News

Multi-year Subscription SSL

Great news to the SSL market! Now most SSL certificates are available for Multi-year Subscription Plans. For security reasons, your certificate will initially be issued with a maximum of 13-months validity. Prior to the expiration, we will contact you to replace your certificate for another maximum duration certificate. You can reissue your certificate at any time and as many times as you like. No more lost days or weeks on single year certificates trying to time a new purchase and re-submission. Industry changes At the CA/Browser (CA/B) Forum in Bratislava, Slovakia, Apple announced that beginning Sept. 1, newly issued publicly trusted TLS certificates are valid for no longer than 398 days. This followed a long history of the CA/B Forum community working to reduce certificate lifetimes and improve security while balancing the needs of business owners in transitioning to shorter validity certificates. Check the official statement and history. When changes applies? Sectigo – starting at 19th August 2020 GoGetSSL – starting at 19th August 2020 DigiCert – starting at 27th August 2020 All other CAs – starting at 1st September 2020. What is the TLS/SSL Multi-year Plan? To help your customers embrace the benefits of shorter certificate lifetimes and make certificate management even easier, GoGetSSL is offering Multi-year Plan TLS/SSL certificates. This new type of multi-year coverage is a time-efficient and cost-effective way to help your customers improve their security by further reducing certificate outages and the hassle of managing shorter certificate lifecycles. As browsers are mandating one-year certificate lifetimes, the Multi-year Plan coupled with automation tools saves you time—and money. Your customers can lock in longer coverage terms provided by the Multi-year Plan, while your cost goes down relative to the longer term lengths you sell. How does it work? When your customer purchases a TLS/SSL certificate with the Multi-year Plan, they’ll receive the initial certificate, valid for up to one year, and entitlement to unlimited certificate reissues during the order period—up to six years. We will need to routinely revalidate customer organizations and domains annually throughout the lifetime of the Multi-year Plan. We would start sending replacement notifications before 30-21-14-7-3-1 days. The SSL will be replaced automatically using the same CSR before 3-days of expiration if users do not replace SSL on their own. Reissued SSL will be sent to the email. Example of SSL subscription There are four different dates now available for all multi-year SSL certificates. Subscription starts the date when the first SSL was issued Subscription ends the date when subscription ends and new orders needs to be created Valid From the date when current active SSL was issued on Valid Till the date when SSL needs to be replaced in order to get new SSL for another 13-months Why should partners offer the TLS Multi-year Plan? When the Multi-Year Plan is combined with automation, your customers can minimize the risk of human error when managing shorter certificate lifecycles. With automation, you can automatically provision and reinstall certificates, and in most environments replace the CSR. Also, customers can easily adapt to any potential certificate lifetime reductions imposed by the industry in the future. Certificate renewals no longer require additional order periods added to the new certificate, because there is no more lost purchase period. The customer can get a new certificate from the day they need the certificate, until the day they want it to expire, within the service period. Due to Baseline Requirements of the CA/Browser Forum, re-validation is necessary at certain certificate intervals to maintain compliance. Multi-year Plan helps your customers efficiently embrace the security benefits of shortened certificate lifecycles and ensures they remain loyal to your brand for many years. Although certificate validation must be renewed annually, certificates can be replaced daily to improve the security posture of any organization. Benefits of the Multi-year Plan for you and your customers Minimized risk of compromised certificates; Minimizes the risk of using weak keys (example SHA1); Ensures yearly validation of identity to prevent potential fraud and spoofing; Easier management of certificates with automation; Using the Multi-year Plan provides more billing flexibility for you with your customers, and allows you to secure more revenue up front, while locking in your customers for longer terms; Improve your average selling price (ASP) on certificate deals by selling longer term lengths. Talking points to promote the Multi-year Plan Streamlined: Remove the hassle of annual billing by taking advantage of the Multi-year Plan. Customizable: Secure your site with coverage for longer periods of time. Secure: The Multi-year Plan allows you to embrace the best practice of shorter TLS certificate lifecycles by minimizing the risk of compromised certificates and changing out weak keys regularly, thus improving the security posture of your web pages. Future-proof: By taking advantage of Multi-year Plan options you also protect yourself from further reduction to certificate lifecycles imposed by the industry.
Read more

DigiCert :: End of Support for Symantec Partner Portal

End of support for Symantec Partner Portal DigiCert will end support for Symantec® Partner Portal on July 31, 2020. If you are still finalizing your migration to CertCentral Partner, contact us and we’ll help you plan your move. Watch our video (48 seconds) on how to migrate certificates from your old account   NOTE:: This article is copyright by DigiCert and we are using is for education or information purposes only. Click Here to visit the official store of DigiCert   in Pakistan 
Read more

