasons:
- Search Engine crawlers will be confused on how to effectively index and rank websites in results
- Users themselves will be confused on which search result link to choose, or simply not find anything
Generally, SEO Cannibalization occurs within a single website containing duplicate keywords and content across the site’s internal pages. However, this applies across separate websites as well. For example, a company could have a franchise with two separate locations, Location1 and Location2. They want to have a strong brand, so naturally, they create a website for both locations; www.brandname-location1.com and www.brandname-location2.com. To add to this scenario, the company wants consistency within the franchises so all content across both websites are the same, the only differentiating factor consisting of their location-specific information.
Although these sites are optimized to perform well in search, the unfortunate mix of duplicate content, keywords, and URLs are causing the company to compete against itself across multiple facets. Considering search engines take the issue of Duplicate Content very seriously, it’s important to keep everything unique, even across separate websites. If one site is fully optimized, it seems intuitive to simply port all of this information over into Location2’s website to focus targeting efforts on geo-specific information. However, it’s important to fight this urge. Through simply porting all content over to a new website, it will inadvertently cause the company’s two websites to begin competing and “cannibalizing” each other in search, ultimately hurting both sites’ rankings.
How to fix it
The best approach to optimizing each location is to first decide on a single domain that will effectively and intuitively contain all content and locations. Ideally, this means having the url www.brandname.com, then creating a unique page for each individual location. In doing so, a company can promote the brand customers are familiar, while keeping their website fully optimized.
A great way to think about this is through looking at other big brands, such as Home Depot. They have locations all over, but they have a single, primary site under the domain url, www.homedepot.com. Meanwhile, each of their stores has its own location page, even stores within the same town. Take their South Beaverton location for example. They have created a unique page for this store, with location-specific information:
“The Home Depot S Beaverton – #4018 can help with all of your home improvement needs. Our address is 4401 Southwest 110th Ave, Beaverton, OR, 97005 and our phone number is (503)469-4242…”
This location-specific page allows search engines to index the page based on geographic location, centered on keywords specific to the local area without the unnecessary risk of pulling away ranking power from the primary branding domain. On top of this, it prevents them from getting penalized due to duplicate content issues. In other words, all keywords will remain intact on the main site, while separate locations will be ranked and found based on the main site’s primary keywords mixed with searchers’ location-specific keywords. Not only will this create a single powerful site for your business, but it will also mitigate any confusion for potential customers seeking the service.
Some approaches to correcting cannibalization issues include:
- Selecting the most powerful domain across all current company URLs, i.e., observe which domain ranks higher overall in search, as well as which has the highest quality clientele.
- Select a new domain that can effectively contain these two locations, while remaining intuitive to potential customers.
Once a primary domain has been selected, the next step will be to place 301 redirects on the secondary domains, redirecting them to the new primary domain. In doing so, all future SEO efforts will be focused to optimize the brand of one site using relevant keywords while creating and optimizing separate location pages using geo-specific keyword descriptors.
by Mark Tschetter
Posted on 2015-06-01 22:23:02
Feynman Group is proud to introduce our brand new redesigned website! You’ll immediately notice a fresh look, but this isn’t just a facelift. We completely overhauled the site’s structure, went all-out with modern, innovative visuals, and optimized each page from the ground up. Partially inspired by Google’s so-called “mobilegeddon,” we formed a game plan to thoroughly revamp Feynman Group’s presence on the web.
In order to satisfy the ambitious goals we set for ourselves, we approached this undertaking from a completely new angle. We knew without compromise that the final product had to function flawlessly in all common browsers and on all modern devices. Laptops, desktops, tablets, and phones, including those from Microsoft, Apple, and beyond all required equal attention. On top of that, we needed enough control such that we could tweak each element individually without any kinds of restrictions.
We also took this as an opportunity to revitalize our website’s search presence. It’s no secret that, without proper planning, redesigning your website can negatively affect previous search engine optimization efforts, but we wanted to take our preparations further. This meant carefully organizing our URL structure, thoughtfully shaping our written content, addressing all metadata, and countless other techniques which would boost our site’s search-friendliness.
Going forward, we’re eager to hear your thoughts on our new look! All comments, questions, and constructive criticism is welcome as we continue to improve our presence in the digital space. If you’d like to drop us a line or inquire on how we can bolster your web presence, feel free to visit our new contact page or give us a call at 541.342.5531 (Eugene) or 971.254.9922 (Portland).
by Mike Wilson
Posted on 2015-04-02 22:30:20
The clock is ticking for those still using Windows Server 2003. As a matter of fact, the literal clock is ticking on Microsoft’s website as they count down to July 14th, 2015, the day Microsoft will cease to support any version of the popular Windows Server 2003 server operating system.
