Archive for April, 2009
This tip is for all of us in the IT industry upon news of the Swine Flu outbreak. Disinfect your keyboards! It is believed that the virus can live for several hours on non-live objects. What better place to spread disease than someone’s keyboard – that’s what people touch all day.
And as employees, wash your hands frequently!
As we discussed a few weeks ago, IBM was in talks to purchase Sun, but those discusssions fell apart last week. In an apparent slap to the face of IBM, Oracle has moved in and purchased Sun today. The total cost of acquisition was $7.4 billion.
What does this mean for MySQL?
MySQL and Oracle’s database system may continue to co-exist for a while. There are definite advantages to Oracle taking over the development, as their database expertise is second to none in the industry. To me, however, the Oracle platform is geared more toward enterprise uses and not small-scale projects that MySQL fits so well with. Perhaps MySQL development will continue as the “small to medium solution” and Oracle’s enterprise solution will stay where it is.
At any rate, this is a very interesting development for the web industry. What are your thoughts?
Update: Due to a forcast change, it looks like the event is being postponed. Ft. Collins is forcast to be on the receiving end of around 20 inches of snow. I’ll update here when it gets rescheduled.
This weekend I will be traveling to Ft. Collins, Colorado to participate in an event sponsored by the United States Air Force Academy and sponsored/hosted on the campus of Colorado State Univeristy called C.A.N.V.A.S: Computer and Network Vulnerability Assessment Simulation.
The event looks to be very promising for everyone involved in the region. They will be setting up an Air Traffic Control System for us to attempt to hack and defend in a game of nerd Capture the Flag (DEFCON style). From the website:
“Our current plan is to set up an air traffic control network with a mix of simple and complex vulnerabilities. Teams of students will assess the network’s security and tailor their exploits to the system’s real-time nature. Teams are expected to explore privacy, safety, and network security issues. At the end of the day long exercise, each team submits a written assessment that is delivered to the network’s Systems Administrator.”
Expect full coverage of the event when I return next week!
PS: I am also heading to an international marketing conference in California next Wednesday. Expect some neat things coming from there as well!
-Tyler Thompson
Sr. Public Relations Manager
A very wise man, George Washington, once said ”If we don’t learn our history, we’re doomed to repeat it.” This quote is certainly true in the security industry, as you must always be watching and learning – adapting as situational changes occur all around us. It is essential to look at the mistakes of others and learn from them.
I would like to make clear that we are not interested in propagating rumors or beating this issue to death. There are very serious issues that arose here that can be used as a learning experience for all of us in the web industry and it is vital that these lessons be brought out.
It is fair to say that this situation has shown the ideal way not to handle a data breach incident. There have been numerous failures among many different individuals along the road, and some inexcusable negligence on the part of those involved. This should be used as a learning experience, guiding all of our incident response plans to better our reaction to these issues in the future. This example is exactly why we must always have these plans in place, refined, and practiced in case they are ever needed, as it is more a matter of when, not if, we will have to use them.
Update #2 by Tyler
We’re now getting information that the stolen data includes CVV2 data. According to the PCI DSS standards, the storage of CVV2 data is strictly forbidden. This should create some interesting discussions on why this information was allowed to be stored in the first place.
More information on PCI-compliant data storage: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
Update #1 by Tyler
WebHostingTalk is now publicly acknowledging that they have received further communication from the hacker and that credit card information has been stolen. They are claiming the data is only from December 2007 or earlier.
At this point in a security investigation, it is our advice that you go ahead and cancel the credit card you are currently using with them and get fraud monitoring on all your accounts immediately.
We will post more information as we can. Thank you!
Original post:
Hello All,
This is just a warning to all of those who use WebHostingTalk. It has been hacked once more and this time the accounts database has been compromised, including credit cards for those who have paid for advertising.
I have verified it has been hacked and decrypted correctly, because my old card details were exposed, including the full credit card number, expiration date, and my full name on the credit card. They got all the information 100% correct.
So please, if you have advertised with WHT/inet, or even paid for a premium membership then cancel your credit card and watch out for unauthorized charges.
- Matt
In today’s market, someone can find quality web hosting with a large company that offers $5 per month with all kinds of space and bandwidth allocated toward an account, and that person may never have any trouble with it. If you are in the hosting business, though, this creates a problem: how do you compete with the common $5 per month plan? How do you attract clients to your business over someone else?
It comes down to several elements that go well beyond a simple space and bandwidth question. What you most focus on as a small host is what you can do that the larger businesses can not.
In marketing, we call this type of analysis a SWOT diagram.
