Last week I wrote about how ServInt was beating the NSA. Here’s a talk I gave on the same subject in TechWeek in Chicago last month. ServInt cares about protecting our users’ rights. The talk will explain why we care, and what we’re trying to do to fix the “NSA problem.”
Yesterday I was interviewed by Bloomberg News about the effects of NSA surveillance on the Cloud. They wanted to know if we had lost any customers specifically because of the Edward Snowden leaks. This, of course, is a hot topic: how is mass surveillance affecting the cloud, and can we quantify the damage that is being done? Is it costing us jobs and economic growth in the cloud? The answer, of course, is “yes” — and ServInt isn’t scared of saying so.
I said that we had lost customers and even more potential customers — which is true. ServInt has been one of the few players willing to speak up and say this and as a result we have been quoted in places like The Hill and the New York Times. The cloud hosting field is a tough, competitive business and it is hard to talk about losses. But ServInt isn’t afraid of calling out the problem, because we have been leaders in directly addressing the issue since it arose a little over a year ago.
The cloud in the United States has been badly hurt by the actions of the NSA. These days anybody can relocate their digital business with just two or three clicks of a mouse. You don’t need to sign a long contract or tell anybody why you are making your choice, you just move. I’ve talked to a lot of people who have decided they want to move their business outside of the United States because they feel like the US doesn’t care about privacy. I’m quoted in the Bloomberg article about this being a “death by a thousand papercuts.” I was talking about the affect on the overall economy, not our business, which for the record has seen a 30 percent decline in foreign signups since the NSA leaks began, not a 30 percent decline in total foreign customers.
In fact, ServInt is actually weathering the Snowden storm very well, compared to many of our competitors. Why? Because our clients trust us. They understand the cardinal rule of security and data safety:
It’s not where you’re hosted, it’s how you’re hosted.
Your business needs to stay up, online and fast. It needs to stay stable and secure. And your data needs to be protected. You need experts at the helm to accomplish all of those things — experts you trust. And earning the trust of small to medium businesses is what ServInt has been doing for 19 years.
The NSA revelations are just another hurdle to overcome in ServInt’s ongoing pursuit of being the most trusted name in the Cloud. We’re doing so by requiring warrants for content, and by responsible handling of data. We’re doing so by being thought leaders in the fight against NSA surveillance in Washington, through our leadership within the i2Coalition. And we’re trying to curb the misinformation about NSA surveillance. Everybody tempted to move their content out of US datacenters needs to remember that the vast majority of all spying is done on foreign networks. “Move your site out of the U.S. to avoid spying” may be good marketing, but it doesn’t take into account the reality of how surveillance works.
We do all this because we want to win the day, and win it honorably, by doing the right thing We win the day when we make customer trust our number one goal. We win the day when our customers know we have their backs when it comes to protecting their data, and we win the day when we fight for privacy and NSA accountability.
“This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”
This vulnerability impacts openssl versions 1.0.1 and 1.0.2-beta. ServInt customers may have this vulnerability if they are running CentOS 6. CentOS 4 and 5 do not have versions impacted by the Heartbleed vulnerability. Read more
DDoS attacks sound like something out of one of those cheese-ball 1980s “hackers break into somebody’s computer and ignite a world war three” movies — you know, the ones that feature 400 baud modems and TRS-80s with cassette drives — but “distributed denial of service” (DDoS) attacks are very real, and are a growing problem.
ServInt, like everybody else in the hosting industry, has seen an uptick in DDoS activities on its network over the last couple of years. And while DDoS hasn’t been a major problem for us, it’s something we’re working hard to stay ahead of — which is what brought it to my attention, and what got me to make the effort to understand DDoS attacks better.
What is a DDoS attack?
A DDoS attack occurs when hackers gain control of multiple computers (that’s what makes these attacks “distributed”) and force them to make some form of system resource-dependent request of a target computer or website. The volume at which these requests are made quickly overwhelms the computer that is being targeted, and eventually the site or computer ceases functioning.
