Who’s Going to SXSW 2011?

by FireHost Evangelist on August 11th, 2010No Comments

We are!

SXSW Interactive is a “must attend” event for developers, designers, web marketers, and anyone else who does business online. Last year, almost 40,000 registered to attend, and 2011 is projected to be even bigger. The schedule reveals numerous opportunities for attendees to interact with the brightest minds in emerging technology. Networking events. Speaking events. Live music. A tradeshow. SXSW covers the whole gamut.

FireHost is vying for a speaker placement, and we need your help getting picked. If you’re planning to attend SXSW and have concerns about the security and integrity of your personal or corporate identity online, cast your vote for our presentation at Panelpicker.sxsw.com.

Our proposed topic answers the questions:

  1. How is the security landscape changing online?
  2. Is building a corporate blog on  and open source platform like WordPress safe?
  3. How could some of the devastating hacks like TechCrunch have been avoided?
  4. How do I find security vulnerabilities in my web application?
  5. What role does secure web hosting play in keeping my site safe?
  6. What are the most common developer mistakes that lead to cybercrime in open source?

Read the full synopsis and cast your vote at Panelpicker.sxsw.com.

We’ll see you in Austin.

Tags: , , , ,
Posted in: FireHost News

The End is Near! (for Dedicated Hosting)

by FireHost Evangelist on August 2nd, 2010No Comments

No More DedicatedEarlier this year, we introduced the Secure Server – a virtualized and secure, private hosting environment for companies and individuals who have the need to mitigate high traffic, high confidentiality, high availability, and compliance online.

Right away, many business owners, designers/developers, and IT professionals “got it” and signed up on the spot. We enjoy providing exemplary protection for our early adopters, but we won’t rest until the entire web hosting community understands that security, scalability, and affordability is for everyone, not just a select few.

Overall, the mission has been well received. As any “pioneer” would expect however, Secure Servers have been met with mixed reviews, particularly from die-hard dedicated hosting proponents.

In an effort admonish any remaining doubt from those who still have reservations about this new way, we created NoMoreDedicated.com. From here, you can:

  • Watch real stories from real people told in their own words and decide if dedicated hosting is the best solution.
  • Take our short, informative test to determine if dedicated hosting is right for your hosting needs.

Once you see the facts, we’re confident you’ll want to give Secure Servers a try, so we make it easy to do so.

  • Secure Servers can be provisioning within 24 hours of validating  your order, and
  • There is no lengthy hosting contract to which you must subscribe.

If you still have reservations, that’s fine. We respect your opinion and any doubts you may have about adopting a new way to protect your business. Even if you’re not ready to join the movement full stop like @The_Fenix_X, we request that you follow the movement that’s putting an end to overpriced, insecure, and inflexible dedicated hosting. Big change is on the horizon.

Follow: @NoMoreDedicated HashTag: #NMD

Tags: , , , , , ,
Posted in: Security, Technology, Web Hosting

OSCON 2010 – From Portland to You

by FireHost Evangelist on July 30th, 2010No Comments

FireHost OSCON BoothOSCON 2010 was a very interesting and inspiring mix of independent developers and large companies.

We encountered very cool technology and some impressive talent from around the world. We’re glad to have participated at the Silver Sponsor level because it gave us a chance to interact with most all of the attendees and participants on some level. Here are the highlights from the show:

  • We met with several companies who are pioneering processes to ingest, analyze, and regurgitate quality information from TB’s of raw data stored remotely. Learning about these truly impressive database analytics projects helped us realize that significant change is on the horizon for advertising and medical industries.
  • Jon Johns at O’Reilly invested a generous amount of time interacting with us. He helped shed light on the sense of purpose and spirit that embodies the open-source community. He’s a very passionate individual and really helped us embrace the foundational idea of open source – doing something as an individual or team that can change the world in degrees.
  • We met a 12-year old webmaster.  How cool is that?
  • Our booth looked GREAT. Our marketing team did a bang up job on the graphics and messaging.
  • Our schwag (custom printed toilet paper and casino-quality playing cards) produced a reaction, and what more could you ask from inanimate objects?

Overall, it was a fun and rewarding show. The FireHost crew stayed insanely busy, but at the end of the day, we’d do OSCON again.

