Security Archives - Page 3 of 4 - Tendenci Blog | Tendenci

2015-01-212015-01-21

Continued Configuration Changes on Windows Legacy Servers

Update: We will be doing a planned reboot of the Windows servers late this afternoon Wednesday January 21, 2014 to begin the process of restoring two of the remaining clients that are still offline.

Scope: This update applies to Tendenci 4 clients on Windows only. It specifically does NOT apply to Tendenci 5 or Tendenci 6 clients on Linux.

To give you an idea of the scope and velocity of hack attacks that continue, these are attempted crimes mind you, I’ve attached a 15 second video taken several days ago of actual attacks on one of our servers INSIDE the allowed ports.

15 seconds of network attacks

A further update on the 404 errors that the legacy Tendenci 4 clients have been experiencing intermittently. We have been measuring everything possible and tweaking the configuration settings as we see patterns in the logs. Each day generates over 1GB in security alerts across the data centers. All of these are either known attacks, or zero day attempts.

This is what we are fighting and it is relentless. The fact remains that we have protected the legacy sites by moving them from Windows 2003R2 IIS 6 to Windows 2012R2 IIS 8. But to make ASP classic run in IIS 8 we are running the servers in “compatibility mode” which is not an ideal configuration for any technology. And “secure” does not mean “functional” if your sites locked down to the point of not meeting functional requirements.

We have taken a step back and concluded that a technology platform started in 2001 is not up for the cyberwars of 2015. We will have a further update posted later today on possible paths forward for Tendenci 4 clients.

~ Ed

2012-11-222014-11-02

30 Days of Thanks: Privacy Controls

Happy Thanksgiving Day, from All of Us at Schipul – The Web Marketing Company!

I am thankful for my ability to control privacy settings and share the stories, photos, and conversations online with only the people that I want to. I realized this as I struggled to come up with a topic for Schipul’s 30 Days of Thanks because many of the things that I truly appreciate in my life are also very private and personal just to me and my family.

In most aspects of my day to day life, I have to be a transparent, “public” persona on the web. Much of what I do is only possible because of my accessibility, credibility, and trust from my community that I keep my word to keep some things that are private… well, private. Because I also have a young son and a personal life away from work, (yes – it’s true), I highly value tools that empower me to be in complete control over what information about me and my personal life is available to anyone on the Internet.

Giving Thanks

As a Schipulite, I have a deeply rooted desire to share my knowledge and teach others how to use the awesomely geek-tech playground that we call the Internet. I’ve spent a great deal of time learning how to protect my online privacy, and I want to give thanks by sharing my recommended resources to help anyone who is trying to figure out how to better protect your personal information, your private data, and protect your online community of staff, volunteers, members, and users.

Security First!

Last week, I went to the Nonprofit Developer Summit (NPDev), hosted by AspirationTech.org in California. I wrote a wrap-up blog post about the 3 day conference on the Tendenci Blog, and I came back with a better understanding of what to watch out for and how to better protect my content and personal information when I’m exploring the internet. Throughout the conference, I participated in discussions that answered highly technical security questions like “Should you find a hosting provider with disk-level encryption?” and “How do I enable collaboration while also protecting my personal data?”.

FYI – the best way to secure your personal data is to take a hard look at your passwords. Check out the Mind the Gap Article: You’ve Been Hacked and find out how to follow password management best practices.

For the visual learners, here’s a great Infographic via Lifehacker (the #1 place on the web dedicated to converting ordinary users into super-users) that walks you through selecting secure Passwords.

Here’s three more important considerations for managing your online privacy settings:

Me, Myself, and iMe!

There’s a new saying “Once it’s on the Internet, It’s There Forever” and so before you spend even one more minute “surfing the web” – I recommend you read this overview guide to Protecting Your Online Privacy on Mashable.com to get a better idea of what’s involved in fully controlling your online privacy settings.

Mobile Super-Users Need a Guardian, too!

