People often believe that failing eyesight is an inevitable result of aging or eye strain. In truth, a healthy lifestyle can significantly reduce the risk of eye health problems. The Age-Related Eye Disease Study (AREDS), published in 2001, found that certain nutrients — zinc, copper, vitamin C, vitamin […]
Month: March 2019
Ambitious workers are always looking for a great career tip that will help them grab the corporate ring. While the following tips aren’t your run-of-the-mill pieces of career advice, they’ll help you launch a successful, lucrative career. 1. Focus on professional success before looking for […]
You may not think your site has anything worth being hacked for, but websites are compromised all the time. The majority of website security breaches are not to steal your data or mess with your website layout, but instead attempts to use your server as an email relay for spam, or to set up a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware.
Hacking is regularly performed by automated scripts written to scour the internet in an attempt to exploit known website security issues in software. Here are our top nine tips to help keep you and your site safe online.
01. Keep software up to date
It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.
If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.
If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.
Many developers use tools like Composer, npm, or RubyGems to manage their software dependencies, and security vulnerabilities appearing in a package you depend on but aren’t paying any attention to is one of the easiest ways to get caught out. Ensure you keep your dependencies up to date, and use tools like Gemnasium to get automatic notifications when a vulnerability is announced in one of your components.
02. Watch out for SQL injection
SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.
Consider this query:
"SELECT * FROM table WHERE column = '" + parameter + "';"
If an attacker changed the URL parameter to pass in ‘ or ‘1’=’1 this will cause the query to look like this:
"SELECT * FROM table WHERE column = '' OR '1'='1';"
Since ‘1’ is equal to ‘1’ this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.
You could fix this query by explicitly parameterising it. For example, if you’re using MySQLi in PHP this should become:
$stmt = $pdo->prepare('SELECT * FROM table WHERE column = :value'); $stmt->execute(array('value' => $parameter));
03. Protect against XSS attacks
The key here is to focus on how your user-generated content could escape the bounds you expect and be interpreted by the browser as something other that what you intended. This is similar to defending against SQL injection. When dynamically generating HTML, use functions that explicitly make the changes you’re looking for (e.g. use element.setAttribute and element.textContent, which will be automatically escaped by the browser, rather than setting element.innerHTML by hand), or use functions in your templating tool that automatically do appropriate escaping, rather than concatenating strings or setting raw HTML content.
04. Beware of error messages
Be careful with how much information you give away in your error messages. Provide only minimal errors to your users, to ensure they don’t leak secrets present on your server (e.g. API keys or database passwords). Don’t provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.
05. Validate on both sides
Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.
06. Check your passwords
Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.
Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.
In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords, the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.
Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.
07. Avoid file uploads
Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded, however innocent it may look, could contain a script that when executed on your server, completely opens up your website.
If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not foolproof. Most images formats allow storing a comment section that could contain PHP code that could be executed by the server.
So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but don’t rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.
Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can’t be executed. If using *nix, you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.
deny from all <Files ~ "^\w+\.(gif|jpe?g|png)$"> order deny,allow allow from all </Files>
Ultimately, the recommended solution is to prevent direct access to uploaded files altogether. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:
<img src="/imageDelivery.php?id=1234" /> <?php // imageDelivery.php // Fetch image filename from database based on $_GET["id"] ... // Deliver image to browser Header('Content-Type: image/gif'); readfile('images/'.$fileName); ?>
Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.
Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don’t have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.
If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.
If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed.
Finally, don’t forget about restricting physical access to your server.
08. Use HTTPS
HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees that users are talking to the server they expect, and that nobody else can intercept or change the content they’re seeing in transit.
If you have anything that your users might want private, it’s highly advisable to use only HTTPS to deliver it. That of course means credit card and login pages (and the URLs they submit to) but typically far more of your site too. A login form will often set a cookie for example, which is sent with every other request to your site that a logged-in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site.
