888.4.NATNET
Facebook Twitter LinkIn Blog Instagram YouTube Google Plus

Monthly Archives: July 2015

30
Jul
2015

Hubris Doesn’t Make You Immune From Being Hacked

by Bill

National Net works diligently day and night to provide our collocation and dedicated server clients with the highest level of data security possible. We upgrade hardware, update software, follow industry best practices and uses more than a decade of experience to build what we believe is the most secure environment our clients can get anywhere online. However, it is vitally important to avoid resting on your laurels or allowing hubris to creep in, because doing so is often the precursor to being hacked.

Some mistakenly believe that a system can be built in a completely hack-proof way. Time and again, even the largest and most significant data stores have proven to be hackable by third-party programmers wearing either white or black hats. Recently the federal government suffered one of the most severe data losses in history, which may have included information about active US spies and covert resources. The result was that OPM Director Katherine Archuleta resigned since it happened on her watch, but that won’t make their system any more impervious to cyber-assault.

Home Depot, Target, Banks and too many other brands to mention have had credit card data stolen or other information illegally accessed by external hackers at some point in their history. Most recently, LifeLock (a company whose entire brand is built on the notion that they can secure personal information from theft) has become the target of a 2nd set of FTC allegations after paying millions of dollars in a settlement from their first go-round with Federal Trade Commission overseers.

The lesson to take from this is simple. Your data is only safe until it is not safe any longer. As a top tier hosting company we take thousands of steps each day to secure data to the limit of human and machine capability. Smart site owners also maintain backups, monitor their digital properties daily and take additional precautions when possible to keep their data safe.  There is always more to do, and always more than can be done. However, if you ever here an IT guy tell you that he can keep your 100% safe absolutely guaranteed, it’s important to remember he is either speaking from a prideful point of view or an inexperienced one.

Sensitive data should only be stored online in the most minimal way possible. Software patches and security updates should be carried out immediately. While it may feel good to sit back, relax and pretend you areunhackable, it feels even better to remain vigilant and actually not be hacked.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
21
Jul
2015

Keybase May Offer Real Cloud File Encryption With Casual User Simplicity

by Bill

Among the vast majority of Internet users, the most common way to distribute files is via email attachments. A method that is well-known for being among the simplest for nefarious third parties to hack, or for government agencies to sniff. A growing segment of the population has started using file dump services like Dropbox to handle larger files, due to their simplicity and ease of use. Now, Keybase, a company created by OK Cupid founders Chris Coyne and Max Krohn is making a serious attempt to offer a Dropbox alternative that includes built-in file encryption for every file and user the system handles.

Backed by $10.8 million in VC funding that was led by esteemed tech financiers Andreessen Horowitz, Keybase focuses on public-key encryption and seeks to solve the problem of finding the public key for someone you want to send a message to by utilizing social media and other external authentication methods including a central repository of public keys.

“[Encryption] shouldn’t be something only a hacker can do,” said Krohn in a recent interview. “It should be something that anyone using a workstation in their daily lives should be able to use effectively. You shouldn’t have to understand crypto in order to use these products.”

The Keybase plan provides end to end encryption, meaning that there would not be an entry point for sniffers or hackers, and the company’s software will invisibly encrypt all the data you store in it so even Keybase won’t be able to read it. That is a crucial part of any encryption method in a post Patriot Act world, because any company that can access your data can also be compelled to provide access to that data for any number of government snoops as well.

Keybase intends to use the well-respected open source encryption system NaCl and welcomes audits by software security firms that intend to find and notify the public of any potential risks or backdoors, and Keybase is not alone in this endeavor. Others including Boxcryptor and SpiderOak aim to offer their own versions of cloud-encrypted file sharing services for the ordinary consumer.

The one remaining question is whether or not Keybase can simplify the process down to a level comparable to attaching a file to an email. Consumers have already shown time and again that they value their convenience more than their security, often even when confronted with the dangers of doing things the ‘easy’ way – now it falls on the shoulders of tech startups to make being secure just as convenient as the outdated methods of data transfer billions of people have already become accustomed to using.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
15
Jul
2015

Real Cyber-Security Requires A Calm Properly Measured Approach

by Bill


Today there distinct failures of major computer systems set off an unduly large number of alarm bells because of opportunists and conspiracy theorists who tried to use the glitches as a rallying cry for unrelated causes.

