Online Security
Cloud Computing and Sys Admins
Oct 16th
More and more these days I talk to people who are trying to figure out how and whether cloud computing fits into their business model. Cloud computing is really a new version of the old style of mainframe computing where diverse groups share the computing power and storage of large systems. Cloud computing, ideally, will be engineered to minimize or eliminate single points of physical failure. Physical system failure, however, is only one item of many that can affect your system’s performance and uptime.
Hardware configurations, including manufacturer choices, operating systems versions and configurations, firewall rules and ongoing maintenance of all the above heavily impact the performance and reliability of your systems.
Regardless of whether you have computers in your broom closet, colocated at your ISP or deployed in the cloud, your company needs a good system administrator looking out for your network and machines. Good system administrators know the pros, cons and quirks of different hardware, operating systems and network configurations. They know about possible vulnerabilities first because they are on private security lists you don’t even know exist. They’ve got your back. George Reese of enStratus, expanded on this in a recent post that compares programmers and sys admins.
One of the big differences between an ipHouse virtual machine (which is essentially deployed in a local cloud) and deploying a server with one of the national cloud providers, is the sys admin expertise that comes with your ipHouse machine. We work with you to make sure the system configuration is optimized for your business applications. We can also administer the machine for you, keeping it securely patched and up-to-date.
Protect me, G-man!
May 1st
On Monday, April 27, the wise and knowing Minnesota Department of Public Safety (MDPS), Alcohol and Gambling Enforcement Division (AGED) delivered written notice to 11 telephone / Internet service providers demanding they “prohibit access to all Minnesota-based computers to nearly 200 online gambling websites.” Here’s a link to the press release.
Ok, this is the Internet we’re talking about, right? You know, the Information Superhighway?
I am guessing that these 11 respectable companies are recognized as Common Carriers by the great state of Minnesota. That must be the only criteria for being selected for this list, otherwise, we at ipHouse would have received a request too. Just for the sake of clarity, as of this posting, we have not received a request from the AGED. But if we had received a request, we would have asked for some kind of legal backing. And that’s where this falls down. The great state of Minnesota is relying on the Wire Act of 1961 to enforce this ridiculous request.
What I can’t see is how this request can be enforced, even using the Wire Act. Before I snicker at any enforcement discussion I’ll put that question aside and just wait and see.
Now, as a citizen, I understand that the Minnesota Department of Transportation does not expect the companies who build our roads and bridges to enforce the speed limits on the roads they build. Further, we would never expect or request these same construction companies to do vehicle contraband inspections at the state border. So, WHY ON EARTH does the Minnesota Department of Public Safety think that they should conscript the builders of the Internet (Information Superhighway, get it?) to do their enforcement? Why not go after the people who are committing crimes instead of the people who build the roads? You don’t task road builders with catching drunk drivers, do you?
John Willems is the director of AGED and I can’t help but wonder what he was really thinking when he said this:
“In broader context, the long-running debate on online gambling continues to raise significant issues, including absence of policy and regulation, individual rights, societal impact, international fair-trade practices, and funding for criminal and terrorist organizations.”
Does he really think that Joe the Plumber is betting on the Red Sox and innocently funding Al-Qaeda? Come on. Isn’t the whole terrorist thing a little over used?
I agree that there is a long running debate on gambling in our society. But it’s not just online gambling. To me, the issue of gambling in our society PALES in comparison to some of the other issues Mr. Willems mentions; individual rights and international fair trade practice. If Minnesota is going to remain competitive in the WORLD, we cannot be xenophobicly locking down our borders to international trade across any of our transit ways, be it by water, air, rail, road or Internet.
Now, as you look at these various transit ways, all of them EXCEPT the Internet have a specific geographic nexus. Nearly all transit ways have ports of entry and it’s easy to see geographic boundaries between nations and states. It’s pretty easy to understand the nexus of a shipment of goods coming across the St. Lawrence sea way is the port of entry at Duluth harbor. It’s all very black and white. But the Internet is in as gray area and different because the NEXUS of the transaction is vague. What is the nexus of a Minnesotan purchasing software from Belgium or India? What happens when part of the software is written in China? The nexus of Internet transactions are VAGUE.
It appears that Mr. Willems has defined the nexus of online gambling is at the individual users computer, right here in Minnesota. If that’s right, then Mr. Willems should target the individuals who are committing the crimes. Why not go to the credit card companies and ask them to report all the transactions between the citizens of Minnesota and these 200 gambling websites? Because he can’t afford to. It’s easier for him to push on the road builders instead of all the motorists who use the roads.
We all know that as citizens of Minnesota have REAL problems that need REAL attention. Like drunk driving and alcohol addiction. Like air pollution and lung disease. If Mr. Willems wants to protect the citizens of the great state of Minnesota, maybe he should focus on some of the more pressing problems facing the state.