That’s no longer as tricky or expensive as it once was. Let’s Encrypt provides totally free and automated certificates, which you’ll need to enable HTTPS, and there are existing community tools available for a wide range of common platforms and frameworks to automatically set this up for you.
Notably Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. Insecure HTTP is on its way out, and now’s the time to upgrade.
Already using HTTPS everywhere? Go further and look at setting up HTTP Strict Transport Security (HSTS), an easy header you can add to your server responses to disallow insecure HTTP for your entire domain.
09. Get website security tools
Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.
There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL Injection.
Some free tools that are worth looking at:
- Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS
- OpenVAS Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessusbefore it became a closed-source commercial product.
- SecurityHeaders.io (free online check). A tool to quickly report which security headers mentioned above (such as CSP and HSTS) a domain has enabled and correctly configured.
- Xenotix XSS Exploit Framework A tool from OWASP (Open Web Application Security Project) that includes a huge selection of XSS attack examples, which you can run to quickly confirm whether your site’s inputs are vulnerable in Chrome, Firefox and IE.
The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren’t a concern for your site.
There are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.
So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or uploading a server side script.
Don’t take your eyes for granted. Take these easy steps to keep your peepers healthy. 1. Eat Well Good eye health starts with the food on your plate. Nutrients like omega-3 fatty acids, lutein, zinc, and vitamins C and E might help ward off age-related vision problems like macular degeneration and cataracts. To get them, fill your plate […]
The Internet is a vast and powerful resource and can be overwhelming for some users. Below we have provided our top 10 tips and tricks for utilizing the Internet and an Internet browser. Take advantage of tabbed browsing Take full advantage of tabbed browsingon all Internet […]
I’m excited to share with my top 26 natural beauty tips that I’ve learned over the years doing skincare research and in naturopathic medical practice.
These are super easy to do at home with just a few ingredients.
As an alternative to expensive, invasive procedures and toxic skincare ingredients, I’m sharing these do-it-yourself tips to help you save time, money, and your health.
And, the best part is you’re using the healing powers of nature and supporting your body’s innate healing capacities to look naturally beautiful.
1. Eliminate Tired Puffy Eyes With Chilled Tea Bags
Briefly steep 2 green, black, or chamomile tea bags in hot water for less than a minute. Then remove the tea bags from the water and chill in a small bowl in the refrigerator. Once chilled, place 1 bag over each closed eyelid. Leave on your lids for 5 to 15 minutes. Watch this video if you’d like to see me explain this.
2. Use Raspberries And Coconut Oil For Brighter Lips
In a small saucepan on low heat, warm 1 Tablespoon coconut oil until it liquefies. Remove from heat and add 4 fresh or frozen red raspberries. Mash berries and blend until smooth. Place in a small glass container and refrigerate until firm. Use clean fingers or a lipgloss brush to smooth over lips. Make this fresh every few days.
3. Get A Natural Face Lift With Simple Yoga Poses
Doing inverted postures before pictures, interviews, and meetings can improve circulation and help give your face some extra lift and vitality. You perform the “downward dog” yoga pose by getting on the floor on your hands and knees and then straightening your legs. Or, simply bend forward and reach towards your toes. Stay in one of these positions as long as you feel comfortable, for about 1 to 5 minutes. If you have physical limitations such as injuries or back pain, check with your healthcare provider about how to modify this posture. Here are 7 different poses you can do for glowing skin.
4. Get Soft, Kissable Skin With A Natural Pomegranate, Raspberry, and Sweet Almond Oil Blend
Naturally hydrate dry skin and add an extra glow to the end of your skincare routine by creating a natural antioxidant-rich oil blend. Apply after cleansing or after putting on makeup. Mix together equal parts Pomegranate seed oil, Raspberry seed oil, and Sweet Almond Oil, or get the already made The Spa Dr. Glow Boost.
Place 3 to 6 drops of the oil mixture in the palm of your hand, rub your hands together to warm the oils. Then, with your fingertips gently press the warm oil into dry areas of your face or areas where you have fine lines and wrinkles.