If you’re using online tech while on the go, then you’re going to want to also take a moment and equip yourself with basic privacy protection tools for your mobile devices.

Droid and Linux devices should check out The Guardian Project’s Free and Open Source Apps that give you protection tools for voice, data, and SMS communications that you want to keep private between you and the person(s) you sent them to.

Read Cnet’s article for iPhone and iPad users on How to protect their personal data on their mobile devices.

Social Media REALLY Loves Sharing Your Data!

Social media networks are often the “worst offenders” of mis-managing their users’s online data. Most of the time, these offenses are unintended and the result of a fairly new communications medium figuring things out. When someone’s personal data is shared publicly across a social network like Facebook or Twitter, it is almost always because of complicated privacy settings and an inexperienced user colliding in disaster.

We all know the saying “The best Defense is a good Offense” and that’s why I recommend you check out e-Crime Wales YouTube Channel which has videos that walk you through the different privacy and account protection settings on several social media networks (Facebook, Twitter, LinkedIn, and more) plus learn how to control your privacy settings in web browsers like Chrome and Firefox.

You can also check out some of these popular social media network’s privacy settings Help documentation:

Facebook: https://www.facebook.com/help/privacy

Twitter: https://support.twitter.com/groups/31-twitter-basics#topic_107

LinkedIn: http://learn.linkedin.com/settings/

2012-07-112014-11-02

What We Learned from Our Recent Laptop Theft – 5 Security Tips for Businesses

Late last month we had two Macbook Air laptops stolen out of our Houston office. There were several things we learned from the experience. We’ve outlined a few specifics below that we think could help other companies or organizations avoid a similar situation. Some of these we had in place prior to the theft, and some we learned the hard way.

First: Thank You for Sharing!

First I want to say a big THANK YOU to everyone in the community who shared our story.

We posted a photo of building security footage of the suspect on our website and about 200 people shared the information on Facebook, Twitter, and other social networks.

We got some good tips from the community that we’ve shared with the police. Another business owner had a similar issue with a suspect fitting the same description – we’ve turned that information over to the police and hope they are able to take some action with it.

The Good News: No Data Loss

The good news is that no one was hurt and the Macbooks were brand new so there was no client data on them at all.

Why it Matters: We Want to Do Better

We take security seriously – in the Schipul office we use automatic locks, security cameras, key cards, and train our people to be vigilant. This was a failure on multiple levels and we recognize how lucky we are to just be out a few laptops. We were not happy that the incident happened not only because of the loss of equipment, but also because we want to do better to protect our people and our clients.

5 Security Tips for Businesses

#1. Talk to Strangers!

This goes against what you were taught as a small child. Train your employees that if they see an unescorted stranger – say something to them. You don’t have to come across as rude; politely say hello and offer to help them find what they are looking for.

Don’t ignore people who look like they shouldn’t be there – acknowledge them. If they are considering causing trouble, this is often enough to make them think twice.

#2. Look for Security Holes

If you were looking to steal from the company, how would you do it?

Think about doors that are unlocked or out of sight, times of day that are easier targets, new guys who don’t know the protocol, etc. In our case, the laptops were stolen when the front desk was unoccupied during lunch – this is something we could have avoided.

Be vigilant about locking doors and computers. Make it a habit to secure rooms with valuable equipment – post a sign as a reminder on the door or make it one person’s responsibility to double check.

#3. Keep Inventory, Password Protect

Keep inventory of your equipment, including serial numbers and who it is checked out to. Password protect immediately – and make sure your default password is complex. If a default password is easy to remember like “changeme,” chances are the person won’t change it. If you need ideas for passwords – Random.org has a great random password generator.

Our laptops had already been set up with passwords and registered – so we were able to report the serial numbers to Apple to help us track them down.

#4. Know Who to Call

Many small businesses have offices in a building shared by other companies. Know your property management and security guards – including their phone number. Educate every employee on what to do if something happens.