Coronavirus Scams: Phishing Websites & Emails Target Unsuspecting Users

As COVID-19 fears grow, hundreds of Coronavirus-themed domains are being used to spread malware and steal information Amongst growing fears of this global pandemic, Coronavirus scams and malicious websites are on the rise. The latest news from the Health Sector Cyber-security Coordination Center (HC3), a new malicious website is circulating on the internet that targets unsuspecting users. True to their selfish nature, cyber-criminals are taking advantage of public panic about the global Corona-virus pandemic for their own selfish goals. Now, of course, this concept is nothing new. Cyber-criminals are always looking for the next best thing to take advantage of. But that doesn’t mean that it isn’t a serious issue that you can simply ignore. So, what is this new phishing website and why should you be concerned about it? And what are some of the other Corona-virus scam tactics that cyber-criminals are using to take advantage of the global pandemic? Let’s hash it out. Cyber-criminals Create Corona-virus Tracker Map to Spread Info-Stealing Malware When something’s wrong, people frequently turn to the internet to get the latest information. Cyber-criminals know this and are creating fraudulent websites that impersonate real, reputable authorities. Their latest tactic? Live tracker websites. In truly low-life fashion, some schmuck decided to create a phishing website, corona-virus-map[dot]com (and, no, please don’t type that into your browser), that appears to be a legitimate COVID-19 live tracking map for the virus. In this case, HC3 reports that the cyber-criminals were impersonating John’s Hopkins University, a world-renowned health institution, to infect website visitors with the AZORult trojan. This program exfiltrates a wealth of sensitive data that can be sold on the dark web or used to commit cybercrimes, including cryptocurrency theft. Here’s a screenshot from the official HC3 notification about the phishing scam site: In general, Corona-virus themed cyber attacks and phishing websites are becoming a lot more common as news about the virus continuously blasts from virtually every media outlet. Check Point, a cyber-security firm, recently reported on their blog that CNN alone hosts more than 1,200 articles. According to the same blog post: “Since January 2020, based on Check Point Threat Intelligence, there have been over 4,000 corona-virus related domains registered globally. Out of these websites, 3% were found to be malicious and an additional 5% are suspicious. Corona-virus related domains are 50% more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s day.” In addition to users finding the website organically through web searches, the website was circulated via a variety of other tactics, including: malicious links and attachments in emails social engineering, and online advertising. This newly discovered threat follows on the heels of other cyber scams, including other Coronavirus-themed malware and phishing emails. Coronavirus-Themed Phishing Emails Are on the Rise Another way that cyber-criminals are taking advantage of a bad situation is by launching Coronavirus-themed email phishing campaigns. In a February notification, the HC3 reported that carefully crafted phishing emails are sent to entice users to open attachments or to click on links that contain malware that’s frequently used to target healthcare organizations and their IT systems. According to the HC3: “Victims who interact with malicious links or attachments may expose their systems, networks, and valuable information. These exposures allow an attacker to use infected systems as a platform to launch additional attacks.” In these campaigns, cybercriminals impersonate a variety of organizations, including the U.S. Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO), and a Japanese disability welfare service provider. But Coronavirus scams don’t stop where the digital world ends — criminals are impersonating federal authorities in face-to-face scams as well. According to Check Point, one particularly widespread phishing campaign targeted more than 10% of all organizations in Italy! The email contained an Ostap Trojan-Downloader disguised as a Microsoft Word document. This down-loader is commonly used as to install TrickBot, a banking trojan that’s steals sensitive information via man-in-the-middle (MitM) attacks, or spreads other types of malware across networks. Here’s a screenshot from Check Point’s blog post: The email translates to read the following in English: “Due to the number of cases of corona-virus infection that have been documented in your area, the World Health Organization has prepared a document that includes all the necessary precautions against corona-virus infection. We strongly recommend that you read the document attached to this message. We strongly recommend that you read the document attached to this message. With best regards, Dr. Penelope Marchetti (World Health Organization – Italy)” Although the email didn’t come from an official WHO email address or domain, people who are ignorant of cyber-security threats — or who are caught in a moment of unawareness — could find themselves the victims of a data breach. Background on the Corona-virus and Why It Makes an Effective Scam Method Obviously, we’re not global health experts, but here is some basic information about COVID-19: The Coronavirus Disease 2019 (also known as COVID-19) is something that’s captured the world’s attention — and for good reason. Wordometers.info reports that the virus has infected individuals in 125 countries and territories globally in additional to cruise ships. The Washington Post reports that there have been more than 100,000 cases of the disease reported since late 2019 when the outbreak started, and “several thousand people have died” (although the true number of Corona-virus cases is thought to be “fall above official tally.”) As the Washington Post reports: “Corona-viruses range from the common cold virus to more serious diseases that can infect humans and animals, including severe acute respiratory syndrome (SARS) and Middle East respiratory syndrome (MERS).” But here’s the takeaway we want you to focus on: Even in the grimmest of circumstances, when governments worldwide are trying to slow the spread of the virus among their populations, cyber-criminals aren’t taking a break. In fact, they’re ramping up their efforts, using the global health crisis as an opportunity to steal information from unsuspecting individuals who are trying to stay informed. To you, hackers, we have one thing to say: You suck. Seriously.
Read more
01 Oct, 19

