Before You Go Cloud: 5 Important Legal Points

Before You Go Cloud: 5 Important Legal Points

Before You Go Cloud: 5 Important Legal PointsYou know you want to make the switch from traditional hosting to cloud hosting for your business. It's a big switch, but often, the right choice. Just as you did when you started your business, you need to be careful: the security of your data, and sometimes that of your customers, is depending on you.

You need to be sure you're making the right move at the right time, and that the provider you choose gives you an experience that suits the needs of your company. Most importantly, ensure that provider's contract meets regulatory and privacy guidelines and restrictions in your industry.

Before You Go Cloud: 5 Important Legal Points

1. Is Cloud Computing Covered By Your Insurance?

When you are thinking about choosing cloud computing, you need to read the fine print of your insurance policy first. Look for the policies that spell out your company's networks and computers. Will a loss due to cloud computing be covered? At the same time, look over the clauses in the provider's contract. Does it include indemnification clauses regarding service outages or data breaches? If the answer to both is no, you have no recourse in the event of a data loss. At least if it is in the provider's contract, you have some form of protection.

If it isn't in the provider's contract, ask that clauses regarding outages and security breaches be added. If it isn't in your insurance policy, maybe now is the time to pick up an insurance plan that addresses the needs of the cloud.

2. What Does the Long Term Look LIke?

Before you sign any contract, you need to look at the vendor itself. How viable are they? What will happen to your business if that vendor merges or outsources? Another issue: can your IT team handle cloud computing? What about the rest of your staff? Guidelines spelling out best practices must be drafted.

3. Is Your Data Really Secure?

No matter how strong your contracts and insurance policies are, data and security breaches can still occur. You need to take a look at how a data breach will impact your operations and any external vendors or partnerships based on the security plan laid out by the service provider. Assure you own the rights to your data (yes, this can be an issue with some providers) and find out what happens to your data if you decide to go elsewhere.

4. Is Compatibility In Place?

This is often not high on the list of considerations, but it should be! What if your facility relies on Windows products, and suddenly you want to switch over to Apple, or you add iPads in? Will the data the cloud provider you choose be compatible across many platforms? If you plan on sticking to one platform and device, great. But if you want to plan for the future, which is always unknown in the tech world, compatibility is key.

5. Is The Cloud Provider Compliant?

Federal regulations are a huge consideration, mainly because they can put the security of your data at risk. Despite data being removed from the cloud, copies might still exist that can be provided to authorities and you'll never know. You also need to be sure the provider is taking your companies regulatory and legal requirements into consideration due to the nature of sensitive data. Look for their compliance, industry-specific, with standards such as the Statement on Auditing Standards No. 70 (SAS70) or HIPAA.

NOTE : The contents of this article are not to be taken as legal advice.

Photo courtesy of StockMonkeys dot com via Flickr Creative Commons

XKeyscore: A New Government Spying Tool Revealed

XKeyscore: A New Government Spying Tool Revealed

nsa-logo XKeyscoreHave you ever heard of  XKeyscore? It's the National Security Agency's best kept secret program. What does it do? Oh, not much. It just keeps track of your browsing, emails, surf patterns, chats, metadata – pretty much everything you do online.

XKeyscore is the latest break in the government spying scandal originally exposed by The Guardian. The source behind all of these government secrets is a 29-year old man by the name of Edward Snowden (as I'm sure you know). Snowden is also the source behind details about  XKeyscore. Here's why you might want to know about this program, and what it means for your website.

XKeyscore: Training Materials Reveal All

Snowden has just handed The Guardian all of the  XKeyscore training materials. Inside of those documents, The Guardian reports that the XKeyscore program allows government agencies to sift through an entire database of user information without any kind of warning or warrant.

For example, the program makes it possible to wire tap anyone from the president to an average Joe. All that's needed is a personal email, and those aren't hard to find at all. The government has denied Snowden's claims that the XKeyscore program has been used without consent.

As the law in the United States currently stands, the NSA must have a legal warrant for any kind of wire tap where a US citizen is involved – but this law is null and void if that citizen has a foreign target in mind.

XKeyscore: The NSA's Side of the Story

The NSA claims that the program is simply used to track the activities of “…legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests.” So far, the program has helped the government track down more than 300 terrorists since 2008.

Snowden currently sits in a Moscow airport transit room waiting to see whether or not he is permitted Russian asylum. Presently, his request for asylum is under review. In the United States, Snowden is charged with espionage. If Snowden is sent back to the United States, he will not face execution according to a statement issued by the US Government.

But, he will certainly face a tough sentence. Russia is still holding onto Snowden while deciding what to do with him. What does all of this mean to you, or to your website?

