These guys are Automattic/WooThemes/WooCommerce employees and typically have great how to’s on their sites for working with WooCommerce
Monthly Archives: June 2015
What does the “rs” in rs232 stand for?
RS in RS-232 / RS-422 / RS-485 stands for Recommended Standard
Tech Acronyms / Abbreviations / Portmanteaus
Currently 386 terms
Last updated 11/15/15
| Acronym / Abbreviation / Portmanteau | Meaning |
| ACK | Acknowledge |
| ACL | Access Control List |
| ADC | Analog to Digital Converter |
| ADC | Apple Display Connector |
| ADF | Automatic Document Feeder |
| ADSL | Asymmetric Digital Subscriber Line |
| AF | Autofocus |
| AGP | Accelerated Graphics Port |
| AIFF | Audio Interchange File Format |
| AIX | Advanced Interactive Executive |
| ALU | Arithmetic Logic Unit |
| ANSI | American National Standards Institute |
| API | Application Program Interface |
| APU | Accelerated Processing Unit |
| ARP | Address Resolution Protocol |
| ASCII | American Standard Code for Information Interchange |
| ASF | Advanced Systems Format |
| ASIC | Application Specific Integrated Circuit |
| ASLR | Address Space Layout Randomization |
| ASP | Active Server Page or Application Service Provider |
| ATA | Advanced Technology Attachment |
| ATM | Asynchronous Transfer Mode |
| ATX | Advanced Technology eXtended |
| AUP | Acceptable Use Policy |
| Bash | Bourne Again SHell |
| BASIC | Beginner’s All-purpose Symbolic Instruction Code |
| Bcc | Blind Carbon Copy |
| BIOS | Basic Input/Output System |
| Blob | Binary Large Object |
| BMP | Bitmap |
| BSOD | Blue Screen of Death |
| CA | Certificate Authority |
| CAD | Computer-Aided Design |
| Cc | Carbon Copy |
| CCD | Charged Coupled Device |
| CD | Compact Disc |
| CDFS | Compact Disc File System |
| CDMA | Code Division Multiple Access |
| CDN | Content Delivery Network |
| CDP | Cisco Discovery Protocol |
| CD-R | Compact Disc Recordable |
| CD-ROM | Compact Disc Read-Only Memory |
| CD-RW | Compact Disc Re-Writable |
| CGI | Common Gateway Interface |
| CIF | Common Intermediate Format |
| CISC | Complex Instruction Set Computing |
| CLOB | Character Large Object |
| CMOS | Complementary Metal Oxide Semiconductor |
| CMS | Content Management System |
| CMYK | Cyan Magenta Yellow Black |
| Codec | coder-decoder or less commonly compressor-decompressor |
| CPA | Cost Per Action |
| CPC | Cost Per Click |
| CPL | Cost Per Lead |
| CPM | Cost Per 1,000 Impressions |
| CPS | Classroom Performance System |
| CPU | Central Processing Unit |
| CRM | Customer Relationship Management |
| CRT | Cathode Ray Tube |
| CSS | Cascading Style Sheet |
| CTP | Composite Theoretical Performance |
| CTR | Click-Through Rate |
| DAC | Digital-to-Analog Converter |
| DAQ | Data Acquisition |
| DAW | Digital Audio Workstation |
| DBMS | Database Management System |
| DCIM | Digital Camera IMages |
| DDL | Data Definition Language |
| DDoS | Dedicated Denial of Service |
| DDR | Double Data Rate |
| DDR2 | Double Data Rate 2 |
| DDR3 | Double Data Rate Type 3 |
| DEST | Destination |
| DFS | Distributed File System |
| DHCP | Dynamic Host Configuration Protocol |
| DIMM | Dual In-Line Memory Module |
| DLC | Downloadable Content |
| DLL | Dynamic Link Library |
| DMA | Direct Memory Access |
| DNS | Domain Name System |
| DoS | Denial of Service |
| DOS | Disk Operating System |
| DPI | Dots Per Inch |
| DRAM | Dynamic Random Access Memory |
| DRM | Digital Rights Management |
| DSL | Digital Subscriber Line |
| DSLAM | Digital Subscriber Line Access Multiplexer |
| DSLR | Digital SLR |
| DTD | Document Type Definition |
| DTO | Data Offset |
| DV | Digital Video |
