Security
Freelock status on Bash ShellShock vulnerability
The short answer: Not Vulnerable.
We've been asked by several customers about whether they or we are affected by the recently discovered Bash ShellShock vulnerability. And to the best of our knowledge, we are completely unaffected.
Heartbleed - Do you need to do anything?
Everybody is writing about Heartbleed this week. The reason? It probably affects more people than any other vulnerability we've ever seen. If you ever log into any web site, anywhere, your password might be revealed -- and that is just the start. The biggest problem?
PCI Compliance: the risks of doing e-commerce
It goes something like this:
(Client): I want to add a shopping cart to my site. I heard that xyz cart is free, can you add that for me?
(Developer): Sure! That looks easy.
Managing change and risk with Drupal Hosting
If there's one thing that's constant in the web world, it's change.
A security reminder
Yesterday Drupal.org got hacked, and potentially all the password hashes on the site fell into malicious hands.
Drupal Rescue Shop
Sometimes bad things happen to good people. And sometimes people get in over their head and need help. At Freelock, we are here to help. If your previous web developer jumped ship and left you high and dry, don’t panic, just pick up the phone and call us for help!
Keeping your site safe online
Why do websites get hacked? Websites get hacked for a bunch of different reasons:
5 reasons Drupal projects suck: Hapless customer edition
At Freelock, we're huge fans of Drupal. But we keep running into customers (or potential customers) who are terrified of it. So here's our take on why.
Why auto updates are a very bad idea
A question came across the Drupal Developer's list today asking whether Drupal could auto-update itself, like WordPress. As someone who thinks about security a lot, the very thought of this horrifies me.
It's a bad idea for several reasons, but the biggest reason:
My site needs to be secure. How will you address this?
That's the essence of a question I got today. And it's not one that can be answered easily, because there's no such thing as a site being "secure." It's not an either/or question, it's really a "how much" type of question. How hot is it today?
Confidentiality, Integrity, or Availability
Not 2 weeks after my newsletter calling out how people take for granted that nothing bad will happen to their web sites, two of the biggest providers went down yesterday, Amazon and Akamai, in several separate incide
Incident Response
All the planning and preparation in the world won't prevent an incident, but it can greatly reduce the consequences.
Nothing better prepares you for responding to disaster than experience. In the world of web applications, sometimes we act as firefighters, coming in to rescue the smoldering remains of a hacked site, a crashed server, or an unexpected traffic burst.