T : +(603) 7806 3550   |   F : +(603) 7806 5586
everworks it expertise

Cloud Computing

Offering you the best

everworks services

Data Backup

Data backup solution

everworks infrastructure

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

everworks cloudster

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

everworks databackup

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Thursday 25 September 2014

Heartbleed Bug Statement


There has been a security flaw in our OpenSSL, a very popular data encryption standard that has given the majority of us an assumption that the data we stored and used in our every day services were secured. However, this wasn't the case as the Heartbleed Bug gave hackers that know about it to extract a large amount of data when the assumption was that the OpenSSL standard was meant to keep these very hackers out.

What is the Heartbleed Bug


Heartbleed Bug is a serious vulnerability of the popular OpenSSL encryption standard. This weakness allows information normally protected under the SSL/TSL (normally used to secure the Internet). The bug allows anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL, that has compromised keys used to encrypt data, allowing hackers to eavesdrop on communications to steal data directly from the services that users use and to impersonate them.

How to stop the leak?


As long as the vulnerable version of the OpenSSL is in use it can be abused. Fixed OpenSSL has been released and deployed. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

Common Questions and Answers to them


1. What is the CVE-2014-0160?


CVE-2014-0160 is the official reference for this bug.

2. What makes the Heartbleed Bug unique?


Normal bugs in softwares come and go, fixed by new versions. However, this bug has left a large amount of private keys and other secrets exposed on the Internet, and considering the long exposure, ease of exploitation and attacks leaving no trace, this bug should be taken very seriously.

3. Is this a design flaw in SSL/TLS protocol?


No. This is an implementation problem.

4. What is being leaked?


Encryption is used to protect secrets that may harm your privacy or security if they leak.

5. Leaked primary key material and how to recover?


Leaked primary key material allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures can be bypassed. Recovery from this leak requires patching the vulnerability, renovation of the compromised keys and reissuing and redistributing new keys.

6. Leaked secondary key material and how to recover?


Leaked secondary key material are leaked user credentials (usernames and passwords) used in vulnerable services. Recovery from this leak requires owners of the service first to restore trust to the service by changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and sessions cookies should be invalidated and considered compromised.

7. What is leaked protected content and how to recover?


This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. The most important action to take for recovery is to restore trust to the service by changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised.

8. Can i detect if someone has exploited this against me?


This bug does not leave any trace of anything abnormal happening to the logs.

9. How can OpenSSL be fixed?


Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so the fixed version 1.0.1g or newer should be used.

Does this affect Malaysian businesses?


As mentioned earlier, OpenSSL is a popular encryption protocol that is widely accepted worldwide. And a large number of Malaysian businesses use this to encrypt their data. Consider change quickly as this may affect your sensitive information.

What versions of the OpenSSL are affected?


status of different versions:

  1. OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  2. OpenSSL 1.0.1g is NOT vulnerable
  3. OpenSSL 1.0.0 branch is NOT vulnerable
  4. OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December in 2011 and has been out in the wild since OpenSSL released 1.0.1 on 14th March 2012. OpenSSL 1.0.1g released on 7th April 2014 fixes the bug.

Recovery sounds laborious is there a shortcut?


After the consequences of this bug was properly identified and to the extent of which it could affect any user or provider, we (here at EVERWORKS) took laborious steps to address this issue to ensure that the possible compromise of our primary and secondary key material was protected. All this just in case we were not the first ones to discover this and this could have been exploited already.

For Malaysians you can refer to MyCERT for Information Disclosure on this Vulnerability.

Thursday 18 September 2014

Principles of PDPA 2010 (Malaysia)


Malaysia recently implemented the Personal Data Protection Act and there has been a great buzz of late as to what it is, and what it might encompass to how it actually affects online business in Malaysia. 

This is a follow up post from the earlier post: The Personal Data Protection Act 2010 (Malaysia).