| DVD | Digital Versatile Disc |
| DVD+R | DVD Recordable |
| DVD+RW | DVD Rewritable |
| DVD-R | DVD Recordable |
| DVD-RAM | DVD Random Access Memory |
| DVD-RW | DVD Rewritable |
| DVI | Digital Video Interface |
| DVR | Digital Video Recorder |
| ECC | Error Correction Code |
| EDI | Electronic Data Interchange |
| EEPoE | Energy Efficient PoE |
| EIA | Electronic Industries Alliance |
| EIDE | Enhanced Integrated Drive Electronics |
| EPS | Encapsulated PostScript |
| eSATA | External SATA |
| EUP | Enterprise Unified Process |
| EXIF | Exchangeable Image File Format |
| FAQ | Frequently Asked Questions |
| FCS | Frame Check Sequence |
| FDDI | Fiber Distributed Data Interface |
| FIFO | First In, First Out |
| FILO | First In, Last Out |
| FIN | Finished |
| FiOS | Fiber Optic Service |
| FLG | Flag |
| FLOPS | Floating Point Operations Per Second |
| FLP | Fast Link Pulse |
| FPS | Frames Per Second |
| FPU | Floating Point Unit |
| FQDN | Fully Qualified Domain Name |
| FSB | Frontside Bus |
| FTP | File Transfer Protocol |
| Gbps | Gigabits Per Second |
| GIF | Graphics Interchange Format |
| GIGO | Garbage In, Garbage Out |
| GIS | Geographic Information Systems |
| GOV | Group of Video |
| GPIO | General Purpose Input/Output |
| GPS | Global Positioning System |
| GPU | Graphics Processing Unit |
| GUI | Graphical User Interface |
| GUID | Globally Unique Identifier |
| HD | High Definition |
| HDD | Hard Disk Drive |
| HDMI | High-Definition Multimedia Interface |
| HDTV | High Definition Televsion |
| HDV | High-Definition Video |
| HFS | Hierarchical File System |
| HSF | Heat Sink and Fan |
| HTML | HyperText Markup Language |
| HTTP | HyperText Transfer Protocol |
| HTTPS | HyperText Transport Protocol Secure |
| I/O | Input/Output |
| ICANN | Internet Corporation For Assigned Names and Numbers |
| ICF | Internet Connection Firewall |
| ICMP | Internet Control Message Protocol |
| ICS | Internet Connection Sharing |
| ICT | Information and Communication Technologies |
| IDE | Integrated Device Electronics or Integrated Development Environment |
| IDS | Intrusion Detection System |
| IEEE | Institute of Electrical and Electronics Engineers |
| IETF | Internet Engineering Task Force |
| IGP | Integrated Graphics Processor |
| IIS | Internet Information Services |
| IM | Instant Message |
| IMAP | Internet Message Access Protocol |
| InterNIC | Internet Network Information Center |
| IP | Internet Protocol |
| IPS | Intrusion Prevention System |
| IPX | Internetwork Packet Exchange |
| IRC | Internet Relay Chat |
| IRQ | Interrupt Request |
| ISA | Industry Standard Architecture |
| iSCSI | Internet Small Computer Systems Interface |
| ISDN | Integrated Services Digital Network |
| ISO | International Organization for Standardization |
| ISP | Internet Service Provider |
| IT | Information Technology |
| IVR | Interactive Voice Response |
| JFS | Journaled File System |
| JPEG | Joint Photographic Experts Group |
| JPG | JPEG Filename Extension |
| JRE | Java Runtime Environment |
| JSF | JavaServer Faces |
| JSON | JavaScript Object Notation |
| JSP | Java Server Page |
| Kbps | Kilobits Per Second |
| KDE | K Desktop Environment |
| KVM Switch | Keyboard, Video, and Mouse Switch |
| LAMP | Linux, Apache, MySQL, and PHP |
| LAN | Local Area Network |
| LCD | Liquid Crystal Display |
| LDAP | Lightweight Directory Access Protocol |
| LED | Light-Emitting Diode |
| LIFO | Last In, First Out |
| LPI | Lines Per Inch |
| LTE | Long Term Evolution |
| LUN | Logical Unit Number |
| MAC Address | Media Access Control Address |
| MAMP | Mac OS X, Apache, MySQL, and PHP |
| MANET | Mobile Ad Hoc Network |
