- Hits: 98
A Typo Took Down The Internet
SAN FRANCISCO — The major outage that hit tens of thousands of websites using Amazon's AWS cloud computing service on Tuesday has a resolve. Who knew that a simple typo of one incorrectly entered command could take down Amazon Cloud Services for 4 hours.
The four-hour outage at Amazon Web Services' S3 system, a giant provider of backend services for close to 150,000 websites, caused disruptions, slowdowns and failure-to-load errors across the United States.
Massive Amazon cloud service outage disrupts sites. Amazon's Simple Storage Service (S3) lets companies use the cloud to store files, photos, video and other information they serve up on their website. It contains literally trillions of these items, known as "objects" to programmers. During this outage, noone was able to access websites, photos, logos, lists, data and various other systems. Many also had broken links and were only partially functional.
Today, Amazon published a public letter saying what happened:
"On Tuesday morning, an Amazon team was investigating a problem that was slowing down the S3billing system.
At 9:37 am Pacific time, one of the team members executed a command that was meant to take a few of the S3 servers offline.
"Unfortunately," Amazon said in its posting, one part of that command was entered incorrectly — i.e. it had a typo.
That mistake caused a larger number of servers to be taken offline than they'd wanted. Two of those servers ran some important systems for the whole East Coast region, such as the ones that let all those trillions of files be placed into customers' websites.
To get it back, both systems required a full restart, which takes a lot longer than simply rebooting your laptop.
All of this wasn't just affecting Amazon's S3 customers, it was also hitting other Amazon cloud customers as well — because it turns out those systems use S3, too.
While Amazon says it designed its system to work even if big parts failed, it also acknowledged that it hadn't actually done a full restart on the main subsystems that went offline "for many years."
During that time, the S3 system had gotten a whole lot bigger, so restarting it, and doing all the safety checks to make sure its files hadn't gotten corrupted in the process, took much longer than expected.
It wasn't until 1:54 pm Pacific time, four hours and 17 minutes after the mistyped command was first entered, that the entire system was back up and running.
To make sure the problem doesn't happen again, Amazon has rewritten its software tools so its engineers can't make the same mistake, and it's doing safety checks elsewhere in the system.
Amazon apologized to its customers for the event, saying it "will do everything we can to learn from this event and use it to improve our availability even further."
Thanks for checking in on iComEx to find out the latest news that may be of interest to you as a business owner. We appreciate your business, and remember if you have questions please feel free to contact any of our staff for any additional questions you may have.
To learn how iComEx can help your your business grow, please call 972-712-2100, or ask us to provide a quote. We proudly serve Dallas, Frisco, Plano, McKinney, Allen, Sherman, and Denison for all your web needs.
- Hits: 85
Forged Cookies Access To Blame
With regret iComEx must report again of another breach into Yahoo accounts from another attack. This proprietary code issued was believed to be dealt with until today.
Last month, Yahoo started notifying people that it had discovered yet another account breach had occurred. Apparently a forged cookie attack had been used to access a new set of accounts over the past two years. At the time, it wasn't known how many accounts had been accessed, but now we know and it's in the millions again.
Remember, Yahoo already admitted over a billion accounts were compromised in August 2013. That was followed by a further 500 million accounts being accessed in 2014. This latest breach is, relatively speaking, quite small, with only 32 million accounts being accessed.
According to Reuters, Yahoo believes these new accounts were accessed by the same "state-sponsored actor" responsible for the 2014 breach. The proprietary code running Yahoo's systems was accessed so as to learn how to forge cookies. Those unauthorized cookies were then used to access user accounts.
The cookies have since been invalidated to block further access and all affected users should have been contacted by Yahoo regarding how to re-secure their accounts. As to why hackers take the time to breach Yahoo's servers and access accounts, it turns out the data is worth something. In August last year it was revealed that some of the stolen Yahoo data was available for sale on the dark Web for $300,000.
- Hits: 126
Experts Share Their Tips
CIO's Jennifer Lonoff Schiff shared with the Marketing World 9 proven methods for generating sales leads. These sales and marketing experts gave it up on the best channels to use to attract new business. If you are a business that depends on sales this is a must read. Read, call us here at iComEx at 972-712-2100, then let us help you create the best plan that will work for you. Then see what happens!