This is not the place — and I am certainly not the author — to go into the specifics of how this all works. Here’s an article that does a good job summarizing the different kinds of DDoS attacks.
What’s more important to you and me is: how can all this affect ServInt customers, and what measures does ServInt take to address the problem? Read more
As part of our ongoing efforts to support Internet privacy and good governance, ServInt is donating the first month of all revenues earned from participating new VPS and dedicated hosting accounts added on Feb. 11 to the Electronic Frontier Foundation. We’re taking this extraordinary step because — on “The Day We Fight Back” against NSA bulk surveillance — we want the world to know we’re serious about our commitment to Internet freedom and fairness. Following is a brief review of just some of the reasons why — reasons that hopefully will show you why you need to get involved, too.
Let’s start by stating the obvious: NSA spying is wrong. It’s wrong because no government should ever monitor all of its citizens’ online activities just because any one citizen might be using the Internet to break the law. If only for this reason, you should join ServInt in observing “The Day We Fight Back” on February 11.
But there is another reason to join in the global crusade against the NSA’s “bulk surveillance” tactics — a reason that has more to do with the real-world impact the NSA’s activities could have on your online business. In other words, if you think legislative and regulatory activism is all about pie-in-the-sky idealism, think again. Here is the real dollars-and-cents reason why you should join us. Read more
This past weekend, I had to take a long road trip to help somebody with an interstate move. As I often do when I’m struggling to keep my eyes open after many hours on the road, I tuned in some talk radio. As luck would have it, I managed to catch a half-hour or so of Glenn Beck’s daily radio program. On this occasion, Mr. Beck was spending a good portion of his time selling a new e-mail service — one which he claimed would “never, ever, ever” surrender any content to Uncle Sam unless the government first came armed with a warrant. For this privilege, Mr. Beck expected listeners to subscribe to his TV channel, for the modest annual fee of $99.95.
Let me make one thing perfectly clear: I am not writing this blog post to discuss Glenn Beck’s politics, or even his (considerable) marketing acumen. No, I’m reserving my precious blog column-inches to call Glenn Beck out for something that is well within my professional wheel-house: the fact that he is misinformed about how e-mail service providers are actually obligated to work with law enforcement, and, more importantly, the fact that he is not helping in the effort to get the NSA out of America’s e-mail inboxes.
To be fair, Glenn Beck is promising one thing that is under his control (though there are any number of e-mail service providers who offer it without the $99.95/yr price tag): that his service will not scan its customers’ e-mail accounts for the purpose of serving ads that match content included in those e-mails. However, Mr. Beck’s other claim — that his e-mail service will only yield to government inspection upon presentation of a warrant — well, let’s spend a moment looking at that more carefully. We’ll start by examining how Glenn Beck himself describes his offering, in a recent online “broadcast”:
(Note: I’m not going to provide any links to Beck content in this blog post. It’s easy to find plenty of Glenn Beck-sanctioned information about his e-mail offer with a simple web search.)
Beck says: “Everybody is scanning your e-mails, so they can… target you for the Feds…”
We say: The NSA scans a portion of all internet traffic, large enough that it could possibly contain most or all e-mail traffic sent inside the United States. This is being done without the consent of ISPs, web hosts and other e-mail providers. In addition, all e-mail service providers/web hosts are required, by law, to surrender any e-mail content they may have if they are served with a warrant by law enforcement. In fact, as detailed by our COO, Christian Dawson, in this post, there are circumstances where law enforcement can force e-mail service providers to hand over your old e-mails without a warrant. You cannot avoid the NSA scanning, or law enforcement searches, no matter how much you pay Glenn Beck.
Beck says: “The NSA and Google (scan your e-mail), and they’re in bed with each other.”
We say: Beck is conflating things here. Gmail does scan its users’ e-mail accounts, in order to serve them with targeted advertising — which they see as the price users of its e-mail service pay to get Gmail for “free.” Separately, documents released by Edward Snowden suggest that the NSA has been eavesdropping on e-mail traffic headed into and out of the Google network, completely unbeknownst to Google. In addition to that, Google, like all e-mail service providers, is required by law to respond to warrants and legal, warrantless requests requiring them to share e-mail content, if they have any. These things are not related to one another.
