TLS/SSL Maximum Validity Period Policy Change
|TLS/SSL Maximum Validity Not to Exceed 825 days / 27 months
As a result of a change in the policy requirements on Certification Authorities that resulted from consultation in the CA/Browser forum, Comodo CA will adopt a new maximum lifetime for all TLS/SSL certificates of 825 days. 825 days is just over 27 months. This change will take effect from March 1st, 2018.
This change does not affect any certificate issued before March 1st, 2018. No certificates will be revoked as a result of this change.
Comodo CA will be removing our 3 year TLS/SSL certificate products from our retail websites and from the Comodo Certificate Manager on or before March 1st.
In all cases where a customer receives a certificate whose duration has been capped at <825 days/approximately 27 months> when they had purchased a product that would otherwise have been valid for longer, the customer may subsequently replace or re-issue the certificate to regain the full benefit of the originally purchased duration.
E.g. For a customer that buys a 3 year TLS/SSL certificate on February 28th, but which is issued on March 1st, the customer will receive a certificate valid from 01-Mar-2018 to 03-JUN-2020, a lifetime of less than 825 days/approximately 27 months. That same customer may obtain a free replacement certificate during the lifetime of this certificate and the expiry date of the new certificate will be extended to reach the originally anticipated expiry date, although the less than 825 days/approximate 27 months cap will always apply. E.g. if the customer replaces the certificate after one year, the replacement certificate will be valid from 01-Mar-2019 to 01-Mar-2021.
The exact detail of the change to the Baseline Requirements is set out here
Reference by comodo.com
Tips to Keep Kids Safe Online
The task of protecting our children online is a challenge that grows in complexity every day. Just a few years ago, parents mostly worried about the risks of “stranger danger” and online predators. Recently, research from the Harvard University-based Berkman Center downgraded online predators to a much lower risk category, but we still have many online risks to educate our children about. These risks can be categorized into three groups.
The first category is cybercrime–or the threats caused by financially motivated strangers. Whether in the form of computer viruses, Trojan horses,phishing attacks, or spam emails, cybercrime keeps growing and changing each year. It’s so important for parents to stay on top of the varied threats. This can be daunting, especially if you feel you aren’t tech savvy or don’t know where to look for help. Fortunately there are several steps you can take to keep cybercrime in all its forms away from your computer, your home network, and your family’s information. Follow these tips yourself, and pass them along to your kids.
1. Use an Internet security suite, like Norton 360 or Norton Internet Security, on all computers you own. Using plain antivirus is just not enough protection. You need a full firewall, antispyware, and other protection a suite can provide.
2. Keep your home network secured with a good password and security settings.
3. Learn to avoid clicking links, responding to ads, and opening emails when they come from someone you don’t know or appear suspicious. Just take that extra moment to call your friend (“Did you post that link?”), type the URL for your bank, or otherwise display your worldly wisdom by not falling for these social engineering tricks.
4. Use a good password (unique and complex) on all accounts and devices. The two most important account passwords are for your social network and your email account. If a hacker gets control of your social network, he can scam your friends. If he has your email, he can reset the password on all your other accounts by using the ubiquitous “forgot my password” link.
5. Talk to your kids about avoiding cybercrime. They need to be just as cautious as you. It’s also important that they know if they can talk to you when they make an online mistake, like falling for a scamware alert and downloading something dangerous to the computer. Many kids are savvy enough to realize when they’ve downloaded a virus, but few are comfortable admitting their mistake to their parents.
The second category is the harm that can befall your child from people they know. Typically, this means cyberbullying, the single most common online harm our children will experience. Statistics vary, but at least 20 percent of kids will receive harassing, hateful, or insulting messages via social networks, emails, instant messages, videos, and texts.
Interestingly enough, unlike its non-tech relative, cyberbullying inherently allows roles to be reversed almost instantaneously. The victim can become the bully just by responding to a mean email with another verbal volley.
We have much work to do in our schools and online communities to promote online civility and kindness. We also need to promote appropriate responses when a child is confronted with cyberbullying. A great resource for information about all forms of bullying can be found at http://www.stopbullying.gov/ and specifically about cyberbullying at http://www.cyberbullying.us/ .
6. Advise your kids never to share passwords, not even with a close friend. If they think they did, they should change the password.
7. Teach your children to log out of computers when they finish their work, even at home. This will prevent a friend or sibling from posting or emailing using their account–even as a joke.