Disclaimer: This post has been put together based on information that have been researched online for general use only, and may only be adequately accurate. This post does not constitute of legal advice, or in any way constitute to be of solicitation. Although all attempts have been made to ensure that the information represented in this post is free from error, please seek advice from a professional legal advisor ("lawyer") to accurately identify areas in which your business could improve, and how it can accommodate this new Act.

The principles of the Personal Data Protection Act 2010 (Malaysia):

  1. General
  2. Notice and Choice
  3. Disclosure 
  4. Security
  5. Retention
  6. Data Integrity
  7. Access
A breach of any of the above principles will result in a fine not exceeding RM300,000 and/or jail term of 2 years. As a rule of thumb, users who fall under the umbrella of the act are called 'Data Users'; Data users are defined as a person or persons who has control over or is able to authorize the accessing of personal data. 

the General Principle:


Generally it is required that the consent of an individual must be obtained, to process personal data. However, there are exceptions whereby the processing of personal data is required for entering or performing a contract, required legal obligations, for the administration of justice, or the protection of the vital interest of an individual. For example, if you were to have a website that asks someone for their information, it must be made known to them what their personal information would be used for; however unless there is a need to disclose that someone's personal information to help with an ongoing investigation that could help aid the administration of justice.

the Notice and Choice Principle:


Getting consent is generally required, and additionally there should be adequate notice provided to the individual. According to the Personal Data Protection Act 2010 (MY) you need to provide a written notice that includes:

  1. a description of the data being processed, the purpose, 
  2. the source, 
  3. right to access the individual's own personal data and how to contact you in any situation required to amend or revoke rights to that individual's personal data, 
  4. disclosure of data to third parties, 
  5. ability to limit access to personal data, 
  6. notice of whether the data submitted is compulsory or optional, 
  7. and in the case that the data being submitted is compulsory it must be made known to the individual.
Tip 1: These information although should be made readily available under the Data Protection Policies or Privacy Policy of your websites, it should be made clear during the process of signing up so that the individual is adequately informed that there are statements of clarity that clarifies any uncertainties in regards to how their personal information is being managed.

Tip 2: It is also required that notices be provided in both English and Bahasa Malaysia languages so that the individual has a choice in selecting either language that they prefer.

Tip 3: When to notify? At the point data is collected or requested, when using data for other purposes, or disclosure of data to a third party.

the Disclosure Principle:


It is required to gain the consent of the individual when data is used for purposes other than what it is intended for, or disclosure to a third party of a different class.

the Security Principle:


Reasonable precautions must have been taken to ensure the safety of the data collected. The data being processed or through the use of an external data processor, sufficient guarantees in respect to the technical and organizational security measures, governing the processing must be carried out to reasonable measures to ensure compliance with those measures.

the Retention Principle:


Data collected cannot be retained for longer periods than what is necessary and when it has fulfilled its task all reasonable measures must be taken to destroy or permanently delete the data.

the Data Integrity Principle:


It is required that the inquirer's responsibility to take reasonable steps to ensure that data collected is accurate, complete, not misleading and kept up-to-date.

the Access Principle:


An individual must be given right to access his/her own personal data to make corrections unless the Personal Data Protection Act 2010 (MY) expressly refuses to.

The Personal Data Protection Act 2010 (MY) has caused a huge stir in Malaysia. Are you PDPA compliant?

referenced from Malaysian Bar  | Cloud Rock 

Thursday 11 September 2014

General Microsoft Outlook Error Codes and Quick Fixes


Email is essential to our everyday lives, whether in business or for personal use. It has proven to be an integral part of our daily productivity, and has grown to become a 'staple dish' in every Malaysian household. Find out more on what could be possibly affecting your email when you are using Microsoft Outlook as a general 'organizer' to view different sets of emails and put tasks into calendar in order. Listed below are a list of general Microsoft Outlook Error Codes (I hope that this will provide you with a quick fix to a problem that you may face.):

0x800CCC00 LOAD SICILY FAILED

  1. Try closing and restarting Microsoft Outlook.
  2. If the same error persists wait 20-30 minutes for a server reset of your account then try again.
  3. If the error still doesn't resolve there could be a corruption of the user account. Try setting up a second identity to see if it works.

