Even better website security... protected by a Ninja.

Written by Jo Stonehouse
Ensuring our web hosting is as secure as possible is a top priority for us at Kualo. Protecting our customers' web sites from the bad guys is much like a conventional arms race. As the arsenal available to cyber criminals grows ever larger and more formidable, the more we have to to do to protect the sites we host.

Today we're excited to announce that we've added a black belt to our cyber defenses: BitNinja.

Let's Encrypt is now available: Free SSL Certificates for all!

Written by Trifo
Kualo-Lets-Encrypt

We are happy to announce that we have integrated Let's Encrypt on the majority of our Shared and Reseller servers and we are now able to offer free SSL certificates.

Joomla Code Execution Vulnerability Patched

Written by Zach Eadie

joomla-logo-vert-color-100274059-orig


Today, the popular content management software Joomla! issued an update relating to a critical Remote Code Execution class vulnerability (CVE-2015-8562).  If you are a shared, reseller, semi-managed, or fully-managed cPanel client, you need not be concerned as a defense has already been deployed by our engineering team across these platforms.


PayPal SHA256 Compatibility

Written by Trifo
If you use PayPal to process payments for your business, you may have received an E-Mail from them informing you about their upcoming service upgrade:

banner_ipn
IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades.

PayPal is upgrading the SSL certificate used for www.paypal.com to SHA-256. This endpoint is also used by merchants using their Instant Payment Notification (IPN) product.

Attack of the POODLE: Goodbye, SSL 3.0!

Written by Jo Stonehouse
Goodbye SSL 3.0

Online security is a continuously evolving process, and security protocols are improved and developed continuously to keep your data and communications safe. Having been released some 15 years ago, SSL  3.0 is quite the dinosaur. It has been succeeded by TLS for some time now, but SSL 3.0 compatibility has been widely maintained. In the past few days, Bodo Möller of Google's security team announced that they had discovered a vulnerability in the older SSL 3.0 protocol, codenamed POODLE (or Padding Oracle On Downgraded Legacy Encryption, if you're not into acronyms). This vulnerability allows a hacker to view the plain text contents of secure connections over SSL 3.0.