cPanel Price Increase And Alternative Control Panel

On July 2nd, 2019 cPanel announced a massive pricing increase that will apply to all partners. They are claiming that pricing has not changed in 20 years and that a price increase is long overdue. It saddens us how disconnected Oakley Capitol (the new owners of cPanel, Plesk and WHMCS) is from the ever changing landscape of the hosting industry. They are correct with today’s hardware web hosts are able to allocate more accounts per server.  The hosting industry is very competitive. Unfortunately, there has not been enough competition for control panels such as cPanel or Plesk in order to keep them in line. With the switch to virtualization products such as VPS, cPanel should have a windfall of additional revenue and customers coming in. Unfortunately they never changed with the times. They never focused on a cloud based software package, in addition they never caught onto the WordPress movement and let hosting companies with internally developed control panels with customized features for WordPress that include staging and live environments gain momentum. These tools alone outpace cPanel focused providers such as YISolutions. It’s a shame that cPanel a company we heavily relied upon, has failed in so many ways and now in order to offset declining revenue they are proposing a price structure that will result in upwards of an 800% increase for some of our customers. It’s hard to process how that decision can be deemed a strategic business move. Current cPanel Prices Dedicated Servers $25 per month | VPS $15.00 per month New cPanel Prices Package Name: SoloAccounts: 1$15 per month Package Name: AdminMax Accounts: 5$20 per month Package Name: ProMax Accounts: 30VPS/Cloud Only$30 per month Package Name: PremierMax Accounts: 100VPS/Cloud/Metal/Dedicated$45.00 per monthCost per account over 100: $.20 cPanel Pricing https://cpanel.net/pricing/ External License prices have not been set but we are considering matching the prices listed inside the cPanel Store. The price increase is scheduled for January 1st, 2020. Below we have outlined cPanel alternative control panel, that we can use  to host your sites. Direct Admin: The DirectAdmin control panel provides three levels of access: Admin, user, and reseller. While DirectAdmin may not have the abundance of features that we have come to expect from cPanel, it does provide an equally satisfying user experience and is definitely worth trying it out. NOTES: We are migrating our control panel from cPanel to Direct Admin. YISolutions provides DirectAdmin panel (FREE) with New/any Web hosting. If any customer wants cPanel instead of Direct Admin they can buy cPanel License with Cloud shared hosting package
Read more
13 May, 19

National Assembly Committee On IT Informed of Progress Regarding Cyber Crimes and Objectionable Content

The National Assembly Standing committee on Information Technology and Telecommunication showed serious concerns on the issues of objectionable material on social media, as well as increasing complaints regarding cyber crime and fake accounts. The committee directed that the IT Ministry should take stringent measures to resolve these issues with help of PTA and FIA. The committee met with Ali Khan Jadoon in the chair here on Monday. He emphasized the need for coordination between FIA and the IT Ministry to improve their quality of work. The committee was further informed in writing that Pakistan Telecommunication Authority (PTA) has constituted a dedicated cell namely “Web Analysis Cell (WAC)” to receive/process complaints requiring internet content regulation. Concerning issues related to content removal/ blocking for impersonation / fake accounts, PTA has processed 1,684 such URLs/websites including 106 from Dailymotion, 851 from Facebook, 13 on Instagram, 211 from Other/Misc, 277 on Twitter, and 243 on Youtube. The committee was further informed that the Ministry of Information and Broadcast (MoIB) has raised a Cyber Wing which reported about 71-fake accounts, defamatory/impersonation. USF Project Update A representative from Universal Services Fund (USF) held briefing on USF’s ongoing and future projects. They also explained how much funds are being utilized for these projects in Pakistan. In this regards they have been designed the programmes to cater for the needs of unserved and underserved segment of population across Pakistan. They will also planned for new program in current financial year. USF also intends to provide coverage to the unserved areas in FATA and Khyber Pakhtunkhwa, headed. Further more USF is also gathering data from telecom operators regarding their existing coverage in the country and also design projects to upgrade existing infrastructure to provide 3G services. The representative from USF also informed that they will provide High Speed Broadband services in motorways and highways very soon. USF officials said that only 10 percent of the towers are connected through optic fiber in the country while the remaining is connected through microwaves.  USF officials said that 13000 unserved mauzas covering 15 million population was targeted for voice and data services. As for broadband coverage, about 7200 mauzas covering 10.4 million people have been covered so far. Efforts are being made to reach out to 30 million people in the next five years. The Committee was told that from a total of 6,061 union councils in the country, 1,051 already have fiber optic networks, 1,870 have fiber optics without nodes while 3,140 union councils do not have fiber optic presence. USF has initiated its special project to lay fiber optics network in all the uncovered areas and that the Board of Directors has given approval for the project. The cabinet has recently approved the project of providing high speed broadband for 11 uncovered cities including Sukkur, DG Khan, Dadu, Bahawalpur, Mirpurkhas, Larkana, Mastung, Turbat, Chitral, Pishin. The USF aims to provide broadband facility in 46 districts covering a population of 3 crore. The Committee was told that the covered area for voice communication and data services has increased manifold ever since USF enhanced its operations. USF officials observed that all projects are allocated as a result of open transparent competitive bidding. The committee chairman expressed serious concerns over the performance of the MoITT while saying that reports about its poor performance have started appearing in the media.  
Read more
Cart

No products in the cart.