Often security footage deletes after a few days, so be sure you know how to see and save the footage as quickly as you can.

#5. Build Your Social Network Before You Need It

We are extremely thankful to everyone who shared our photos to help us get to the bottom of our theft.

Build your online network by connecting with them online & provide interesting content to keep them coming back. In the event that you need your network to help you spread a message like we did, you have a built in base of people who can help!

But be ready for more surprises.

While most feedback we got was supportive, we were surprised by some negative comments that alleged that we were profiling our suspect based on his race. Our intention by posting the photos of the suspect was simply to identify him so the police can get to the bottom of the issue, and even though we make a living encouraging companies and nonprofits to take an open stance and embrace criticism online, we found ourselves getting defensive. A special thanks to the members of the community who responded to the negative comments on our behalf. The negative comments were a reminder that the social media conversation doesn’t always go the way you expect it to, and you need to be able to respond quickly and openly to whatever unexpected direction the conversation takes.

Thank You Again!

Thank you again to everyone for your support. We continue to work to keep security our #1 priority to protect our employees and clients.

If you do recognize this suspect (photo here), please notify the City of Houston police at (713) 884-3131 with case #081613612.

2011-07-22

HOWTO: Keep your cell phone safe and secure

Time to put the smart in smart phone!

With news updates of phone hacking scandals splashing headlines the world over, we’re hearing lots of cell phone security buzz – and for good reason too!

While a major news outlet may not be interested in your cell phone activities (or we sure hope not!), this is still a great time to make sure you are practicing some solid cell phone security practices.

Keep that cell phone close by!

You are far more likely to misplace / lose a cell phone than to get hacked, so be sure your little handheld buddy doesn’t stray too far.

Beware of keeping your phone on your table at busy restaurants, leaving your phone in the car (even just for a ‘second’), etc.
Find a ‘funky’ cover or skin to make it super easy to identify your iPhone – avoid an accidental mix up easily (I’m a big fan of the Infectious skins) when at a networking event or dinner with 7,000 other iPhone / Blackberry / Android users
Password protect your phone to keep your logins, contacts, email and notes safe from undesirables – also great for making sure any kiddos in your life don’t make random calls to Japan

For safety purposes, use an emergency app like smart-ICE to not only store your ICE info (‘In Case of Emergency’) for paramedics to be aware of medical conditions, insurance details and contact info, but add ICE info to your locked screen (in addition to your quirky-cool smart phone wall paper).

Install a phone location / security app on your phone, a few examples:

iPhone users: Find My iPhone
Android users: Mobile Defense
Blackberry users: Smrt Guard

Beware of public Wifi + ‘Evil Twins’

Yay for public Internet access! But boo for public Wi-Fi security. Extra emphasis on that ‘boo’ when using a credit card or login, as not all Wi-Fi connections are as secure and innocent as they seem. Learn more about the ‘Evil Twin’ phishing scam here.

As cumbersome and slow as it might be, opt for your 3G / 4G network connection over a public Wi-Fi connection to stay secure. Or pick up your own piece of the Internet and invest in a MiFi card.

What’s up with hardware and software security?

Not all apps and phones are created equal. As an iPhone user, Apple has a more stringent vetting process of apps that helps weed out *most* malicious programs. Android’s app community is far more open and has had some security exploits in early 2011.

Use common sense when purchasing apps and accessing certain sites (like your bank account, for instance) on your smart phone. Beware of ‘look alike’ apps that might be masquerading as a Chase banking utility and think twice about depositing checks using a phone app – and learn the safe ways to bank on your phone here..

Photo thanks to Flickr user GwenFlickr

2011-07-152014-11-02

Online Privacy with Social Media on Houston PBS

Our fearless leader Ed Schipul joined Ernie Manouse at Houston PBS, along with Christopher Bronk (Baker Institute Fellow at Rice University) and Tom Tovar (of Nominum), to discuss the hot topic of Privacy in Social Media today.

