Category Archives: Cyber Law

Web Hosting And Net Neutrality In A Nutshell

Net Neutrality is a phrase which is being sprayed all over the internet without providing a simple and clear explanation to the layman. Web Hosts are as affected by Net Neutrality decisions just like any ordinary internet user. Many people are quick to point out that Web Hosts also practice data discrimination and should be placed on the same guillotine as ISPs. However, this is not the case as there is a huge difference in providing Bandwidth and in providing a web hosting service. This article points out a couple of reasons why the Web Hosting industry also embraces Net Neutrality with open arms and why a comparison maybe equal to apples and oranges.

Low Entry Barriers

Unlike Internet Services in any country, it is pretty simple for a person to start a web hosting business. To become an ISP, there are several legal and business hurdles that one must cross. It’s not an easy task and needs deep pockets and great influence to start the business. It is on par with a Telephone Company or Electricity Supplier. On the other hand, starting a web hosting business can be done with little or no investment. Web hosting resellers don’t even need to own a server or commit any sales to start their business. A small or medium host can spend a couple of dollars every month and lease a hosting server. This means that to enter into this industry the cost is very low and regulation is negligible. There is no Government control or paper work that needs to be done to sell hosting space. This automatically increases the number of players in the industry.

Intense Competition

The low entry barriers cause such intense competition, that the ultimate beneficiary is the end user. If one web host starts acting restrictive, people can easily switch to another one without much ado. Due to customer-facing side of the business being virtual and online, there is easy accessibility and no physical hindrances to switching. However in most places around the world, the number of ISPs are miniscule and in rural areas there may not even be more than one or two. This kills the competitiveness of the business and gives a dominant position to the ISP, which can be misused to exploit subscribers. Often, when there are only a couple of ISPs operating, it leads to a sort of cartel and price fixing which cannot be questioned. Anti-competition laws around the world prohibit such behavior and try to break up this dependence.

Cut-throat Pricing

Besides striving to offer the best service in terms of speed and resources, every web host aims to offer the best price too. The price-war is so aggressive that even customers find it hard to make a decision as they are spoilt for choice. This is exactly what ISPs don’t want. ISPs want to create restrictions among different website services or online facilities by throttling the popular ones and charging a premium for them.They may either recover the premium from the customers or may ask the web services to cough up that money. If a web host throttles traffic for a certain type of domain name and prioritizes traffic for one that he is selling Eg: .co domain names, then he will soon be out of business because all his clients will switch. As we have learnt from free online services, the consumer doesn’t like to be restricted. The more restrictions you place, the more they will shun your service.

Security and Convenience

Web Hosts do restrict certain type of traffic and also do some filtering, but this is not to create unfair competition or to get a dominant position advantage, but to ensure security and stability of their services. Eg: A host may limit simultaneous FTP connections from a single IP address to a maximum of 50. This is to prevent abuse of their FTP server and to ensure that other users on the same shared server are able to enjoy the service too. ISPs want to filter traffic to commercially exploit the end user, as they know that the end user has limited options for accessing the internet.

How You Maybe Contributing To Email Scams?

Leave a reply

How You Maybe Contributing To Email Scams?

A large number of email users have been victims of online scams through emails and internet media. Many users have suffered financial loss, while others were just saved from getting an empty wallet. But despite this, there are many email users who are careless and negligent about the security of their email account, thereby jeopardizing the security of other email and internet users and encouraging hackers and attackers in having a free hand at mischief. This article explains how you also maybe contributing to email scams and email spam by being negligent about security. Are you going to be a victim or an accomplice?

Weak Passwords

Using the same password for all your email accounts can be make a successful attack exponentially damaging. It is like having a common key for all your assets, including your car, your garage, your front door and back door. If someone gets hold of the key, they can do quite a lot of damage. Having a weak password for your email account makes you as vulnerable. In 2014 the most commonly used password was ‘123456’. SplashData’s list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords.

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”

Phished!

Having your email account compromised is not the end of the attack. Your email address is most likely going to be used as a tool to attack other unsuspecting email account holders who have also not taken security seriously. Attacks on your email account cascade into attacks on email systems which can further snowball into attacks against an entire ISP. Credit Card Frauds, Net Banking Scams, High Security Facility Penetration and many other similar scams take place on a regular basis due to compromised email systems. You can use a time-tested spam filtering such as SpamAssassin to remove unwanted email from entering your inbox and junk folders. It is also important to know how to identify junk mail even if it’s from a trusted source. Carefully identifying a malicious email can help to fight spam and scams.

Bad Security Practices

Opening emails from someone you don’t know or don’t trust is a bad practice. Sending any sensitive information or exceptionally personal information over email can also be damaging. Replying to, clicking on links within, or even unsubscribing from spam emails typically only informs the sender that they have found an email address to which they’ll send more spam emails or target in future. Report the message as spam instead.