Beck says: “We’re not surrendering any lists, any emails, anything, without a warrant…”
We say: As I mentioned before, there is nothing Glenn Beck can do to prevent the NSA from “reading” his customers’ e-mail, or to avoid legal warrantless demands for old e-mails — so there’s not much to that promise.
So what’s the takeaway here? If you want to protect your e-mail from unlawful inspection by the government, sending Glenn Beck $99.95 won’t accomplish anything. But a few minutes of your time might. Our COO has written two recent blog posts about things you can do that won’t cost you a dime, and could make a huge difference: supporting the USA FREEDOM Act and keeping abreast of developments surrounding ECPA. Do yourself, and your country, a favor by checking these posts out and contacting your congressmen to urge their support as required. Glenn Beck is right about one thing: unauthorized, extra-legal snooping into e-mail accounts is unethical, un-American, and just plain wrong. We just wish he would use his considerable influence to help change things for the better.
In a previous article, SSH Key Authentication, I explained how to generate an SSH key so you could automatically log into your server instead of using a password. This is convenient for you (no more typing the password) and very inconvenient for potential hackers. If you turn off password authentication (because you’ll no longer need it), no amount of password guessing will let a hacker in.
The previous article showed you how to add the key to your cPanel server, but what if you’re not running cPanel? Don’t worry, the process is just as easy for no-panel servers. I’ll show you how.
Adding the Key Read more
The USA FREEDOM Act: NSA Data Collection, the Escalation of Encryption, and Curbing the Digital Arms Race
On October 29, 2013, the USA FREEDOM Act was introduced to end the mass gathering of phone record data by the NSA.
H.R.3361/S.1599 is a bipartisan effort authored by Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, and Rep. James Sensenbrenner Jr. (R-Wis.) that seeks to curb the mass targeting of communications by American citizens by clarifying the language in Section 215 of the USA PATRIOT Act.
How does this affect you?
ServInt supports the USA FREEDOM Act because the same limitations that the bill places on the phone surveillance activities of NSA apply to other forms of communication, specifically Internet traffic. Not only should this bill get the NSA out of your phone calls, it should get them:
• out of your inbox
• out of your search history
• out of your text logs Read more
A great way to keep potential threats at bay and make your server more secure is to employ TCP Wrappers. TCP Wrappers are a form of access control you can use – in conjunction with a firewall – to lock out unwanted users and increase your server security.
TCP Wrappers are similar to a firewall, in that you can allow and deny IPs or hosts, but different as they provide some additional options as well. TCP Wrappers use access rules in the hosts.allow file to allow or deny connections to network services that use the tcp_wrappers library, libwrap.
For example, you may want to allow someone access to FTP files to your server, but not want to allow them SSH, WHM, or any other kind of access. TCP Wrappers allow you to grant them access to FTP, or another specific feature, while denying them access to everything else. Read more
Over the weekend, my wife got a phone call from her parents telling her that her web site wasn’t working. When asked for clarification, her parents said that “Google has a big warning sign up where your site used to be.” Most of you already know what was going on: my wife’s site had been hacked. She called me to see what I could do to (cough) fix the problem.
What she didn’t know was that site hacks, while extremely common, aren’t necessarily easy to fix. Especially by me! For each hack, there are multiple phases of activity, each of which can be achieved via literally thousands of possible methods. Keeping track of them all is a job for which specialized technicians train their whole professional lives — so I hung up the phone and stuck my head into our Director of Network Compliance’s office.
“Hey, Mike,” I said. “I think my wife’s web site has been hacked.”
I was a bit disappointed by Mike’s I’m-not-surprised reaction — then again, he sees this stuff hundreds of times a day. But he was kind enough to spend a few minutes with me, explaining what might have happened, and how it fit in with well-understood patterns in hacking. Read more