Post List - ict.ken.be

Clever money scam

Categories: Security

Story of a security breach that recently happened on large scale in the wild.

Company sends invoices by email.
Some hackers intercept the smtp and replace bankaccount numbers from invoices that are at least 15K.
Customers pay on this wrong bank account.
Company decides that because the invoices are from their 'bigger' clients to wait before complaining that they didn't receive the payment.
They finally do and notice that their customers have been paying to the wrong accounts.
Digital thiefs gone with the wind.

Lessons learned

Always check if you are paying to the correct bank account.
We should always encrypt smtp.
Social engineering tricks are to easy to implement. (they did use a copy of the online accounting tool to make it look more real)

Conclusion

It's 2016 and a lot of the online payments are still using the smtp protocol. How are we going to teach people that this is not a good thing. And what will companies do to spy on those mails once we all start using encrypted mails.

Https comes to mind... we finally got people looking at the green icon and now we are inserting 'invisible' proxies. I guess... I will be member of the last generation that knew privacy and digital security.

Comments

Support multiple languages on your site

Categories: HTML

From: https://support.google.com/webmasters/answer/182192?hl=en&ref_topic=2370587

Content

don't mix languages in the content
block robots from crawling auto translated pages -> can harm site perception
keep content for each language on a separated url
do not use cookies to change content language
cross link each version of a page (so user can switch with one click)
avoid automatic redirect on perceived language
always use UTF-8 in the url and as much as possible
google will use TLD as strong signal for that country
if single country and general TLD then you should use country targetting of the google search console settings
server ip should be close to the users
indicators of address, google my business, phone,... will be used to localize your content
google does not use geo.position, distribution and/or html tags
use canonical when same translation in more then one place
use hreflang and regional urls

Domain Examples

example.ie (server location irrelevant)
de.example.com (country or language?)
example.com/de/ (can use console targetting)
site.com?loc=de (not recommended)

Culture

From: https://support.google.com/webmasters/answer/189077

tailored to language, market and culture.
have support available for the language.
english dollar vs english pound
when using culture specific hreflang, also use an only language one
x-default for mixed and language selectors
specify only on the cannonical url
all alternatives should be included, also the page itself
prefered to keep alternatives in a similar directory structure as main language
be consistend with your url structure
display a banner to suggest an alternative page in user language instead of redirecting
avoid putting language or country in a url parameter
use UTF-8 for urls
!! it's not clear if one should or should not translate the urls !!
page speed within the country is a strong signal
add ability to swith language
ensure tourist experience, do not lock users into their current ip location

Html Elements

<link rel="alternate" hreflang="es" href="http://es.example.com/page.html" />

or with html header

Link: <a href="http://es.example.com/" target="_blank">http://es.example.com/; rel="alternate"; hreflang=es"

or in sitemap

<xhtml: link rel="alternate" hreflang="en-gb" ...

Static generators

Jekyll example: https://github.com/sylvaindurand/multilingual-jekyll

Comments

xunit nuget - A numeric comparison was attempted on - Error

Categories: Testing

Was trying to add xunit 2.1.0 nuget to my solution and I received this strange error containing : "A numeric comparison was attempted on ..."

I had to disable resharper, restart visual studio and enable it again before my solution would build again.

Tools > Options > Resharper > Suspend Now / Resume Now

Weird.

Comments

HTTP Status Codes

Categories: Network

Nice overview of http status codes. More explained about http status codes.

Show http status codes and their interaction

Comments

Javascript

Categories: Javascript

Javascript and therefor Node have some concepts that are often misunderstood by many developers (eg. Java, C#, ... )

I decided to put some basic functionality tests in a visual studio solution, so you can see it all working.

Feel free to add more...

https://github.com/KenVanGilbergen/ken.Spikes.Javascript

Update:

Willy just pointed me to a nice free javascript book collection at https://github.com/getify/You-Dont-Know-JS

Comments