Being alert and attentive about email activity and suspicious behavior of your email account can help make the internet safer for other email users as well and prevent spam mail, phishing scams and also harassment.

Prevent Your Domain Names From Getting Stolen

Leave a reply

Prevent Your Domain Names From Getting Stolen

Domain Name Hijacking is becoming a common buzzword on the internet. Many organizations and businesses pay a large amount of money every year to ensure that their domain names remain secure and protected and are not stolen or lost. This article explains how Domain Names get stolen and how you can prevent your domain name from theft.

Registrant Email Address

The most vulnerable link in the security chain of your domain name, is the Registrant Email Address.The Registrant Email Address indicates who the owner of the domain name is and which email address should have control of the domain name. All important communication for the domain name is done with the Registrant’s email address only. Renewal Reminders, Expiry Details and even WHOIS record changes are sent to the Domain Name Registrant’s Email Address. If you enter a wrong WHOIS email address at the time of Registration or if a wrong email id is on record, then that wrong email id will have control of that domain name. It is extremely important to have a correct WHOIS record and also to ensure from time to time that the details are accurate and uptodate.

Phishing and Fraud

A common way of stealing domain names is by sending a phishing mail to the registered email address asking the owner to verify his / her details or to login to their domain control panel through a link in the email. That link actually goes to the hijackers website, which requests the owner to put in his control panel login credentials into a form. When the user submits the details, the hijacker has received the gift-wrapped password. This allows him to simply login and change the details or transfer the domain to his own account.

Hacked Email Account

If your email account was compromised, you should change the passwords of all your control panels and sensitive login credentials. A lot of damage can be done when the attacker compromises your email account. In one instance, the attacker had access to the gmail address of the Domain Owner. He didn’t change the password or fool around in the account, to prevent any suspicion from being raised. He simply set a filter, to grab all password reset emails or domain verification emails, hide them from the Inbox and send them to his own external email address. This way, even when the Transfer Approval Verification mail was sent to the gmail address of the domain owner, it was simply forwarded to him where he clicked the approval link and confirmed the transfer. This could have been prevented if the user had been a bit more alert and monitored their gmail account activity regularly.

Bad Registrar

Having an unscrupulous Registrar or a vulnerable Registrar is also a big threat to your domain name’s safety. By Registrar I also mean the Registrar’s Resellers and Affiliated vendors. If you have a problem with your Domain Reseller, you can always escalate the complaint to the Domain Registrar who is bound to take the corrective action. However, sometimes the registrars are also not very cooperative and can give you a tough time. This has been seen in many Domain Theft Cases, where due to the negligence (if not connivance) of the domain registrar, the domain name was stolen or lost to a hijacker. The only remedy which then remains available is opening up a dispute with ICANN, to compel the Registrar to give back your domain name.

Domain Lock

The best way of keeping your domain name safe is to ensure that it is “locked”. All Registrar’s provide a Registrar Lock feature which allows you to prevent your domain name from being transferred out when the lock is enabled. This means that you can lock your domain name till the time you want to actually transfer it out. If you have registered your domain name for a long period, it will be a good idea to keep the domain name locked. The lock can be toggled on/off through the Domain Control Panel provided by the Registrar or Reseller. Hence it is very important to have the Domain Control Panel in your hands as well.

Common Myths About SSL Certificates And Their Security

Leave a reply

Common Myths About SSL Certificates And Their Security - HostingXtreme

SSL Certificates are becoming a popular trend for popular websites and blogs. Although there is more ignorance and hype being circulated about the whole web encryption system, webmasters and visitors feel psychologically more secure when they have an HTTPS URL. You may call it the placebo effect or overzealous security, but all in all, SSL does no harm even if it is not required. Encrypting URLs and internet traffic goes a long way in making the internet feel safer and deter the bad guys. This article explains some common myths about the magic or misconceptions attached to having a secure HTTPS URL.

SSL Certificates are expensive

SSL Certificates are available in different varieties for different prices. There is a type which is sure to fit each type of person and each organizations requirement. After Facebook made it compulsory to use an https:// URL to setup Facebook Apps, SSL certificate sales got a boost. A basic SSL Certificate with Domain validation costs a couple of dollars a year. An extended validation one will cost a few hundred dollars a year. This cost excludes the cost of a Dedicated IP Address and the hosting space of course. The Dedicated IP Address can cost anywhere between $20 to $100 per year. While the cost of an SSL Certificate directly may not be expensive, you must factor in overheads like Bandwidth, CPU / Memory Resources and Web Server limitations to

SSL Certificates will prevent hacking

SSL Certificates will not prevent or deter a hacker from exploiting weak code or vulnerable software on your website. SSL Certificates simply act as a secure pipe or secure tunnel through which data flows, preventing any middle-man to intercept the traffic and identify what is being sent. SSL does not keep a check on both the ends of the pipe or tunnel and does not cover protection of a browser at the client end or database at the server end. Hence, if your passwords are stored in an un-encrypted manner in your MySQL database, and for some reason your database is compromised, then having SSL will have no effect in protecting your database information.

