January 27, 2012

Aww snap. Cloud saves the day.

Hey everyone. Thanks for being so patient. As you are probably aware, we have been in the middle of a major migration over the last few days as we moved all critical services to Windows Azure and SQL Azure.

You will notice an entirely new website. Hours of new training materials. Lots of new products. And an entirely new Customer Portal with a vast amount of information that you have asked for like historical statements, the ability to download your token import files and link accounts if you are a partner and wish to manage other customers through our service.

Now, I wish we could report it went swimmingly. However, as some of you have experienced in the last 8 hours, that hasn't quite been the case. In the midst of migrating the subscription service to Windows Azure (the final step) our city had a catastrophic power failure that literally blew up. This caused the deployment to fail, and would not allow us to redeploy and VIP swap so the load balancers could start using the new system.

The result is some AuthAnvil Licensing Managers may have been reporting it could not authenticate when checking in, and you may have even received some error emails from the system to generate a new key (a new feature in our latest version just released). You do not need to do this. We have since relocated to our disaster recovery site and have successfully completed the migration of the subscription service to Azure. Just restart the AuthAnvil Licensing Manager service on any affected servers, and you will be good to go. Any machines that have not tried to check in today should be fine and will continue to function uninterrupted.

Our goal and main reason for moving to Windows Azure was specifically to deliver a highly reliable and fault tolerant solution our customers deserve. I would like to personally apologize to any customer who has had an outage due to this migration in the last day. Although we had a strategy to cleanly migrate to the new system, we could anticipate for a power substation to blow up that powers our grid and all the Internet connections.

We are currently leveraging our disaster recovery plan and are currently following up on the email backlog thanks to LiveArchive with ExchangeDefender. All Customer Service is still available through our website and communications are still happening through Salesforce. Go cloud.

 

 

Posted at 03:04 PM in In the Trenches, Product News | | Comments (0) | TrackBack (0)

| |

January 25, 2012

NOTICE: The world is about to change. Well, our part of it is anyways.

Hey folks. Some exciting things are about to happy around here at Scorpion Software. In anticipation of this, we wanted to give you some heads up. Later today we will be going dark. You may feel like this:

Portal-down
Don't fear though... this is a short term issue. Links on our website may not work. Our Customer Portal may not be available through the night. You won't be able to install AuthAnvil Two Factor Auth. (you shouldn't anyways... hold off until tomorrow... trust us on that ;-) ) 

Why you might ask? We are updating everything with exciting new information and content on some new products we have been quietly working on for almost two years. We are also moving our entire customer facing online experience to Windows Azure which will take some time to propagate.

In the end, you will end up with a much more reliable online experience with us; you will have a much easier time working with us; and you are going to have a much nicer time working with passwords both on-premise, and in the cloud... thanks to some new work we have been doing.

So sit back. Relax. And watch this space. We are about to change the world. Well, our part of it anyways.

Posted at 04:37 PM in In the Trenches | | Comments (1) | TrackBack (0)

| |

January 19, 2012

How neglecting password management may cost Zappos and Amazon millions

If you have been following the news, you may have heard how last week Zappos (an online shoe retailer owned by Amazon) was breached forcing them to reset 2.4 million passwords for their users as hackers were able to get them all. The CEO did a great job and acted swiftly to disclose what was going on.

The twist is this story is that shortly after, a class action lawsuit has been filed against Amazon stating they violated a part of the Fair Credit Reporting Act by failing to properly encrypt and secure customer information, and seeks unspecified damages for 24 million customers. This is interesting. It may set a new precedence. Do we have an obligation as netizens to hold cloud providers to a high standard by sueing them for negligence? Does this help or hinder online application vendors and online store fronts?

At this point, it doesn't matter. Although there are debates about the negligence in protecting the customer data, the reality is passwords need to be highly secured. There should be no need to reset everyone's password because a single server was compromised. The keys to protecting them should be isolated and separated. 

And we should be managing passwords and sensitive keys more effectively. Both on and off servers. Both on premise at work, and in the cloud. And that is something we are going to help our customers do better going forward.

Next week we will be announcing the general availability of the AuthAnvil Password Vault. The Password Vault allows you to centrally organize, share, synchronize and audit all your important passwords within your organization, and the organizations you may work with. Access your passwords securely from almost anywhere on almost any device, both on-premise and in the cloud. All protected with AuthAnvil Two Factor Auth.

At this point, no one knows if Amazon will lose this case. However, the point has already been made. Neglecting password management can expose businesses to great liability. If you work within an IT Service Provider or IT department, what are you doing to make sure you have reduced that risk to an acceptable level? Do you even know where to start? 

Next week, we'll show you how.

Posted at 12:14 PM in In the Trenches, Product News | | Comments (0) | TrackBack (0)

| |

January 11, 2012

Passwords in 2012. How it WILL be different.

Welcome to 2012. It wasn't that long ago (2004 if I recall) that Bill Gates announced at a keynote at RSA Security Conference that passwords were dead. The traditional static password was to be replaced with something better.

But it wasn't.

Information Cards came and went. Biometrics failed to deliver. SMS OTPs died by the poor carriers of crappy wireless service. Windows 8 is trying picture passwords. But one thing still remains. The password.

Something has to be done about it. And it will be. Not by false promises or visionary statements. But instead by simple stuff that really works.

Like making password management reasonable. Automated. Audited. Controlled. Secured.

Like replacing the needs to even know or see a password in the first place through single sign on (SSO). Simple. And secure. 

Like making stronger authentication actually work in your business life... not work against it.

And to have all this work within the applications, platforms and solutions you use today.