Tags: , , ,
Posted in: FireHost News

HostingCon 2010: The Download

by FireHost Evangelist on July 29th, 2010No Comments

HostingCon 2010

Last week, several members of the FireHost team made the long, arduous trip from Dallas to Austin for HostingCon 2010. Here’s the insiders perspective on the “who” and “what” from the event this year.

Meeting up with industry friends and partners was certainly the overall highlight of HostingCon 2010. Interfacing with our peers, competitors, and service providers was a great reminder of how many truly awesome people and companies exist in the hosting industry.

For Fun

The Planet‘s booth provided a very entertaining “assemble a Dell server as fast as you can” challenge. The whole spectacle got quite a bit of attention, and our very own Chris Hinkley was the fourth fastest assembler on the final day of the event. (Unfortunately, only 1st-3rd place received a prize, so the accomplishment will only live on in his mind.)

The Trustwave booth’s theme for 2010 was “Knock Out High Prices”. Cool concept, and they actually had a boxing ring setup where attendees could hop in the ring and punch a guy with a “high prices” t-shirt. It drew a lot of attention, but very few people were brave enough to hop in to take a swing. So on the last day, Trustwave brought in some semi-pro wrestlers to help drive the message home.

On a More Serious Note

Security topics dominated many of the sessions and discussions. As well, “the cloud” in general was a hot topic. It seems industry-wide, multiple definitions of “cloud” exist, and compared to last year, even more interpretations have come to light. That’s somewhat counter intuitive since you’d expect a more concise explanation would emerge over time.

Collectively, our team walked away confident that FireHost is leading the secure web hosting pack, and we have a “golden opportunity” to help real businesses solve compliance challenges and achieve a higher level of security in general. We’re excited to be pioneering an affordable, scalable secure hosting solution for companies of all sizes.

All-in-all, HostingCon 2010 was a fantastic event. The relationships, the knowledge, the partnerships, the industry insight, and even the time spent “car pooling” was a valuable opportunity for team building.

See you in San Diego!

Tags: , , ,
Posted in: FireHost News

Commemorating Our 100th Blog Post

by FireHost Evangelist on July 28th, 2010No Comments

100 Blog PostsWe’re not completely certain this is a “big deal”, but anything that is “100″ just seems grand. Since the FireHost team is made up of high-energy, spirited, entrepreneurial types driven by the foundational business principles of marketing, we’re using this “event” as an opportunity to showcase news, brag, grand-stand, and the whole bit. What can we say? We’re shameless proponents of our brand.

The process of determining how to commemorate this grand occasion was… entertaining (at least to us). So for your amusement, here are some of the ideas that didn’t make the cut:

  • We could reveal our secret Secure Server sauce.
  • We could raffle deprecated hardware for charity.
  • We could post pictures from the company picnic.
  • We could post pictures from AFTER the company picnic.
  • We could give our semi-professional review of Inception.
  • We could post high school yearbook pictures of our CEO.
  • We could discuss the weather in Texas and Arizona. (It’s hot. End of discussion.)
  • We could TP our competition with #NMD toilet paper, and post the photos.

We considered all of these (bad) ideas (and more), but in the end we determined the best use of this space might be creating a concise recap of all the other mediums by which our loyal blog readers can stay updated about FireHost’s initiatives, news, services, strides, and successes in the Secure Web Hosting marketplace.

On the Web

In the News

In Social Media

For Support

We invite you to explore each outlet and hope you can use and appreciate each one for it’s intended purpose. Please feel free to reach out to us via any medium any time the urge strikes.

Tags: , , , ,
Posted in: FireHost News

My Child’s Locket Chooses Secure Web Hosting

by FireHost Evangelist on July 27th, 2010No Comments

Back in February, My Child’s Locket chose our Secure Servers as the home for their web-based personal information store. We (and they) are happy to report that their service is growing and doing well, and that our hosting services are living up to their needs and expectations.

In a recent interview, founders Jay Osterholt and Jeff Moore talked with WCPO-TV in Cincinnati about My Child’s Locket’s capabilities and the role Secure Web Hosting plays in protecting their clients’ identities.

We’re so proud to be protecting this and other businesses who need shelter from malicious hacker activity. Thanks for the trust.