Today's digital age, means you may have more ways that ever to attract new customers for your business. Of course the age old question one always asks is what is the best lead generation strategy, or channel is the most successful. Often the answer would be it depends on who you are trying to reach and what product or service you are selling, but according to leading experts in the field; the approaches will be the most effective for you.
B2B Referrals - Statistics report that 82% of B2B decision makers start the decision making process with a referral. Alex Kehaya, founder of ActionWins says "The fact is, leads that come from referrals convert faster, have low cost of acquisition and have higher customer lifetime values than any other leads. If you have a great product already, chances are that you are seeing growth via word of mouth.” This is great news for those who have diligently sought to seek a high degree of expertise in their companies.
Additional things that will also help with referrals is to check out software that will allow you to track your referral program's performance; and begin thinking about the best rewards to incentivize yur customers to refer their friends.
Begin Search engine optimization (SEO) on you company website - Kent Lewis, founder and president at Anvil says "The best way to generate cost-effective leads is to optimize your website to rank well for target terms that prospects would use to find your business.”
“Using engaging content that is created around keyword research, to pull potential customers from search engines like Google and bring them to your website or a specifically designed landing page,” is a great way to attract new customers, says David B. Cuevas, inbound marketing manager, InTouch Marketing. It “gives the user exactly what they are looking for and starts the process of building trust and loyalty.”
In addition to both of the above, next comes “by adding additional resource information designed around that essential search, you can begin to draw the customer down your sales funnel and ultimately reach your goal of a call, consult or free quote,” says Cuevas. We might add that depending on your specific product or service, pay particular attention to your selected keywords for your SEO. A review of statistics and analytics of your market will be necessary to attract the correct customers directly to your website.
Specific Targeted online advertising - “[Another] effective way to generate high volumes of leads is via paid search and social media advertising,” says Lewis. “Automated bid platforms allow businesses of all sizes and shapes to target prospects with advertising.Holding the lead, Google owns a majority of market share, Facebook, LinkedIn and others are making headway,” and these platforms allow you to “target [prospects] based on demographics, psychographics, geography and more.”
To get the most bang for your online buck, “target the platform that your buyers are most likely to use on a consistent basis,” says Rachel Rapoza, marketing manager, OnForce. “For instance, if your buyers are older, Facebook and LinkedIn are good options; if your buyers are under 30 [or your product benefits from photography or video], Instagram is a good option. [Just] make sure your ads and landing pages are mobile friendly.” Be prepared to set aside a specific marketing budget pin paid search and social media advertising. In the long run these efforts definitely will turn out to be very good incentive to get your name out there.
Social listening - Ever wonder what people are saying about you and your product or service. Social chatter is on the rise because you are not the only one. “With the rise of social chatter, smart businesses are winning big with real-time marketing thanks to social listening tools like BuzzSumo, Mention and Sprout Social,” says Mandy McEwen, founder and CEO, Mod Girl Marketing. “These tools give businesses the ability to see who is talking about them and what is being said, allowing them to learn about their customers and what they’re looking for.
“Social listening also provides an opportunity for businesses to engage in conversations with their audience and respond to questions and issues as they arise,” she explains. “By staying on top of the conversation, businesses are more in tune with their audience and can deliver what they’re looking for.”
Instagram - According to Nicole Delorme, marketing and sales manager with Tigris Events believes "Instagram can be an effective tool for generating sales leads, especially if the product or service you provide is visual in nature.” However, “it's important to use hashtags with specific keywords to make it easier for prospective customers to find you.”
Email marketing - This type of direct marketing has been around for a long time. “Email marketing is still one of the most effective methods out there for gaining a steady stream of qualified leads,” says Yuliya Maystruk, marketing associate, Enplug. She says “Use drip marketing automation software to effectively target only opt-in leads or prospects from your database in order to protect your ISP domain. These emails can come from folks who visit your website’s landing pages, engage with you on social media or download e-books from your website.”
“[If you] use an engaging, personal subject line, write a concise, non-sales-y proposition and include a couple relevant links and CTA for your target audience,” she says, your email campaigns “will be sure to generate a steady influx of interest in no time.”
