Chrome shows “not secure” warning unless using HTTPS

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. (Google security blog) All websites, whether they require users log in or not, should switch to HTTPS in the near future. This is something most website […]

Choosing a WAF: Sucuri or Cloudflare?

If you don’t use a WAF on your website yet, 2017 is a great time to add the security of a Web Application Firewall. The two biggest WAF vendors are Sucuri and Cloudflare. Cloudflare provides great flexibility and many configuration options, giving you enough rope to hang yourself. Sucuri’s configuration is easier, but can also have […]

“Grizzly Steppe” hackers target NGOs, nonprofits, and corporations

According to the US DHS, Russian hackers targeted more than the DNC. Their “aggressive and sophisticated” cyberattacks also targeted universities, political organizations, and corporations. We expect these attacks to continue and possibly increase in 2017, using spearphishing and other methods. Here are a few tips to protect your data and privacy. (more…)

Single sign-on for associations

At its simplest, Single Sign-On (or SSO) is a method that allows a user to access multiple websites or tools with a single set of credentials. The most common use for associations is to let their members log on to their AMS and their website with a single username and password. So why is it important? And […]