If your child is being cyberbullied, teach them to not respond, to keep a copy of all the messages, and to report it to the school or website. If the messages include threats, report this to the police. If you report the cyberbullying to the school, be sure to follow up in person and ask for a written plan on how the school will respond to the problem. Most states have laws against this form of abuse, and schools have an obligation to address the issue when made aware of it.
The third category of online risk is the harm we cause ourselves. This can take many forms, including sexting (sending sexual content by photo, video, or text message); posting information or images of a private, embarrassing, or controversial nature; and even neglecting to set privacy settings.
Sexting is definitely not something we want our underage kids to engage in. Child pornography and other laws may require teachers, parents, and law enforcement to get involved if they become aware of these messages. Kids may think they are sharing these images within a private relationship, but too often the recipient shares the images, for any number of reasons. Perhaps the relationship has ended, maybe the recipient is bragging to friends, or perhaps a friend saw the images on the phone and forwarded them to others. (That is another reason to put a password on all devices!)
“Online reputation” is a term for all the information available about you on the Internet, whether through conducting a search or by viewing your profile on a social network. That composite portrayal of you can serve as a digital dossier, telling a story that may distort the real facts of who you are. We’ve often heard of young people self-sabotaging their academic, career, and romantic futures with silly posts, photos of underage drinking, or membership in controversial online groups.
The issue of privacy on the Internet is a growing concern for many. We each need to take steps to keep our personal information protected by securing our online accounts, limiting the information we post in public forums, and opting out of unused or unwanted online services. Our lives are being publicly documented to a degree that is increasingly uncomfortable. Just do an online search of yourself and you’ll see your 10K race scores, your home’s mortgage information, and your tagged photos on your social network. Private information can be used in numerous annoying and harmful ways, so it is increasingly worthwhile to pay attention to privacy issues–and to pass along good advice and habits to your kids.
8. Use the security and privacy settings on your social network and all accounts to limit who can access your posts.
9. Learn about parental control settings for your phones, gaming devices, tablets, and all computers. A great tool is the free Norton Family for PCs and Macs.
10. Talk to your kids regularly about how to use technology. Set rules and limits, and keep technology out in the open. Learn about “The Talk,” and make it an annual discussion, or for whenever you introduce new technology into your family life.
Courtesy :- Symantec
Based on usage data and your feedback, we’re making some changes to the menus and toolbars in Google Docs and Slides on the web. These are similar to some previous changes we made and will make it easier to find certain items. Among other things, these changes include:
To add a line or page break in Docs:
Before: Insert > Page break or Column break
After: Insert > Break > Page break or Column break
See Help Center for more details: Add, edit, or remove a link, bookmark, or page break.
To add Alt text to a shape in Docs or Slides:
Before: Select shape > Format > Alt text. This option will be removed from the menu.
After: Right click on shape > Alt text. This is the new way to add alt text to a shape.
See Help Center for more details: Make your document or presentation accessible.
To change a shape in Slides:
Before: Select shape > Format > Change shape. This option will be removed from the menu.
After: Right click on shape > Change shape. This is the new way to change a shape.
The HTML view in Slides is being removed from the menu.
Before: View > HTML
See Help Center for more details: Make your document or presentation accessible.
These changes will only affect the visual menu. All options will still be available via keyboard shortcuts and the search box in the Help menu.
Launching to Rapid Release, with Scheduled Release coming in two weeks
Available to all G Suite editions
Gradual rollout (up to 15 days for feature visibility)
All end users
Change management suggested/FYI
Reference by Google.com
- Remove all security applied to the domain(like domain lock, theft protection)
- Generate transfer token
- Provide us domain transfer token
- Our Registry will send mail to the registrant, registrant approves the email. As soon as he approves the email, now old registry receives an email. Now registry will take 7- 10 days for domain transfer process to get completed.
How do I make my own bundle file from CRT files?
Answer: You may do this using your favourite text editor or by using the command line.
# Root CA Certificate – AddTrustExternalCARoot.crt
# Intermediate CA Certificate 1 – ComodoRSAAddTrustCA.crt OR ComodoECCAddTrustCA.crt
# Intermediate CA Certificate 2 – ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt OR ComodoRSAECCDomain/Organization/ExtendedvalidationSecureServerCA.crt
# Intermediate CA Certificate 3 – ComodoSHA256SecureServerCA.crt
# Your SSL Certificate – yourDomain.crt
Note: You will not need your SSL certificate for this exercise.