Direct (personalized) mail - “Everything old is new again,” says Jim Ninivaggi, senior vice president, strategic partnerships, Brainshark. “Encourage sales reps to send a targeted, tailored letter [not a form or generic mailing] to a prospect via U.S. Priority Mail.
“We all get hundreds of emails every day – but we get less and less physical mail,” he points out. “Sending a note through Priority Mail ensures it will get opened and read. [Just] be sure… [to] explain why you are reaching out and how your company might help, while also including a request for action.” Special offerings included in these mailings is a tremendous incentive as well. If you know and understand the company you are sending to, tailor an offering just for them. It is likely you will at least be contacted, then use your sales skills to close the deal.
Podcasts - Podcasts have been around for a while. “A great way to generate new leads is by engaging with your audience [via] a podcast,” says Brandon Welch, founder, Doxy.me. “Businesses and consumers alike are beginning to tap into this market [podcasting], and there is a ton of growth potential. What makes podcasting special is the fact that aside from streaming it, you can also download the content and play it anywhere. It’s [a] perfect… opportunity to promote your business.” Make sure all podcast links are on your websites, marketing pieces with a URL to go download, and any other emails, letters, or leave behind materials you have for new customers to contact you.
Webinars - The effective use of webinars is extremely powerful. Not to mention cost-effective. “When used effectively, webinars can be an extremely powerful and cost-effective tool for sales organizations of all sizes,” says Daniel Waas, director of marketing, GoToWebinar, Citrix. “An effective sales pitch delivered during a free webinar can convert better than almost any other sales medium,” he argues.
“In addition, webinars encourage list building as they allow presenters to gather login details from attendees, making it fast and easy to build email lists of prospective buyers. With these helpful reporting and analytics capabilities, sales people can easily turn qualified leads into customers.”
As you can see, these 9 ways to improve your customer base can and will improve your visibility in a variety of ways. iComEx extends an invitation for you to partner with us in finding the most effective ways we can assist you in reaching your new customer goals in 2017.
For almost 20 years, it has been our pleasure to serve you in the education process of driving traffic to websites just like yours by using standard marketing and sales techniques. You have just read what the best and the brightest in our sales industry have said about these techniques. Call us today, and lets customize a program geared toward your specifics. 972-712-2100. Our qualified staff is standing by to assist you in setting an appointment to discuss the best options to fill that sales funnel.
- Hits: 109
CIO & Sharon Florentine Speak Frankly
2016 Cybersecurity crash landed on so many fronts. From W-2 scams to WordPress vulnerabilities, ransomware, business email compromises, DDos attacks and allegations of a hacked presidential election -- 2016's was quite a year in the history of cybersecurity, and guess what, in 2017 it's not over yet.
While there really isn't any good reason to believe cybersecurity will be any better in 2017, we do understand that if anything, it could be even worse as cybercriminals continue to push social engineering, find new ways to deliver malware, crack vulnerable databases and leverage mobile technology to find ways to get inside corporate defenses and target individuals. That's almost the good news...
Two leading cybersecurity experts, Matt Dircks, CEO of secure access software company Bomgar and Scott Millis, CTO at secure device management and mobile security company Cyber adAPT, were asked what to expect in 2017. For all of you our clients, here are their quotes and main focus items they spoke on:
1. Passwords 'grow up' - The recent DDoS attack that wreaked havoc on a huge portion of the internet on Oct. 21was at least partly enabled by unchanged default passwords on IoT devices, says Dircks, which hackers were able to exploit. Don't think you're immune; how many of your users have simple, common or outdated passwords? In 2017, Dircks says better password management services will gain traction as businesses understand how vulnerable they are.
"I used to do a party trick where I'd go to someone's house and hack their router. There are so many purpose-built, 'dumb' devices out there like the routers used to facilitate the DDoS attack a few months ago, that it's making hackers' jobs easy," Dircks says.
Cybersecurity professionals will struggle to protect critical infrastructure, connected systems and remotely accessed systems and devices while weak password practices remain the norm, but it's not just external threats that are a problem.
Mitigating insider threats can also be accomplished through better password management, he says. The best way to do so is to implement a solution that securely store passwords that remain unknown to users, and then regularly validates and rotates those passwords to ensure safety and security, he says.
MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
"What we're talking about is credential vaults. In an ideal world, a user would never actually know what their password was -- it would be automatically populated by the vault, and rotated and changed every week. Look -- hackers are intrinsically lazy, and they have time on their side. If you make it harder for them, they'll go elsewhere rather than invest the energy to chip away," Dircks says.
Spend less for more pages with Brother INKvestment
2. Privilege gains power - Hackers want high-level access, which they get through targeting the credentials of privileged users like IT professionals, CEOs and vendors, Dircks says. And while organizations have applied security to the systems, applications and data that are most critical to their business, these preventative measures simply aren't enough anymore. In 2017, he says, savvy organizations will finally get serious about protecting not just systems, but privileged users by identifying them, monitoring their access and closing off access to what they don't need.
"We've had some clients who say, 'Well, I just stick my users or outside vendors on the VPN and they're fine,' but they have no idea what they are actually accessing! With privilege management, think of it like an elevator bank, where depending on your role, you can only get to certain floors. It really limits what you can do, especially if you're malicious. Even if I do have a valid password, if my privilege lets me access floors one and seven, but I try to go to six, then the system will block me and notify someone," Dircks says.
Addressing this issue, too, will involve organizations willing to provide extensive education and training on the potential dangers involved, especially in an increasingly mobile workforce where many individuals would rather sacrifice privacy and personal data for access and believe their security will be taken care off by the third-party services providers and application creators, he says.
"Especially in the last few generations of digital natives, people are more than willing to give up their personal information and data for access to apps, connectivity, information -- this can easily be exploited. And they are willing to trust that these app developers, these providers, will make sure they're safe and secure. That's dangerous. Combine the cybersecurity skills gap, talent shortage, mobile workforce, app-centric environment, more sophisticated hacking and it's a perfect storm. We think it's just going to get worse before it gets better," Dircks says.
3. The security blame game will heat up - "When we talk to our clients, one trend we're seeing that is really horrifying is that they don't even say 'if' an attack occurs anymore, they say 'when.' It's like, at this point they are just throwing up their hands and saying, 'Well, I'm gonna get hit, how bad is it going to be?' and that, to me, is just terrifying," Dircks says.
The IoT and increasing reliance on security solution providers means companies may not be able to easily account for ownership or origin once a breach happens, he says. Who is responsible for securing, maintaining and patching the various technologies? Worse yet, has a product been connected to internal systems that can't yet be patched? A number of IoT devices are often overlooked because they fall outside of IT's traditional purview, but that means exposure to threats.
"With the integration of IoT, automation and the cloud, no one seems entirely sure who's actually responsible for maintaining security of all these various pieces: the IoT device manufacturer? The security services provider? The internal IT department? Individual users? You're only as secure as the least-secure device or relationship," Dircks says.
When a breach occurs, even with layers of security, the question of who "owns" it and who had or has power to do something about it will create intense reactions and finger-pointing, he says.
Companies can head off this blame game by ensuring open communication between IT and business leadership to understand the potential threats, options for security and safety and the challenges and constraints that exist within the organization, Dircks says.
"Part of the problem is that, as a CSO, a CISO or even a CIO -- anyone with security responsibility -- you're either invisible, if you're doing your job right, or you're on the hot seat. If you come up with great policies, procedures and security measures, then you often leave those to IT to operationalize. But if those fail because you didn't understand the business needs, the budgets, the requirements, then you're not really helping," he says.
4. Ransomware will spin out of control - Since January 1, 2016, Symantec's Security Response group has seen an average of more than 4,000 ransomware attacks per day: a 300 percent increase over 2015, according to its 2016 Internet Security Threat Report.
Most organizations rely on low-overhead prevention techniques, such as firewall and antivirus solutions or intrusion prevention to mitigate threats like these, says Cyber adAPT's Scott Millis. However, these tools are insufficient, and breach data shows that detection and incident response must be improved.
And as attackers continue to use social engineering and social networks to target sensitive roles or individuals within an organization to get to data, the need for comprehensive security education becomes even more critical, he says.
"If security policies and technologies don't take these vectors into account, ransomware will continue to seep in. There's also the issue of detection. Some attackers can reside within a company's environments for months, often moving laterally within environments, and silos between network, edge, endpoint and data security systems and processes can restrict an organization's ability to prevent, detect and respond to advanced attacks," Millis says.