SWOT
A SWOT diagram is a simple four-square chart that analyzes the strengths, weaknesses, opportunities, and threats of a business. It is used for strategic direction and determining how to best position your business against your competition.
alpha.whbdns.com 100.00% 100.00%
asteroid.whbdns.com 100.00% 100.00%
athena.whbdns.com 100.00% 100.00%
bear.ultrawhb.com 100.00% 100.00%
business2.whbdns.com 100.00% 100.00%
buzz1.whbdns.com 100.000% (100.000%)
buzzsg1.whbdns.com 100.000% (100.000%)
cat.whbdns.com 100.000% (100.000%)
cheetah.ultrawhb.com 100.000% (100.000%)
comet.fastwhb.com 100.000% (100.000%)
fish.whbdns.com 100.000% (100.000%)
fox.whbdns.com 100.000% (100.000%)
galaxy.whbdns.com 100.000% (100.000%)
gold.whbdns.com 100.000% 100.000%
hr1.whbdns.com 100.000% (100.000%)
hr2.whbdns.com 100.000% (100.000%)
hr3.whbdns.com 100.000% (100.000%)
hr4.whbdns.com 100.000% (100.000%)
intense1.intensewhb.com 100.000% (100.000%)
manatee.ultrawhb.com 100.000% (100.000%)
milkyway.whbdns.com 100.000% (100.000%)
moon.whbdns.com 100.000% (100.000%)
panda.ultrawhb.com 100.000% (100.000%)
planet.whbdns.com 100.000% (100.000%)
sd1.whbdns.com 100.000% (100.000%)
shared1.ultrawhb.com 100.000% 100.000%
shared2.ultrawhb.com 100.000% (100.000%)
shared3.ultrawhb.com 100.000% (100.000%)
shared4.ultrawhb.com 100.000% (100.000%)
shared5.ultrawhb.com 100.000% (100.000%)
shared6.whbdns.com 100.000% (100.000%)
shared7.whbdns.com 100.000% (100.000%)
shared8.whbdns.com 100.000% (100.000%)
shared9.whbdns.com 100.000% (100.000%)
shark.whbdns.com 100.000% (100.000%)
sky.whbdns.com 100.000% (100.000%)
solaris.whbdns.com 100.000% (100.000%)
ss1.webhostingbuzz.com 100.000% (100.000%)
ss2.webhostingbuzz.com 100.000% (100.000%)
ss3.webhostingbuzz.com 100.000% (100.000%)
ss4.webhostingbuzz.com 100.000% (100.000%)
ss5.webhostingbuzz.com 100.000% (100.000%)
ss6.webhostingbuzz.com 100.000% (100.000%)
star.whbdns.com 100.000% (100.000%)
sun.whbdns.com 100.000% (100.000%)
usa.ultrawhb.com 100.000% (100.000%)
venus.whbdns.com 100.000% (100.000%)
zeus.whbdns.com 100.000% (100.000%)
rs1.whbdns.com 100.000% (100.000%)
rs2.whbdns.com 99.990% (99.990%)
rs3.whbdns.com 100.000% (100.000%)
rs4.whbdns.com 100.000% (100.000%)
rs5.whbdns.com 100.000% (100.000%)
rs6.whbdns.com 100.000% (100.000%)
rs7.whbdns.com 100.000% (100.000%)
rs9.whbdns.com 100.000% (100.000%)
rs10.whbdns.com 100.000% (100.000%)
rs11.whbdns.com 100.000% (100.000%)
rs12.whbdns.com 100.000% (100.000%)
rs14.whbdns.com 100.000% (100.000%)
rs15.whbdns.com 100.000% (100.000%)
rs16.whbdns.com 100.000% (100.000%)
rs17.whbdns.com 100.000% (100.000%)
rsl1.whbdns.com 100.000% (100.000%)
rsp1.whbdns.com 100.000% (100.000%)
rssg1.whbdns.com 100.000% (100.000%)
vps1.whbdns.com 100.000% (100.000%)
vps2.whbdns.com 100.000% (100.000%)
vps3.whbdns.com 100.000% (100.000%)
vps4.whbdns.com 100.000% (100.000%)
vps5.whbdns.com 100.000% (100.000%)
Just in case you ever need to start/restart/check Apache on your VPS or Dedicated server, here is the command you will use via SSH:
Checking Apache Status
/etc/init.d/httpd status
Restarting Apache Service
/etc/init.d/httpd restart
Stopping Apache Service
/etc/init.d/httpd stop
Starting Apache Service
/etc/init.d/httpd start