Computer Programmer Turned Coffee Farmer Spills Beans on Security
All businesses, even ones you wouldn't normally think of as dependent on technology, are vulnerable to cyber threats and have to take action to protect their customers. Case in point: Farmers.
What does agriculture have to do with the latest web threats? As much as any other business, points out computer programmer turned Kona Earth Coffee farmer Gary Strawn.
Kona Earth is a family owned and operated coffee farm located on the tropical slopes of the Hualalai volcano in Hawaii. They live and work on the farm and sell the beans online through a website Gary maintains, "doing everything from taking product
photos to PHP programming and PCI compliance," he says.
"Security is a constant battle," he adds. "There are well known solutions to common
attacks (DoS, Sql injection, password encryption, etc.) but that's just
the beginning. No matter how secure a website, given enough time and
determination, hackers can find their way in if they try hard enough."
However, that doesn't mean business owners can only wait helplessly for an inevitable breach. "In my opinion, the best method for security is active observation of the
website. Of course I use security measures wherever appropriate, but I
also designed my website to email me any time something odd happens.
"For example, if a user guesses at their password more than three times,
not only will their account be suspended, I'll also receive an email of
what is happening. If it was a real user, I can help them out to make
sure I don't lose a customer. If it was a hacker, I'm right there to
make sure they don't get in."
These measures also have other benefits besides security, Strawn points out. "It also helps make sure the website isn't
experiencing technical difficulties. For example, one day the credit
card server mysteriously started denying all transactions. If my
website hadn't emailed me about what was going on, I might have lost
several transactions before learning about the problem."
These are actions that organizations can take today to not only protect their systems, but help them keep tabs on potential threats in order to take action if necessary.
For more information about active and passive tools and processes you can implement to protect your network and customers today, contact Boonbox.
Case for Security Webinar: Top 25 Dangerous Programming Errors, Part 2
Continuing our series on web application security, in this second part of our webinar we will discuss the top 25 web application programming errors that lead to security issues.
The discussion will cover definitions of the programming errors, how to identify and assess risks in your application, and references to resources surrounding best practices in web application development.
How to Register
1. Go to http://boonbox.webex.com/meet/boonbox
2. Click "Show All Meetings".
3. Click the "Register" link on the right in the Status column for "Part 2: Top 25 Dangerous Programming Errors" and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.
Who Should Register
Business owners and IT professionals looking to improve their business operations through better use of IT solutions.
As an additional benefit of signing up for this Case for Security webinar, you will also receive a complimentary subscription to our newsletters, Cyber Security Informer and Pacific Coast Informer.
More event information for Top 25 Dangerous Programming Errors, Part 2
Webinar Participants: Discount on Your Network Security Assessment or Web Security Assessment
If you've registered for one of our Case for Security webinars, then you know how important it is for your business to protect its network and web assets. We want to help you make that commitment. Register for one of our webinars and you can take advantage of either of the following offers.
With your Devfense Web Security Assessment engagement, receive a $600 discount on the follow-up Delta Scan.
Alternatively, with a Network Security Assessment engagement, you can receive a half-day of consulting to remediate the network vulnerabilities we discover. This offer is valid until September 31, 2009.
Ask A Security Expert
"How can I defend my network against a DDoS attack?"
The Tweeting masses were up in arms recently when a Distributed Denial of Service (DDoS) attack left the popular social networking application (and its myriad third-party service providers) unusable. Even more upsetting, investigators later suggested the disruption to 44 million users may have been caused by hackers trying to inconvenience a single relatively unknown blogger from Eastern Europe. As the news came in, more and more business owners were left wondering -- Twitter today, why not my company tomorrow? What can be done?
First of all, if you're like the vast majority of businesses that at least have a firewall, these can be configured to use an intrusion detection system and intrusion protection system. Basically, your firewall has a rule that if you get a certain number of requests which seem out of sync with your usual web traffic, it blocks the suspect address. Worst case scenario, you can always try unplugging the servers, waiting for the attack to pass, and then plugging them back in. Then it's time to discover the root cause of the issue and get its control center.
Larger organizations with more resources or tech-savvy firms may have an advantage here in being able to simply add server resources and ensure that the heavy incoming traffic from DDoS attacks are moved to backup servers.
Other than that, your organization can always unplug your servers, wait for the attack to pass, and plug them back in -- the online equivalent of battening down the hatches in a hurricane. After the attack finishes, your chosen IT experts can then do the work of trying to figure out where the attack came from and shutting it down for good.
Weekly Feature - Hacker Bait
The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit.
This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.
If you would like more information on our data and why these sites are listed here, please contact PCIS
Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days
absolutebirdcontrol.com
brightdirectory.com
china-lottery.net
discussionsworld.com
economics4development.com
forumonline.biz
founder.com
futurewebhost.com
gameroom.com
hostechsupport.com
|
justforartists.com
lightmindsoftware.com
onlinemarketingseo.com
pileofphotos.com
potterharry.net
qualsoftservices.com
securitysun.info
simplybadminton.blogspot.com
skyhighpremium.com
socialworkers.org |
Other ways to stay connected
About Boonbox
Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.
PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.
How to Subscribe/Unsubscribe to the Informer
SUBSCRIBE: To subscribe to the Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com
UNSUBSCRIBE: If you do not wish to receive future issues of the Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.
WE WANT YOUR FEEDBACK: Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558
|