Finally, new attack surfaces -- for example, IaaS, SaaS and IoT -- are still so new that organizations haven't yet figure out the best way to secure them, he says.
5. Dwell times will see no significant improvement - Dwell time, or the interval between a successful attack and its discovery by the victim, will see zero significant improvement in 2017, Millis says. In some extreme cases, dwell times can reach as high as two years and can cost a company millions per breach.
"Why so long? In my view, this is annoyingly simple -- there's little or no focus on true attack activity detection. At the advent of the 'malware era', companies, vendors and individuals were rightly concerned about 'keeping out the bad guys', and a whole industry grew quickly to focus on two basic themes: 'Defense-in-depth', which I view as layering prevention tactics in-line to make penetration from the outside more difficult; and 'Malware identification', which manifested itself as an arms race towards 100-percent-reliable identification of malware," Millis says.
While response technologies and remediation capabilities, improved, victims were able to isolate and repair damage very quickly. The problem is these technologies didn't help reduce dwell time; unless response teams stumbled upon something malicious or randomly discovered an anomaly, Millis says.
Nowadays, security pros are using network device log files to search for clues as to whether an attack has been attempted or has succeeded, but storing and sorting through the massive amounts of data needed for this approach is costly and inefficient, Millis says.
"The need for huge data stores and massive analytics engines drove the new security information and event management (SIEM) industry. While SIEM is a great after-the-fact forensics tool for investigators, it still isn't effective in identifying attacks in progress. What we -- and some other companies -- are doing now is developing products that focus on analyzing raw network traffic to identify attack indicators. Finding attackers as soon as possible after they have beaten the edge or device prevention gauntlet, or circumvented it entirely as an innocent or malicious insider, will dramatically shorten dwell time," he says.
6. Mobile will continue to rise as a point of entry - At least one, if not more, major enterprise breaches will be attributed to mobile devices in 2017, Millis predicts. A Ponemon Institute report found that for an enterprise, the economic risk of mobile data breaches can be as high as $26.4 million and 67 percent of organizations surveyed reported having had a data breach as a result of employees using their mobile devices to access the company's sensitive and confidential information.
People and their mobile devices are now moving around way too much, and much too fast, for old-fashioned cybersecurity strategies to be effective, Millis says. Add to that an increasing sense of entitlement by users with regards to the devices they choose to use, and you have a situation ripe for exploitation.
"Many users feel they can protect their privacy while having secure, uninterrupted access to business and personal services. And still many people subscribe to the view it is not they who are accountable for security breaches; if they can work around 'security' to improve their user experiences, they will. CISOs, CIOs and CEOs view this as a complex challenge to the implementation of their enterprise security strategies, and one that won't be solved by having email and calendar data delivered over SSL to a single, approved OS," Millis says.
Mobile payments, too, will become a liability. MasterCard's 'selfie pay' and Intel's True Key are just the tip of the iceberg, he says. Individuals should understand that they need to treat their biometric data just as carefully as they do other financial and personal data; again, that comes down to education and training, he says.
"Wouldn't it be nice if public Wi-Fi access providers were required to put up the internet allegory to the warnings on cigarette packs? Something like, 'Warning: This public access connection is not secure and information you send and receive while connected may possibly be viewed, collected and subsequently used by criminals to steal your assets, identity or private information,'" Millis says.
7. Internet of threats? - IoT vulnerabilities and attacks will rise and will increase the need for standardization for various security measures -- hackers at this year's Def Con found 47 new vulnerabilities affecting 23 devices from 21 manufacturers.
And, of course, in October 2016 the massive DDoS attack on major global websites including Twitter, Netflix, Reddit and the UK government's sites -- was reportedly powered by the Mirai botnet made up of insecure IoT devices.
"A lot of attention is focused on 'smart devices' as proof of IoT's growing influence. The reality is a connected device doesn't make it a smart device. The 'things' that are being connected often 'fire-and-forget' in their simplicity, or are built-in features and tools we may not even know are there -- like the routers used in the Mirai botnet. This leads to a mindset of ignoring these 'dumb' devices without paying attention to the fact that these devices, while inherently 'dumb', are connected to the biggest party-line ever made: the internet," says Bomgar's Matt Dircks.
