FireHost Selected as one of the Best Security Solutions for 2010 by SIIA’s CODiE Judges

by FireHost Evangelist on March 1st, 2010No Comments

FireHost is honored to be chosen by CODiE as one of 2010’s Best Security Solutions. “We had to out perform some very qualified competition to get to this point, and we are proud to be recognized among other great companies that have also been chosen as finalists this year,” beams Chris Drake, CEO.

All nominated products and services underwent an intensive review by subject matter experts, analysts, journalists, and others with deep experience in the field. We took the panel of experts thru a guided demo of our Advanced Secure Hosting solution. Collective feedback was positive and all the judges were receptive to our positioning stating FireHost is “a complete solution for hosting servers built with REAL security in mind.” FireHost offers a “well thought out security plan for hosting servers” and provides “best in class” hosting solutions.

We were selected from 785 nominations submitted by 374 companies in 55 categories, and we’re confidently optimistic about the second round of voting which enables SIIA members to determine this season’s award winners. Voting will begin Tuesday, March 2, 2010 and the winners will be announced in May, so wish us luck.

This is the twenty-fifth year The Software & Information Industry Association (SIIA) have recognized excellence in the software, education and information industries through the CODiE Awards program. Visit the CODiE or SIIA websites to learn more about each organization.

Tags: , , , , ,
Posted in: FireHost News

Big Security for Little Kids

by FireHost Evangelist on February 25th, 2010No Comments

My Child’s Locket’s number one goal is to make children’s important, personal information readily available to parents in the event of an emergency.

The wheels of the business plan were put in motion when Jay Osterholt witnessed his sister and nephew in crisis while on vacation. Away from home, Mr. Osterholt’s sister was ill prepared to answer all the Doctor’s questions accurately and thoroughly. Convinced there was a better way to handle these situations, Mr. Osterholt wanted to help ensure this didn’t have to happen again to his family or others.

Less than two years later, the web-based service is live and empowering parents to access and share critical information about their little ones 24/7/365. My Child’s Locket can accommodate multi-child households and has the capacity to store numerous, important details about each individual.

As a web based service, My Child’s Locket is susceptible to bad things like identity theft schemes, SQL injections, XSS (cross site scripting) and DDoS attacks, and more. Aware of the risks, Mr. Osterholt made finding the right secure, hosting partner a big priority. After a thorough search, he chose us.

Click Here to read MyChild’s Locket’s press release about launching their service on FireHost secure servers.

Tags: , , ,
Posted in: Security

GreenNuture interviews FireHost CEO, Chris Drake, about Sustainable, Green Web Hosting Practices

by FireHost Evangelist on February 15th, 20101 Comment

When powered by virtualization, our secure website hosting techniques do more than just help keep the “bad guys” out of your website and web-based applications. In fact, we affectionately regard virtualization as the “socially responsible” hosting technology.

Our virtualized servers provide secure, scalable hosting solutions to small and medium sized businesses around the globe. Thru the use of new, green hosting technologies, we’re helping reduce e-waste: energy consumption, CO2 emissions, hardware waste, and more.

Click Here to learn more about how FireHost leverages virtualization to save a few IT dollars while helping save the planet.

Tags: , , ,
Posted in: Technology

Our Love Affair with Cloud Hosting

by FireHost Evangelist on February 12th, 2010No Comments

Ahh February… Love is in the air. Our servers are in the cloud. But do we love our servers in the cloud?

Cloud computing and cloud hosting practices have been around for some time, probably longer than you think. Long enough, in fact, to gain significant awareness and pique the interest of anyone starting, or growing a business. “I must have everything ‘in the cloud’” these entrepreneurs say!  While the definition and clear-cut use case for cloud hosting remains elusive, the promise of cost savings, “fair” usage based billing, and unlimited scalability has startups love struck.

Read the rest of this entry »

Tags: , ,
Posted in: Technology

FireHost Joins Esteemed List of Platinum Level Sponsors of Demo Spring 2010

by FireHost Evangelist on February 5th, 2010No Comments

We’re proud to announce a Platinum Level Sponsorship with Demo – The Launchpad for Emerging Technology.

Each of Demo’s events in the US and China foster productive, face to face interaction between investors, innovators, entrepreneurs, and influencers in the technology industry. Visionaries and veterans from seven technology sectors will be demonstrating and pitching their business ideas next month:

  • Social Media
  • Health and Life Science
  • Clean and Sustaining
  • Cloud Computing
  • Enterprise Technologies
  • Mobile Applications
  • Consumer

FireHost provides enterprise-grade website (and web application) protection at prices tailored for to start-ups and SMBs, so we’d enjoy meeting each and every participant to discuss concerns or challenges you may be facing with an upcoming product/service launch. Members of our team will gladly help point your domain in the right direction, so make sure to seek us out at the event.

