Magento
Shopware
BigCommerce
Wordpress
Drupal
There’s never a dull moment in eCommerce, and certainly not for Magento users. We recently shared information about the upcoming release of Magento 2.3.1, but as February 2019 comes to a close, we’re tracking several important topics in the Magento ecosystem. These include:
Authorize.net will stop supporting MD5 Hash on March 14th
On January 23rd, 2019, we reported on Authorize.net returning errors to Magento stores. In essence, Authorize.net rolled out a security update in their network that didn’t jive with the Authorize.net payment gateway that comes off-the-shelf with Magento. Authorize.net subsequently rolled back this update.
We’re continuing to track a similar issue that is on the horizon. On March 14th, Authorize.net will push another security update to their live servers. This will force Authorize.net users to support the new SHA-512 hash via signature key and will leave those still trying to use the old MD5 hash up a creek without a paddle. Those using 3rd party extensions that are being updated, such as from ParadoxLabs, or SaaS services like X-Payments and SubscribePro, should not be impacted by this issue as long as they’re using up-to-date extensions. Similarly, users that use SaaS checkout solutions like Bolt, or other payment gateways like PayPal won’t be impacted.
We’re expecting the new Magento 2.3.1 to include support for this Authorize.net security update. This version of Magento should become available in late March.
For folks on all other supported versions of Magento, there’s already a patch which you should install and test.
The Deprecation of connect.magentocommerce.com
This dated resource is set to hit end of life on March 4th. According to Lori Krell, a member of the Magento team, this should only impact merchants using Magento 1.4 and earlier. This resource was used for extension support.
New Security Services Entering Beta
Willem de Groot, who has reported on Magento Zero-Day Vulnerabilities and lots of other Magento Security topics, has created an antivirus software for eCommerce sites that’s compatible with Magento 1 and Magento 2. The software is currently being offered in private beta. We’re looking forward to tracking the progress of this antivirus software, as we believe that there’s plenty of demand for good software to help keep an eye on custom instances of Magento with all of their extensions and other tweaks.
Have been working for months on anti-virus for online stores, v1.0 nearly ready. Currently supports Magento 1 & 2, more coming. Want to join the private beta? Early adopters get 50% discount on final price (monthly subscription). DM for info.
— Willem de Groot (@gwillem) February 22, 2019
At the same time, Talesh Seeparsan announced Cerbero entering “semi-public” beta. This system is meant to help prevent what is known in digital security circles as a supply chain attack. In essence, these are attacks that come through entry points made possible by your use of 3rd party integrations and SaaS solutions. As you add JavaScript and other coding to your site to enable the use of these offsite resources, you inherently take on risks that should one of these services will be comprised, malicious code may be served up with your website.
We look forward to bringing you further information on these topics in the future. In the meantime, we’re here to help you with your Magento hosting needs through our mission-critical, fully-managed dedicated servers, enterprise clusters, and our AWS management services!
