Posts Tagged ‘Website’

Plains of Kildare

Grants available for websites

kildare-county-enterprise-board-logo-Grants available for websites

Business Expansion Grants

Grants available for websites for businesses trading more than 18 months

The Business Expansion Grant is designed to assist the business in it’s growth phase after the initial 18 month start-up period. Micro enterprises that have availed of a Priming Grant are ineligible to apply for a Business Expansion Grant until 18 months after the final drawdown date of the Priming Grant, except in exceptional circumstances.

Business Expansion Grants may be awarded to sole traders, partnerships or limited companies that fulfil the following criteria:

  • Located within the CEB’s geographic area;
  • A business, which on growth, may or may not have the capacity to fit the Enterprise Ireland portfolio;
  • A business employing up to 10 employees;
  • A manufacturing or internationally traded service business;
  • A domestically traded service business with the potential to trade internationally.

The maximum Business Expansion Grant payable must not exceed 50% of the investment or €150,000, whichever is the lesser.

Grants over €80,000 and up to €150,000 shall be the exception and shall only apply in the case of projects that clearly demonstrate a potential to graduate to Enterprise Ireland and / or to export internationally.

In all other cases, the maximum grant shall be 50% of the investment of €80,000, whichever is the lesser.

Subject to the 50% limit, a maximum grant of up to €15,000 per full time job created shall apply in respect of any employment support grant aid.

Expenditure may be considered under the following headings:

  • Capital Items: These include fit out of workspace, office equipment, machinery, computer costs, hardware and software etc. (Note acquisition of building and purchase of mobile assets are excluded from grant aid).
  • Salary Costs: For first year of employment. This to be paid out in two instalments. The first instalment at the commencement of employment and the second instalment once the employment has continued in existence for a period of six months. The level of grant support should reflect the salary scale proposed for the employment being generated. It is anticipated that only quality jobs attracting salaries in excess of €40,000 will be eligible for the maximum €15,000 grant support with appropriately scaled back grants offered in accordance with proposed salary for lower paid positions. Staff recruitment costs may also be considered eligible for grant aid.
  • Rental / Accommodation Costs: For first year of project. (Note where rental space is already subsidised by an investment of public funds then grant support should reflect the differential between the market rate and subsidised rate). Rental costs may be paid up front subject to receipt by the Board of signed lease / rental agreements.
  • Utility Costs: These include installation costs for telephone and broadband. (Note mobile phone costs are excluded).
  • Marketing Costs: These include packaging, brochures, business cards, trade fairs, website design and development, and other marketing initiatives.
  • Consultancy Costs: These include design fees, patent costs, architect, accountant and legal fees.
  • Business Specific Training: Costs here refer to specialised management or key personnel training programmes that are required to ensure the growth of the business. Such courses should not be generally available under the Board’s general training programmes.

Grants available for websites

Grants available for websites – Irish Web Design

Captcha Security Check Image 2

Is Captcha security a good idea?

Captcha security test questioned

Is Captcha security a good idea? is a question has been raised as a result of problems with a White House petition.

The fact that Ticketmaster dumped the Captcha from their website casts further doubt on the need for this security measure.

 

Captcha Security Check Image Is Captcha security a good idea?
Captchas can be used in a graphic and in an audio form but both can be difficult to interpret

Is Captcha security a good idea?

The National Federation for the Blind in the USA has stated that its members are unable to sign an e-petition which is collecting support for demands that printed material should be more accessible to those who are visually impaired because of “Captcha” security on the website.

A Captcha is a graphic of a random word or numbers users must key in to show that they are human.

There is an equivalent audio version on most websites that feature the Captcha.

Captcha comes from ‘Completely Automated Public Turing Test to Tell Computers and Humans Apart’, so one could argue its two or three t’s short of an accurate Acronym.

The White House Washington USA Logo

The White House Washington USA Logo

The White House whose website it is says that it complies with official US accessibility standards although it has received just 8,200 signatures.

Chris Danielsen of the American Federation for the Blind said “We had asked people to sign the petition and we’re getting these emails saying that people can’t”

He told the Politico website that he realised there was a problem after he began publicising the petition.

The editor of the BBC’s ‘Ouch’ blog (for people with disabilities) Damon Rose said that “Captcha graphics are a nightmare – visually impaired people use screen readers to interpret their computer rather than their eyes and the screens can’t manage them.

“Ironically if I see an audio capture I tend not to bother with it because it’s usually such a poor experience… some of them sound like aliens talking and they put weird background noises over them. They are a bit of a joke in the blind community. I’ve spent half an hour on some and had to give up.”