There are two ways to create ca bundle file.
1.Using GUI Text Editor
1. Open All files in a text editor. (Remember, not your domain certificate.)
2. Create a new blank text file.
3. Copy contents of all files in reverse order and paste them into the new file.
Example: Intermediate 3, Intermediate 2, Intermediate 1, Root Certificate.
4. Save the newly created file as ‘yourDomain.ca-bundle‘ or ‘yourDomain.ca-bundle.crt’.
2.Using Command Line
Linux or UNIX-like Operating Systems:
— cat ComodoRSAAddTrustCA.crt ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt AddTrustExternalCARoot.crt > yourDomain.ca-bundle
— cat ComodoSHA256SecureServerCA.crt AddTrustExternalCARoot.crt > yourDomain.ca-bundle
Windows or DOS:
— copy ComodoRSAAddTrustCA.crt + ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt + AddTrustExternalCARoot.crt yourDomain.ca-bundle
— copy ComodoSHA256SecureServerCA.crt + AddTrustExternalCARoot.crt yourDomain.ca-bundle
Note: ‘yourDomain.ca-bundle‘ is only a placeholder file name. You may call it anything you want.
The following is the step to do email migration from cPanel to Gsuite
- In Linux cPanel check for mx entry . There keep email routing setting as Local mail exchange server
- Check whether all username and password given to you is correct or not. If not do correction of the password.
- Open Customer’s Google Admin console (at admin.google.com) with super admins rights
Go to Data migration.
Select the Email option and click Continue.
On the Email Migration screen:
From the Migration source list, select I don’t know/Other IMAP server.
From the Connection protocol list, select IMAP, then choose an option:
Enter the IMAP server name (for example, imap.yourdomain.com).
Enter the IMAP server name and port number in this format: Name: Port.
Enter the email address and password for your role account(use email id from where you want to migrate ).
Tip: For help with this, see Connection information for common webmail providers.
(Optional) If the connection fails, verify that the role account and connection protocol information is correct. Then, click Connect again.
In the Migration start date and Migration options sections, accept the default options or choose to exclude data that doesn’t need to be migrated.
Click Select Users.
Next: Go to Migrate email for a single user or Migrate email for multiple users.
All migration will be completed without fail.
As part of this communication, we would like to educate, create awareness and share some insights into the spurt in ransomware (e.g Cryptolocker) attacks that have drawn attention in prominent dailies, newspapers and websites. And these are just not one or two isolated incidents, but impacting consumers and organizations affecting business operations, productivity and incurring additional costs.
The ransomware encrypts the files on the computer which it infects by likely using the AES (Advanced Encryption Algorithm) after which holds the encrypted files on your system.
The decryption of all the encrypted files is not possible in these cases.
Nowadays Ransomware is being spread and executed by criminals by directly gaining access to the victim’s computer through Remote Desktop. By default, Windows Remote Desktop will work only on a local network unless configured otherwise on a router or H/W firewall. This is usually seen in organizations where systems (usually servers) are accessed from multiple branches for various tasks. This explains why most of the affected systems are Windows Server OS.
Remote access to the victim’s computer is gained by using brute-force techniques which can effectively crack weak passwords.
Quick Heal has an proactive solution (Anti-ransomware) to protect your system against Ransomware. But in addition to that Quick Heal have also released our Backup and restore tool to avoid any loss of data from the system.
Quick Heal will perform the required troubleshooting steps and recommended to remove the network sharing to avoid further infection in the network.
In future to avoid Ransomware attacks kindly refer the below suggestions:
* Suggestions on how to prevent Ransomware:
New Ransomware Attack:- Arena Extension
Download software only from trusted websites. Threats such as Locky Ransomware are often hidden in legitimate software on these untrusted sites, so make sure you download each time software from trusted source.
You install any software unless you know exactly what it is. Usually, a rootkit will look like a useful piece of software that allows you to access your system without your knowledge. Take time to read the end user license agreement or find the related reviews on Google.
* Some other preventive measures include:
Apply Patch for vulnerabilities used by this Ransomware from :
Kindly Change the ports used for Remote Desktop connections (RDP connections)
– Ensure that you are using the latest Quick Heal Antivirus software.