Spring Demo will take place March 21-23, 2010 in Palm Desert, CA. Thru March 7th, you can register to attend Demo Spring 2010 at a discounted rate. We’ll see you there.

Tags: , ,
Posted in: FireHost News

Secure Servers and Stellar Customer Support Saves the Day for DotBridge

by FireHost Evangelist on January 4th, 2010No Comments

As our recent articles about web application risks indicate, more than frenzied last minute shoppers come out to “celebrate” the holidays, and here’s proof that the threat’s are real.

DotBridge, an eCommerce SaaS provider fell prey to a DDoS onslaught. Someone wanted to attack one of their customers web-based business and take it offline, and without a secure hosting company at his back, they may have succeeded.

DotBridge subscribes to our secure, virtualized server service protected by 1) monitoring and response, 2) DoS/DDoS mitigation devices, and 3) a team of knowledgeable and reactive support engineers.

This combination of protection and response is standard for every client that subscribes to our service, and DotBridge is just one real-life example of how we work every day fighting on behalf of our valued customers.

Click Here to read DotBridge’s blogpost on the FireHost experience.

Tags: , ,
Posted in: Security

Top Five Application Security Risks for 2010

by FireHost Evangelist on December 23rd, 2009No Comments

CSA_08It just wouldn’t be the new year without a “best of” or “top ten” list, and we’ve chosen to expand upon OWASP’s (Open Web Application Security Project) recap of the top application security threats to look out for next year.

Before you stop reading and get back to your _____ (insert whatever project you had planned for today), wait! You have our assurance that this won’t be too jargon-y. We’ve deliberately stopped the heavy tech talk here, and we’ll translate all the application security risk verbiage into usable, understandable terms for your growing enterprise.

So here they are, without further ado, the top five application security risks for 2010:

1) Injection Attack

All Web applications that collect and transmit data (using forms for example) are susceptible to Injection Attacks. By sending specific commands through your application’s forms, hackers can modify various elements of the code. In extreme cases, injection attacks could allow attackers to penetrate a firewalled environment such as the network environment or database.

SQL injections like the ones that compromised Symantec and NASA this year dominate this attack category, but there are many additional varieties to which you could fall prey. Impress your IT staff by nodding knowingly if he mentions a Code Injection, Command Injection, or XPATH Injection around the water cooler.

Some of the best, protective measures (ask your security expert about these) for Injection Attacks include:

  • Input Validation – cleanse your input data
  • Human Verification ie CAPTCHA
  • Restrictive Privileges when connecting applications to DBs and other proprietary systems
  • Vague Error Messages give attackers little detail to go on and can help defray an onslaught

Read the rest of this entry »

Tags: , ,
Posted in: Security

Save This List: How to Help Prevent a Web Application Security Breach

by FireHost Evangelist on December 16th, 2009No Comments

CSA_07In a previous post, we provided information you’ll need to know immediately if your website is successfully hacked. It included recommendations on how and when to:

Step 1 Announce and assess the breach
Step 2 Conduct a deeper investigation
Step 3 Notify affected individuals and organizations and begin remediation
Step 4 Re-launch
Step 5 Communicate the resolution publicly and to affected parties
Step 6 Take steps to remediate vulnerabilities and prevent a future breach

Today’s discussion takes a deeper look into step six, preventing cyber crime at small and medium sized businesses. The truth is that security measures in place at most SMBs are “easy pickings” for hackers, and there is a booming community of C2C (criminal to criminal) interactions focused solely on stealing customer data from SMBs that conduct business online. The same way you work every day to develop new, enticing products and easier ways for your customers to shop, cyber theft “shop owners” fuel this sub economy by devising faster, easier, and more effective methods by which to steal your company’s valuable data.

Preventing data leakage takes an ongoing, concerted effort, so it’s important that you take proactive control over your immediate environment. Here’s how:

Read the rest of this entry »

Tags: , ,
Posted in: Security

Credit Card Processing: Between a Rock (Hackers) and a Hard Place (Compliance)

by FireHost Evangelist on December 8th, 2009No Comments

CSA_06For many ecommerce developers, the thought of designing a system to store the credit card data of their clients’ customers is chilling.

For good reason. Determined hackers can compromise the most sophisticated network by combining simple, free tools with a little effort. In fact, the cyber-criminals behind the famed TJ Max and Heartland Payment Systems breaches used novice techniques like War Driving and SQL Injections to access the retailers’ networks.

If hackers can penetrate the network of a global enterprise, imagine what they can do to your clients’ small businesses. It’s a scary proposition, no doubt, but it shouldn’t keep you from going down that path when a project requires it.