I’m a firm believer in regulating things to protect our society. Regulating polluters so future generations can enjoy the outdoors seems obvious to me. Regulating alcohol sales to prevent underage drinking, I’m all on board. So why not legalized and regulated online gambling? It could be a revenue source for the state just like the other areas that Mr. Willems has under his jurisdiction. Mr. Willems, why not be progressive and start regulating online gambling like you do with bricks and mortar gambling?
Whatever the outcome Mr. Willems, just don’t ask me to collect your revenue for you. I’m neither an enforcer nor a tax collector. I’m a road builder.
Peace.
-Bil
Cookie Monster
Mar 28th
Cookie Monster sounded better than the title “What will they think of next.
Well THEY have thought of a way to track and sell information about you using cookies placed on your computer while shopping. I have been a privacy hawk when it comes to cookies for a while (more on that below). As such I was surprised that a NYTimes article was the one to inform me about a newish Internet marketing technique that uses behavioral targeting and cookies across multiple sites. Read the article quick or you may have to register for their website to read it. Basically there are companies (the two biggest are eXelate and BlueKai) that work with online merchants to place tracking cookies on your computer and mate them with information about your interests.
Those interests may be garnered from products you add to a shopping cart, to search terms on those websites, and pages/products you read about on the websites. These Cookie Monsters then essentially sell the cookies with targeted information to buyers. I suppose there is an argument that “you are going to get ads anyways so and might rather look at targeted ads rather than random ones”. But what would stop a online store from pairing these “anonymous preferences” with your personal information they get from their shopping cart? I suppose the Cookie Monster’s terms of service say they can’t do that, but I am sure it will happen. After all, anti-spam companies are now spam-promoting their anti-spam services.
So, there you go – yet another thing to worry about.
If you are paranoid about cookies (like me – go ahead make fun of me in comments)… I use Mozilla Firefox and have privacy preferences set up to block all cookies. For sites that I trust that require cookies, I add that domain name as an accepted cookie. Firefox also lets me add these exceptions with a condition that deletes the cookie at the end of the browsing session. Therefore when I went to BlueKai’s preferences page to see what info they have about me I got a pleasant message “We currently do not have anonymous information of your online preferences.”
While we are on the subject… Google recently announced behavioral targetting although they call it “interest-based” advertising. When I read Google’s disclosure it just doesn’t seem as intrusive and open to improper capture of preferences with personal data as these other solutions. Just in case I’m drinking the Google Kool-Aid, here are a couple other blogger takes…
- Eric Snyder
Ice Phishing
Dec 16th
So, how about that minus 20 degrees this morning – that cold enough for ya? Along with these near record lows last night and this morning, we received reports from a few users about a Phishing Scam that claims to be about their webmail account. This latest version asks the user to respond with their webmail username and password. This latest round has several give aways that are good reminders of what to look out for with scams in general.
Phishing is spam that attempts to extract personal information from the recipient. Here are some quick points about Phishing:
1. Email asks for your password: ipHouse will never ask for your password via email. This is a common policy with many companies so feel free to make it your own policy: Never send a password via email even if you think you know the recipient.
2. Strange reply-to address: The reply-to email address is not an official email address. ipHouse employees and internal addresses are all @iphouse.net. This latest round had the reply-to as an email address in Brazil (.br) or a yahoo.com address. A general rule for anyone is to always check a provider’s website for valid contact information. When going to their website type in the address yourself or use an existing valid bookmark. Do not click a link in an email even if it looks valid is it may be a “masked” URL whose destination is a different address.
3. Credit card fraud. While this email was looking for passwords, many Phishing scams ask for credit card numbers. And for decades there have been phone-based credit card Phishing scams. ipHouse will never ask for your credit card number via email nor ever via a call we initiate. Feel free to make it your own policy with everyone – never send a credit card number via email and never give your credit card number out to someone unless you initiate the call.
4. Spam filters don’t catch everything. While our multiple levels of Antispam catch most Phishing expeditions, some can get through. This one was harder to catch as it didn’t have any off-site hyperlinks and had enough words that it looked valid to the filters. We don’t publish for spammers how we adjust but trust me that we do adjust. Of course we do want to see what might get through. For example, yesterday alone ipHouse blocked 1,463,418 spam, Phishing, and viruses. We pride ourselves on an extremely low “false positive” rate. If a spam or Phishing message does get through, please forward it with full headers to spam@ipHouse.net. If you have an individual question or concern, our Support team can help.
5. Learn more! Here are some links to several sites’ take on Phishing:
- Blogs about Phishing: PhishingScam
- Popular OS: Apple, Microsoft
- Popular Guides (always with a grain of salt please): WikiPedia , About
- Trade/Industry groups: APWG, National Cyber Security Alliance, AARP
- Government: Stop-Think-Click
- Eric
