TLS now supported with FTP

Our FTP servers now support TLS/SSL encryption of FTP passwords, adding more security to FTP.

Confusingly, there are a variety of different SSL/TLS encryption schemes for FTP offered by various FTP clients. The one we support is the most widespread, known as “explicit TLS encryption” of the FTP command channel. It’s defined in RFC 4217.

Encryption is supported by many popular FTP clients, including the FileZilla FTP client. (The quickest way to use it in FileZilla is to put ftpes://ftp.tigertech.net in the QuickConnect “Host” box, then accept the “Unknown certificate”.)

Read the rest of this entry »

Get an SSL certificate to guard against FireSheep

A recently published Firefox add-in named “Firesheep” can be used by “hackers” to easily hijack the connection of any nearby WiFi users visiting many popular Web sites such as Facebook, Twitter, or Hotmail. This vulnerability is a basic artifact of the way the Internet works. In order to prevent this problem, these sites will need to properly implement SSL (https) security.

Read the rest of this entry »

Wildcard SSL certificates now available

Back in May, we posted that we now offer basic SSL certificates for just $19.00 a year, allowing you to protect your Web site without going broke.

Today, we’ve added another option: you can optionally choose a “wildcard” AlphaSSL certificate instead for just $49.00 a year.

Read the rest of this entry »

Blocking improper SSL connections

Even if a Web site hosted with us doesn’t have an SSL certificate, our servers used to accept improper secure SSL connection attempts that start with “https://” instead of “http://” in the beginning of the URL (note the extra “s”). We’re changing that.

Read the rest of this entry »

Protect your WordPress login

Update: This post is outdated. We now offer SSL certificates for free to all customers, and recommend that you make your entire WordPress blog use SSL (rather than just making the dashboard SSL using the FORCE_SSL_ADMIN trick described below).

Do you login to your WordPress blog securely? Are your username and password encrypted so that “hackers” can’t steal them and then break into your blog? (Probably not!)

By default, each WordPress blog is configured to send the login username and password as plain (unencrypted) text. If a hacker can see what you are sending during your login, they can easily steal your username and password. This can happen if you have a virus installed on your computer. It can also happen if your computer is virus-free but connects via WiFi. If your main computer uses a wireless connection, or if you or other users of your blog ever login with their laptops — blogging from a coffee shop, anyone? — remember that these connections can be insecure, and could be susceptible to revealing your password.

You can protect your blog by installing an “SSL certificate” and configuring WordPress to require secure logins. Your browser will then encrypt your username and password so that no one can intercept them.

Read the rest of this entry »

SSL certificate price drop from $99 to $19

We’re pleased to announce that we’ve dramatically lowered our price on SSL certificates — they’re now just $19.00.

What’s an SSL certificate? It activates the “padlock” icon for your site in a Web browser, showing that the connection is encrypted for security. You should use an SSL certificate if your visitors type sensitive data such as usernames, passwords or credit card numbers, because it ensures that “hackers” can’t intercept that data.

Read the rest of this entry »

Change in secure SSL ciphers

We’ve made a technical change to the way our servers handle SSL connections (we’ve disabled 40 bit and 56 encryption ciphers). The change shouldn’t affect anyone, but we’re describing it here just for the record.

Read the rest of this entry »