0x800CCC01 INVALID CERTIFICATE CONTENT

  1. Get your certificate re-issued by your authority server.

0x800CCC02 INVALID CERTIFICATE DATE

  1. Get your certificate re-issued by your authority server.

0x800CCC03 USER ALREADY CONNECTED

  1. You may be logged on to another machine. Close all connections to other machines and wait 20-30 minutes and try again.
  2. Some mail servers will not recognize and improper disconnection. Resulting in the account being 'Poplocked', wait 20-30 minutes for it to time out.
  3. If neither of this works, then there may be something wrong with your account.

0x800CCC05 NOT CONNECTED TO SERVER

  1. Cannot connect to websites? You may have the wrong mail server type into your account settings or the server may be down.
  2. If you can't get the websites then try reconnecting.
  3. If it still fails try restarting your computer.
  4. If it still does not work, check DNS numbers, remove and then reinstall TCP/IP in Control Panel > Network.

0x800CCC0A MESSAGE DOWNLOAD INCOMPLETE

  1. There could be a possible corruption of the pop3uidl file. Close the Internet connection and all programs. Search for the file 'pop3uidl' and delete it. Reconnect and it should work.
  2. If the problem persists, repeat step 1 with a reboot before you check your mail again.
  3. If it still does not work, you could have a corrupt or a very large attachment.

0x800CCC0B SERVER OR MAILDROP IS BUSY

  1. Try to retrieve email about once every 5 minutes. Alternatively call your ISP help desk to make sure that the server hasn't crashed.
  2. You may be logged on to another machine. Close all connections to other machines and wait 20-30 minutes and try again.
  3. Some mail servers will not recognize and improper disconnection. Resulting in the account being 'Poplocked', wait 20-30 minutes for it to time out.
  4. If neither of this works, then there may be something wrong with your account.

0x800CCC0D CAN'T FIND HOST

  1. This error can appear if you have 'notify me if there are any new newsgroups' selected but don't have a news account set up. Go to Tools > Options > General Tab and un-tick this option.
  2. If you can get to websites, you may just have the wrong mail server typed into your account details or the server may be down.
  3. If you still can't get websites then hang up and try connecting again, followed by rebooting the computer.

0x800CCC0E FAILED TO CONNECT

  1. This error can appear if you have 'notify me if there are any new newsgroups' selected but don't have a news account set up. Go to Tools > Options > General Tab and un-tick this option.
  2. If you can get to websites, you may just have the wrong mail server typed into your account details or the server may be down.
  3. If you still can't get websites then hang up and try connecting again, followed by rebooting the computer.
0x800CCC0F CONNECTION DROPPED

  1. The modem or network cable is likely to be disconnected. If this happens frequently try updating the modem drivers or adding and Init string (could be possibly line noise).

0x800CCC10 INVALID ADDRESS

  1. Check the spelling in the {TO: field of the email}. Delete the old message from the Outbox and try again.

0x800CCC11 INVALID ADDRESS LIST

  1. Check the spellings of the address list and try it again.
  2. If this still persists, check with the administrator to see if you have the correct access to the list from the terminal you are using.

0x800CCC12 SOCKET READ ERROR

  1. Remove the TCP/IP protocol and reinstall it. Go into Network > Control Panel. (You might need your Windows CD for this task.)

0x800CCC13 SOCKET WRITE ERROR

  1. This error sometimes appears when trying to download emails with attachments.
  2. Remove the TCP/IP protocol and reinstall it. Go into Network > Control Panel. (You might need your Windows CD for this task.)
0x800CCC14 SOCKET INIT ERROR

  1. Remove the TCP/IP protocol and reinstall it. Go into Network > Control Panel. (You might need your Windows CD for this task.)
0x800CCC15 SOCKET CONNECT ERROR

  1. Remove the TCP/IP protocol and reinstall it. Go into Network > Control Panel. (You might need your Windows CD for this task.)
0x800CCC16 INVALID ACCOUNT

  1. Check the spelling of the account name and re-enter the password taking care to spell it correctly.

0x800CCC17 USER CANCEL

  1. You have pressed the cancel button.
  2. If it is taking longer than usual there is a likelihood that the pop3uidl file is corrupted. Close your Internet connection and all other programs, delete the pop3uidl file and try again.