Mr Rose added that a result of this was that many visually impaired people found that, on messageboards and blogs they could not contribute to discussion and debate.

ticketmaster logo

ticketmaster logo

Earlier the year Ticketmaster the international event ticket service removed the Captchas from its sales website.

Aaron Young of Bunnyfoot, the user experience consultancy said “It is generally speaking the one of the most hated pieces of user interaction on the web,”

In the view of Irish Web Design it is worth weighing up the value of the added security versus the irritation to users that Captcha causes.

Your business may be losing customers who simply give up when confronted with the frustration of a difficult to read Captcha.

So in response to the question: ‘Is Captcha security a good idea?’ Irish Web Design feels that in many cases it is not necessary, and therefore is not a good idea.

Captcha Cartoon Is Captcha security a good idea?

Captcha Cartoon

This article uses material that originally appeared on the BBC News Website

Is Captcha security a good idea? – Irish Web Design

American Cowboy

Your Domain Name Robbed

Irish Web Design issued a warning this week as yet another client had his preferred domain name robbed from under his nose.

highwayman stand and deliver

We were in the process of securing the preferred .ie, .net and .com domains our client had settled on. It came as a nasty surprise to discover that the rather unusual  .com domain name had been registered just days previously.

It transpired the client had been checking possible names for his new website some days previously and checked the preferred option on one of the many sites that appear at the top of Google.

There are many stories on the internet where people claim that the giant American company godaddy.com engage in this practice.

It appears that as soon as he logged out of the site automated software registered the domain name he was searching for.

The company who registered the site have no use for it, but they now own the name the client wanted.

The domain is available but first the client would need to appoint a company to negotiate for him, which is $69 to start with. Then he has to state in advance how much he is willing to pay. It is not uncommon for companies to demand thousands of Euro in order for them to hand over “your” name. If successful the ‘agent’ then adds another 10% on  top

Back in the days of the James brothers you knew you were dealing with robbing low-life bandits, but this form of robbery is corporate extortion on a massive scale.

You have no idea what the connections are between the agent, the company who registered the site and the company on whose site you first carried out the search.

The only thing you can be certain of is that you have been well and truly screwed.

The moral of the story?

Under no circumstances should you check the availability of domain names unless you know exactly what you are doing.

If you fail to heed this advice it may end up costing you thousands of Euro as you are subjected to information highway robbery.

american bandits

Your Domain Name Robbed an article by Irish Web Design

 

supermarket cctv footage

Secure your CCTV

This is an interesting article that Irish Web Design found on the BBC News Features and Analysis Section.

The subject of securing your systems from outside access applies to virtually every computer.

Those businesses with security systems that can be accessed on the web or by mobile phone should pay particular attention to how their system is secured.

cc tv camera

How to hack a nation’s infrastructure

By Mark Ward Technology correspondent, BBC News

I’m watching a live video feed of people visiting a café in London.

It’s a small, busy place and is doing a good trade in tea, coffee and cakes. That woman has dropped some money. A child is running around. Later, another customer thinks they have got the wrong change.

Nothing too gripping, you might think, except that the feed should be private, seen only by the cafe’s managers. Somebody forgot to click a box so now anyone who knows where to look can watch.

That CCTV feed is just one of many inadvertently put online. Finding them has got much easier thanks to search engines such as Shodan that scour the web for them. It catalogues hundreds every day.

“Shodan makes it easier to perform attacks that were historically difficult due to the rarity of the systems involved,” Alastair O’Neill from the Insecurety computer security research collective told the BBC. “Shodan lowers the cost of enumerating a network and looking for specific targets.”

It is not just CCTV that has been inadvertently exposed to public scrutiny. Search engines are revealing public interfaces to huge numbers of domestic, business and industrial systems.

Mr O’Neill and other researchers have found public control interfaces for heating systems, geo-thermal energy plants, building control systems and manufacturing plants.
Remote work

The most worrying examples are web-facing controls for “critical infrastructure” – water treatment systems, power plants and traffic control systems.
Industrial plant Many industrial systems are networked because they are in remote locations

“There’s a tremendous amount of stuff out there right now,” said Kyle Wilhoit, a threat researcher from Trend Micro who specialises in seeking out those exposed systems and helping them improve their defences.

Mr Wilhoit said such control systems, which often go by the name of Scada (supervisory control and data acquisition), get put online for many different reasons. Often, he said, the elements of such critical systems were in far-flung places and it was much cheaper to keep an eye on them via the internet than to send an engineer out.

