Phishing the Fisherman, Chrome's URL, & Reddit/Pinterest's show time

July 10, 2020 by
Phishing the Fisherman, Chrome's URL, & Reddit/Pinterest's show time
Lighthouse IT Solutions, Matthew Almendinger

The Lighthouse IT Podcast - July 10th, 2020

Matt and Griffin discuss how Microsoft estimates that the global workforce will add 149 million new tech-oriented jobs by 2025, Free/Easy DNSSEC Upgrades for your site, Google's one year SSL certificates, Google testing feature to hide parts of the URL in Chrome's address bar, and Reddit and Pinterest, It's Time to Shine.

Listen here!

It's been some time since lockdowns were in place and businesses have now begun to re-open. With all the negative news that had been floating around, we have some perks coming from lockdown. Microsoft estimates that the global workforce will add 149 million new tech-oriented jobs by 2025. The job industry is shifting to roles that can be completed remotely. Other studies are showing that the automation space is expected to grow handily as well as remote workers are needing better workflows that rely less on manual and physical processes.

Security News

Free/Easy DNSSEC Upgrades for your site? Not so fast!

Our friends over at Naked Security were recently the humorous target to a phishing attempt that pretended to do "DNSSEC" upgrades to their site. The site quite cleverly impersonates your hosting company by inspecting the replies by a web server and reskinning itself using the proper logos and themes. From there it asks you to "login", then pretends to do some stuff and errors out.

While DNSSEC is a real thing, you should always scrutinize emails for their authenticity. Additionally, DNSSEC is implemented by your DNS host, not your webhost (though sometimes they may be the same thing). Implementing DNSSEC is more complex than simply entering credentials in an email.

Tips to protect yourself from these types of scams:

  • Don't login to sites from email links.
  • Use two-factor authentication as much as possible.
  • Consider a Password Manager tool (maybe not pen and paper) Try MyGlue!
  • Use an antivirus product such as Sophos to help determine site legitimacy.
  • Use a content filtering product such as our new Harmony DNS Filtering.

READ MORE

Google's New SSL Policy

In February, Apple announced that they were going to limit web certificate validity to 1 year when checking via their Safari browser and apparently Google thinks that's a pretty solid idea, too. SSL certificates that have a start date after September of this year will trigger an error if they are valid longer than 12 months. The goal is to reduce the likelihood of the SSL certificate being replicated for scam attempts.

While this is great in theory, it raises questions in the industry. It is being backed by two companies that others will likely follow suit and the changes are disputed for the validity of their overall security impact. While longer certificates may give bad actors more time to clone and use an SSL certificate, it also costs more in management to deploy the certificates and maintain the active infrastructure.

It's important to note that these changes are not imposed by any certified board and were not proposed in any industry agreement, so it will be interesting to see how this all plays out. Given the dominance of the Google Chrome browser and Apple's Safari, this could push the rest of the industry to fall in line.

READ MORE

Marketing Tips/News

Google Chrome's Unofficial Address Bar Changes

Nothing has been officially announced just yet but Android Police, a research group, spotted some new flags in Google Chrome's Dev and Canary channels of version 85 that modify the appearance and behavior of the address bar that contains the website link. Chrome has had some major updates to the address bar in the past, including removing the scheme and putting a — Not Secure' banner for http sites, but this is a much bigger update.

So what does this really do?

The main flag spotted by Android Police, called — Omnibox UI Hide Steady-State URL Path, Query and Ref,' hides everything in the URL except the domain name. For example, if you went to "https://hub.lighthousesol.com/blog/lighthouse-it-blog-1/making-use-of-the-downtime-207" Chrome would show "lighthousesol.com" instead.

This results in a few things:

  • Makes search engines even more important. (Guess who owns chrome? Google!)
  • Makes phishing more difficult to imitate the web addresses.
  • Once deployed, it will automatically be on and could manually be turned off.

READ MORE

Reddit and Pinterest, It's Time to Shine

Previously, we discussed social platforms that marketers commonly miss like Twitch, PlayStation Network, and Xbox Live. Today, let's look at Reddit and Pinterest. Both platforms have been overlooked for a while. With Reddit, that's for good reason. It has been dubbed the — wild west' for a long time, but recently they have tried to clean up their platform to be more brand friendly. By instituting "brand safety controls", they have created a place for advertisers to reach niche audiences and it is now a decent place to market.

Pinterest on the other hand, has been there for years. According to a Business Insider Intelligence study in 2019, Pinterest was second only to LinkedIn in terms of user trust in social platforms. Since the boycott of Facebook recently, many companies like Eddie Bauer and The North Face are reallocating bucks to Pinterest.

READ MORE