Cloud computing is one of the fastest growing technologies, but making it secure can be extremely challenging. Download this new study by the Ponemon Institute to learn about the barriers to cloud security, and how to overcome them. Get the report.

Key Findings:
• 90% of cloud servers are perceived to be vulnerable or potentially at risk.
• 52% of IT personnel rate their cloud server security management as only fair or poor.
• 54% said their organizations’ IT personnel have no knowledge of the risk of open firewall ports.

Download your copy of the Ponemon Institute’s cloud security study at http://www.dome9.com/wp-content/uploads/2011/11/Ponemon-Cloud-Security-Study.pdf, or contact our team today to learn how we can better secure your in-house or cloud servers.

This morning I received a phishing email supposedly from QuickBooks, warning me that I would no longer be able to access my QuickBooks without first downloading their new Intuit Security Tool. Think of how many non-techies WILL be fooled by such an email?

This email was sent from a hacked website, and it reminded me of how important it is for ALL our clients to have our Bronze NerdCare package in place with our Hack Detection. This was another Dental website (hosted with GoDaddy) that was hacked, and they probably have NO idea! Make sure YOUR site is protected by our Hack Detection system. Email us to learn more.

Many web hosts provide the ability for clients to provide their customers with SSL (Secure Socket Layer) connections when signed into their websites or email. It’s important to understand how SSL works, and why so many websites use the protocol to protect user data.

Websites use SSL to encrypt and secure each user’s session while they’re logged in. Without it, it’s very possible for someone to monitor or hijack that session.

Websites such as Facebook or Twitter currently do not use SSL, and thus should not be used on a public network because a user’s session can be monitored.

You can immediately tell when a website session is secure by a lock icon in the bottom right hand corner of the browser, and the website address should have https://, the “s” meaning secure. If the address only starts with http://, the website is not secure.

When you login to a website that uses SSL, you can rest assured that no one can monitor your session while you are logged in.

When a user accesses an SSL-enabled website, it automatically asks the server for a digital Certificate of Authority (CA). The browser will verify the information on the certification with server’s identity and to ensure data will remain secure. If all goes as it should, this process should happen behind-the-scenes.

When the browser verifies the certificate, it uses the public key to encrypt a “key” that includes the user’s login information and sends it to the server.

The SSL server decrypts the “key” and uses a private key to decrypt the data, and sends back the requested information in an encrypted “key” to the web browser, which decrypts the data and displays the requested web page and data.

Make sure that you are using a modern web browser that takes advantage of SSL, and that your hosting provider offers SSL capability so you can rest assured that traffic between your computer and their web server will be secure. Also make sure that the information you are entrusting to your hosting provider for those SSL sessions will not be sold to third parties.

Every day, criminals are attacking thousands of legitimate websites and injecting malware on them, with a new web page getting infected every 1.3 seconds. If your website is injected with malware your company will suffer significant losses of traffic, reputation and revenue.

All of our hosting clients are protected by a daily defacement scan, and we offer NerdCare Assurance packages to protect our clients with hourly hack detection. Contact us today to learn how we can protect your company’s website from becoming a statistic.

It seems that nearly every week our Hosting Team runs in another outside developer that insists on assigning full write permissions to “everyone” for their client’s website. While sometimes this happens for custom built websites that are so poorly built the developer needs world-write permissions to make it run, more often these issues happen for major, mainstream Content Management Systems such as Joomla, Drupal and WordPress.

Modern CMS websites are dynamic and are designed to be updated by clients with little or no web skills. Some activities clients will undertake with these new websites are the uploading of images or videos, and many web developers don’t understand how to configure these Content Management Systems in order to allow for these activities without the dangerous and dreaded ’777′ permissions. Most developers have no concept of how dangerous these permissions are, and the vast majority have never run into a web host that resists allowing these permissions.

Nerds On Site understands the dangers of giving “everyone” full write permissions, and thus we caution our clients against it, and our security monitoring system reduces these permissions in cases where the developer refuses to take charge of the situation. Drupal says: “The most dangerous and least secure option is to assign write access to ‘everyone.’ This option should be avoided at all costs.” Hackers love ’777′ permissions, because it gives them a wide-open door into the website, free to upload their spam generators, spam bots, pornography and other malware.

Client’s shouldn’t need to understand these complex issues, nor should they have to lie away at night wondering if their website is quietly running ’777′ permissions, just waiting for a happy hacker to come along. The vast majority of hosting companies do not check for world-write permissions, and certainly do not enforce them. If you host your website with a hosting provider other than Nerds On Site, please consider switching to a provider that will actively monitor for this situation, and all free of charge. Contact us today!

US Treasury Department

This latest high-profile attack is a perfect reminder of the vulnerability all websites face, and the importance of taking steps to protect your online business against hacking attempts. Nerds On Site offers NerdCare Assurance packages to our hosting clients that protect against just this sort of attack. Two parts of our Assurance package work hand in hand to protect you from hackers.