It’s not just finding these systems that is a danger. Security experts are finding lots of holes in the software they run that, in the hands of a skilled attacker, can be exploited to grant unauthorised access.

“For attackers, the potential pay-off for compromising these systems is very high,” said Mr Wilhoit.

Governments are turning their attention to increasingly public vulnerabilities in such critical systems. The US Department of Homeland Security has established a computer emergency response team that deals solely with threats to industrial control systems. In the UK, government cash has been made available to help intelligence agencies and law enforcement deal with cyberthreats.
Continue reading the main story
“Start Quote

“The threat is there – it might not be biting you yet but you had better be ready for the day it does”

Jeff Parker ICSPA

A Cabinet Office spokesman said cyber-attacks were one of the “top four” threats to the UK’s national security.

“Billions of pounds are being lost to the UK economy from cybercrime each year, including from intellectual property theft and cyber-espionage,” he said. “Industry is by far the biggest victim.”

The spokesman added that government was working with industry to harden critical infrastructure against attack, and had set up a series of initiatives to share information about threats and the best way to tackle them.
Bad decisions

The number of web-facing industrial and critical systems that these search engines find is only going to grow. That could introduce a whole new problem if the work of Greg Jones from security firm Digital Assurance is any guide.

Mr Jones bought several smart electricity meters from eBay and took them apart to see how well they protected the information within them. The models he bought are the same as those likely to be used as the UK converts its relatively dumb electricity grid to a smarter alternative.

A few days of work saw Mr Jones and his colleagues extract the passwords from the small chunk of memory inside the meter.
Warning text Many of the systems found by Shodan should have a restricted audience

“They had the same credentials in them – factory default passwords.” In addition, he said, basic steps to stop people fiddling with the hardware, or at least reveal tampering, had not been taken.

The traffic the devices swapped with utilities looked like it would be easy to spoof. If smart meters are rolled out in large numbers this could mean problems as it would give any attacker a way to trick that smart grid into making some catastrophically bad decisions.

“There are some really good standards out there governing smart meters,” said Mr Jones. “Our evidence suggests that those suggestions are not being followed.”

This is despite the government body that advises on security, based at GCHQ in Cheltenham, drawing up standards for validating the security, or otherwise, of the meters. The UK was already supposed to be well on the way to making the grid smarter but the project has been delayed because of worries about the central control system.

What is clear is that critical infrastructure and industrial plant control systems are coming under more scrutiny from both attackers and defenders.

That has its upside, said Jeff Parker, one of the directors at the ICSPA, which advises governments and businesses on cyber-protection.

“Is that a benefit? If it raises awareness of vulnerabilities, then, yes, it can help,” he said. However, it might take a lot of work to harden systems and ensure they were adequately protected.

“The threat is there,” he said, “It might not be biting you yet but you had better be ready for the day it does.”

Read the original article here: http://www.bbc.co.uk/news/technology-22524274

Secure your CCTV – Irish Web Design

you tube audio tabs

Google Chrome Audio Tabs

As we are currently working on a music website we were especially interested to hear that Google Chrome are about to add an ‘audio icon’ to any tabs that are making noise.

you tube audio tabs

How often does it happen that there are a number of browsers open with multiple tabs on each and you find yourself wondering where the noise is coming from.

Once they release this feature you will be able to tell immediately which tabs have audio running.

The tabs are also designed to tell the Chrome browser which tabs have audio running.

As you may know Chrome closes tabs if it is running out of memory.

With this new feature Chrome will discard the tabs with the audio indicator active last.

So if you’re listening to something in a tab near the back of all your tabs Chrome won’t assume that it is inactive.

This function is already in the latest build of Chrome meant for developers and ‘early adopters’ but at present it’s not always stable.

Expect to see it in an update to Google Chrome in the very near future.

Google Chrome Audio Tabs – Irish Web Design

darby o gill and the little people

Tourism Ireland Website

IIA STATEMENT IN RESPONSE TO TOURISM IRELAND AWARDING CONTRACT TO LONDON BASED COMPANY

In response to the Tourism Ireland decision to spend €2.5million on the development of the new Tourism Ireland website www.Ireland.com the Irish Internet Association on behalf of its members would like to express its serious disappointment that an agency of the state have preferred to employ the services of a London web development company over an Irish one.

paddywhackery begosh begorrah

There are a number of points that need to be addressed. Firstly, as a country in a job crisis we should be doing everything in our powers to support jobs locally. On principle as well as in practice, this ethos should be of highest importance for government agencies leading by example. In this specific instance, IIA members were shortlisted for this tender and we know that domestic rates are far more competitive that those reportedly paid. In accepting that price is not the only factor and that technical merit was the other criteria used, it is worth noting that on the subjective yet technical issue of design and user experience, the general view is that there are already some basic user experience shortcomings with this site.

