Shellshock – We’re Patched and Ready to Do More

If you haven’t heard of Shellshock and rely on web-based services, you need to be aware.  And make sure the folks who run your services are on top of this issue.

As reported by the Washington Post:

The National Institute of Standards and Technology’s National Vulnerability Database scored the vulnerability as a “10,” on a scale from one to 1o, on both impacts and exploitability. US-CERT also issued an advisory, saying “exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.”

That means that someone could remotely take over a server.

From the perspective of mass emergency alert providers, that could mean serious trouble.  We should all remember the incident last year when the emergency alert system at a Great Falls, MT television station was hacked and sent out bogus warnings that “dead bodies are rising from their graves”.  So a hacker could potentially take over some other emergency alert service to send out similar warnings – or worse.

All the major emergency alert service providers (CodeRed, Everbridge, Hyper-Reach, etc.) use web-based services to enable their clients to send out alerts.  Unless the servers that provide the web interface are protected from hackers, there’s a serious risk.

If you use Hyper-Reach, you’re protected by an IT team that takes security seriously.  Our servers were patched within hours of the news of this vulnerability.  And we’re tracking the issue closely, which is important, since there have been at least three new bash-related vulnerabilities reported.

If you don’t use Hyper-Reach for emergency alerts, check with your vendor.  It’s important.  And if you use other web-based services, you should check with them as well.

Wireless Emergency Alerts and local emergency alerts: what FEMA says.

FEMA’s ready.gov website has a page on Wireless Emergency Alerts – the text alert part of the IPAWS system, which includes an FAQ section.  Here’s the Q&A on how WEA relates to local emergency alert services, such as Hyper-Reach:

Is this the same service public safety agencies have asked the public to register for?
No, but they are complementary. Local agencies may have asked you to sign up to receive telephone calls, text messages, or emails. Those messages often include specific details about a critical event. WEAs are very short messages designed to get your attention in a critical situation. They may not give all the details you receive from other notification services.

This explanation is fine as far as it goes, but it doesn’t make it clear how different local alerts are from WEA messages.  Boil water alerts, for example, which are a large part of local alert messaging (there are over 800 water main breaks in the US each day), probably wouldn’t qualify or be used for IPAWS.  So in addition to the level of detail, there’s a big difference in the subject matter of WEA and local alerts.

WEA is clearly useful, but also clearly no substitute for local alerts.  We wish FEMA had done more to encourage folks to sign up for their local alert systems.

RecordTime™ – Send a Real Voice Message ASAP!

Of all the features that Hyper-Reach offers, we really like RecordTime, which enables you to record a voice message directly on your PC or laptop.

Before RecordTime, our customers had to go through a tedious procedure of recording their message by either calling it in or recording it using another application.   Then, they’d need to transfer the recording to the system for sending out to the public.

Now, with RecordTime, recording a voice message on your PC is as simple as clicking a button and talking into your PC-connected microphone.  The message is recorded directly within the Hyper-Reach system, so there’s no need to transfer files anywhere.  And because RecordTime uses your PC microphone instead of the telephone, the clarity is as good as it gets.

If you’re a Hyper-Reach client and haven’t tried RecordTime, give it a try.  And if you need help, just let your account executive know.

IPAWS/WEA and Hyper-Reach Aid Wildfire Evacuation

As many people saw, Washington State was ravaged by wildfires in July, destroying hundreds of thousands of acres of forest. Officials estimate the damage at six times the average annual area normally damaged by wildfire.

Stevens County – a Hyper-Reach client – was spared fatalities, in part, thanks to an effective evacuation campaign, aided by the new FEMA Wireless Emergency Alert (WEA) system, which is part FEMA’s IPAWS system.

The fire was the first time Stevens County public safety officials have used the Wireless Emergency Alert system, in addition to phone calls and texts sent by Hyper-Reach.  One advantage of the WEA system is that it reaches “wireless-only” households, where more than 40% of Washington State residents live. 