5. Reduce Skin Creases By Changing Your Pillowcase
Instead of coarser fabrics, choose a pillowcase that is soft and silky to decrease the friction and skin compression that occurs while you sleep and leaves you with extra lines in the morning. If you sleep on your side, try switching sides occasionally or sleeping on your back, so your face doesn’t wrinkle over time from pressure in certain areas. But, don’t stress about this… ultimately, you want to be comfortable because high-quality sleep is essential for natural beauty. Here are some other beauty sleep tips from my friend Kathy Smith.
6. Hydrate Dry Skin With Coconut Water
Start your morning with a glass of fresh unsweetened coconut water. And, throughout the day, drink filtered water. At meals include skin-hydrating foods such as wild salmon, avocado, olives, and coconut.
7. Prevent Sun Damaged Skin By Eating Wild Salmon
Astaxanthin is a potent antioxidant that helps protect skin from the harmful effects of UVA sun damage, acting almost like an internal sunblock. It’s found in seafood such as salmon, krill, shrimp, lobster, crabs, and crayfish. You can also get astaxanthin through supplements.
Enjoy several servings per week of wild salmon and seafood and consider taking a supplement every day, especially during sunny times of the year. You also want to protect your skin on the outside with a natural sun protector.
8. Remove Dead Skin And Revitalize Your Face With An Organic Papaya Mask
Many exfoliants contain abrasive ingredients that scratch your skin, which may damage the skin and speed signs of aging. Instead, it’s better to use an enzymatic exfoliant. Papaya contains the natural enzyme papain, and pineapple contains the enzyme bromelain, which helps naturally exfoliate the skin to leave it smooth and soft. Greener (unripe) papayas have higher amounts of papain, so opt for these to get the best benefit. If you have sensitive skin, use ripe papayas as they are less likely to trigger an inflammatory reaction.
Scoop out a ¼ cup raw papaya flesh and mash or blend with 1 Tablespoon fresh pineapple until smooth. Apply to dry skin and leave on for 5 to 15 minutes. Then rinse with cool water. If you have sensitive skin, do a patch test on your arm before applying to face.
The alpha hydroxy acids and the enzymes in this recipe dissolve dry, dead skin. You only need to do this once or twice per week.
9. Turn Mineral Makeup Powder Into A Natural Sunblock
Use tinted mineral sunblock instead of foundation or mix your favorite mineral makeup powder with a sunblock like this one for a natural makeup that is light and protects your skin from the sun’s damaging effects. Mineral-based (zinc oxide) sunblocks sometimes appear white and pasty so adding a mineral makeup tint helps your skin look glowing and smooth. Watch this video tutorial to see how.
10. Hydrate And Nourish Lips With Shea Butter
Traditional chapsticks contain petrolatum, mineral oil, and hormone-disrupting oxybenzone. Replace these with nourishing natural ingredients such as shea butter (or cocoa butter) and coconut oil. Make your own lip salve using equal parts of these ingredients or follow my friend Katie’s (Wellness Mama) DIY recipe here.
11. Get Clear Radiant Skin By Cutting Sugar Out
Sugar is the biggest contributor to inflammation that shows up on the skin as acne, dry itchy skin, and wrinkles. Try cutting sugar from your diet for 10 days, especially if you have an important day coming up and want to look your best.
12. Reduce Fine Lines And Wrinkles With Bone Broth
Collagen helps give our skin its tone and is crucial for reducing fine lines and wrinkles. Since production naturally depletes as we age, consider taking a high-quality collagen supplement from a clean source. Bone broth and gelatin contain collagen, and vitamin C helps with collagen production. My colleague Dr. KellyAnn Petrucci loves bone broth and she shares how it can make you look younger.
13. Cleanse Your Skin With Almond Oil
Switch from bar to liquid soap that doesn’t lather. Instead of stripping your skin with foamy cleansers, nourish your skin while you cleanse for a healthy clean glow. You can use oils such as argan and almond oil to cleanse the skin naturally or use a natural cleanser. You can learn more about cleansing in this video.