Secondly, we must look at the broader ramifications of this decision. The majority of global technology companies have elected Ireland as their European base given the high quality of talent here. Beyond the specifics of this particular case, the political message that this decision is sending out to the world is counter-productive and anti-jobs. On the one hand, we have the IDA and Government Ministers working to increase foreign direct investment with a strong focus on the technology industry. On the other hand, in this single decision, we have a state agency saying that it is not possible to secure high quality and good value web design and development services here.

Tourism Ireland is responsible for attracting visitors to Ireland. Holiday tourism is important but so too is business and education tourism. They are asking people to visit a vibrant and welcoming country but is it also one that is so insecure about itself, so lacking in faith in its own people that when given the choice they will partner with a foreign company rather than an Irish one? The argument that this spend represents less than 10% of its total budget for the year is reminiscent of boom years when pockets were deep. The measure of value in these straitened times should surely not be that they got it for a small % of a large amount but rather that they got it for the very best possible price and in doing so factored in the multiplier effect of keeping those jobs in Ireland and promoting the world class standards that exist within our country.

Tourism Ireland’s new website was designed by Hugo and Cat — a creative agency for a digital world.

To quote their own website:

“Creativity from Insight

Consumer engagement. Conversion. Advocacy. A full house in buzzword bingo – but they’re what our clients come to us for.

We’re a digital creative agency specialising in content marketing, experience design and technology, underpinned by strategic planning. We’re all about big ideas without a big attitude, so you’ll get to know the people creating the work that gets your audience talking.

Why not stop by and say hello?”

Originally published on the IIA website

Bock The Robber had an amusing take on the whole farce:

At first glance it appears that the cat did most of the work, and a very well paid cat he is indeed, while Hugo did most of the talking. But what a talker Hugo is, persuading the Tourism Ireland management that a website should cost €2.5 million to design and build.

How appropriate for this pantomime.

Hugo and Cat

Let’s say the cat is on a hundred grand a year, which is good money by any standards in a time of austerity, especially when all you need to survive is the odd fish-bone. This means that the moggy needed to spend 25 years working on the project, which, you’ll agree, uses up several of his lives.

Two and a half million buckaroonies for a website isn’t chickenfeed. but hold on. A man like Hugo would have no ordinary cat. Any feline in his world would be the very cream of cat programmers, so let’s say he’s on a grand a day, because he’s worth it. That means he spent 2,500 days developing this website. Giving him weekends off to prowl the rooftops flashing the dosh at the lady cats — Loadsamoney!! — he still spent a full ten years on the job. That must be a hell of a website, wouldn’t you think?

Well, yes, you would think so, but you’d be wrong. This is the most confused, ill-functioning website you might ever have seen. It starts nowhere and it goes nowhere. It looks like somebody stole it and crashed it into a wall. If there’s a wrong way to do it, a right way to screw it up, nobody does it like us, and so, in their wisdom, the authorities awarded the contract to a London-based firm, rather than a local developer, even though their tender was not the lowest. Not that there’s anything wrong with a firm simply because it’s based in London, but since there’s no shortage of developers in Ireland, it seems surprising that Tourism Ireland couldn’t find a single one that came within a whisker of Hugo and his feline friend. Nobody was up to scratch.

ireland

Of course, the formidable managerial intellects at Tourism Ireland weren’t satisfied with spending the two and a half million on Hugo’s cat. They also decided that they should buy the domain name ireland.com from the Irish Times for half a million euros.

For some reason, they felt it was better to have an American domain representing Ireland than our own .ie extension.

Why?

I don’t know. This doesn’t seem like a decision based on professional advice, but of course, as usual, I might be wrong. I’d be very interested to hear what professional advice they had when they drew up the request for proposals. Were any web professionals involved in preparing the tender documents? What factors persuaded Tourism Ireland to award the contract to a company whose tender was not the lowest? What personnel prepared the detailed specification ? Did any external consultants assist in completion of the specification? Did any external consultants assist in evaluation of the completed design to ensure compliance with the brief? If so, who did these consultants work for?