XKeyscore: Widespread Panic

Ever since the news that the US Government was accessing citizen emails, Internet usage, and other aspects of a person's online life, widespread panic has spread. Could the government be watching what you do? Possibly; but it's likely that your private emails are safe for now. Even though programs like the one above exist, the government does not have enough manpower to monitor every single citizen.

That said, it is possible that some websites may be targeted or marked as suspicious. What kinds of sites? Those that openly provoke questioning, are linked with cheap hosts or websites in other countries, or are deemed suspicious. For now, though, most sites (and people) remain safe from government prying.

Questions? As always, just ask.

Guest Post: General Security Recommendations for Webmasters

Guest Post: General Security Recommendations for Webmasters

This is a guest post written by Oleksandr Nadtoka, Linux expert (see his bio below).

Linux Guest Post

It is not a secret that most hacker attacks are usually done through website software vulnerabilities. Things like blogs, forums, CMS, or any other PHP-based application are open to hacks.

Hosting providers cannot keep these types of software secure, since they are not software developers. That’s why it’s up to you, webmasters, to make sure that the software you use is safe. Here are some ways to accomplish that task.

Guest Post: Stay On Top of Updates

First, it is strongly recommended that you review everything you have in a website folder, and try to determine the best way to protect your applications.

For example: if you have Joomla, WordPress, OsCommerce, or any other widely-used software installed, make sure to check vendor sites regularly for recent updates and security fixes. Make sure that all plugins and themes are updated to include the latest versions as well.

See something strange? This could be due to phishing or scam content. Often, this type of content is used to solicit credit card information, send spam, or upload vulnerability scripts (amongst other things!).

Guest Post: Review Everything

Second, it’s a good idea to review your files regularly. Check out the latest changes that a file has gone through. Malware code can be easily inserted into pages when you’re not looking.

Do you have a Linux server with SSH access? Here’s what to do:

  • go to your web folder and run below command to generate a sorted list of any files that were recently changed  – root@server~]# find . -type f  -exec stat –format ‘%Z :%z %n' {} ; | sort -nr | cut -d: -f2- | less
  • make sure that you do not have any open files or folders with write permissions set at “all.” Any folder that has “full granted permissions 777” selected is open to anyone. Recommended permissions are 755 for folders and 644 for files (except PERL and CGI files that require execute permissions).

Find all 777 permissions in your current directory and change those to secure permissions, so that you see these two SSH commands:

  1. [root@server~]# find . -type f -perm 0777 -exec chmod 644 {} ;
  2. [root@server~]# find . -type d -perm 0777 -exec chmod 755 {} ;

Some web applications require 777 permissions for php, but – and this is important – this is only for PHP handler that runs as Apache mode. PHP that runs through CGI or FastCGI handlers are run as site owner instead of Apache user. This ensures that if one domain is hacked, the others will not be impacted.

Guest Post: Look For Patterns

One way to look for patterns is to use GREP command to surf through all of your files, and fine the ones that dangerous PHP functions (dl, exec, passthru, shell_exec, system, and others).

Use this command to find those files:

  • grep -r –E ‘dl|exec|passthru|shell_exec|system|proc_open|popen|curl_multi_exec|parse_ini_file|show_source’

Guest Post: Create Strong Passwords

Using the site strongpasswordgenerator.com as an example of secure passwords, create FTP and account passwords that are incredibly difficult to hack. Some widespread Trojans include functions that can steal FTP passwords from a user’s local computer and send these passwords to hackers (or special bots).

In order to make sure that these Trojans are not present, it is vital to scan your/your client’s computer for viruses (using in-depth scanning).

AUTHOR BIO : Oleksandr is a Linux system administrator and security officer based in the Ukraine. In addition to being a go-to source for all things Linux and security-based, Alex spends his time snapping photos, kickboxing, and hanging out with his five cats. He also enjoys working with startups and helping tech startups grow into blooming businesses.

US Owned Or Not: Feds Can Seize Your Domain

Feds Can Seize Your Domain

US Federal Feds Can Seize Your DomainThink that just because your cheap hosting site is based in Canada that you won't face the wrath of the US government if you do something you shouldn't on your domain? If your cheap hosting site is up to no good, you might want to pay attention.

The case of Bodog.com, a site to place bets on sports, highlights this issue. Let's take a look at that the law and the case, which occurred in March of last year, to see what the US government is actually capable of in terms of the Internet and domains.

 Feds Can Seize Your Domain: The Law

It's called “Operation Our Sites,” and it has been in place since some time. It was passed into law by the US in order to shut down sites that traffic counterfeit products, or so it did at first. The shutdown of the Bodog.com site was the first sports gambling site to be shut down, claiming it was within the US governments rights under this law. The problem: Bodog.com is a Canadian-owned site.