The Hyper-Reach system enables public safety personnel to send WEA and other emergency alerts through the same standardized interface.  To find out more about how Hyper-Reach can enable emergency officials to access IPAWS, go to www.hyper-reach.com

“Wireless-Only” Reaches 43% of Households

Venn bubbleThe Centers for Disease Control publish statistics twice a year showing the percentage of households that have landlines or mobile phones or both. 

It’s an impressive study, with a huge sample.  But because it comes out six months after the data, we’ve developed a model to project where the US really is in terms of “wireless substitution” as they like to call it.

Based on the most recent data, we’re estimating that about 43% of all US households are “wireless-only”, meaning that they do not have a home landline.  So the only way you can reach them with a phone call or a text message is on their mobile phone.  And that’s for the US as a whole.  If you look at specific segments, such as the southern US, urban residents, younger people, etc., the wireless-only statistics are much higher.

By the end of the decade – maybe sooner – more than half the US will not be reachable via a landline telephone call.

 

Text Beats Talk in Emergency Alerts

A recent news item we saw says that 59% of survey respondents prefer to get emergency alerts by text, rather than by a voice call.

That’s not a surprise.  We did a quick search on Google news and found many articles showing the same thing in many different contexts.  Men who prefer to text rather than call girlfriends, low income patients who prefer text to interact with health care providers, college-age students, etc., etc.

It’s not everyone.  59% means that 41% prefer voice or some other method.  But it’s important.

So if folks prefer text, they need to register so you have their mobile number.  So why not give them the option to sign up for emergency alerts via text?  We’ve developed just such a method.  Drop us a note at jveilleux@ashergroup.com to find out more.

Why We Went to the County Fair

Last month, we decided to see if we could sign up residents with a booth at the Burke County, NC county fair (Burke County is a Hyper-Reach client.)  We learned a lot about getting citizens signed up for emergency alerts, lessons that can be put to good use by any agency trying to get more folks registered.  Here’s a quick summary:

  1. Give something away in exchange.  We tripled registrations by offering an inexpensive prize ($64 at Wal-Mart).
  2. Emphasize the word “FREE”.  Many people assumed we were charging for the service, which was our mistake.  When we made it clear that the cost of emergency alerts was paid by the county, we eliminated that problem.
  3. People may think they are signed up when they are not.  There are so many alert services (especially weather) we thought there was a lot of confusion.
  4. A web form is not enough.  We offered folks three ways to sign up at the booth: our new text-based sign up process, a paper form and the web.  No one used the web, but many used the other two.

Since wireless phones are so important (even people with landlines told us they don’t use them much), registration is critical.  So we’ve put together a “registration kit” with all of the materials we’ve developed so far.  Send us an email if you want a copy.  Burke Fair 2

Signing up for Emergency Alerts using SMS

We’re adding a new way for residents to register for local emergency alerts. It’s simple, easy and makes a ton of sense: using SMS.

The process starts by texting a message to our registration number. For example, send “burkealerts” to 828-201-3877 (assuming you’re in Burke Count, NC). You’ll get a reply asking for your address.

Then for confirmation, we’ll ask for your name.

Third, we’ll ask for an email address, in case you want messages sent there.

Last, we’ll ask for the numbers of other people you think should be signed up.

Terms and conditions are here: https://secure.hyper-reach.com/comsignup-disclaimer.jsp?id=40005

After all, if we’re going to get people to register their phones, doesn’t it make sense to use the device we want them to register?

Duplicate Amber Alerts Annoy New York Phone Users – Some Turn Off Alerts

Yesterday’s Amber Alert for 16-year old Cassidy Geffert has had another ugly outcome.  In addition to creating controversy and disturbing a lot of people, it also resulted in some people turning off the alerts on their phone altogether.

Around 1:30 yesterday an alert went out telling people to look out for a black 2006 SAB sedan.

It seems that for many mobile phone customers the alert was repeated over and over again.  One AT&T customer tweeted that he got alerts at noon, 1:25pm, 4:55pm, 6:07pm, 9:45pm, 11:08pm on the 23rd, then at 2:33am, 4:28am, 7:35am, and 11:10am on the 24th.  Another person tweeted that he got 48 alerts and that they kept him “up all night”, while a third tweeter said she’d gotten 20.  We called the NY State Police and were told that they’d had similar reports by email.

