Google SSL Search Will Block Search Referrers

Your website stats are getting a little less valuable thanks to new search feature Google is rolling out to its users. SSL encrypted search will now automatically be turned on for all logged in users, resulting in improved security and privacy for web searches.

This improved privacy will result in less available data for site owners in analytics tools, including Google Analytics. Specifically, for users with SSL search enabled it will no longer pass along the search keywords that brought them to your website. From Google’s blog post announcing the change:

What does this mean for sites that receive clicks from Google search results? When you search from https://www.google.com, websites you visit from our organic search listings will still know that you came from Google, but won’t receive information about each individual query. They can also receive an aggregated list of the top 1,000 search queries that drove traffic to their site for each of the past 30 days through Google Webmaster Tools.

Continue reading → Google SSL Search Will Block Search Referrers

Does Your Facebook Page Work for Secure Users?

Facebook added the ability for users to browse using a secure connection (or https connection) back in January, but unless you were reading their blog or Mashable most users probably didn’t notice. This important feature secures the communication between your browser and Facebook’s servers as you browse the site, closing a gaping security hole that allowed anyone to easily hijack your session and pretend to be you while sitting at the coffee shop. Previously you had to dig deep into account settings to find and turn on https browsing, but recently Facebook has been promoting this feature with a large message on users’ news feeds.

This additional promotion means that more and more Facebook users will turn this setting on for their accounts. Great news… isn’t it?

Of course, better security for users is great but this change could completely break parts of your business’ Facebook page. Facebook tabs or applications that contain unsecure (non-https) content will not display to these users, and instead a large error message displays. The message gives them the option to temporarily disable secure browsing (that certainly sounds ominous) or else they can’t see this content.

Depending on what part of your page is causing the issue, the fix could be as easy as changing or adding one setting and loading an SSL certificate to the site where you’re hosting your app or external content (if you don’t already have one).

You’ve put a ton of effort into using social media as a marketing tool for your business, now make sure to take five minutes to change that setting and test your page to make sure all your fans actually get to see it.

Companies React Proactively to Gawker Security Breach to Protect Customer Accounts

I’ve had to change a lot of passwords in the last two weeks.

I had a Macbook stolen one weekend and then this weekend my login data was among the 1.3 million usernames and passwords compromised when hackers broke into Gawker Media’s servers and stole everything they could get their hands on. The hackers were able to access and download user data, CMS source code, and more from the servers and then posted it to torrent sites for anyone to download. If you’ve ever commented on any of Gawker’s hugely popular sites such as Gizmodo, Lifehacker, or Deadspin your credentials are most likely in there. (Find out for sure using Slate’s checker.) This is a huge security breach and could impact Gawker Media’s industry dominance as they must work to regain the trust of their readers and commenters.

Meanwhile, a few other companies are taking this opportunity to not only protect their customers’ accounts, but also demonstrate that they’re concerned about data security and grab some positive PR as well. Companies such as LinkedIn and Amazon have mined the stolen Gawker data for email addresses matching their customer accounts and automatically reset their passwords. This proactive step not only protected customers but will also reduce a lot of upcoming customer service hours needed to handle and fix hacked accounts or return fake orders. It also prevents customers unaware of the incident with Gawker from misplacing blame if their accounts were compromised.

Continue reading → Companies React Proactively to Gawker Security Breach to Protect Customer Accounts