What exactly does this mean? Consider your other devices. Most likely, your computer prompts you periodically to install updates for various reasons; bug fixes, stability improvements, and security updates are some common cases. Mobile phones are similar. Apple releases minor iOS updates every few months, and even individual apps get updates frequently (glancing at my phone, I see Twitter was updated March 28th noting, “This update includes minor improvements”). All of these regular updates are made by the developers at their respective companies in an effort to continually improve their software and keep users safe from security exploits.
Unfortunately, software companies can only continue to update older versions of their products for so long before it’s no longer viable to do so, forcing users to migrate to more modern versions. Just as this is the case now with Windows Server 2003, the very same scenario occurred with Windows XP when Microsoft terminated support for the computer OS in April 2014 (though XP had a valiant 13-year run).
It is highly recommended that all present Windows Server 2003 users migrate to a current version before July 14th, 2015 in order to protect their infrastructure. Continuing to use Windows Server 2003 puts your data at serious risk. The lack of security patches paints a big bulls-eye on these machines for those looking to exploit holes in their defense. While it’s possible in some cases to restore data post-hack, it can be difficult if not impossible to fully recover after a security breach. In addition to security concerns, Microsoft will no longer provide technical support or warranty claims for Windows Server 2003 users, and many applications, including modern 64-bit standards, will no longer support the dead OS.
Perhaps the gravest consequence will affect users in industries which are regulated or handle regulated data, as they may fall out of industry compliance. In this case, Windows Server 2003 users may be legally required to migrate. For a more in depth analysis, this International Data Center white paper provides an excellent summation of the situation as a whole.
In light of the announcement, many commentators are suggesting Windows Server 2003 users migrate directly to Windows Server 2012 R2. In addition to a host of improvements and added features, 2003 users will appreciate 2012 R2’s high application compatibility, meaning the migration will be relatively straightforward. And for those considering taking the interim leap to Windows Server 2008, you may want to note that Microsoft ended mainstream support in January of 2015, and extended support is slated to end just five years from now in January of 2020.
All in all, when faced with the end of a product lifecycle, it’s always a good idea to take a step back and evaluate our use of technology. While it may be tempting to write off this announcement solely as a tech giant’s latest money-grubbing scheme, it’s important to remember that technology drives innovation just as much as innovation drives technology. If Microsoft continued to hold the hand of an aged software until the last user replaced it, who would be working to improve and expound upon it, to pioneer new technology solutions far beyond what anyone thought was possible? Windows Server 2003 had a good run after all. Twelve years ago, Chicago won 6 Academy Awards and Harry Potter and the Order of the Phoenix was published. Twelve years from now, there’s no telling how far technology will have advanced, and so we continue moving forward right along with it.
If you’re still using Windows Server 2003, Feynman Group would like to help you through your migration. Contact us to learn more and discuss your options.
by Mark Tschetter
Posted on 2015-03-20 20:52:49
“Starting April 21, we will be expanding our use of mobile-friendliness as a ranking signal. This change will affect mobile searches in all languages worldwide and will have a significant impact in our search results. Consequently, users will find it easier to get relevant, high quality search results that are optimized for their devices.”
-Google Webmaster Central Blog, 2/26/15
If you needed any more reason to optimize your website for mobile devices, Google will begin penalizing websites that do not offer tablet and phone users a seamless experience. Since November 2014, Google has already been distinguishing mobile-friendly sites in search results, however the latest changes will specifically rank mobile-friendly sites higher than non-mobile-friendly pages when users search from their phones or tablets.
This so-called “Mobilegeddon” is not the first time Google has significantly changed its algorithms to cater to the mobile web. Back in June 2013, Google posted a similar announcement to their Webmaster Central Blog which included some common errors and how to correct them. The latest announcement is likely another sign of what’s to come as the mobile web market continues to soar and as wearables find their place as an emerging technology.
Many websites are taking advantage of responsive and adaptive web design practices in order to maintain a consistent user experience across devices. Sites that are designed with mobile in mind also eliminate the need for separate desktop and mobile versions, offering the best of both worlds. For a solid demonstration of some common responsive and adaptive design principles, Fast Company’s article brilliantly illustrates the idea with simple visuals. If you’d like to learn more about how Google’s changes will affect you or how you can enhance your website for mobile users, contact a member of Feynman Group’s digital marketing team.
Developing web content with relative units is one technique associated with responsive design. Courtesy of Fast Company
by Mark Tschetter
Posted on 2015-03-02 21:32:27
WVO and Feynman Group at the Sportsmens Expo 2015
Willamette Valley Outfitters specializes in salmon and steelhead fishing on Oregon’s coastal rivers and the southern Willamette Valley.
Founded in 2002 by Kyle Buschelman, Willamette Valley Outfitters has earned a name that evokes visions of beautiful Oregon scenery, day-long drifts down the Valley’s best waters, and of course, more salmon and steelhead than you can shake a stick at, if you’ll pardon the pun. Kyle is a master fishing guide who strives simply to provide his clients with an incredibly enjoyable yet completely professional experience.
