Archive for the ‘Security’ Category
by FireHost Evangelist on November 30th, 2011
There isn’t much we can not do with our smartphones anymore, is there? Making mobile payments is no exception. There’s a coming wave of new apps and technologies that allow consumers to purchase everything through their phone, literally eliminating the need to carry an actual wallet (almost). FireHost senior security engineer Chris Hinkley wrote a guest article for SecurityWeek on the safety of mobile payments and PCI compliance implications.
You can check out the full article to learn more about why mobile payments are still vulnerable, how the PCI Security Standards Council is tackling the issue, and what the next year will bring for this popular consumer trend.
“There is vagueness around the safety of consumers’ credit card numbers when they are transmitted through mobile applications. A website that’s been modified for a mobile platform is presumably safer than an actual mobile application, making the latter considered not compliant according to the PCI DSS Council. If your business is working on a payment app to make transactions easier or more convenient for customers, you must consider this before deploying the app into the iPhone, Android, Blackberry or other marketplace.”
(more…)
Tags: Mobile Payment Security, PCI Compliance, PCI Compliant Hosting, PCI DSS
Posted in: Compliance, Security | 1 Comment »
by FireHost Evangelist on August 3rd, 2011
FireHost is honored to announce a partnership with the Cloud Security Alliance (CSA). FireHost will serve as a member on the CSA Advisory Council and will be working with the other CSA corporate members to support thought leadership and endorse best practices for providing secure cloud hosting environments.
Cloud security is a hot topic throughout the industry and the discussion is not complete without mentioning how the Cloud Security Alliance (CSA) has been influential in ensuring major security issues are addressed and averted. Cloud Security Alliance (CSA), a non-profit organization formed to promote security in cloud computing and education on the uses of Cloud Computing to help secure all environments.
“FireHost’s deep experience in virtualized and secure hosting is a welcome expertise for The Cloud Security Alliance,” said Jim Reavis, executive director of the Cloud Security Alliance. “We’re confident FireHost will be an asset in helping the CSA continue to innovate in developing best practices for securing providers in the cloud.”
(more…)
Tags: cloud hosting, cloud security, cyber security, FireHost, PCI Compliant Hosting, Secure Cloud Hosting
Posted in: Compliance, FireHost News, Security | No Comments »
by FireHost Evangelist on August 2nd, 2011
Action Required: TimThumb WordPress Plugin/Theme Vulnerability
Yesterday 8/1 WordPress learned of a vulnerability in TimThumb, a popular image resizing library. TimThumb is used in many WordPress plugins and themes. The vulnerability allows third parties to upload and execute malicious PHP code in the TimThumb cache directory. Once the code is uploaded and executed, your site will become completely vulnerable and could become compromised.
We recommend deleting timthumb.php or thumb.php if you can, or remove the entire theme or plugin directory. If the code is removed successfully double check your site is performing and working correctly . If deleting TimThumb is not an option, then please make sure to update the file with the latest version and remember to check the TimThumb site regularly for updates. To do this, visit the Updates page in your WordPress Admin control panel and ensure each plugin is running the latest version.
(more…)
Tags: WordPress Hack
Posted in: FireHost Alerts, Security | 1 Comment »
by FireHost Evangelist on July 28th, 2011
Some would argue that online security has changed for the worse. As open source Web applications become popular within businesses, they have also become appealing to hackers.
As more company websites run on open source applications like Drupal and with corporate blogs powered by WordPress, more victims may suffer from hacks and costly exploits. Learning jQuery learned this lesson the hard way. Before they took a serious look at hardening the open source platform, embarrassing and costly attacks wrought havoc. Other companies that haven’t taken proper precautions to insulate themselves against such threats could face the same fate.
We’ll highlight some security issues that open source Web applications pose and propose solutions if you’ve considered making open source applications part of your business.
Common vulnerabilities in open source Web applications
Like you, hackers love that open source Web applications are free and provide easy access given their “open” source code. If, for example, a hacker can deploy a script to steal information or take control of a Web application on a single piece of hardware, he can easily reproduce these devastating results to affect multiple users or multiple websites that share the same code base. Here’s why:
(more…)
Tags: Drupal Hosting, open source hosting solutions, protect open source applications, WordPress Security
Posted in: Cloud Hosting, Security | No Comments »
by FireHost Evangelist on July 24th, 2011
Need to protect your MySQL data at rest? No problem. FireHost has partnered with leading data encryption provider Gazzang to offer database encryption for customers with Gazzang’s ezNcrypt solution for LAMP stacks.
Here is how it works – encrypt databases and files “in place”, no longer is it necessary to re-architect databases, storage networks, or files. Seamless implementation, no coding, no application modification and no schema changes. ezNcrypt is transparent to users, applications, databases, and storage subsystems, by running above the file system as a logical volume. Select the level of detail you wish to administer and encrypt the entire database or only those tables that contain your sensitive data. You now have the option to secure and protect your MySQL log files and protect sensitive data that is often left open to vulnerabilities.
FireHost supports and manages the secure key management process for database encryption. Secure key management with ezNcrypt provides both dual authentication and high availability, ensuring the encryption key is never stored on the protected server’s file system.
(more…)
Posted in: Cloud Hosting, FireHost News, Security | 1 Comment »