Managing Credit Card Data

The first (and perhaps most important challenge) you’ll face with such an ecommerce development project is credit card collection, storage, and handling. One of the easiest and least risky options is to offload, via an API, the storage and handling of credit card numbers to a payment gateway that “hides” credit card data – Authorize.net, PayPal, BluePay or the like. If the credit card data is passed directly from the client (browser) to the gateway, without passing through your client’s web server, you’ll reduce your liability as the developer and help keep your client’s ecommerce site protected.

However, this solution many not work in all situations or for all clients for, at least, a few reasons.

  1. Complicated recurring billing. If your client has a complicated recurring billing structure wherein payments vary in time, frequency, amount, or purpose; or if your client’s customers use purchase orders, your client may need to keep the raw credit card numbers available for the flexibility. Your client can still use tokens and offload the recurring billing to some credit-card-obscuring payment gateways as mentioned above, but again the need to process or manage customer data can be project specific.
  2. Save on Interchange fees. All credit-card merchant-account providers charge an Interchange fee, and these fees can and do vary from provider to provider. So for some potential clients managing customer credit card data can be well worth the risk if doing so allows them to get a significantly better fee structure.
  3. Offloading credit-card-storage is not enough. If credit card data passes through your client’s web server, whether the business stores that data or not, the system you develop needs to be PCI compliant. In short, whenever possible, choose a solution that never exposes your web server and your client’s ecommerce business to customer data. But when a project does call for credit data transfer or storage, you’ll need to build a Payment Card Industry compliant system that hackers cannot easily overcome.

Read the rest of this entry »

Tags: , , ,
Posted in: Compliance

DDoS Attacks, The Ultimate Cyber Smackdown

by FireHost Evangelist on December 4th, 2009No Comments

CSA_05In MMA, fighters find the Guillotine or Rear Naked Choke to be reliable tactics for eliciting a submission. In cyber warfare, a DDoS attack is the “go to” move that produces the ultimate cyber smackdown effectively, time after time.

Just like choke holds, Denial of Service attacks come in a variety of flavors – Flood Attacks, SYN Attacks, Smurf Attacks, Ping of Death Attacks, and the ultimate tap out producer Distributed Denial of Service Attacks (to name a few). Each method is designed to achieve a single goal – stifle the target website or online application.

Generally speaking, DoS/DDoS attacks accomplish this by directing a flood of “packets” (fake visitors, often robots) to your website at the same time. In simple terms, a denial of service attack takes up all your hosting environment’s available bandwidth and resources making it impossible for human traffic to reach your website or service.

DoS/DDoS Popularity and Severity on the Rise

Geared toward taking sites offline rather than stealing information or deceiving unknowing web surfers, DoS/DDoS attacks could be regarded as the cyber “crime of passion”. These attacks have effectively silenced religious and political groups from publicly publishing their opinions. High-profile organizations make headlines most often, but really any group with “offbeat” opinions could be the target of a DoS/DDoS onslaught.

Extortion is another popular motive behind DoS/DDoS attacks. Just recently, several Australian sports-betting websites lost millions in revenue over a busy weekend when criminals held their web services hostage for ransom money. Other commercial entities are starting to feel the effect of DoS/DDoS deployments too. Recruit Advantage and Bitbucket have both recently suffered losses due to prolonged outages, and it’s only a matter of time before mass-market retailers use attack-for-hire services to wreck holiday sales for the competition.

DoS/DDoS attacks can take a website or online service to it’s knees effectively and inexpensively, so they are growing to become a popular add on to botnet operators’ portfolios. For a mere $200/day, common Rent-a-DDoS operations can dish out botnet deployments ranging from 100Mbps to 100Gbps. Prolonged over several days, an attack of this magnitude could leave your start-up with a 5-digit invoice for bandwidth.

How to Prevent a DoS/DDoS Smackdown

Unlike other cyber crimes, this type of attack may not pose a direct threat to your clients’ PII (personally identifiable information). That doesn’t spare you the expense of lost sales, regaining public opinion, and technical resources however. In addition to those more “expected” costs, you’ll face charges for the bandwidth consumed during the exploit, and that bill alone could be enough to lead your startup business to early retirement.

The worst part is that if a cyber opponent has you in his or her sights, you’re going down for the count. There are no known prevention methods on record. DoS/DDoS attacks are like a jump spinning rear kick delivered in your blindspot. Scary, deadly stuff.

Read the rest of this entry »

Tags: , ,
Posted in: Security

« Older Entries
© Copyright 2010 FireHost Inc. Privacy Policy Legal Information
Login Forgot Your Password?