SSL will not have any effect on SEO

You must note that SSL may make the website marginally slower especially when loading a page for the first time. This may exponentially be a problem and may require the tweaking of settings on your web server. However, Google recently announced that it will give preference to URLs starting with HTTPS, in its search results, in an endeavor to make the internet a safer and secure place and encourage online merchants to secure the flow of data and sensitive information. If you consider giving both these factors equal weightage, then they both cancel out each other, leaving the impact on Search Engine Rankings (either positive or negative) to be negligible.

You need a separate IP Address for every https subdomain

SSL Certificates are of many types and with many different features to suit your budget. Usually an SSL Certificate will cover only 1 fixed URL i.e. https://your_domain.com. The normal SSL Certificates will not even cover https://www.your_domain.com . To encrypt a sub domain or even a URL with www. you will need to take an additional certificate and register that URL with the Certificate issuing company (Certifying Authority). The problem arises when you have multiple sub-domains and want to encrypt the traffic on all of them. Well, in that case you will need to take a WildCard Certificate. The Wildcard certificate, as the name suggests, will encrypt all traffic for the primary domain and also traffic on every sub-domain of that primary domain i.e. *.your_domain.com. It is called a WildCard certificate, because it represents the wildcard character * which indicates anything and everything.

SSL Certificates are difficult to manage or migrate

SSL Certificates may be a tad bit confusing to install at first, but most web hosting control panels have a GUI interface to allow you to generate and import new public and private keys with ease. Change of your web hosting server or change of your dedicated IP Address invalidates your certificate. You can always request a re-issue of the certificate by visiting the Certifying Authority’s website and completing their online form. Most providers instantly issue a fresh certificate which you can put in to your new server and resume business as normal.

Web Hosting Companies That Include Arbitration Clauses In Their Terms Of Service

Leave a reply

Does your web hosting company include an arbitration clause in its terms of service? This is an important question to know the answer to. If there is an arbitration clause, you have to mandatorily seek out arbitration if you want to seek damages, either from contract for a wrongful termination of the agreement.

If something goes wrong with your services, and if you want to claim civil damages against the hosting company - you would have to do it through arbitration proceedings. This can be very expensive. Merely appointing an arbitrator can be very expensive. Some arbitrators charge $5000 or $10,000 to merely accept a retainer.

Hostgator, one of the popular web hosting company places the following clause in its terms of service;

“15b.) Arbitration By using any HostGator services, you agree to submit to binding arbitration. If any disputes or claims arise against HostGator or its subsidiaries, such disputes will be handled by an arbitrator of HostGator’s choice. An arbitrator from the American Arbitration Association or the National Arbitration Forum will be selected in the state of Texas. Arbitrators shall be attorneys or retired judges and shall be selected pursuant to the applicable rules. All decisions rendered by the arbitrator will be binding and final. The arbitrator’s award is final and binding on all parties. The Federal Arbitration Act, and not any state arbitration law, governs all arbitration under this Arbitration Clause. You are also responsible for any and all costs related to such arbitration.”

As you should note - all the costs of arbitration are to be borne by you! That is extremely unfair and inequitable. It should at least be 50/50. If you are buying a hosting account for $3.96 per month, and you have to pay $5000 to appoint an arbitrator, and resolve a dispute. Further, even if you have other tort claims - such as interference or fraud (non-criminal fraud) those claims would also have to be determined by the arbitrator. This is very unfair. It takes away your right to a jury trial under the 7th Amendment (or the Sate’s version of it).

Godaddy on the other hand does not include an arbitration clause, but only adds a waiver of jury trials;

“You agree to waive the right to trial by jury in any action or proceeding that takes place relating to or arising out of this Agreement.

Yahoo does neither. It makes you litigate in California. Which seems more just.

While although you would not think about suing the hosting company you buy from at the outset, you should know about it, because it is quite common for disputes to arise when you suffer damages from downtime. Say the site is down for 1 day - due to no fault of yours. You may have a cause of action for damages against the hosting company. You can not only sue them for actual damages - you can also sue them for consequential damages, ie. lost sales, lost advertisement revenue and loss of your online reputation. These can be significant as the uptime goes to your SEO reputation.

