The title

Author: Peter Rigbye

Facebook Down VITAL KEY Communications Disrupted

So we hear that our beloved Facebook had a little problem today and went offline for a whole 30 mins. The end of the world is upon us! Armageddon is around the corner. Oh horror of horrors, I can’t post a picture of my noodle lunch and accompanying nutritious beverage!

But why does a respectable news site (Channel New Asia reporting off the AFP wire) suggest that Facebook has become a vital tool for countless businesses and organisations?

Come on! Get real! There is no doubt that the many and varied social media sites have made a huge impact on how we communicate socially – I love being able to catch up with old friends and contacts from prior lifetimes, BUT: a Vital tool, a Key Forum ?? I think not.


I’ve struggled for a long time to figure out how social media (read Facebook and similar) can assist me in promoting my business and services. I’ve gone with the public opinion – hype – and created my business page on Facebook. You can even find this post on Facebook! But I still cannot see the value in building sales in my business-to-business environment. Perhaps if my market was consumers (B2C) it might be different. Or perhaps I’m just a dinosaur scheduled for extinction during the next outage……………


So tell me:

  • Does your business benefit from a Facebook presence?
  • Did you find this post through Facebook or some other means?
  • Are you a B2B or B2C business?
  • Are you among the countless businesses & organisations considering winding up because of this major outage?
  • Did your Vital Tool go offfline today for 30 mins?
  • Did you consider hara kiri when you couldn’t log on?

I’d really like to know your views, ‘cos I just can’t see it.

PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Hacked Online

Barely three months after I first touched on this topic, we hear earlier this week that the Singapore Government’s SingPass access system to all government resources – IRAS for personal and corporate tax, CPF, MOM and many, many more has been compromised, with the IDA initially blaming users for having weak passwords. Yes, we users play a big part in ensuring the online resources we access remain secure, but a number of questions have to be raised:

a. How does the IDA know whether/if users have weak passwords – why are they privy to this information?

b. Why are users permitted to create weak passwords in the first place? There are numerous mechanisms easily available to website developers to enforce string passwords.

c. How does a brute-force attack trying very large numbers of passwords in a very short space of time bypass intrusion detection systems? Do these even exist?

It seems to me that simply ‘refining’ the system after such an event, is a little on the light side of an appropriate response. Instead, what we probably need is a major overhaul on an emergency basis. To date we’ve been told that only about 1600 of the three million accounts have been compromised, but how many more will be hacked compromised now that the possibility of doing so has been highlighted to the global hacking community?

Call to Action:

  • Check your own Singpass account NOW
  • If you have not changed your password recently do it NOW.
  • If your password is not complex change it NOW.

PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

 

In Cloud We Trust

Somewhere out there….

 

Everyone is talking about the ‘Cloud’ – which seems to be the greatest thing since sliced bread, and everyone thinks they should be making use of it, but how and for what?

Among the many possible usages of Cloud services, those that come most easily to mind are storage, backup, information sharing and email correspondence, but there are many more.

All of these share a common denominator – the storage of our own personal, corporate and/or proprietary information on some other organisation’s resources – located ‘somewhere out there’ – in the Cloud.


How secure is the Cloud?

 

So just how secure, and how private, is the information we store in this pervasive Cloud? Do we know where it might be, or who might have access to it, or how it might be disclosed or made available to further third parties over which we have no control?

While I’ve always been concerned about the overall security of cloud services, a particular blog post a few weeks back highlighted how available our cloud data can be. This particular post refers to Microsoft’s host email solutions Hotmail & Outlook.com, but this is not just about Microsoft – all cloud providers require the same concerns raised – and rather than reproduce this post, I encourage you to read it plus a number of the links provided.

Regardless of which cloud vendor you use, or are considering, I recommend you read carefully their provisions for security & privacy for your data. Below I’ve provided links to some to the major cloud vendors’ current statements – but do note that these are subject to regular revision.

Google:            http://www.google.com/apps/intl/en-GB/trust/data_protection.html

Amazon:           https://aws.amazon.com/security/

Azure:               http://azure.microsoft.com/en-us/support/legal/privacy-statement/

 


Key points to consider

 

Before you go and put your private, business confidential or client confidential data out there in the Cloud, be sure you understand:

  • Is your organisation subject to any professional or regulatory controls regarding location and access to your data?
  • Is the loss of absolute control of your data worth the potential savings in using Cloud services over in-house systems?
  • How would your clients react knowing that you store their information in the Cloud?

PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.
 

My Heart Bleeds

In early April 2014, news of the Heatbleed security vulnerability was announced to the world. This flaw affects the security of supposedly secure SSL (read HTTPS) communications between your browser and your service provider, such as your bank. Specifically, it only impacts services which run on Apache web servers implementing the later releases of the OpenSSL utility application. This flaw allows hackers to read the content of server memory – effectively able to read the content of your secure-channel communications – everything that you see on the page of your bank’s website.

There are a number of interesting points about this particular flaw:

  •  It only impacts those who have ‘done the right thing’ and regularly updated their platforms with latest software releases – seems staying with older releases would have been the better option.
  • It does not impact Windows/IIS servers providing secured websites – we have been led to believe for a long time that Windows’ technology is so more insecure than the open-source LAMP platform (read Linux, Apache, MySQL, PHP) – because ‘so many developers work on open-source code it’s got to be better’ – guess all those posts will need re-writing now.
  • This flaw has existed for over two years – since March 2012 – what happened to all the ‘eyes-on-code’ of the open-source developer community during this period?

While code has now been produced to correct this flaw, the damage may have already been done – how many hackers have known of, and exploited, this flaw in the past two years – without leaving any record of their attack? How much of our secure information exchange has already been compromised? The answer is, we will never know.

What to Do?

If you run secure services on Apache webserver, make sure you check whether you are using flawed version of OpenSSL and take corrective action as proscribed in many other places.

If you use SSL-secured services – who doesn’t? – make sure you check if your service was compromised. if so, you need to change your passwords for these sites. You may also check any other sites at https://filippo.io/Heartbleed/ – just enter your url to test.

© 2022 PASR Technologies Pte Ltd

Terms & ConditionsPrivacy Policy

Support

Support Hotlines

Email: support@pasr.net

+65 6340 1017 (Chat only)

  • Singapore

    9635 6482