With recent Congressional hearings and proposed legislation for more stringent online privacy laws, there is a lot of eye-opening going around consumers. If asked to estimate/guess, I would suggest that probably 85% or more of the people who are using the internet daily are unaware of all the different ways they are being tracked and what data is being collected about them online.

Facebook is the most notable violator – constantly changing privacy settings with little to no notice to its members. Recently, Google and Apple started making headlines for their geolocation tracking software in iPhones and Android smartphones. These devices were sharing the owners’ locations without the owner being made aware in many situations.

If these privacy issues have you feeling a bit icky – you aren’t alone. Ernie Manouse’s recent PBS episode invited his guests to explain just how concerned you should be and what to watch out for to better manage the information that both goes out on the internet about you as well as the information that you and your children are receiving online.

There were some really great debates and thought-provoking questions asked during the social media security and technology discussion. You can watch the recorded episode and hear Ed, Tom, and Christopher debate three major topics Ernie asks around online privacy in today’s digital world.

Ernie poses 3 questions to his guests:

1) What information is being tracked online without your knowledge and why is that information being tracked?

2) How does the younger generation view these privacy issues – do they even consider them invasions of their privacy?

3) Are we spending too much time trying to find ways to limit the information being shared and collected online and should we instead be focusing on education and teaching people, and more importantly children, how to handle the different situations they may encounter?

Tell us how you would answer the questions in the comments below, and watch the episode to hear how Ed, Tom and Christopher suggest you can better manage your online privacy to protect yourself and your kids. And you can check out photos from the taping inside the studio at Houston PBS on our Schipul Photo Gallery.

2011-01-27

Get increased Facebook security with HTTPS

Ah, the Internet. Home of silly company names and weird acronyms for cool stuff. Gowalla, anyone?

The latest focus in online verbiage that you should really know about is: HTTPS (‘hypertext transfer protocol, with SSL security‘)

Facebook has recently added HTTPS support, which means that you now have the ability to access the Facebook site in a more secure environment.

How to update your Facebook HTTPS settings

Visit your ‘Account Settings’ page:
Scroll to Account Security and click ‘Browse Facebook on a secure connection (HTTPS) whenever possible’:
Don’t see this option yet? Hold on for a bit, as they are rolling it out over the next couple of weeks.

How will HTTPS affect my Facebook-ing?

The Facebook programmers have cautioned users that enabling this additional encryption may cause pages to load more slowly and also means that some 3rd party applications may not work until some additional tweaking is done.

What? Facebook has been insecure this whole time?

Wellllll… that’s a tricky question to answer. This increase in encryption with HTTPS makes it that much harder to access your Facebook when you are, say, surfing on a public wifi connection.

But, as we’ve seen with numerous Facebook updates that have exposed information users didn’t intend to share publicly, approaching your Facebook surfing and sharing with caution is ALWAYS highly recommended.

Feeling overwhelmed or want a friendly person to friend on Facebook? Contact the Schipulites to see how we can help!

Photo thanks to Flickr user Sean McGrath

2010-12-01

WikiLeaks and “Cablegate” Explained

If you’ve been paying attention to the news even a little bit this week, you’ve probably heard a lot about WikiLeaks. It’s tough to cut through the spin and get to the facts, so don’t worry if it’s all left you a little confused. To help you out, we’ve put together a few FAQ’s about WikiLeaks, “Cablegate,” and the security issues surrounding this latest news.

What is WikiLeaks?

WikiLeaks is a non-profit media organization that “publishes and comments on leaked documents alleging government and corporate misconduct.” Their slogan is “We open governments.” The site has leaked many documents incriminating both public officials and private businesses since its founding in 2006. Contrary to its name, WikiLeaks is not a wiki — content on the site is not editable or commentable by visitors.

Why are people talking about WikiLeaks right now?