Tags: , , ,
Posted in: FireHost News, Web Hosting

Decoding PCI DSS Requirement 3: Protect Stored Cardholder Data at Rest

by FireHost Evangelist on July 16th, 2010No Comments

Credit card data is just as vulnerable to hackers when it’s resting, as when it’s in use. Provisions in Requirement 3 of the Payment Card Industry Data Security Standard (PCI DSS) direct web application developers and IT departments to ensure personal account numbers (PANs) are protected, even after the purchase is made.

The mandates for protecting cardholder data at rest seem rather straight forward, but taking them at face value could be a mistake. Many factors about your company’s or your client’s business determine how this requirement is followed.

3.1 – Store Only Necessary Cardholder Data; Store Cardholder for the Minimum Time Possible

Section 3.1 says to store only necessary cardholder data and to store it for the minimum time possible. Data storage requirements may vary depending upon the nature of your company’s or client’s business. For example, businesses that provide single use products, or a service offering that is only likely to be used one time should probably not store cardholder data at all, or at most for a very short period.

On the other hand, subscription- or recurring billing-based businesses are on the rise. Invoicing and charging customers “automatically” every month has become a common reality for millions of software as a service (SaaS) companies today. When you have repeat customers, the idea of having your customers resubmit payment details on a regular basis is not just inconvenient, it’s inconceivable. Therefore, businesses that cater to repeat customers have some special considerations to address, and because of the retention schedule, these companies go beyond the provisions of the standard to protect cardholder data when possible.

In either scenario, your company must develop and enforce a PAN disposal policy containing:
- A definition of what data is being stored;
- A definition of the time period for which this data is stored;
- A procedure for disposing of data after that time period has expired.

Read the rest of this entry »

Posted in: Web Hosting

Privacy Reform Starts with You, or Rather Your Pocketbook

by FireHost Evangelist on June 29th, 2010No Comments

Blippy, Facebook, and Lifelock, oh my! Each of these companies have come under scrutiny lately for mishandling, misusing, divulging, or otherwise playing a smoke and mirrors game with confidential information. This vignette is dedicated to conveying a different perspective on each situation, one that will hopefully convince you:

  • that security controls will only be as tight as consumers demand, and
  • that things can be different (better) with your help.

We just want to get this “disclaimer” out of the way, here and now in the first paragraph before you have a chance to form an opinion about our suggestions. We’re not condoning the actions or otherwise diminishing the liability of these companies (or any company for that matter) who has caused consumers or businesses time, harm, and any other loss because of a breach and subsequent leak of personally identifiable information (PII). The spirit of this article is to create awareness of the risks and to help everyone reading (consumers and business owners) understand that taking steps toward prevention is a collaborative effort in which consumers and companies alike must embark to see results. And so with that…

Blippy’s Security Blip

Synopsis: Credit card numbers for a limited number of beta users leaked into Google search results.

Blippy’s responsibility: Breaking this down to the most simple terms, Blippy’s dev team should have secluded all test data into a non-production environment. Furthermore, per PCI guidelines for SDLC dictate that all sample data must be purged from all accounts prior to launching the production environment. If you’ve visited the Blippy website or signed up for an account however, you’ll notice that there is no mention of PCI compliance or a PCI compliance badge… anywhere.

That’s because (arguably) Blippy isn’t governed by the payment card industry data security standard since they don’t directly collect or store credit card data. When the data leaked, all fingers pointed at Blippy (and rightfully so, I mean anyone who can read saw the cc numbers available in the statements associated with each user’s account.) The bigger problem however seems to be the fact that the issuing bank or credit card company allowed full, unencrypted, unmasked credit card numbers to be printed and/or stored on public statements.

Personal responsibility: Consider this. Participants in a clinical drug trial assume a large amount of risk by ingesting the pharmaceuticals under investigation. Wouldn’t a similar principle of risk apply when technology users participate in a beta, alpha, or electronic test of any kind?

Perhaps language in the warnings about unregulated pharmaceuticals is more ominous (or the risks more personal) prompting consumers take caution. Should commercial business ventures be more blatant about their warranties and have stronger indemnification policies so early adopters will think twice before signing on?

Consumers must realize that they are “swimming at their own risk” when participating in pre-releases of new, untested technologies. Blippy adopters who confidently linked bank accounts, retail payment card accounts, and credit card accounts to the service can’t be completely shocked when something goes awry with the system. Can they?