This isn't just a problem for smaller consumer devices, or even for connected homes and cars. Dircks isn't even particularly focused on the possibility of another DDoS attack. What's more troubling is the potential for an attack on large, widespread infrastructure systems like the power grid, or even avionics or railway systems, he says.
"I'm not worried about things like, if my connected showerhead turns on hot or cold. I think there's a fairly significant chance we'll see a major hack on power grids or on transportation systems like rail in 2017. This is the 'dumb' IoT that's still out there -- the technology from the 1950s and 1960s that's powering these critical infrastructure systems that is almost totally unsecured," he says.
This is a perception problem; the general public doesn't tend to see these systems as being similar to the IoT devices they use with increasing frequency -- even mobile phones can fall into that category, says Millis.
"Like smart-phones before them, IoT devices are assumed to be new, separate, and not subject to the same limits, as older technology, but think about it. It's nonsense: Smartphones are the most plentiful internet device around. IoT is the next hyper-jump in scale. Some organizations are wisely ahead of the curve a little bit this time, trying to head off the same security issues that mobile devices are facing now. So far, activity here has all come down to prevention yet again, but we believe every device and/or connection can be compromised. Shortening dwell time and securing IoT depends on being able to tell when that inevitably happens, as quickly as possible and with the highest level of confidence," Millis says.
If you have any questions regarding your company or home cybersecurity, please contact us today at 972-712-2100. A qualified member of our staff will gladly help answer any questions you may have. iComEx serves Dallas, Frisco, Plano, Allen, McKinney, Sherman, Denison, Pottsboro, and all points North and South of the Texoma border.
This story, "2017 security predictions" was originally published by CIO. And was written by Sharon Florentine Senior Writer
- Hits: 134
Viable Videos For Professionals In Security
RSA, the world’s largest cybersecurity conference, was held February 13, 17 last week in San Francisco with attendees from around the world gathering to hear the latest strategies for fighting cyberattacks. Attendees viewed the latest hardware and software to protect their most valuable corporate assets. Here are some brief descriptions and references to some new security products being announced at the conference.
All good things have to come to an end, and the final day of RSA Conference 2017 on the 17th was no exception. The Emmy Award-winning writer and current Late Night host today brought his brand of humor and intellect to the RSA Conference stage. and the feeling among attendees is that this has been a year to remember.
The RSA Conference 2017 featured 15 keynote presentations, more than 700 speakers across 500+ sessions and more than 550 companies on the expo floors. A record number of more than 43,000 attendees experienced keynotes, peer-to-peer sessions, track sessions, tutorials and seminars. Those who came received, and those who were not able and understand they truly missed an event have a way to get back all that time.
Never fear, our cameras are here: Take advantage now on a lunch break or with key staff and review any or all of the media below and get back in the know!
YouTube – YouTube Videos From RSA 2017
Flickr – Flicker Posts From RSA 2017
RSAC TV – RSA Videos Posted
Looking ahead to this year and beyond, the RSA Conference 2017 Staff enjoyed putting on the show for the industry professionals in the Security world. Remember to continue the journey with us, please see us again at the FSAC Unplugged London taking place on June 8, 2017. RSA Conference 2017 Asia Pacific & Japan will take place on July 26 - 28, 2017 in Singapore, and RSA Conference returns to Abu Dhabi November 7 - 8 2017. For those really planning ahead, RSA Conference 2018 takes place April 16 - 20 2018 again in San Francisco. Save the Dates!
Heard in the Press Room
Info Security: #RSAC: Dame Stella Rimington Reflects on a Career at MI5
IDG Connect: RSA: Eric Schmidt shares deep learning on AI
Help Net Security: Global geopolitical changes driving encryption adoption
RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information. We also deliver, on a regular basis, insights via blogs, webcasts, newsletters and more so you can stay ahead of cyber threats.
Security Policy, Behavior and Analytics for Emerging Architectures is critical to all Industry Professionals. As we begin to embrace containers, microservices and serverless applications, hosted on hyperconverged infrastructure, the potential for a simpler and more effective approach to security is emerging. Access to critical training, products, information and forecasts for future needs, we invite all our clients both individual and professional in their industries to examine these invaluable videos about what took place at RSA this last week. Click here and Get Educated