| Mbps | Megabits Per Second |
| MBR | Master Boot Record |
| MCA | Micro Channel Architecture |
| MDI | Medium Dependent Interface |
| MIDI | Musical Instrument Digital Interface |
| MIME | Multi-Purpose Internet Mail Extensions |
| MIPS | Million Instructions Per Second |
| MIS | Management Information System |
| MMS | Multimedia Messaging Service |
| Modem | modulator-demodulator |
| MOOC | Massive Open Online Course |
| MP3 | MPEG-1 Audio Layer-3 |
| MPEG | Moving Picture Experts Group |
| MTU | Maximum Transmission Unit |
| NAT | Network Address Translation |
| NetBIOS | Network Basic Input/Output System |
| NIC | Network Interface Card |
| NNTP | Network News Transfer Protocol |
| NOC | Network Operations Center |
| NSP | Network Service Provider |
| NTFS | New Technology File System |
| NTSC | National Television System Committee |
| NUI | Natural User Interface |
| NVRAM | Non-Volatile Random Access Memory |
| OASIS | Organization for the Advancement of Structured Information Standards |
| OCR | Optical Character Recognition |
| ODBC | Open Database Connectivity |
| OEM | Original Equipment Manufacturer |
| OLAP | Online Analytical Processing |
| OLE | Object Linking and Embedding |
| OLED | Organic Light Emitting Diode |
| OOP | Object-Oriented Programming |
| OPT | Options |
| OSD | On Screen Display |
| OSPF | Open Shortest Path First |
| P2P | Peer To Peer |
| PAL | Phase Alternating Line |
| PC | Personal Computer |
| PCB | Printed Circuit Board |
| PCI | Peripheral Component Interconnect |
| PCI-X | Peripheral Component Interconnect Extended |
| PCMCIA | Personal Computer Memory Card International Association |
| PD | Powered Device |
| PDA | Personal Digital Assistant |
| Portable Document Format | |
| PHP | Hypertext Preprocessor |
| PII | Personally Identifiable Information |
| PIM | Personal Information Manager |
| PMU | Power Management Unit |
| PNG | Portable Network Graphic |
| PoE | Power over Ethernet |
| PoE+ | Power over Ethernet Plus |
| PON | Passive Optical Network |
| POP3 | Post Office Protocol |
| POST | Power On Self Test |
| PPC | Pay Per Click |
| PPGA | Plastic Pin Grid Array |
| PPI | Pixels Per Inch |
| PPL | Pay Per Lead |
| PPM | Pages Per Minute |
| PPP | Point to Point Protocol |
| PPPoE | Point-to-Point Protocol over Ethernet |
| PPS | Pay Per Sale |
| PPTP | Point-to-Point Tunneling Protocol |
| PRAM | Parameter Random Access Memory |
| PROM | Programmable Read-Only Memory |
| PS/2 | Personal System/2 |
| PSE | Power Sourcing Equipment |
| PSH | Push |
| PUM | Potentially Unwanted Modification |
| PUP | Potentially Unwanted Program |
| PyPI | Python Package Index |
| QBE | Query By Example |
| RAID | Redundant Array of Independent Disks |
| RAM | Random Access Memory |
| RCP | Remote copy |
| RDF | Resource Description Framework |
| RDRAM | Rambus Dynamic Random Access Memory |
| RF | Radio Frequency |
| RFID | Radio-Frequency Identification |
| RGB | Red Green Blue |
| RIA | Rich Internet Application |
| RISC | Reduced Instruction Set Computing |
| RJ | Registered Jack |
| ROM | Read-Only Memory |
| RPC | Remote Procedure Call |
| RPM | Revenue Per 1,000 Impressions |
| RS | Recommended Standard |
| RSS | RDF Site Summary |
| RST | Reset |
| RTE | Runtime Environment |
| RTF | Rich Text Format |
| RUP | Rational Unified Process |
| Rx | Receive |
| SaaS | Software as a Service |
| SAN | Storage Area Network |
| SATA | Serial Advanced Technology Attachment |
| SCP | Secure copy |
| SCSI | Small Computer System Interface |
| SD | Secure Digital |
| SDK | Software Development Kit |
| SDLC | System Development Lifecycle |
| SDRAM | Synchronous Dynamic Random Access Memory |
| SDSL | Symmetric Digital Subscriber Line |
| SEO | Search Engine Optimization |
| SEQ | Sequence |
| SERP | Search Engine Results Page |
| SFTP | SSH FTP also Secure FTP |
| SFTP | Simple FTP |
| SIMD | Single Instruction/Multiple Data |
| SIMM | Single In-Line Memory Module |
| SIP | Session Initiation Protocol |
| SKU | Stock Keeping Unit |
| SLA | Software License or Service Level Agreement |
| SLI | Scalable Link Interface |
| SLR | Single-lens reflex |
| SMART | Self-Monitoring Analysis And Reporting Technology |
| SMB | Server Message Block |
| SMM | Social Media Marketing |
| SMS | Short Message Service |
| SMTP | Simple Mail Transfer Protocol |
| SNMP | Simple Network Management Protocol |
| SOA | Service Oriented Architecture |
| SOAP | Simple Object Access Protocol |
| SO-DIMM | Small Outline Dual In-Line Memory Module |
| SQL | Structured Query Language |
| SRAM | Static Random Access Memory |
| SRC | Source |
| sRGB | Standard Red Green Blue |
| SSD | Solid State Drive |
| SSH | Secure Shell |
| SSID | Service Set Identifier |
| SSL | Secure Sockets Layer |
| SYN | Synchronization |
| TCP/IP | Transmission Control Protocol/Internet Protocol |
| TFT | Thin-Film Transistor |
| TIA | Telecommunications Industry Association |
| TIFF | Tagged Image File Format |
| TLS | Transport Layer Security |
| ToS | Terms of Service |
| ToU | Terms of Use |
| ToV | Target of Verification |
| TTL | Time To Live |
| TWAIN | Toolkit Without An Informative Name |
| Tx | Transmit |
| UAT | User Acceptance Testing |
| UDDI | Universal Description Discovery and Integration |
| UDP | User Datagram Protocol |
| UGC | User Generated Content |
| UML | Unified Modeling Language |
| UNC | Universal Naming Convention |
| UPnP | Universal Plug and Play |
| UPOE | Universal PoE |
| UPS | Uninterruptible Power Supply |
| URI | Uniform Resource Identifier |
| URL | Uniform Resource Locator |
| URP | Urgent Pointer |
| USB | Universal Serial Bus |
| UTF | Unicode Transformation Format |
| VCI | Virtual Channel Identifier |
| VDSL | Very High Bit Rate Digital Subscriber Line |
| VDU | Visual Display Unit |
| VESA | Video Electronics Standards Association |
| VFAT | Virtual File Allocation Table |
| VGA | Video Graphics Array |
| VLAN | Virtual LAN |
| VLB | VESA Local Bus |
| VLE | Virtual Learning Environment |
| VoIP | Voice over Internet Protocol |
| VPI | Virtual Path Identifier |
| VPN | Virtual Private Network |
| VR | Vibration Reduction |
| VRAM | Video Random Access Memory |
| VRML | Virtual Reality Modeling Language |
| W3C | World Wide Web Consortium |
| WAIS | Wide Area Information Server |
| WAMP | Windows, Apache, MySQL, and PHP |
| WAN | Wide Area Network |
| WDDM | Windows Display Driver Model |
| WEP | Wired Equivalent Privacy |
| Wi-Fi | Wireless Fidelity |
| WIMP | Windows, Icons, Menus, Pointer |
| WIN | Window |
| WINS | Windows Internet Name Service |
| WPA | Wi-Fi Protected Access |
| WWW | World Wide Web |
| XHTML | Extensible Hypertext Markup Language |
| XML | Extensible Markup Language |
| XMP | Extensible Metadata Platform |
| XSLT | Extensible Style Sheet Language Transformation |
| XSS | Cross-Site Scripting |
| Y2K | Year 2000 |
| ZFS | Zettabyte File System |
| ZIF | Zero Insertion Force |
Web/Tech terms
| Current | Acceptable, common or dated | |
| HTTP | Hypertext Transfer Protocol | |
| HTTPS | HTTP Secure | HTTP over SSL, HTTP over TLS |
| Hypertext | ||
| SSL | Secure Sockets Layer | Secure Socket Layer |
| TLS | Transport Layer Security | |
hypertext or hyper text
Is the appropriate spelling hyper text, hyper-text or hypertext?
Answer: Hypertext
Daily Links Saturday 6/6/15
The most “bank grade” secure of Milwaukee County bank websites
Only 3 sites passed our Milwaukee County bank website security review. Who passed and who failed?
The following are results and analysis of a snapshot of SSL Labs Server Tests of Milwaukee county’s state chartered banks’ web servers performed June 2nd, 2015.
Results are sorted by:
- Grade (A to F followed by sites that don’t use secure protocols & failures), then by
- Number of failed tests (ascending), then by
- Bank name
Clicking the name of the bank in column A will take you to the SSL Labs report page for that bank’s website or 3rd party service it uses for online banking (that is why most of the bank names and domains tested in the report don’t directly match.)
Findings
3rd party services are prevalent
As far as I could tell, none of these banks used their own services for managing the actual financial portion (online banking, credit card processing, online deposits, etc.). They all outsourced to 3rd party services, which you’d think would be more secure since many clients are managed from the same service.
From a confidence and usability standpoint, it should be noted that none of these banks inform or disclose that the user will be redirected to a 3rd party service.
The F (many issues including SSL 2 enabled)
Waterstone Bank’s website got the one and only F grade. Their server still supports SSL 2, which is obsolete and insecure. This alone capped their grade to F. They were also one of two that had SSL 3 enabled.
Additionally, the HTTP version of their site doesn’t automatically redirect to the HTTPS version, which wouldn’t do them much good at this point. I didn’t go through all the pages, but there doesn’t appear to be any user information that passes through the HTTP or F-grade-receiving-HTTPS-page. The Account Access links for business and consumer banking link directly to the 3rd party service via HTTPS.
The only A
Metavante’s RemitPoint solution used by Park Bank earns the only A grade. According to this press release, RemitPoint provides “a centralized image-based remittance processing service.” The only way for them to get an A+ is to enable HTTP Strict Transport Security support with a max-age of at least 6 months.
Two A- Websites (the other 2 of 3 A grades)
So there is only one bank’s website (not the portion where the online banking occurs) that received an A- grade. Congrats to Layton State Bank.
Also, only one 3rd party banking service, Park Bank Business Credit Card – Administrator from FIS received an A- grade.
Neither support Forward Secrecy which would boost their respective scores.
The grade breakdown
- A grade (A or A-): 3/20 – 15%
- B grade: 2/20 – 10%
- C grade: 14/20 – 70%
- D grade: 0/20 – 0%
- F grade: 1/20 – 5%
No secure protocols supported: 2
Assessment failures: 2
Sites without secure protocols
The first is Columbia Savings and Loan Association’s website, which is purely informational. There are no links to online banking or other login fields for customers. However, the “Owner Login” link does not target a HTTPS page nor does the login form within.
The second is The Equitable Bank’s website. The “Access ID” field targets a secure endpoint, but the page itself isn’t secure. Fortunately, the account password isn’t requested until the 3rd party service’s secured page.
Logjam (95% pass rate)
Information about the latest vulnerability, the Logjam attack was published last month (May 20, 2015). I wanted to highlight those results specifically in this project.
There was one server that didn’t pass the WeakDH.org server test. The Park Bank Personal Credit Card service from First Bankcard got the warning about using a common 1024-bit DH prime. I thought about adding a “Warning” type to Pass/Fail, but decided that anything that wasn’t a pass was a failure.
“Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.”
Things I’d never seen before
In interesting report to look at is the one for Park Bank Merchant Card Processing. It was the first time I saw the notification “This site is intolerant to newer protocol versions, which might cause connection failures.”
It also only allows for one cipher suite TLS_RSA_WITH_AES_256_CBC_SHA (0x35). The fewest I had seen before was 3.
The other result I hadn’t encountered was “Assessment failed: Cipher suite support test failed” which occurred on the Points2U test.
Why so many C’s?
If many of you are familiar with these types of analyses, you will notice many more “C” grades than before. SSL Labs, since the 5/20/15 1.17.10 version release, is penalizing the RC4 cipher when used with TLS 1.1+ more now and not supporting TLS 1.2 caps the grade to a C from a B previously. Full information on the ratings is available here (PDF).
Date performed: 6/2/15
Sites tested: 24
Data sources
- State charted banks, Milwaukee county: https://www.wdfi.org/fi/banks/licensee_lists/advancedsearch.asp?txtSearchText=Milwaukee&mnuSearchBy=County&btnSubmit=Search&mnuSearchUsing=AnyWords
- Company providing ezbusinesscardmanagment.com service: http://www.whois.com/whois/ezbusinesscardmanagement.com
Tools
Similar posts and analysis
- http://www.troyhunt.com/2015/05/do-you-really-want-bank-grade-security.html
- https://damieng.com/blog/2015/05/16/quality-of-ssl-protection-for-us-financial-institutions
Tangential articles (coming soon)
- Fiserv
- Wisconsin Department of Financial Institutions
Electric Imp
IoT Company
First discovered via: https://circuithub.com/projects/electricimp/janice
Whoa where’d “Get Windows 10” come from?
This just appeared in the task tray.
Clicking on it brings up an advertisement to upgrade to Windows 10.
Get Windows 10 – How this free upgrade works
- Reserve – Reserve your FREE upgrade to Windows 10 now. It will download* once available, and you can cancel your reservation at any time.
- Install – You’ll get a notification after Windows 10 is downloaded to your device. Install it right away or pick a time that’s good for you.
- Enjoy – After it’s installed, Windows 10 is all yours!
*Yes, free. This limited time upgrade offer is for a full version of Windows 10, not a trial. 3GB download required; internet service fees may apply.
You’re already an expert
Windows 10 is familiar and easy to use. The Start menu is back and you can use it the way you want–with a keyboard and mouse or touch. It’s everything your love and more.
Some apps sold separately; vary by market.
Designed for speed and ease
Windows 10 starts fast, resumes fast, and comes with more security features than ever. And it’s designed to work with the hardware and software you already use.
Plus, multitask like a master–with the ability to snap up to four things on the screen at once.
Amazing new features
Windows 10 is packed with innovations like Cortana, your truly personal digital assistant.
There’s also an all-new browser designed for getting stuff done online, and great built-in apps like Photos, Maps, Messaging, Music, and Video.
Apps. Games. Movies. Music.
Discover new favorites in the Windows Store, your one-stop shop for great apps, popular games, HD movies, TV shows, and 47 million music tracks.
App availability varies by market.
Reserve your Windows 10 upgrade today!
It’s free. It’s easy. No worries.
Great, your upgrade is reserved!
Once it’s available, Windows 10 will be downloaded to your device. you’ll get a notification when it’s ready to install — Install it right away or pick a time that’s good for you.
Hardware/software requirements apply; feature availability may vary by device. 3GB download. ISP fees may apply. See Upgrade to Windows 10 frequently asked questions.
The “Learn more on windows.com” link in the upper right apparently isn’t live yet. http://www.microsoft.com/en-us/windows/windows-10-upgrade?ocid=win10_auxapp_LearnMore_win10
Windows 10 FAQs isn’t live yet either. http://www.microsoft.com/en-us/windows/windows-10-faq?ocid=win10_auxapp_context
Found a link that works, it’s for the privacy policy: http://www.microsoft.com/privacystatement/en-us/core/default.aspx
According to Techpp it was included in the optional KB3035583 update.