08000 433 006 james@cloud-genius.com

The Benefit of Open Source – Security

This week we have seen one of the biggest benefits of Open Source – security. Stick with me there is a BIG benefit for you. (Open Source means that the code the programs are written in is available for everyone to see.)

Joost de Valk, who writes many plug-ins for WordPress, became aware of a security flaw in some of his plug-ins. WordPress and its plug-ins are also open source, so he checked other plug-ins and found that they had the same vulnerability. He was able to work with those plug-in writers to fix the flaw. If they were all using Closed Source this would not be possible. This affects some of the big-name plug-ins such as Gravity Forms, Jetpack… See the article at https://yoast.com/coordinated-security-release/

The benefit for you is two-fold:

1) By updating the plug-ins in WordPress you will fix this vulnerability.

2) If you are signed up for our Safe and Secure Websites package we will do it for you! (And check that everything works for you, and back-up your site beforehand and every day.)

Why you need 2 birthdays (for security)

Birthday CakeThis is a short one – I’ve recently phoned my bank and my insurance companies. It’s not because I live a high flying lifestyle, but because I live in the modern world and you can’t do everything on the internet.

What are the security questions they ask? Mother’s maiden name, blood type (or is that only HMRC?) and BIRTHDAY.

These are all supposed to be items of information easily known to you, but more difficult for a potential thief/scammer/fraudster to know. Yet lots of people advertise this information on their publicly available Facebook profile. Perhaps they want lots of presents? Even if you hide the information on a social media site, there has been more than one data leak. (Have you ever had a friend who doesn’t password protect their computer and has had it stolen? The thief of that computer then has your information!)

So, my advice is, put an incorrect birth date on social media sites. Perhaps have it in the same month (so that you don’t get lots of surprise gifts at the wrong time of the year) unless you like having two sets of presents…

But at least you won’t receive the NASTY surprise of having your bank account emptied!

Cloud Genius helps Eventbrite with security flaw

You could say that it has been a good week, but that would be a lie. It has been a fantastic week! Bear with me… I will get to that security flaw.

I have to start with Salesforce – Cloud Genius Ltd now has registered partner status. This will let us give you even better service and give you sneak peeks at new features. It will also enhance our ability to offer training environments.

As you may have read before, we have been developing an Eventbrite -> Salesforce connector. Why? when there are others? Well this one has features that are unavailable in the others (and unlikely to be, because of their nature) and ours does not have the usage/limit costs associated with the others. We have finally come up with a name for the product (Event Bridge) and are in the process of developing a website that will tell you all about its features, pricing and why you could really do with using it. We are also in the process of re-vamping the CG website. (Yes, I know it is looking ‘tired’, but if you go to an electrician’s home and turn on the light the kettle boils.)

In the process of developing Event Bridge we discovered a subtle security flaw in Eventbrite. Talk about rapid reaction – within hours they had deployed a fix. I always say that you can just a company not in the good times, but in the bad. On that score, Eventbrite has certainly come up trumps. Even better, Cloud Genius will now appear on their security Hall of Fame… so we managed to help make the internet a safer place. (I always like it when a small company in Wales helps out a multi-national.)

So, that’s it for this week. Just off to get my super-hero uniform re-tailored.

Heartbleed and Cloud Genius – should I worry?

heartbleedSome of you may have heard about a massive flaw in the security of the internet.

This is really serious and everyone should be aware of the implications.

Heartbleed is the sort of flaw that gives systems admins huge nightmares.

On vulnerable websites there is a significant possibility that your passwords have been revealed to hackers making use of the bug. Worse than that, if a site has been compromised there is no evidence!

It would be good practice to change all the passwords you use on the internet. Now.

…unless you have evidence that the services you use are not part of the problem.

At Cloud Genius, we have performed a full review of the services we use.

  1. Services to back up websites/update plug-ins. For clients that subscribe to this services one was not vulnerable, the other service has been secured and we have taken steps necessary to prevent any problems. No action required on your part.
  2. Website hosting – our provider has informed us that they are vulnerable. Until they update all their systems you may wish to change the password on your account at http://webhost.cloud-genius.com. Once their patching process is complete you should change your password again on the account. We will endeavour to let you know when this is.
  3. Paypal – our understanding is that Paypal is not affected.
  4. Teamviewer – our remote control solution of choice is not affected.
  5. Salesforce – To the best of our knowledge is not affected.
  6. LastPass – our password management software of choice is not affected. (And helped a lot in fixing services that were affected.)

Here is a list of other networks that were affected – these include people like Google, Yahoo and many others.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

This is really serious. Make sure you are not caught out!

One positive – LastPass was able to scan all the services we use, list the affected services and make password changing a doodle! Highly recommended… and much more secure than any other system we have come across.

Remote Support

Remote support: It’s like magic the first time you see it. An IT support person takes over your computer and starts moving your cursor around your screen, even though they are in a different continent.

Here at Cloud Genius we have been comparing different solutions. Finally, we have picked a winner. We have to support people using Macs, PCs and Linux. The product we have chosen does all this admirably. (One of the contenders was particularly bad on Mac to Mac connections.)

Notable:

  • It is good with all sorts of computer to computer connection.
  • It allows computer to computer audio without the use of the phone or Skype.
  • Very fast connection times

On every other feature it seemed to be equal or better than all the rivals. All the connections are encrypted with state of the art encryption. The client can end the ‘call’ at any time. If necessary roles can be reversed to show the support technician’s screen.

It even does video/audio/screen conferencing!

Anyway, you need concern yourself no further – just know that you will get the best remote support from Cloud Genius.

 

The winner? TeamViewer.com

 

Who are you dealing with? Salesforce Certification Verification

It’s a big, bad world out there. There are people who would claim to be things that they were not! (And I don’t mean claims like Sir Bruce Forsythe being entertaining on Strictly Come Dancing.) With Salesforce, until now, you had no way to find out if your Salesforce consultant was qualified or not.

Shock! Horror!

Salesforce has now brought in Certificate Verification. You can find it at:

http://certification.salesforce.com/verification

Of course, I am quite proud to have held my certification since 2011. The details are here:

http://certification.salesforce.com/verification?&fullname=John%20Dray

You can check up anyone, using either their full name, or their email address.

This should help you avoid dealing with people who are other than they claim to be.

Wishing you safe IT,

John