Linux Shellshock bug being actively exploited in the wild

linuxLast week, the Linux community was “shocked” to learn about Shellshock, a long-term bug that exists in bash, the command line environment on most Linux servers.  The bug is being exploited in the wild to spread via a botnet, which automatically spreads itself to create more infected machines.

The vulnerability affects millions of Linux servers that are connected to the internet and use bash under the hood.  Because bash exists at a lower level in the software, it can make other programs vulnerable, even PHP, depending on how the server is configured.  We have demonstrated very simple, 5-minute proof-of-concept hacks against less-common PHP configurations.

Linux patches were released, but the early patches were incomplete and did not adequately address all vulnerabilities.  SpireTech has patched all our servers, and servers that we manage for clients with the latest updates.

Mac systems running OS X may also be vulnerable, Apple released security updates for these on Sept 29th, but as of this writing they must be manually applied.

Concern remains over many devices that use Linux embedded in firmware, like routers firewalls, and wireless access points.  It is not possible to patch these devices without vendor cooperation, and in many cases it is not even possible to know if they are vulnerable. Many of these devices may not even use bash, so we expect that their vulnerabilities will be rare.

 

SpireTech Launches Enterprise File Sync & Sharing solution

ctera logoSpireTech has launched an Enterprise File Sync and Sharing (EFSS) service using private portal and server technology from CTERA networks.  The new features include VPN-free office-to-office server synchronization, and fine-grained control over synchronization of data to iOS, Android, and Windows mobile devices.

Our solution is unique in that can integrate with low-cost storage appliances located at your office, for fast local file storage and server capabilities.  The local server can be accessed from anywhere via the web, mapped drives, and integrates with a private portal for employee and partner access.  Appliances can synchronize shares with each other, workstations, other servers and mobile devices without the use of a VPN.

Services like Dropbox and Google Drive have long provided businesses with the ability to collaborate and share their documents with employees and their clients. The problem with services like these is knowing who has access to your data, and where it is located in their networks.  Our customers want the peace of mind knowing their sensitive information is being handled by local trustworthy technicians, while being locally hosted and managed in SpireTech’s Portland-based datacenter.

For more information, please visit Portlandcloud.com or Contact SpireTech today.

The taste of satisfaction sure is sweet.

image.jpeg

We love our customers and the things they do for us, even more so when it fills our bellies!

SpireTech was contacted by a client who was unable to resolve their problem through their normal support contacts, and really needed someone who knew their stuff and would be able to solve their problem. SpireTech stepped up to the plate and after we were through, they were so satisfied with our work that they sent us home with a free box of Voodoo doughnuts, one of Portland’s most iconic treats.

We would like to take this chance to thank our clients and all of the compliments they have given us over the years. We take pride in our work and that our customers are satisfied with our service!image2.jpeg

 

 

 

Securing your WordPress site against hacks

wordpress-logo-notext-rgbEnsuring that your website is protected against hackers is no longer a difficult task.  With the fast growth of WordPress sites, protecting yourself from outside intrusion is very important, and is as simple as clicking the update button. WordPress is frequently updated with new feature sets and security patches that protect websites from hackers.

The newest WordPress release, version 3.5.1, fixed several security vulnerabilities that affected all previous versions of WordPress. This vulnerability allowed hackers to remotely scan WordPress sites to search for information that would allow them to deface your website, and upload spam advertisements onto your page. Many sites that are still running older versions of WordPress are at risk of falling prey to these types of attacks simply because their site has not been updated.

We advise all WordPress users to update their site as soon as possible to ensure your website remains in your control.

However, hackers are not simply limited to software vulnerabilities, they can sometimes exploit simple passwords to gain access to your website. In a blog post at KrebsOnSecurity.com, security researchers have found that some hackers have developed a series of botnets whose sole purpose is to brute force hack the common “admin” account by trying thousands of common passwords. Once the hacker cracks your password, they have full control to write code to the WordPress files and add the site to their botnet to infect other websites. This is why we recommend our clients change the default username for the WordPress admin account, and/or use very complex passwords.

For more information on the latest WordPress bug fix and security patch, please visit WordPress.org.

SpireTech celebrates 20 years in business!

20years-156pxHow time flies. SpireTech was officially founded on Feb 25, 1993. Since we turn 20 next month, we are working on something fitting to celebrate (stay tuned for details)! Many clients that started using SpireTech for IT support in the beginning are still with us today. We are thankful for all the support of our loyal clients these past 20 years, and look forward to many more years to come.

I have many fond memories of technologies that have come and gone (and some not-so-fond ones, too). We have many tales from the trenches, and I’ve kept a small technology “museum” of sorts to remind me how much things change. Over the years, we’ve seen things that were at one time a huge part of our lives and business become completely irrelevant – programming languages, hardware, software, and even our means of connecting. I’m writing this article on my iPad, when my first portable computer was the size of a very large lunchbox, cost $4000, sported a 386 processor, and an orange gas plasma screen. To put it lightly – times have changed.

One thing that has remained constant over the course of those years is our clients and our relationships – we’ve been through all this change together, and have shared in our successes and failures together. It’s all been very rewarding and enjoyable, but at times difficult too.

After our third employee talked us into starting Internet services, and eating a lot of Top Ramen, being an ISP worked out for us – but it wasn’t easy. I was in my early twenties, the Internet was new, and recall going into meetings to convince clients why they needed email (yes, really). Of course almost everyone has email today, so maybe we were just ahead of our time.

We look forward to many more years to come, and we can’t wait to see what the future holds for all of us. Stay tuned!

The Tax Man Cometh

December is usually a busy time of the year at SpireTech.  Clients begin looking at year-end profit projections (if any, in the current economy) and start figuring out what portion they will need to spend or pay taxes on.  Usually, this is a good time of year to take care of any deferred upgrades to your servers or systems – so check with your CPA and let us know if there is anything you’d like us to tackle before year-end.

The dollar limitation for 2012 is $139,000 with a $560,000 investment ceiling. Under current law, the Code Sec. 179 dollar limit is scheduled to drop to $25,000 for 2013 with a $200,000 investment ceiling.  Check with your CPA, and you can read more here.