When Kyle initially met with Feynman Group, his website, like many others’ in his industry, was basic, if not sparse, offering only the essential Willamette Valley Outfitters information. The site served its core purpose; to inform customers what WVO does and how to book a trip. With that in mind, Feynman Group and Willamette Valley Outfitters partnered up to develop a brand new site that would reflect Kyle’s distinct professionalism, while highlighting the entertainment and sport of his line of work. Alongside development, Feynman Group sought to incorporate best SEO practices in the new site and concurrently roll out a complete strategic social media campaign.
Feynman Group designed the new WVO site to be responsive, meaning the site provides an optimal user experience on any device. The site actually adapts to the different screen sizes of devices such as computer monitors, tablets, and phones, and necessary navigational changes are made accordingly, all without interfering with the primary front-end user experience.
Willamette Valley Outfitters’ site incorporates a lot of eye candy to bring the site to life. Vibrant photos and images catch the eye, a seamless, content-saturated homepage adds an interactive experience, and features like rolling video and detailed maps give the site added character. Getting it all to look right was half the battle, the other being to verify everything functioned correctly in all browsers and devices. While this posed a serious challenge, Feynman Group’s developers exhaustively tested each feature for quality assurance.
Another unique feature Feynman Group incorporated in WVO’s new site was extensive copy-writing. Coming from a point where there was previously very little written content, Feynman Group worked closely alongside Kyle to produce natural and authentic copy, incorporating extensive research on the subject matter. The result is an informative resource on WVO and fishing in Oregon that’s also easy to read and digest.
Feynman Group launched the new Willamette Valley Outfitters website in late February, and the response has been fantastic. In all, the site is an exercise not only in fun and rich design, but exceptional function and usability. If you like what you see, contact Kyle Buschelman to book your guided fishing trip. I hear the King and Coho will be wild this August!
Willamette Valley Outfitters Guide Kyle Buschelman
by Mark Tschetter
Posted on 2015-02-17 18:03:33
Kids’ FIRST’s mission is simple: to provide intervention and advocacy for children who are victims of, or witnesses to, crime.
The Kids’ FIRST Center opened its doors in Lane County, Oregon in 1994 with the intent of taking a multidisciplinary team approach to child abuse intervention. For victims and witnesses of child abuse, the repeated interviews, technical processes, and general bureaucracy surrounding the justice system can be taxing and confusing experiences. Kids’ FIRST sought to ease this process by consolidating all of the resources a child would need under one roof.
The Center, whose name is actually an acronym for Kids’ Forensic Intervention Response & Support Team, acts under direct supervision of the Lane County District Attorney’s office. Currently the Kids’ FIRST Board is involved with the task of migrating the Center away from the DA’s office and becoming a completely self-standing non-profit organization. Hence, the Board determined in late 2014 that the Center needed a new website to better reach the community and help raise awareness.
Feynman Group diligently worked alongside the Kids’ FIRST staff to define clear goals and expectations for their new site, then quickly got to work developing a polished, easy to navigate, and fully responsive product.
The new Kids’ FIRST website is fully responsive, meaning as the size of the screen changes, the site changes accordingly.
One unique feature to the site is its multilingual integration. Not wanting to exclude Lane County’s Spanish-speaking population, Kids’ FIRST and Feynman Group looked for a way to seamlessly integrate both Spanish and English content on the site without fully relying on clunky, automated solutions. After researching different options, the WordPress Multilingual Plugin ended up being an effective solution, and their willingness to supply non-profit organizations with a subscription free-of-charge was the icing on the cake.
Feynman Group’s own Jason Kunz sits on the Kids’ FIRST Board of Directors and plays an integral part of the fundraising team to help recruit new members. When asked why he volunteers with the Center, Jason replied, “There is a huge need in our community for dedicated individuals to help with non-profit organizations that help kids and others in need.” He added,
I am a father, I have kids that have friends that come from non-ideal backgrounds, so anything I can do to help make a difference in the lives of others is very motivating… Especially for children that are abused and can’t help themselves.
The Center does not charge for its services and advertises no waiting lists. Because the Center is funded solely by grants and private donations, paid staff is small and volunteers are integral. Two major goals for the new site were to streamline the giving process and to make it easier to stay informed. Using simple techniques, Feynman Group ensured that visitors to the site would have access to those tools with minimal effort, ultimately benefiting the Center.
On the new Kids’ FIRST website, Jason Kunz simply commented,
I’ve done a lot of volunteering, board work, but nothing is as important and fulfilling to me as the work I do as a Board Member of Kids’ FIRST. The website is a fantastic reflection of the partnership between Feynman and the Center.
If you know a child in need, contact the Kids’ FIRST Center online, by phone at (541) 682-3938 Monday through Friday 8:00 AM to 5:00 PM, or in person at:
2675 MLK Jr. Blvd
Eugene, OR 97401