This is where Scorpion Software is NOW in 2012. We are about to go through some MAJOR changes in the coming weeks, stuff we have been working on for the last few years. From an overhaul to our Customer Portal and partner program so our most successful partners thrive, to an entire new suite of solutions to make it easier to work with passwords in the first place... 2012 will be the year of the password. Well, more to the point, the year you will actually harness and properly control them for the first time. Eliminate the need to know or use them when its appropriate. And replace them with two-factor authentication when its not.

Exciting times. Watch this space over the next few weeks as we start to reveal what we have been doing in secret for the last few years.  

We are solving the obvious problems with passwords that others ignore. We look forward to showing you how in 2012.

Posted at 03:15 PM in In the Trenches | | Comments (0) | TrackBack (0)

| |

December 22, 2011

Scorpion Software offices closed for Christmas Break

Scorpion Software will be closed for the week after Christmas (Dec 26 - 30) to spend the Christmas season with our families. During this time our chat queues and general support will not be available, but we will still be providing emergency SERVER DOWN support to clients who open a case through www.scorpionsoft.com/help.

Normal operations and support will pick up again on January 3rd, 2012.

Merry Christmas, blog readers!  See you in the new year!

Posted at 03:30 PM | | Comments (0) | TrackBack (0)

| |

November 28, 2011

Special Holiday offer for Yubikeys

We received an awesome email today from our friends over at Yubico. Apparently Rob, Yubico's hard working robot, has been working flat out to create something special for customers for the holiday season. He has made a pack of 5 Black and 5 White YubiKeys, ideal as holiday season presents for special people.

You can receive 10 Yubikeys for just $99. That is an AWESOME deal, and something you should consider if you have users that want to use AuthAnvil SoftTokens on Yubikeys.

The offer is valid until 31 December 2011, but if you want to be sure of delivery before Christmas please order no later than 5 December.

Many thanks to our friends at Yubico for being so generous by giving out such a great gift. I'm sure all AuthAnvil customers that have considered the hybrid solution will thank you!

Posted at 03:37 PM in In the Trenches | | Comments (0) | TrackBack (0)

| |

November 04, 2011

Installing the AuthAnvil Credential Provider on Windows 8 (Developer Preview)

With the release of the Windows Developer Preview in September, many developers and IT pros were given their first taste of Windows 8. It uses the familiar credential provider framework to handle logons, adding a couple of new options, namely PIN mode, Picture Password Mode and Windows Live Authentication, as well as a pretty new lock screen. Since it’s a new take on an existing technology, people have been asking us if the AuthAnvil Credential Provider will work with Windows 8. The answer? It’ll work, but there are a couple of gotchas in the installation process, and it is not a one of our officially supported platforms yet, so install at your own risk.

That being said, here’s what you need to know.

First, the Gotchas for this process are the following:

  • The Credential Provider does not support PIN and Picture Password Modes. Password mode works properly, and if you log on using a Windows Live credential, you can log on, but you will need to log on using the username that you initially created your account with.
  • Cached Credentials work as long as you remember to log on a DOMAIN\Username or MACHINENAME\Username, rather than .\Username. If you log on as .\Username, the Credential Provider will not store the cached credentials properly.
  • The Microsoft .NET Framework 3.5.1 feature must be enabled before you install the Credential Provider, otherwise the Override and Uninstall passwords will not be set. You can do this in Classic Desktop > Control Panel > Programs and Features > Turn Windows features on or off, and enable the Microsoft .NET Framework 3.5.1 feature. You do not have to enable any of the sub-features.

Aside from those, the install process for the Credential Provider on the Developer Preview is the same as on previous versions of Windows. Don’t forget to enable safe mode in case you get in trouble.

And the end result. Have fun!

image

Posted at 08:00 AM in Tips & Tricks | | Comments (0) | TrackBack (0)

| |

November 01, 2011

Crack the Cred - Episode 103: Bypassing iPad PIN lock

Find yourself with staff around the office with iPads connected to some of the most sensitive resources? Have you thought about how these become conduits to information disclosure if not properly handled and safeguarded?

In this episode of Crack the Cred, we look at how easy it is to bypass the iPad PIN lock screen on a device protected with Microsoft EAS security policies in an effort to gain access to the information presented in the last running application on the tablet.

If you cannot see the embedded video above, please visit www.crackthecred.tv to watch this, and all other episodes. You can also follow the conversation there via Facebook and Twitter and leave your own thoughts and comments.

Let us know what you think!

Posted at 10:37 AM in Crack the Cred | | Comments (2) | TrackBack (0)

| |

October 24, 2011

Crack the Cred - Episode 102: Getting around iLo passwords

Find yourself in front of a sweet HP server and don't know the password to log into iLo to get some work done? No problem. Watch today's episode of Crack the Cred to see how to do just that.

If you cannot see the embedded video above, please visit www.crackthecred.tv to watch this, and all other episodes. You can also follow the conversation there via Facebook and Twitter and leave your own thoughts and comments.

Let us know what you think!

Posted at 02:24 PM in Crack the Cred | | Comments (0) | TrackBack (0)

| |

October 14, 2011

Beyond the Data - Episode 103: File Access Auditing

Every wonder who may be accessing sensitive files on your servers and workstations? Haven't figured out how to track who is updating the most critical files in the offices you may have to manage? Well, this episode of Beyond the Data is for you.

If you cannot see the embedded video above, please visit beyondthedata.tv to watch this, and all other episodes. You can also follow the conversation there via Facebook and Twitter and leave your own thoughts and comments.

Let us know what you think!

Posted at 11:26 AM in Beyond the Data | | Comments (0) | TrackBack (0)

| |

Next »
Visit Our Company Website
Subscribe to this blog's feed

Categories

Archives

More...

Become a Fan

Connect With Us