14. Stop Dark Circles Under Your Eyes With Arnica
If you have chronic under eye circles, you may have “allergic shiners” which indicate a food or environmental allergy. Try to identify any possible allergens and avoid them for 10 days to see if you notice a difference. If you wake up with an occasional darkness under your eyes then try using arnica gel or skin care products containing arnica. Arnica has powerful anti-inflammatory properties that alleviate swelling and reduce the appearance of dark under eye circles.
15. Improve Your Complexion With Ylang Ylang Oil
Skip synthetic fragrances containing harmful ingredients such as phthalates. Instead, use natural fragrances in the form of pure essential oils such as ylang ylang.
In addition to having a lovely smell, Ylang Ylang Flower Oil helps balance sebum levels for both dry and oily complexions. And, it has a soothing and smoothing effect. Just add a few drops to your favorite oil blend. It’s also one of the essential oils in my favorite skin care. Here’s a great resource for more about harmful ingredients in skin care.
16. Turn Stress Into Bliss For Clear Beautiful Skin
Skin issues such as premature aging, acne, eczema, rosacea, and vitiligo are worsened by chronic stress and upset. Sleep, meditation, exercise and touch are some important ways to relieve stress so you can have glowing skin, naturally. A good night’s sleep gives time for our skin to rejuvenate. Meditation and moderate exercise are known to help us manage stress. And, touch causes the release of hormones that make us feel happy and connected. If you need help here are some places for tips on sleep, meditation, and exercise.
17. Prevent Sunburns, Sun Damage And Uneven Skin Tone With Green Algae
Sun protection is essential for healthy skin and natural beauty. While some sun may give you a sun-kissed glow, we know that too much damages your skin and predisposes you to premature aging, uneven skin tone, and other chronic diseases. My favorite sunblocks contain zinc oxide instead of harmful chemical sunscreens that have been linked to hormone disrupting effects. Here is one of my favorites.
Also, you can nourish and protect your skin from the sun’s damaging effects by using skincare with natural ingredients such as chlorella and resveratrol. Due to its high levels of chlorophyll, Chlorella Vulgaris (Green Algae) Extract, helps shields the body from UV radiation.
Also, Resveratrol has potent antioxidant effects on the skin. Because cell damage is at the root of most aging disorders, protecting the skin from free-radical activity is a significant preventative measure for healthy skin.
18. Get Natural Glowing Skin With Micronutrients
Your skin needs certain micronutrients (vitamins and minerals) for speedy skin repair and turnover. Zinc, vitamin A, and vitamin C are some of the important nutrients to get from food or in the form of a supplement to help ensure your skin remains healthy, especially if you have chronic skin issues such as acne, eczema and premature aging.
19. Use Aloe Vera To Transform Red Irritated Skin Into Soft Healthly Skin
If your skin is red and irritated, you’ll want to soothe it right away. Prolonged inflammation of your skin can cause your skin to break down collagen. Or, if you just want smooth, vibrant skin, you can also use this skin soother. Aloe Vera gel has antimicrobial, anti-inflammatory and healing properties, and it penetrates the skin easily to provide nourishment.
It’s terrific for soothing skin that’s been overexposed to the sun, as well as for treating minor cuts and scrapes, eczema, and acne. In most stores, the aloe you’ll find contains preservatives, fillers, and artificial ingredients. Look for pure aloe from your local health food store, or buy an aloe plant and simply slice open a leaf, extracting and saving the gel. The Spa Dr.’s Daily Essentials contains aloe, as well.
20. Super Moisturize Skin Naturally With Hyaluronic Acid
When we travel, are stressed, or experience extreme weather conditions, our skin can appear shriveled and dull. And, as we age, our skin becomes less resistant and may appear unhealthy. Sodium Hyaluronate (Hyaluronic acid) is a wonderful hydrophilic ingredient, which means it readily binds to water and gives super moisturizing properties.