So many questions.

One question has finally been answered, of course.

We now know that a cat can most certainly laugh.

Originally published on Bock

Irish Web Design notes that the website does not perform very well on mobile devices and smart phones.

ireland website security

Solutions for Website Security

Irish Web Design are please to announce that they have created a series of packages to provide a high level of security to small to medium business websites.

The packages are designed especially for WordPress based information, blog, news and e-commerce on-line shop websites.

 

barbed wire pattern

 

Irish Web Design described the packages as consisting of the three S’s: Scan, Secure Survey.

The website security measures involve scanning the websites for issues, securing the site and finally setting up a surveillance system to monitor the website in the longer term.

It is estimated that hundreds of thousands of websites around the globe that are running the WordPress software have been infected by malicious software.

Some of the software infects the computers of visitors, who may find a realistic looking ‘Anti Virus Scanner’ pop up on their computer.

The owner is informed that his machine is infected and this software will remove the threats and provide on-going security.

This ‘peace of mind’ only costs a very modest amount, typically $10 to $20.

This is a scam, the programme is not real.

What the criminals who are behind the scam want are your credit or debit card details.

They may wait a long time before they use the information gained to empty your account of funds.

There are many variation on these scams, including straightforward blackmail: you want your site back, you will pay.

Irish Web Design have researched the issue and designed a solution to ensure that website owners can sleep at night.

While there can never be an absolute guarantee as situations can change very rapidly the system is designed to provide alerts to any suspicious activity.

Contact Irish Web Design if you want your website audited and secured.

 

 

 

 

 

 

Solutions for Website Security

bank of america signs

Little and Large Websites Attacked

Little and Large Websites Attacked

The coordinated attacks used to knock a large number of websites offline grew became more powerful in the past months. According to the American company Prolexic who run the world’s largest and most trusted distributed denial of service (DDoS) protection & mitigation service, there has been an eight-fold increase in the average amount of junk traffic used to take sites down.

bank-of-america logo

Chase Bank Logo

citi bank logo

wells fargo logo

Attackers have moved on from just using compromised PCs in homes and small offices to flood websites with vast volumes of traffic, and are now using Web servers, which have vastly more more bandwidth available.

The recent ongoing attack on servers running the WordPress blogging application is constantly seeking new computing power that can be harnessed to form vastly bigger botnets.

Prolexic reported that well-financed attackers  are increasingly able to coordinate with fellow crime organizations in the large-scale assaults.

These types of attacks appear to be here to stay and can only be achieved by having access to significant resources  including manpower, technical skills and an organised chain of command.

The most prominent targets of the attacks have been the America’s largest banks, including Bank of America, Wells Fargo Bank, Chase Bank which at times have become completely unreachable following the flood of traffic.

Prolexic believes these attacks are not individual youngsters flexing their muscles, because the efforts involved in the harvesting of hosts, coordination, schedules,  specifics and the sheer military precision of the attacks suggests the presence of experienced criminals that recruit ‘digital mercenary groups’ to do their work for them.

San Francisco-based CloudFlare’s network was recently bombarded by data sent by more than 80,000 servers across the Internet that all appeared to be running WordPress.

Attackers will enter a legitimate user name along with passwords that are known to be invalid, which, when repeated millions of times overwhelms the servers as they perform database lookups and then report the authentication failure which the system struggles to record it in the internal logs.

The vast increase in applications such as WordPress and Joomla  could become to this decade what the early versions of Microsoft’s Windows XP were to the previous decade. In the 2000s it was easy to compromise desktop PCs and turn them into spam-sending engines or botnets to perform various nefarious acts.

Nowadays using a server that is at least ten times as powerful as a desktop computer can do a great deal more damage.

Recent Irish websites that have been attacked include the websites for the Department of Justice and the website of the Department of Finance.

Little and Large Websites Attacked

Irish Web Design

Magnifying Glass

Web Servers Under Attack

Irish Web Design continue to monitor developments in the ongoing saga of the many web servers under attack.

Eye Graphic

The www.arstechnica.com website carried the following story on the subject in its Risk Assessment / Security & Hacktivism section.

The piece is entitled “Admin beware: Attack hitting Apache websites is invisible to the naked eye”

With the sub-heading: “Newly discovered Linux/Cdorked evades detection by running in shared memory.”

“Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods.

