Monday, November 27, 2017

Uber hides a massive data leak for a year!

Uber, the cab sharing and logistics service with operations in 77 countries as of today, had a major data leak in 2016 and hid it from everybody for about a year!

As per a press note issued by Uber's new CEO, the data leak occurred in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use.

Uber now claims that the two individuals were approached and they've assured the company that the data will not be misused. The company has also individually notified the 600,000 drivers in the US whose license details were leaked, and 57 million users the world over. As all companies do, Uber also says they have spruced up web security after this incident.

Bloomberg has reported that Uber had to pay ransom of $100,000 to the hackers to keep quiet and delete the stolen data.

How did the data breach occur?

According to BloombergTwo attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

The company has earlier faced a data breach, of a small scale though, in 2014.

Saturday, November 18, 2017

Web hosting and related updates

SchoolDesk assures high security after 800 websites hacked by pro-ISIS hackers

After over 800 school websites hosted on its servers were hacked early November, FBI is investigating the case and the web host says, new security features are being put in place so that such a hack does not take place again.

Just to recall, in a non-critical attack on websites hosted by School Desk in the US on 6 November, pro-IS hackers injected a video in 800 school websites in New Jersey, Virginia and some other States. The video was available for over an hour before it was taken down. No confidential data seems to have been compromised.

Korean web host has ransomware attack, again!

Korean IT news website, etnews, reports that Korea IDC servers of many users have been attacked by a ransomware. Hackers are reported to have encrupted files after taking over them.

Internet Nayana, the compaqny that operates Korea IDC had paid ransom in May after a similar attack. etnews elaborates,
Korea IDC announced that servers that were accessible from anywhere and not authorized IPs were the targets of recent attack. Most of these servers did not have updates that patched up weak points of their security. Kernel or bash, open SSH, and other servers with weak application updates were suffered by this attack. These ransomwares invaded into servers with weak security systems and encrypted internal files.
Hackers did not clarify detailed amount of ransom but just left information that Internet Nayana to contact through email accounts. As a result, types of ransomware and ransom are not clear and this forces Internet Nayana to negotiate with hackers just like in May.
Proves the point that website and blog owners are too careless about security, a point we highlighted earlier, based on a recent study.

A major IT services breakdown in Iceland, but right now there are no answers

Web hosting company, 1984, has reported a major system breakdown, affecting thousands of businesses and individuals. Iceland Review reports that as of 16th November, the company was not sure what caused their sturdy systems to melt, but they do not think it is because of a cyber-attack.

Company's own site was down, when we checked to find updates today.

Free cloud hosting from UnelmaHost: worth it?

Unelma, a two-year old cloud hosting provider based in the USA, offers free web hosting with free cPanel control panel. The company claims 99.9% uptime and high class customer support even for the free plan. Its other plans are also highly affordable.

I didn't find anything in their knowledge base section, and I do not think it speaks highly of a company claiming to be top service provider in cloud hosting.

Though with limitations, the free plan is worth trying for small blogs and websites.

Tuesday, November 14, 2017

Want a cheap web host for a video blog? Read before you jump!

Paid hosting, you know, is much better than free hosting for blogs and websites. By that logic, if you want lots of videos on your blog or want to have a vblog outright, you MUST have a self-hosted blog with the facility to host a number of videos.

Add to that, the fact that videos
  • are difficult to edit (and professional editing tools and skills cost a ton),
  • come in different formats and not all open on all computers or mobile devices,
  • cannot be viewed when the computer or mobile phone does not support that format,
  • take a great deal of space (and web space is an expensive commodity),
  • can become unusable when new technology and formats are used by browsers (and converting individual videos and reloading them after a few years is a big job).
Now juxtapose this with the hosting realities:
  • Between the two major free blogging platforms, Blogger allows you to post videos free on your blog; Wordpress (free) does not allow that.
  • Web hosts charge for space (and videos take huge space).
  • Videos need big bandwidth for their playback by users (so, if many users visit your website and play the video, either the site will hang or the host will demand extra payment for more bandwidth).
But there is a ready-made solution from Google, and it is so simple!
video blogging

Host your videos on YouTube

If you have not published your videos on YouTube yet, let me tell you that it is as simple as sending an email. You need to have a Google account and the YouTube is all for you to use. You can upload  videos in many formats and sizes as standalone videos and can have playlists and channels that you can share with others. Each of these have their own URLs, so you can post them the way you post images. In addition, you can embed a video on the blog or any other website (not social networking accounts) so that it plays there itself.

In addition to giving you free space to host your videos, YouTube hosting gives you many other advantages:
  • You earn money when people visit your videos. 
  • You get comments and feedback.
  • You can link your blog and get traffic to the blog.
  • Make channels of videos and let people subscribe to these, getting you more traffic and income.
  • Download free music and sound effects for use in videos.
  • Get detailed analytics of your videos and channels.
  • You can even live stream events after some additional verification by Google.
  • The videos are secure and available 24x7.
  • And much more!
You will realize that his is an enormous facility and yet it does not consume space on your blog or website. So, if you want to open a vblog, have many videos on your blog, or have a website with numerous videos or something similar, think of YouTube first.

Saturday, November 4, 2017

Web hosting updates: web vulnerabilites and how careless website owners are!

In this week's web hosting updates, let's concentrate on the issue of website security, because a number of reports have surfaced in recent times about this serious but much ignored matter.

Website owners, most of them, seem to be blissful about their website's security. They feel, nobody would be interested in hacking their website or the website would not be exploited because it is behind some sort of security provided by the web host. Some go a step further and install a malware protector and then feel divinely secure.

That is why the exploiters rule the www. That's why billions of dollars are wasted every year by website owners worldwide after attacks, on trying to recover data and on curative actions.

Wordpress plugins: a boon for functionality but bane for security

The news about plugins being found vulnerable surfacing again and again is unnerving for Wordpress users.

While the core of Wordpress CMS is extra-ordinarily strong, it is the plugins that are easy to exploit.

In a fresh report, three plugins, 'Appointments', 'Flickr Gallery' and 'Registration-Magic' were found exploited. Let me hasten to add that their updated versions have now been posted.

The three plugins are not popular and so the damage this time has been quite low. Recall, how plugin 'DisplayWidgets' was exploited earlier this year, compromising about 200,000 websites running on Wordpress. The worst part of it was that three subsequent updates of the plugin too had the same spam code!

The dictum that Wordpress users must not forget is to install only high rated plugins, and to update them regularly.

But users are too careless when it comes to website security!

Let's see what NextCloud has to say about users' carelessness in applying patches. NextCloud, a German service provider for cloud storage, online collaboration, etc, has found that its clients do not bother even to apply new security patches that are released by it from time to time for its software.

Not only that, even people who are supposed to be responsible for and knowledgeable about web security were found to take things lightly.

The firm found that even clients sharing critical or sensitive data were also not bothered.
(Source: this DataCenterKnowledge article)

Check out this security checker from Microsoft: Sonar

You must have used online and offline website auditors, free or paid, that check performance and security of websites. Microsoft created a command line website analyzer, and a simpler online scanner, and this year they donated it to JS Foundation.

Sonar website checker from Microsoft
Narwhals: YouTube grab

Called Sonar, this open source tool not only gives details of issues related to performance and security, it tells why something is behaving the way it is. The narwhal, ocean creatures supposed to have the best sonar system, is the logo of this service.