Hyaluronic acid is found throughout the body, but it especially concentrated on the skin. Because of its high water-binding capacity, it acts as a hydrating agent and space filler. It supports collagen and elastin, by keeping them nourished and moist, reduces the appearance of wrinkles while keeping the skin soft, smooth and supple. You can find Hyaluronic acid in some natural skin care products. And you can learn more about moisturizers in this video.
21. Get An Instant, Youthful Skin Lift Using Antioxidant-Rich Natural Actives
Avoid the neurotoxin Botox and other more invasive procedures and look to nature instead. Antioxidant-rich and hydrating natural actives can lift and protect the skin naturally. And, one of the ingredients in quality organic skin care serums is Pullulan, which has an instant lifting effect, naturally! It is a polysaccharide produced from starch by cultivating the yeast, Aureobasidiumpullulans. It provides an antioxidant effect as well as an instant lifting effect that helps improve the overall texture and appearance of the skin. Long-term use of Pullulan will help strengthen the integrity of the skin.
22. Brighten Dull Skin Using Green Tea As A Toner
White and green teas applied topically on the skin have anti-inflammatory, brightening, evening, cleansing and hydrating properties. They’re ideal for using as a skin brightening tea toner. You can make a tea toner with one or both of these teas by steeping the teas for 5 minutes, allowing them to cool to room temperature. Then, either pat onto your face, apply with cotton pads or pour into a spray bottle and spritz onto clean skin. You can learn more about toners in this video.
23. Eliminate Pimples For Clear Skin With Tea Tree Oil
Tea tree oil is well-known for its antimicrobial and anti-inflammatory properties, and research shows it can help reduce mild to moderate acne breakouts. Be sure to use diluted tree oil because the undiluted variety can burn and irritate skin when applied directly. Just add 1 to 2 drops to a single application of your cleanser, serum or moisturizer. You want about a 5% dilution, which means 5 drops of tea tree oil per 1 teaspoon of carrier oil or cream. You can apply this 2 – 3 times daily.
24. Use Chamomile Tea Ice Cubes To Freshen Up Tired Looking Skin
Brew a strong pot of chamomile tea (about 1.5 cups water with 1 teabag), allow to cool 10 minutes or more and then pour into ice tray and place in freezer. Once frozen, wrap the tea cube in a thin cloth or washcloth and apply to pimples, puffy under eye skin, sun-kissed skin, or irritated skin for a quick skin toner pick up. You only need to apply for a few seconds to a minute per area.
25. Clean Facial Pores With Honey, Turmeric, And Yogurt For A Smoother Complexion
Combine the healing, clarifying, anti-inflammatory, antimicrobial effects of honey with pore cleansing and sebum balancing effects of turmeric and pH enhancing and lactic acid effects of yogurt into this pore cleanser… Mix together 1 Tablespoon plain yogurt, 1 Tablespoon raw honey and 1 teaspoon turmeric powder into a paste. Apply to face and neck and leave for about 10 to 15 minutes. Then wash with cool water, pat your skin dry and apply your favorite serum and moisturizer.
26. Make A Natural Beauty Mask To Restore And Hydrate Tired Dull Skin
Oats have moisturizing, anti-inflammatory, and healing properties. Avocado is hydrating and nourishing, with naturally occurring vitamins A and E. And, Yogurt contains nutrients, enzymes and active cultures that help reduce inflammation and balance the pH of your skin for a healthy skin microbiome. In a bowl, blend together 1/4 cup oat flour (ground uncooked oats), 2 Tablespoons unsweetened yogurt and ¼ of an avocado. Mix well and then apply enough to cover your clean, dry face. Leave on face for 10 to 20 minutes and then remove with warm, wet washcloth, and then rinse face with water and pat dry. Use the mask once per day as needed.
Choosing a web hosting company is a vital phase in the launch of any digital project. With so many different aspects to take into consideration, ranging from security to up-time to support, it’s difficult to sift through the thousands of web hosting companies offering what […]