Thursday, March 27, 2014

SurveyGizmo - DOS Attack 2014


Dear SurveyGizmo User,

SurveyGizmo came back online a few minutes ago. We do have a few sub-systems that are still coming back online, like email invitations and some private domains, but we are still working to restore 100% functionality and the majority of our systems are up and running.  We're sorry for the prolonged outage over the last two days.  Thank you all for being so understanding.   I know this must have been difficult for you.

We are reporting the attack to the authorities; but quite honestly the nature of such cyber-attacks make it unlikely that the criminal will be found and prosecuted.  I doubt we will ever find out who did this, though it seems it was the same individual who attacked a number of services recently.

I know this email is a little long, but we've been so focused on a fix that we haven't given a complete explanation yet and we wanted to remedy that.

Here's what happened:

At 8:57AM MT yesterday, a denial of service attack began against SurveyGizmo's primary data center in Denver, Colorado.  At first the attack was intermittent, then it took our services completely offline.

At 9:30AM MT we received an email demanding money to stop a Denial of Service (DDOS) attack on our service.  I hope everyone understands why we would never consider paying or even replying to such a demand.   People like this should never be rewarded. Besides which, he wouldn't have stopped and it would have created further incentive for him to attack others.

We already had plans to implement a protection service called CloudFlare (  designed to protect against attacks like this.  We were planning downtime for it's implementation but the attacker beat us to it. 

It was difficult to restore service during the attack itself and it took us working with our service provider Viawest from the beginning until 12:30 MT today to complete the transition. 

The CloudFlare solution will help to mitigate and protect us against future attacks of this kind.  Viawest also added an additional service to the mix to make the solution even more effective and we can't thank them enough.

Just to reiterate my earlier email, this was a denial of service attack and not a security breach.  Your data is (and always was) safe and sound.

I'd also like to point out that, while Viawest and our team had communication issues through this process their team was very committed to getting us online and they were awesome about it.   I know we and the social media world have been rough on Viawest over the last 24 hours -- but they totally came through for us in the end. 

Although I feel you, our customers, are the greatest victims in all of this, let's not forget that Viawest was a victim of the DDOS attack too! We are incredibly grateful to their efforts in bringing us back online and are very sorry that they and their other customers suffered as well.  

I will follow up with another email this afternoon outlining our new defenses and architecture.

I know that many of you had surveys online over the last 24 hours that were critical to your business.  Again, please contact our support team if there is anything we can do to help you recover.  We will help in ANY way we can.  As I mentioned last night, I am happy to communicate with your customers on your behalf to apologize and take ownership of these issues.  It will take me a little while to get back to everyone -- but I will!

Friday, March 14, 2014

The Best Way to Share and Embed Marketing Videos

What's the best and latest way to share and embed marketing videos?  Vlogs, Sizzle Reels and Product Demo's need to be viewed on all browsers should try to keep control of the brand and message.

Check out these Video Delivery Services:

Flawless delivery, on every device, anywhere in the world.
HTML5 or Flash.
When you upload a video to Wistia, we automatically encode Flash and HTML5 versions at multiple resolutions.

Plays everywhere, every time
Consistent viewing experience in HTML5 and Flash, across mobile, tablet, and desktop
JW Player

Community for storing and distributing video content. Includes advanced privacy options, interaction for members with common interests, group projects and more.
Vimeo is video + you. We put your videos first and give you the best ways to share, discover, and be inspired. 

Dropbox Video Streaming
When you share a link to a video, the recipients will be able to stream up to 15 minutes of it on the preview page of the Dropbox website. To view a longer video in its entirety, they'll need to download the file or watch it using one of our mobile apps.

The 15-minute limit only applies to other people. You can stream your own videos in their entirety on the Dropbox website.