Why was it shut down? The US said the site violates US gambling laws. Internet activists were in an uproar, and in response, the government gave a statement that they will continue to exert control over domains (.com, .net, .cc, .tv, and .name), no matter where they are based. The reason: they don't trust other countries to respond to the demands of the US regarding illegal activities that might be taking place on that domain.

 Feds Can Seize Your Domain: Controversy

EasyDNS, Internet infrastructure company, was outraged, claiming the “ramifications of this are no less than chilling and every single organization branded or operating under .com, .net, .org, .biz etc. needs to ask themselves about their vulnerability to the whims of US federal and state lawmakers.”

The government, of course, couldn't care any less. They said they've done it before, and they don't intend on stopping anytime soon. Nichole Navas, Immigration and Customs Enforcement spokeswoman said it doesn't matter where the domain is based — the company that has the contract to administer them (VeriSign in the Bodog.com example) is based in the US.

 Feds Can Seize Your Domain: It's All About Location

So basically, the US owns the Internet, all because the US is home base for VeriSign, overseer of all .com and .net domains.

Navas said the US government typically serves court orders to VeriSign because “foreign-based registrars are not bound to comply with US court orders.” They do the same with VeriSign's non-profit that controls .org domains, the Public Interest Registry.

In all, Navas said the US government has seized a total of 750 domains, “most with foreign-based registrars,” to shut down operations dealing with illegal movie and music downloads, the sale of counterfeit goods, and illegal sports sites.

 Feds Can Seize Your Domain: VeriSign Happy To Comply

VeriSign released this statement on the issue:

“VeriSign responds to lawful court orders subject to its technical capabilities…When law enforcement presents us with such lawful orders impacting domain names within our registries, we respond within our technical capabilities.”

The company did not release information detailing how many times they've had requests to shut sites down. The method of compliance: providing some form of official message stating the site has been seized by the government.

 Feds Can Seize Your Domain: A Solution?

There is talk of putting the UN in charge of the DNS system, taking away the US government's absolute power in this arena. However, could this lead to more trouble? Would it give any country the power to seize a domain name?

Any way you look at it, there is a big issue that needs to be addressed. How would you solve the problem (Feds Can Seize Your Domain)? Or do you not even see a problem?

More Torrent Sites Blocked in UK

Torrent Sites Blocked in UK

torrent site in ukYesterday, we announced that all adult content would be blocked for UK residents. We also reported that publishers are urging companies like Google to remove pirated websites from the Internet. Today, we report that a ton of UK torrent (and other) websites have been blocked from view.

The latest torrent sites to be blocked are part of a wider movement to bank any pirated content from the Internet.

Yes, folks, it's true: Internet censorship is well under way. Here's the scoop.

EZTV and YIFY Torrent Sites Blocked

The movie industry group FACT is behind the latest blocks. The group was responsible for the blocking of The Pirate Bay by many UK ISPs back in May of 2012. The group has just blocked torrent sites EZTV and YIFY, and a group spokesperson has told press that these won't be the last sites to come under the group's fire.

FACT wants to get rid of all pirate sites on the Internet, and this means blocking access to those sites. The amount of court orders issuing take down requests for torrent sites is on the rise in the UK, too. Groups like FACT are often behind these court orders. Targeting torrent and pirate sites isn't just happening across the pond either.

Many organizations and groups are urging courts in North America to take down similar sites as well. But, where does it all end? When does it go too far? More importantly (for site owners) what will get your site blocked?

Important Details

It may be one thing to ask a cheap hosting company to take down a site that offers pirated material. It's another thing to block user access to those sites – that's censorship. This type of censorship has many people worried, too. Where does it all end? What can a website owner do to prevent this kind of block? Or, to prevent activist groups from trying to take down such a site?

Movie industry groups like FACT only go after sites that offer free pirated downloads. Music industry groups often target sites that offer free music downloads. The best way, obviously, to avoid this kind of targeting is to make sure that all content on your site is legal, and that you've gained permission from the right people to offer various downloads. What about content that may be considered lewd or “adult” by some organizations? Is this content safe? Maybe not.

The definitions that sites like Bing and Google are devising are somewhat unclear at the time being. These companies want to block content that is inappropriate from view (mostly child pornography), but what's appropriate will be up to those companies to decide. That's kind of a scary thing, isn't it?

It may start out in a noble manner by blocking something like child pornography, but it may end in a serious blockade of anything deemed inappropriate. Only time will tell. For now, pay attention to the content on your site, and don't give anyone a reason to target what you're offering. For now, that's the best that you can do.

Best UK Web Hosting Providers