* – PC Consulting Center

Is your website hackable? Why you need to worry (Page 1 of 3)

May 11, 2023 Site Security No comments

Apocalypse Now

Just because you think your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse, only recently, it has been discovered that hackers are not simply selling your; theyre also selling the fact that you have vulnerabilities to others be they hackers, industrial spies or terrorists.

It all sounds apocalyptic, doesnt it? Well, rather than being an angel of doom, Ill let the stats speak for themselves.

TJX Companies Inc.,

TJX Companies, owners of T.J. Maxx, Marshalls, Winners, HomeGoods, A.J. Wright, and Bobs stores, on the 17th January this year, disclosed that 40 million of their customers credit and debit card details were stolen. In parallel, federal credit union SEFCU published a similar warning that the personal details of 10,000 of its customers were compromised in the hack attack.

Another 60 banks including Citizen Union Savings Bank and Bank of America seem to have customers whose credit and debit cards have been breached in this attack.

Ben Cammarata, Chairman and Acting Chief Executive Officer of TJX Companies, stated that the nature of the hack is not known and two computer security experts are at hand examining the problem. The warning issued by SEFCU sheds greater light and states A fraudster may have gained access to card information through one of those entities in the payment network, including the merchant.

SC Magazine reports that hackers used data from the breach to purchase goods in a number of states in the US, in Hong Kong and in Sweden.

A digest of the latest developments follows:

* According to 3WCAX-TV Website, the attack is expected to cost consumers one-point-five (M) million dollars. This article was published before law suits started sprouting. * Brian Fraga, Standard-Times, reports that a class action lawsuit filed this week in U.S. District Court (Boston) against TJX. The amount of damages sought is undisclosed. According to SC Magazine, yesterday a West Virginia resident slapped another lawsuit and is suing TJX for $5 million. * U.S. Rep. Ed Markey, D-Mass., chairman of the House Subcommittee on Telecommunications and the Internet, has called for the Federal Trade Commission to investigate the hacking, according to a eport today in the Boston Globe. * Today, the Government of Canada, stated that it is launching an investigation into TJX and the data breach. * Of note is that the hacking may have started in May 2006 and the breach was discovered only in December 2006 (and publicized in January 2007).

Universities

University systems are usually highly decentralized which makes it hard to ensure tight security. To the extent that one department may have deployed a hardened security infrastructure while others loll in lax measures making the whole system weak.

Should You Take Notice of Web Hosting Comments?

February 5, 2023 Web Hosting No comments

There is a temptation to look at web hosting comments, see a few negative items relating to a particular host and dismiss them but this can be a mistake. When reading web hosting comments it is useful to bear in mind the following:

* The services provided by hosting companies do differ. There is no point in complaining about lack of support for a particular technology if this was never promised in the first place.
* Users will generally complain more readily than they will praise so it would be surprising if there were no negative web hosting comments about a host.
* The bigger the hosting company the more negative comments you would expect to see.
* Many negative web hosting comments would not have been necessary if users had read the Terms of Service (although some hosts could make the key terms clearer on their web sites).

When looking at web hosting comments about the major hosting companies I was struck by how many are about financial, contractual and support issues rather than technical issues. These can be:

Cancellations: Sometimes there is a procedure to follow which is set-out in the TOS. Not following this results in delays.

Domain Names (and cancellations): When a domain name is included in the package it has to be paid for if you cancel, even under a money back guarantee. This is spelt out in the TOS but the website may only say that the money back guarantee relates to hosting costs and the implication of this is lost on some users. Failure to get a full refund generates some of the more angry web hosting comments.

Renewals: Most hosts issue coupons/offer discounts but these apply to new customers only. Renewals are charged at the host’s standard rates, some websites do not make this clear.

Definition of “Unlimited”: Most hosts offer unlimited bandwidth, storage, databases etc. but whilst it clearly cannot be taken literally, definitions of “Unlimited” are vague. The use of unlimited does keep things simple and hosting companies know that most users will only use a small amount of resources. However we are talking about shared hosting so if a site does get busy it cannot be allowed to take resources to the detriment of other users. At this point you have to rely on the hosting company to deal with this reasonably. Of course users in this position will see the host as unreasonable and will probably post negative web hosting comments.

Backups: Hosting companies usually state that backups are the responsibility of the user. Whilst they do generally backup their shared servers periodically they do not accept any liability for lost data (not unreasonable given the low costs of hosting). Clearly anyone can suffer a hardware failure so you could be unlucky with any host.

To make sure you do not end up writing negative web hosting comments I suggest reading the TOS of your host thoroughly and taking your own regular backups.

Should You Take Notice of Web Hosting Comments?

February 2, 2023 Web Hosting No comments