For many outside the IT world it may have gone somewhat unnoticed that three major system failures happened today within the span of a few hours. The entire United Airlines flight schedule was grounded, the New York Stock Exchange temporarily halted all trading, and the Wall Street Journal website was down for a significant part of the day.

While these outages are undoubtedly a source of considerable inconvenience, and may even result in significant monetary losses by entities involved in each – there was no evidence, and continues to be no evidence, that they were interrelated or caused by cyberattacks of any kind.

Still, Senator Bill Nelson [D-FL] took to his Twitter account to suggest prematurely that the incidents might be some kind of ‘attack’ and used that self-initiated viewpoint as grounds to promote a Cyber-security bill that many have IT experts agree remains seriously flawed.

In fact, United Airlines has said the problem was “an automation issue”,  The New York Stock Exchange tweeted that it halted trading due to an internal technical issue that “is not the result of a cyberattack” and zero evidence has surfaced about any possible coordinated cyber-attack or other cause for alarm.

During service interruptions and periods of technological frustration, it is essential to remain calm – to identify real causes of any outage and to find solutions that remedy the matter quickly while also putting safeguards in place to prevent any recurrence of downtime. As a leader in collocation and fully managed hosting services, NationalNet understands and appreciates all the hard work these three IT teams did while restoring service and asks everyone, Senators and citizens alike, to refrain from engaging in hyperbole or conjecture during moments of uncertainty when answers need to be the focus and guesses or accusations should be set aside entirely.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
07
Jul
2015

ProxyHam Uses A Radio Connection To Add A Physical Layer of Obfuscation To IP Addresses

by Bill

The high stakes game of cat and mouse that continues to unfold among snoops and privacy conscious communities just became even more interesting with the upcoming release of ProxyHam.  At the August DefCon hacker conference in Las Vegas, a developer is scheduled to debut a device that includes a “hardware proxy” using a radio connection to create a physical layer of obfuscation that makes it all but impossible to determine a user’s actual location.

ProxyHam is an open-source device, that the developer, Ben Caudill

Reportedly built for less than $200.00. The box connects to any nearby Wi-Fi and relays the Internet connection of a user over a 900 Megaherz radio connection to a computer (with an intended range of 2.5 miles). If the device works as advertised, it would create a scenario where even after investigators have fully traced the internet connection of a target, they would find only the ProxyHam box and not the location of the intended target.

Caudill works as a researcher for the consultancy group Rhino Security Labs, told Wired magazine that “the problem with Wi-Fi as a protocol is that you can’t get the range you need. If the FBI kicks down the door, it may not be my door, but it’ll be so close they can hear me breathe. [ProxyHam] gives you all the benefits of being able to be at a Starbucks or some other remote location, but without physically being there.”

The beta of ProxyHam that will be sold at DefCon will be very basic, but future models already in development will also include accelerometers designed to warn its owner if the device is moved from its hiding place, or may even include a microphone and other detection hardware according to Caudill.

Why would the creation of this kind of device be good thing? Caudill intends ProxyHam to protect the most sensitive targets on the Internet. “Journalists and dissidents in Arab Spring countries, for instance…these people have very high security requirements,” Caudill says. “This is that last-ditch effort to remain anonymous and keep yourself safe.” However, opponents are already pointing out the kind of catastrophes that a working ProxyHam might cause as unintended consequences when used by people with less noble goals.

As with any technological advancement, the good and bad are determined by the intent of the user – but as we are seeing with the contemplation of devices like this one, the battle over Privacy may accelerate the intensity of good and bad outcomes alike.

Share and Enjoy
  • Print
  • Facebook
  • Twitter
  • Add to favorites
  • RSS
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
NationalNet, Inc., Internet - Web Hosting, Marietta, GA
Apache Linux MySQL Cisco CPanel Intel Wowza