The first is our hack detection system – every our our system takes a cryptographic signature from each and every of the thousands of files in your website, and then compares those signatures against our database records of your clean website. If any change is noticed, our team is notified immediately, not just that someone has modified code in your website, but the exact spot the code was modified. If our team determines that your website was indeed hacked, they can immediately switch to our disaster recovery tool, also covered for free with your NerdCare Assurance plan. Our team will then know exactly which file to restore, immediately restoring your website to perfect, healthy operation.

There is no such thing as a hack proof website, as this latest incident with a government website proves. However, hosting your website with Nerds On Site, and protecting it with one of our NerdCare Assurance plans will give you protection unparalleled in the industry today. Contact us today to learn more!

The world of website security is a quickly changing, shifting environment. One moment your website may be as secure as you could make it, and the next moment a new vulnerability may be found in the site. The hundreds of thousands of clients world-wide using Content Management Systems (CMS) like Joomla, Drupal or WordPress are the most at risk. Due to the popularity of these systems, hackers have learned that they merely have to find a vulnerability in one copy of Joomla to infect over a hundred thousand websites at virtually the same time.

This week so far has been a somewhat special week in Joomla security particularly, as the Joomla security team has released two security patches, only days apart. If your company is running a Joomla CMS website, has your team upgraded your site to the latest version? What this done twice already this week?

At Nerds On Site, we offer NerdCare Assurance packages to our Joomla clients (as well as clients using any other CMS system), and all our NerdCare Assurance clients were upgraded by our team this week. First, our team upgraded all of our clients on Monday, using the latest patches available that day. Then, late last night our team upgraded all our clients again, using the 1.5.17 patch that was released at that time. This service offers peace-of-mind to our client. By having NerdCare Assurance protecting their website, they never have to worry about the latest patches and security releases, as our team will take care of that for free, no matter how many new patches are released in a week.

Is your website protected by a NerdCare Assurance plan? Contact our team to learn more!

I sat down to write an article on Virtual Machine security / insecurity (coming soon), but there was just too much interesting news to pass up.

Charlie Miller – hacking genius, good guy, or bad guy? Charlie Miller, perhaps the best-known white-hat hacker, took the $10,000 prize for the fastest compromise of OS X 10.6 for the third year in a row. Charlie says he is fed up with the poor security practices from Apple, Microsoft , and Adobe. He is declining to reveal the flaws he has uncovered, but will tell the vendors how to find the vulnerabilities. He thinks they will benefit more from this than they would if he simply told them what the flaws are.

Charlie found most of these flaws by using a “dumb fuzzer” that he wrote. Vendors use fuzzers as well, but apparently Charlie’s is better.

We are always telling clients to update their applications, as well as their operating systems. The bad news is that there is now malware that overwrites software updaters. This is doubly bad news – people will be infected by doing the “right thing” and updating. Worse, they will be afraid to update in the future because of the experience. Let’s hope that software vendors find a way to solve this problem quickly.

Mozilla Plugin Check is a place where you can go to check Firefox for the latest versions of plugins. Mozilla is going to take this service one step further and check other browsers as well.

Spam pays. Why? Because even savvy users can’t resist the temptation to CLICK THOSE LINKS, OPEN THOSE ATTACHMENTS, AND FORWARD THAT MESSAGE ON TO INFECT OTHERS! People just won’t learn.

Another threat warn clients about: Rogue toolbars. Sheesh!

What are the biggest scams on the internet? Fake anti-virus popups are one of them, but I was shocked to see that “hitman” “pay me or I will kill you” scams are also on the list. Double sheesh!

If you want to read the sick stats on SPAM, here is an article for you. What is the probability that a .rar email attachment is infected with malware? Almost 97%. Go figure. It not one of the most common malware-laced attachments, though. Those would be .xls, .doc, .zip, .pdf, .exe, .jpg, and .ppt.

I am looking for GOOD NEWS in the security world to match the title of the post, but not seeing much. I guess the Good News is that YOU are there to HELP your clients be the ones who STAY SAFE. Come to think of it, that really is Good News.

Dennis H in West Virginia, US

March 29, 2010

While all the pieces and tools in our Hosting NerdCare package work together and are equally vital to your piece of mind, our hack detection system does stand out in the industry for its uniqueness. At the time of this blog, we are not aware of another company offering a product even close to ours, and the benefit to you over your competition is really quite amazing.

Clients protected by our Hosting NerdCare Assurance will have their website scanned every hour of every day. In a nutshell, our system will take cryptographic signatures of every single file in your website, and compare them on an hourly basis. If a hacker manages to change even one bit in one of your files, our team will be immediately notified of the change, and we can swing into action. The vast majority of business owners only find out that their site was compromised once Google or Badaware.org block their site, and once that happens, it can literally take weeks to reverse the damage and have the site back up and running.

Nerds On Site’s Assurance packages allows for our team to know the moment a breach is made, and equally as important, we are notified as to which exact file was compromised. This level of detail allows us to repair the damage before anyone knows about it, ensuring that your site isn’t blacklisted.

This level of support translates really resulting a protection of your image and brand, as well assuring the quickest possible response times and smallest amount of downtime. At the end of the day, Hosting NerdCare Assurance will have a direct effect on your bottom line, by ensuring that your website is up all the time!