At HostingXtreme we pride ourselves in a 99.98% uptime. We provide imeccable servcie, and are proud to have a five star rating. Check out our web hosting plans.

Whether You As A Customer Have A Right In The Hosting Account That You Use

Leave a reply

As a customer, there is no authority to say that you own the web space that you use. You certainly own the right to the intellectual property that you have in the domain name. But there is very little authority to say that you actually own the right to the hard drive space on which you host your website. The contract that you have with your web hosting provider is in the nature of a lease, of space - not sale of ownership.

The intellectual property you have in the code on your website

You certainly own the intellectual property in the code on the pages on your website. Such as the html, the java script, the SQL tables. You should certainly take steps to protect your rights in these intellectual properties you have. You can copyright it, so that others cannot imitate your website. Even if you have not copyrighted it, you can sue others who imitate your website for the tort of “passing off”.

The intellectual property you have in the domain name

Your domain name is your intellectual right. It gives you the right to prevent others from using that very domain name for any purpose. If however you own the trade mark to a particular name, and someone is trying to “pass off” your trade mark using a domain name that someone else owns - you can sue them. This can be done through the arbitration clause that the domain name owner has with his registrar. You can also get injunctive relief through a court. It is also indeed true that certain intellectual property rights are incapable of being resolved through arbitration, and accordingly must be ruled on through courts, in accordance with rule of law. WIPO provides a very efficient system to address such issues.

The intellectual property you have in the trademarks, and copyrighted material in the content you have on your website

The intellectual property you have in your marks, and content you have on your website is certainly valid and standing. If you have a logo, or content up on the website - you can certainly protect it by enforcing that. If someone is copying content from your website you can probably find that out from this website called copyscape. They track everything on the internet and track “copied content”. Some of their services are paid and some are free - so if you do have a lot of content that you want to protect, you may want to think about buying their paid services.

In short, other than the actual ownership of the hard drive space used by you, you probably own the rights to everything on your website. You should be proactive and protect the rights you have in these things, so that others do not take advantage of it. This is in your best business interest, and pecuniary interest. Not only can you prevent others from copying your stuff, you can also affirmatively use your rights to prevent others from put up content.

At HostingXtreme, we are updated on the law that applies to all the aspects of your hosting account and believe in proactively informing and working with our customers to take the most advantage of the legal provisions that apply. Try out our unlimited hosting account, and see if it fits your requirements. Visit http://hostingxtreme.com

Whether Hosting A Website Creates Jurisdiction In State Court Against A Customer For Defamation And Related Claims

Leave a reply

Whether a customer hosting a website on a server in a particular state in the US, be subject to jurisdiction of a court, under the 14th Amendment of the US Constitution ? The big question here, is if you as a customer are located in a different state and your web hosting provider is located in a different state or a foreign state, can you be sued in that state ? Assuming that the plaintiff prefers to sue you in that state.

For jurisdiction to be legitimate it should not only be authorized by statute, it should also be authorized by the due process clause of the 14th Amendment. This means that not only should the exercise of jurisdiction on the party be authorized by the state’s law, such jurisdiction should also be constitutional under the US constitution.

The California Court of Appeals recently ruled that merely having a website that is hosted in California, does not create enough contact with California to let someone sue you in California for materials and statements hosted on that website. Generally speaking a nonresident who has not been served with process can be sued in a state if the defendant has such minimum contacts with the state that the asserting of personal jurisdiction over the defendant does not violate traditional notions of fair play and substantial justice. What is fair play and substantial justice ? No one knows the answer to it. It is a case by case approach - you have to go with the best facts that you have and convince the judge that it is not fair to exercise jurisdiction over you. In the case of Jewish Def. Org., Inc. v. Superior Court, 72Cal. App. 4th 1045 (1999), the court held that merely having a website is not generally enough to sue someone in that state for defamation. How would the court have come out differently if the website had a shell company in a foreign country and sold almost all of its products in the state ? We don’t know. That is an open question. What we do know is if you have a passive website and all you are doing is supplying information over the internet to prospective users, you need not worry about being sued in any and every state.

This however does not preclude you being sued on the basis of presence. In one case, a lady had never been to one particular state and did not even intend to, but one particular occasion she was in a flight that happened to fly over that state and while the airplane was cruising over that state, a process server came up to her and handed her court papers. This is totally valid and constitutional. Service of process, is always a good way to establish personal jurisdiction over a person, regardless of anything else. Even if you only have a website in that state and you have done nothing else other than keep information up on that website for everyone to see.

Conclusion

While you can always be sued on the basis of your legal presence in a state, if a process server can find you, if you have not done anything more than merely have a website that is accessible in California, and is hosted in California - you can probably not be sued in California for the contents of that website