The specific type of alert discussed in these tweets is not certain.  Public safety officials have several alerting systems available to them, including NY Alerts, Hyper-Reach, and others.  But a few tweets included pictures of the alerts as they appeared on the user’s phones.  In addition, Hyper-Reach personnel received some of these duplicates, so we know that at least some of the alerts were from the Wireless Emergency Alert (WEA) system, also known as IPAWS, which is administered by FEMA.

In addition to the frustration and anger the duplicate alerts have caused, some people have turned off the WEA alert function on their phones in response.  As one tweeter put it: “kept getting that #expired #amberalert from #yesterday once an hour upon getting to #work. Turned them off completely.”

The WEA function is provided by default by most wireless carriers and is installed on most phones manufactured in the past few years.  But – with the exception of alerts sent by the President of the US – WEA alerts can be turned off by the customer.  Unfortunately, customers who chose to do this will not only avoid Amber Alerts, they will also miss National Weather Service alerts about severe weather and other public safety warnings that could save their lives.

An irony of the situation is that yesterday’s Amber Alert was false to begin with.  Geffert was found an hour later at a Brockport, NY hotel and arrested for grand larceny.  Police have confirmed that she was not abducted, although they have not commented further on the case.

Duplicate Amber Alerts

Duplicate Amber Alerts

Here’s an edited collection of the Tweets we found in the past 8 hours:

Thanks for the Amber Alert yesterday at noon, 125pm, 455pm, 607pm, 945pm, 1108pm & today at 233am, 428am, 735am, then 5 mins ago. PLS STOP.

Does anyone else keep getting the Rochester Amber alert on there phone?

“Omg the amber alert went off again ***”

For the 8th time, I’ve received the amber alert from yesterday. #illuminati

I just got that amber alert again like really

this amber alert keeps going off in mine and Tyler’s phones!

@TheBuffaloNews Here’s a story for you. Tmobile customers getting bombarded with the same amber alert over and over pic.twitter.com/HY5lA8Dv1c

Why is this Amber alert still comming to my phone

Is my phone the only one still getting an Amber Alert?

Anyone else get another amber alert?

Alright you can stop with the amber alert texts now they found her

Hey @ATT please stop sending me yesterday’s Amber Alert. We’re in @CHSBuffalo Labor/Delivery, you keep waking our newborn. You’ve sent 10x!

Just got the amber alert on my phone again,?

I keep getting this ******* Amber alert

I’ve gotten the same amber alert to my phone 4 times. The chick was found yesterday. *** ****.

why did my amber alert go off again

If I get 1 more Amber Alert text I’m going to flip out, have sent me 48 messages keepin me up all night. *** they found this girl yesterday

Soooo why ** did another amber alert get sent to my phone . . . I now have 20 .

why am I still getting the amber alert?

****ing #annoying, kept getting that #expired#amberalert from #yesterday once an hour upon getting to #work. Turned them off completely.

Why the **** am I still getting this damn amber alert to my phone ? 

Preparation for Weather Anomalies

With all our latest technology and developments that have been made regarding weather predictions, we still do not have the capabilities to fully prepare those vulnerable to disastrous storms.

On Monday night, twin tornadoes swept through northeast Nebraska. Although this phenomenon isn’t unprecedented, it is rare. The two tornadoes continued their path of destruction with similar strength and were separated by almost a mile at one point. The storm ravaged the town of Pilger, Nebraska with at least one death.

Residents of these areas may be prepared for one tornado with one path of destruction, but adding another is devastating and unexpected. These anomalies further the need of reliable emergency notification systems, especially in areas prone to severe weather. It also validates the importance for residents to register their information for their local alert system.

Signing up is quick and easy. Visit the US National Emergency Alert Registry page at www.usnear.org and you will be plugged into your local notification system.