A few days ago, WikiLeaks began publishing the first of over 250,000 diplomatic cables between the U.S. government and embassies around the world. The documents range in security level from unclassified to secret (a level up from “confidential”). The U.S. government is not too thrilled that all this behind-the-scenes talk has been made public, and some foreign leaders are not too thrilled about what they’re reading.

How did WikiLeaks get these documents?

Well, they were leaked. Bradley Manning, the U.S. Army intelligence analyst who (allegedly) supplied the documents to WikiLeaks, is currently imprisoned in Virginia awaiting trial for charges of unauthorized use and disclosure of classified information. There is, of course, a Free Bradley Manning movement, which WikiLeaks has been involved in despite refusing to name him as the source of these documents or other leaks he is suspected of.

What’s in them?

A lot, including evidence that Secretary of State Hillary Clinton and former Secretary of State Condoleezza Rice both instructed U.S. diplomatic officials to engage in espionage at the United Nations (which, by the way, is forbidden) and some not-so-great things said about foreign leaders.

Where can I read the cables myself?

Several news publications also published the documents, and you can follow the coverage via the New York Times or search the raw documents yourself via The Guardian. Der Spiegel has also put together an interactive map of the cables organized by their level of secrecy.

Why can’t I get to WikiLeaks.org?

The site has been hit by several DDoS attacks since publishing the cables. A “lone hacker” has taken credit for the attacks, but the validity of his claim is questionable. You can follow WikiLeaks on Twitter @wikileaks for the latest updates.

What does it all mean?

Will Hillary Clinton resign? What will happen to Bradley Manning? Not sure. The more thoughtful questions that this leak and much of WikiLeaks’ history bring up are about trust in government, security, and confidentiality. Governments and the people who work for them haven’t changed much, but technology definitely has. Whether you believe in absolutely open government like WikiLeaks founder Julian Assange or you’re more likely to call Bradley Manning a criminal than a hero, it’s difficult to ignore the power that technology gives to passion. Bradley Manning and Julian Assange were both willing to take huge risks, using technology as a tool, for something they believe in, and they’ve got a lot of people talking and thinking about new ideas and questions as a result.

Photo used under a Creative Commons license from Flickr user opensourceway.

2010-08-10

Learn About Bullying at the Children’s Museum

If your a parent getting ready to send your kids back to school, the Children’s Museum is hosting a free 3-day boot camp dedicated to educating kids and adults about bullying. Anti-bullying training sessions will be held during the day, and local law enforcement and internet experts will teach parents valuable computer safety skills. While the event is free it’s import to register at the museum in order to ensure placement, spots are going fast! You can register for the August 12-14 sessions by picking up passes at the Children’s Museum from noon until 4 p.m. on Saturday, Aug. 7 or Sunday, Aug. 8th. You can find more information at KPRC Local 2.

2010-06-09

Server Maintenance Underway – Minor Outages May Occur Tonight (June 6th).

Tonight our team will be doing some server diagnostics to keep our servers running smoothly. We take our job of keeping your website fast, secure, and happy and this will allow us to do just that.

You may possibly experience some minor and temporary website disruptions around 6:00 PM CST, but these will quickly pass. We appreciate you business and look forward to many smooth and safe years of Web marketing your organization!

If you have any questions please call our support line at (281) 497-6567 EXT. 411 or email us at support@tendenci.com

Thanks from the Schipul team!

2010-06-09

We’re Giving Our Servers Some Love – Minor Outages Tonight (June 6th) May Occur

Our team is doing some server maintenance today in order to keep our servers running at their best. We love (and take very seriously) our job of keeping your web sites secure fast and happy and this will keep us doing just that,

You may experience some minor website disruptions around 6:00 PM CST, but these will only be temporary. We appreciate your business and look forward to many smooth and safe years of Web marketing your organization!

If you have any questions please call our support line at (281) 497-6567 EXT. 411 or email us at support@tendenci.com.

Thank you!