Linux/Cdorked.A, as the backdoor has been dubbed, turns Apache-run websites into platforms that surreptitiously expose visitors to powerful malware attacks. According to a blog post published Friday by researchers from antivirus provider Eset, virtually all traces of the backdoor are stored in the shared memory of an infected server, making it extremely hard for administrators to know their machine has been hacked. This gives attackers a new and stealthy launchpad for client-side attacks included in Blackhole, a popular toolkit in the underground that exploits security bugs in Oracle’s Java, Adobe’s Flash and Reader, and dozens of other programs used by end users. There may be no way for typical server admins to know they’re infected.

“Unless a person really has some deep-dive knowledge on the incident response team, the first thing they’re going to do is kill the evidence,” Cameron Camp, a security researcher at Eset North America, told Ars. “If you run a large hosting company you’re not going to send a guy in who’s going to do memory dumps, you’re going to go on there with your standard tool sets and destroy the evidence.”

Linux/Cdorked.A leaves no traces of compromised hosts on the hard drive other than its modified HTTP daemon binary. Its configuration is delivered by the attacker through obfuscated HTTP commands that aren’t logged by normal Apache systems. All attacker-controlled data is encrypted. Those measures make it all but impossible for administrators to know anything is amiss unless they employ special methods to peer deep inside an infected machine. The backdoor analysed by Eset was programmed to receive 70 different encrypted commands, a number that could give attackers fairly granular control. Attackers can invoke the commands by manipulating the URLs sent to an infected website.

“The thing is receiving commands,” Camp said. “That means that suddenly you have a new vector that is difficult to detect but is receiving commands. Blackhole is a tricky piece of malware anyway. Now suddenly you have a slick delivery method.”

In addition to hiding evidence in memory, the backdoor is programmed to mask its malicious behaviour in other ways. End users who request addresses that contain “adm,” “webmaster” “support,” and similar words often used to denote special administrator webpages aren’t exposed to the client exploits. Also, to make detection harder, users who have previously been attacked are not exposed in the future.

It remains unclear what the precise relationship is between Linux/Cdorked.A and Darkleech, the Apache plug-in module conservatively estimated to have hijacked at least 20,000 sites. It’s possible they’re the same module, different versions of the same module, or different modules that both expose end users to Blackhole exploits. It also remains unclear exactly how legitimate websites are coming under the spell of the malicious plugins. While researchers from Sucuri speculate it takes hold after attackers brute-force the secure-shell access used by administrators, a researcher from Cisco Systems said he found evidence that vulnerable configurations of the Plesk control panel are being exploited to spread Darkleech. Other researchers who have investigated the ongoing attack in the past six months include AV provider Sophos and those from the Malware Must Die blog.

The malicious Apache modules are proving difficult to disinfect. Many of the modules take control of the secure shell mechanism that legitimate administrators use to make technical changes and update content to a site. That means attackers often regain control of machines that are only partially disinfected. The larger problem, of course, is that the highly sophisticated behavior of the infections makes them extremely hard to detect.

Eset researchers have released a tool that can be used by administrators who suspect their machine is infected with Linux/Cdorked.A. The free python script examines the shared memory of a sever running Apache and looks for commands issued by the stealthy backdoor. Eset’s cloud-based Livegrid system has already detected hundreds of servers that are infected. Because Livegrid works only with a small percentage of machines on the Internet, the number of compromised Apache servers is presumed to be much higher.”

Further relevant articles can be found on the website: http://www.arstechnica.com

living social logo

Living Social Website Compromised

The mighty Living Social website is the latest to be hacked, attacked or as they put it “experienced a security breach”.

livingsocial logo living social

Irish Web Design have carried out a series of actions to protect all the websites they have designed and currently manage.

Irish Web Design is currently considering the best course of action to take to keep all the websites in their care safe in the future.

We will be posting the results here and will also send the  details directly to our clients.

If you are not currently a client we are happy to keep you informed if you send us a message from the Contact page of this website.

In the meantime this is the content of the message subscribers received from Living Social earlier on.

IMPORTANT INFORMATION

LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.

The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.

The database that stores customer credit card information was not affected or accessed.

Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.

For your security, please create a new password for your account by following the instructions below.

  1. Visit https://www.livingsocial.com
  2. Click on the “Create New Password” button (top right corner of the homepage)
  3. Follow the steps to finish

We also encourage you, for your own personal data security, to consider changing password(s) on any other sites where you use the same or similar password(s).

The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.

Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website – and require you to login – before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.

We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.

Sincerely,
Tim O’Shaughnessy, CEO

 

Living Social Website Compromised

Visit Us On TwitterVisit Us On FacebookCheck Our Feed