Bottom line: It is every business’ responsibility to take all measures possible to prevent problems like this from arising. It’s the consumer’s responsibility to perform due diligence and maintain our confidential information in higher regard and think twice before divulging information that could cause them harm.

Read the rest of this entry »

Tags: , , ,
Posted in: Security

Decoding PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications

by FireHost Evangelist on June 24th, 2010No Comments

The main directive of the Payment Card Industry Data Security Standard (PCI DSS) Requirement 6 is to “develop and maintain secure systems and applications.” At a high level, the requirement seems reasonable and the language in the title is simple and straightforward. Closer investigation, however, reveals a much more complex compliance scenario.

While most of the contents of Requirement 6 are not technically difficult to achieve, maintaining the balance between an eCommerce organization’s business requirements, brand integrity, usability requirements, and security is challenging. It is the responsibility of the development team to weigh the best interests of the organization against its wish list, all while adhering to the best practices and requirements set forth in the PCI DSS standard to protect the organization and its customers.

Requirement 6 affects almost every aspect of the development process, from the planning stage to post-launch maintenance. Some of the provisions of Requirement 6 are very specific in nature and will vary depending on your deployment and development environment, and thus, this article will cover all of the general compliance guidelines.

System Configuration, Maintenance and Security

As with all of the PCI DSS requirements, it is important to consider all of the required accommodations early on and throughout the planning phase. The scope of Requirement 6 reaches beyond code to the configuration of the development and production environments as well as the administration of both.

This includes simple things, such as the requirement in Provision 6.1 that all systems (both production and development servers, as well as all developer workstations) have the latest security patches installed within 30 days of their release (or 90 days if your company’s policy requires roll-out testing); and that all security patches are tested against the vulnerability they fix prior to deployment in a production environment. Provisions 6.3.2-6.3.3 require that production and development environments be completely separate, and that a policy exists to provide a separation of duties, responsibilities and privileges between users with access to either system.

Additionally, specific system vulnerabilities may be addressed in code or as system configuration adjustments. The solution to each will be different for each configuration. Most PCI-certified vulnerability monitoring solutions will provide additional, detailed guidance for each specific instance discovered.

Read the rest of this entry »

Tags: , , ,
Posted in: Compliance

Are YOU Your Biggest Security Threat? 5 Ways to Close Holes that Hackers Can Easily Breach.

by FireHost Evangelist on June 22nd, 20101 Comment

If I wanted to hack your eCommerce business, I’d have your help. It’s a fact that no one runs a business from one location (or one computer) anymore. In today’s world work gets done everywhere – in offices, at home, in a hotel, at the airport, while sipping mocha and siphoning Internet connectivity from a coffee shop.

Security risks increase when your business moves outside of the safety net of your main workplace. Mobile executives carry sensitive data around with them, and often times open it up to vulnerabilities just for the sake of convenience.

It all seems perfectly innocent. Connecting to wireless Internet in your hotel room, or syncing up to free wi-fi in a restaurant just to get a little work done. Convenient? Yes. Necessary? Sometimes. Is working remotely a down trending habit? Absolutely not. And so, we must learn (and educate our workforce) about how to work remotely more safely.

Protecting your mobile workforce is essential to protecting your business. And it can be accomplished (or at least done more successfully) by following a few simple tips to help keep your business safe from hackers, no matter where you go:

Stay Off the Free, Open Wireless

More and more public places are providing free, or shared wireless Internet. These open networks are dangerous. They’re risky for personal communications, but they are absolutely not suitable for conducting business without protection.

When jumping on public shared wireless connections, it’s essential to do so using a secure VPN connection with the latest encryption methods. This will funnel all your online activities (email, surfing, chat, etc) through this secure connection so prying eyes can’t see what you’re doing. Several companies offer this service but we’ve heard good things about Anonymizer.

As an alternative, Verizon, Sprint, AT&T, and others have mobile broadband services available for a reasonable monthly subscription. Spring for the mobile Internet access card. It’s a small expense for what you get in exchange – the ability to conduct business more securely outside the office.

Bonus Tip – turn off your wireless connection at all times when not in use so you are 100 percent sure about when you are connected to the Internet. If you’ve previously connected to default network names (like Linksys) then anytime that network name reappears at another location, you will be automatically connected to the network opening you up for risks.

Read the rest of this entry »

Tags: , , , ,
Posted in: Security

« Older Entries