Day: September 30, 2014

This article in the NY Times talks about the growing risks for barrier islands on the Atlantic and Gulf Coasts of the US.

It seems that two trends are coming together to pose unusually high risks:

1. Global warming and the resulting increase in sea levels are increasing the dangers to folks living on those islands;
2. Population growth on these islands is very strong: twice the US average.

Those trends got us thinking about the importance of good emergency planning, which has always been important in coastal communities facing hurricanes, tornadoes and other natural disasters.

Barrier islands are a special case because they are difficult to evacuate.  The road system on these islands is often a great example of a “single point of failure”, where the loss of one road cuts off all transportation options.  And storm surges and other forces can often easily take out roads.

This makes emergency alert services especially important, since getting the word out to evacuate is a critical part of any emergency plan.  So if you have doubts about the reliability of your alert system, you should give Hyper-Reach a call.

If you haven’t heard of Shellshock and rely on web-based services, you need to be aware.  And make sure the folks who run your services are on top of this issue.

As reported by the Washington Post:

The National Institute of Standards and Technology’s National Vulnerability Database scored the vulnerability as a “10,” on a scale from one to 1o, on both impacts and exploitability. US-CERT also issued an advisory, saying “exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.”

That means that someone could remotely take over a server.

From the perspective of mass emergency alert providers, that could mean serious trouble.  We should all remember the incident last year when the emergency alert system at a Great Falls, MT television station was hacked and sent out bogus warnings that “dead bodies are rising from their graves”.  So a hacker could potentially take over some other emergency alert service to send out similar warnings – or worse.

All the major emergency alert service providers (CodeRed, Everbridge, Hyper-Reach, etc.) use web-based services to enable their clients to send out alerts.  Unless the servers that provide the web interface are protected from hackers, there’s a serious risk.

If you use Hyper-Reach, you’re protected by an IT team that takes security seriously.  Our servers were patched within hours of the news of this vulnerability.  And we’re tracking the issue closely, which is important, since there have been at least three new bash-related vulnerabilities reported.

If you don’t use Hyper-Reach for emergency alerts, check with your vendor.  It’s important.  And if you use other web-based services, you should check with them as well.