0x800CCC18 SICILY LOGON FAILED

  1. Check account information; make sure the account is not case sensitive, close Outlook, restart and try reconnecting.
  2. Create a different identity and see if it will logon from this identity with the same information.
  3. Make sure the account is still active with the Internet Service Provider (ISP) and that the ISP is not having an email outlook.

0x800CCC19 TIMEOUT

  1. This is a possible corruption of the pop3uidl file. Close your Internet connection and all other programs, delete the pop3uidl file and try again.

0x800CCC1A SECURE CONNECT FAILED

  1. Your ISP may not require an SSL connection. Turn off SSL in the email account properties and try again.
EVERWORKS provides industry leading email hosting for your business needs. Find out more on EVERWORKS  Email Hosting solution


Thursday 4 September 2014

Announcement - SMS/MMS Service Interruption


To our valued customers and content providers

We are currently experiencing technical issues with regards to our SMS and MMS services.

Resulting in service interruption. Our technical team is working on the issue, and further notice will be given in due time.

We would like to apologize for any inconvenience caused.

Cell Phone designed by Alejandro Santander from the Noun Project

MMS vs SMS


Both MMS and SMS are used in mobile phones for non-voice communications.

Transmission Mechanism


MMS: Messages are sent to the message center, and then sent to the recipient via the internet if the phone supports the MMS formats. If it doesn't, the MMS can be viewed in a web browser.

SMS: Message centers are responsible for sending and receiving texts and try to re-send messages if they failed during the first try.

Problems and Pitfalls of SMS vs MMS


For consumers


SMS: Spoofing & Spamming. Spoofing is a process by which a person impersonates a user by manipulating the address information and sends messages, Consumers may give away their personal information being victimized by these spoofers. Spamming on the other hand is a process by which a user is sent promotional messages that he hasn't subscribed to, very often.

MMS: Sending & receiving MMS can pose to be a problem if the handset device that is being used by the user doesn't support receiving of multimedia messages or the configuration has been set incorrectly, or set to not receive MMS.

For wireless service providers


SMS: Sending of text messages pose few problems for wireless carriers because the technology has been perfected over the years. However, under a possible extreme situation, service provider's network may be jammed, hindering free flow of text messaging communication between senders and receivers; vice versa.

MMS: Content adaptation is one of the biggest problems that carriers face with MMS. The change of format to be correctly read on the recipient end, along with bulk SMS sending facilities cannot be replicated as compared to SMS, and these two problems pose to be a challenges that are faced.

Size 


A standard SMS is usually limited to only 160 characters in length and can be sent from any regular mobile phone. A standard MMS does not have a specific character limit, and does give a wider option (being able to send music, animation, and other interactive media).

Using SMS as a marketing tool.


SMS can be a powerful tool when coming it comes to spreading specific information that you might want your users to know.

Important Note: Pay attention to Malaysia's new Data Protection Act 2001. Ensure that you are compliant and not making moves that could be exposing customer's personal data.

It can be the fastest most direct way to contact your customers to remind them or inform them on upcoming offers you might have for them.

From experience, EVERWORKS, has been serving customers from a wide array of different sectors and industries, and we have had strong positive track record from our previous clients.

EVERWORKS offers industry leading SMS Marketing services along with industry competitive pricing and backed with a *money back guarantee.

Use EVERWORKS SMS Delivery Gateway to inform customers of your special offers.

*money back guarantee is subjected to terms and conditions.


Iphone designed by Oleg Frolov from the Noun Project