– Don’t open spam emails or attachments
– Avoid pop-ups and fake notifications which offers eye-catching deals etc
– Restrict automatic downloads and updates(For Browser)
– Don’t forward any unauthorized email that offers eye-catching deals etc
– Do not turn off ‘Email & Internet protection’ of Quick Heal.
– Keep your Quick Heal password protected (Configure strong passwords).
– Do not disable the Quick Heal’s Self-protection.
The Following is the step to install SSL certificate in ISS 7.0
1. Open Internet Information Services Manager (IISM) to the appropriate Server
Start -> Administrative Tools -> IISM -> Server Name
2. Open the Server Certificates icon.
3. Open ‘Complete Certificate Request’ Wizard
From the ‘Actions’ Menu on the right select ‘Complete Certificate Request’
4. Proceed to Complete Certificate Request’ Wizard
Fill out all appropriate information. You may need to browse to the location of the certificate or you may enter it in the provided box. The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate.
Note: There is a known issue in IIS 7 giving the following error: “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created.” You may also receive a message stating “ASN1 bad tag value met”. If this is the same server that you generated the CSR on then, in most cases, the certificate is actually installed. Simply cancel the dialog and press “F5” to refresh the list of server certificates. If the new certificate is now in the list, you can continue with the next step. If it is not in the list, you will need to reissue your certificate using a new CSR (see our CSR creation instructions for IIS 7). After creating a new CSR, login to your Comodo account and click the ‘replace’ button for your certificate.
Assign to Website
1. Navigate back to the root of the appropriate website. The center of the window should say “Default Website Home” or whatever the name of the website is.
2. Select ‘Bindings’ from the ‘Edit Site’ sub menu.
3. Add Port 443
In the ‘Site Bindings’ window, click ‘Add’. This will open the ‘Add Site Binding’ window.
Under ‘Type’ choose https. The IP address should be the IP address of the site or All Unassigned, and the port over which traffic will be secured by SSL is usually 443. The ‘SSL Certificate’ field should specify the certificate that was installed using the above steps.
Click ‘OK’ to save changes.
Note: There may already be an ‘https’ entry in this area. If so, click ‘https’ to highlight it. Then click ‘Edit’ and in the ‘SSL certificate’ area select the friendly name that was generated earlier. Click ‘OK’ to save changes.
Click ‘OK’ on the ‘Web Site Bindings’ Window to complete the install.
Important: You must now restart IIS / the website to complete the install of the certificate.
Set junk e-mail filter level
The junk E-mail Filter in Outlook is turned on by default, and its protection level is set to No Automatic Filtering. If you feel that Outlook moves too many incoming messages, or too few to the Junk E-mail folder, you can take the follow steps to adjust the filter sensitivity of Outlook:
1. In Outlook 2010/2013, click Home > Junk > Junk E-mail Options.
Note: In Outlook 2007: click Actions > Junk E-mail > Junk E-mail Options.
2. The Junk E-mail Options dialog will then show up. There are four different levels of junk mail filter settings, please choose the level you want and click OK.
- • No Automatic Filtering: This option can block messages from addresses which have been added to the Blocked Senders list.
- • Low: This level will only filter the most obvious junk.
- • High: Filters all messages suspected as junk.
- • Safe Lists Only: Any message that is sent from someone not on your Safe Senders list or to a mailing list on your Safe Recipients list is automatically considered as junk email.
Create Junk- E-mail filter lists
There are five different junk e-mail filter lists in the Junk E-mail Options that can determine whether the emails will be moved to the junk folder or not.
- • Safe Senders List: Email addresses and domain names of the senders in this list are never treated as junk.
- • Safe Recipients List: You can add addresses and domain names from the mailing lists and distribution lists to this list so that they will never be marked as spam.
- • Blocked Senders List: If you add an email address or domain to this list, messages will automatically sent to the Junk Email folder.
- • Blocked Top-Level Domains List: You can add country/region codes to this list to block messages from another country or region.
- • Blocked Encodings List: To block messages that contain special encoding or character set, you can add encodings to this list.
To set these junk e-mail filter lists, you can do as follows:
1. Click Home > Junk > Junk E-mail Options in Outlook 2010/2013, and click Actions > Junk E-mail > Junk E-mail Options in Outlook 2007.
2. In the pop up Junk E-mail Options dialog box, click Safe Senders tab, and click Add button to add the address or domain that you don’t want to treat as spams. See screenshot: