ABOUT B2

Our Blog

Latest News, Tips, and Totally Random Thoughts

mag_2.png

April 30, 2017

E-commerce developers and consultants are not exaggerating when they warn their clients to stay put and not move their Magento stores to Magento 2 because the latter isn’t prepared yet.

Security issues continue to hound Magento 2. You’re lucky if you heeded experts’ advice and haven’t migrated yet, otherwise, you could be one of the 200,000 online sellers whose Magento 2 online stores are at risk.

Web security service provider DefenseCode detected a remote code execution (RCE) bug linked to a feature in the Magento 2 software which allows administrators to add videos that are hosted on Vimeo. That could serve as an entryway for hackers to access a Magento user’s database, including confidential information, and even install malware.

All they have to do is lure a user to download a URL which contains a.htaccess file and a PHP file. Once they have achieved that, it’s game over – the hacker can easily manipulate the user’s system from a remote server.

“During the security audit of Magento Community Edition, a high-risk vulnerability was discovered that could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information,” DefenseCode said in their advisory.

They added that the affected versions of the Magento Community Edition software include v.2.1.6 and below.

Reassurance from Magento

Though they haven’t heard of any actual attacks yet, Magento reassured their customers that they are already looking into the matter, and has recommended helpful steps that will ensure the safety of their customers’ data.

“We have been actively investigating the root cause of the reported issue and are not aware of any attacks in the wild. We will be addressing the issue in our next patch release and continue to consistently work to improve our assurance processes,” they said.

To protect their users from possible security attacks, Magento sent out an email which includes the steps to switching on the “Add Secret Key to URLs” option.

Think your Magento 2 system is at risk? Follow these steps:

  1. Log on to Merchant Site Admin URL (e.g., your domain.com/admin)
  2. Click on Stores > Configuration > ADVANCED > Admin > Security > Add Secret Key to URLs
  3. Select YES from the dropdown options
  4. Click on Save Config

Sure, we may have sounded like a broken record, telling you repeatedly that Magento 2 still ain’t ready for prime time, but we’re glad we did!

 


Valley-Liquor.png

April 15, 2017

B2 Web Studios is very excited to announce the launching of a brand new website for Valley Liquor  in Little Chute, Wisconsin, earlier this month.

B2 Web Studios built a custom, responsive website, and migrated from Drupal CMS (Content Management System) to WordPress. The new website is more user-friendly for brides looking for information on Valley Liquor’s beverage catering services, with a design that better reflects Valley Liquor’s branding. As a digital agency based in the Fox Cities, the B2 Web Studios team feels privileged to have been chosen to design the new website for such a popular local business.

The updated branding and design make the new Valley Liquor website a sales and marketing tool, and helps to improve customer service, and provides a “hub” for a strong online branding presence. B2 Web Studios developed the new website to allow Valley Liquor staff to update content using a content management system (CMS). Featured specials, beverage pricing, adding new pages to the site, and other updates and edits are simple,” said B2 Web Studios Partner and Creative Director Jeanna Belau. “The flexibility of the WordPress CMS was a key project goal; we’re happy to have had the experience of working with Valley Liquor, and are excited to be a part of their new website’s success.”