×
[searchandfilter taxonomies="search"]
Home / Blog / Lessons from the Code Spaces DDoS

Lessons from the Code Spaces DDoS

By Greg Wendt • June 27, 2014

Last week the website Code Spaces was attacked by a distributed denial of service attack (DDoS). This is a pretty normal occurrence that gets handled by systems and normal access is back soon. What makes the Code Spaces attack interesting is that a person had gained access to the EC2 control panel for the company and wanted a ransom to stop the attack.

There are numerous details on the link above to find out what happened next.

What can be learned from an attack like this?
DDoS attacks are still active and happen frequently. Evernote was hit earlier this month with the attack causing at least four hours of outages. A video game company’s website was hit this week as well with traffic peaking at 110 gigabytes per second. Estimates are that DDoS attacks will be in the range of terabit sized attacks in the near future.

Many organizations believe that everything is safe in the cloud. Basic functions are handed off to the cloud vendor who must prioritize clients: entrusting backups, restores, disaster recovery. Best practices dictate that your organization’s business continuity plans takes these risks and assumptions into consideration. Anytime you give up those controls, risk is added into the equation.

Another risk in moving mission critical functions to the cloud is Internet connectivity and lack of access to production systems if Internet is down.

We recommend:

  • Testing backups to ensure restores work and expectations are met.
  • Implement business continuity planning and determine how cloud providers play into those plans– test your disasters, be prepared.
  • Determine connectivity issue frequency – build contingency plans to reach the cloud during outages.

Related Articles.

An overview of China's newly enacted data security law that increases the comprehensive legal framework for companies doing business in or with China
Unpacking China’s New Data Security Law and Privacy Legal Framework
If you’re a multinational enterprise (MNE) that does business in or with China, you’re likely aware of the Data Security…...
September 9, 2021
Learn More
Access Governance is Critical for Preventing Phishing Attacks
Access Governance is Critical for Preventing Phishing Attacks
The news is flooded with stories about cybercriminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19…...
May 18, 2020
Learn More
December is Prime “ERP Data Breach” Season… Be Prepared!
Establishing security best practices for your PeopleSoft applications is always a work in progress. As newer, more advanced threats come…...
November 28, 2018
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Another day another phishing attack

Another day another phishing attack

By Greg Wendt • June 24, 2014

A single compromised website hosted 862 PHP scripts. Think about that for a minute – 1 server, with 862 scripts. These scripts targeted banking, webmail, PhotoBucket and many online dating sites. The attackers utilized the dating sites to eventually request money from the users. The time and energy invested in this attack is stunning. More information on the attack here.

From a PeopleSoft customer perspective, phishing attacks can be a daily event. Sophistication and success of these attacks varies greatly. End user training and support only goes so far in defense of the organization. Costs of remediation continue to soar. All it takes is one slip – one click – one password.

Compromised ERP solutions cost organizations time, money and lost credibility with constituents.

Is your organization going to continue to risk all of that on a single user id and password?

The attackers have all the time in the world, but you do not… The time is now for implementing Two-Factor Authentication (2FA) to help mitigate these attacks.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / $20 million in data breach costs vs. Licensing ERP Firewall……do the math

$20 million in data breach costs vs. Licensing ERP Firewall……do the math

By Chris Heller • May 21, 2014

Costs associated with the Maricopa County Community College District (MCCCD) data breach that occurred in April 2013 continue to rise and have nearly reached the $20 million mark.

http://bit.ly/1mYb24t

Higher education institutions store the same sensitive data as do banks – SSN; DOB; Address; Bank account/Direct Deposit.

Higher education institutions almost by definition have open networks.

The bad guys have figured that out and are launching full scale attacks on PeopleSoft higher ed customers.

Do the math…..license ERP Firewall for a fraction of data breach costs.

Related Articles.

December is Prime “ERP Data Breach” Season… Be Prepared!
Establishing security best practices for your PeopleSoft applications is always a work in progress. As newer, more advanced threats come…...
November 28, 2018
Learn More
University of Waterloo
University of Waterloo relaunches direct deposit self-service functionality for employees
Direct deposit is a given for most of us. Until it doesn't work. I definitely remember the days of getting…...
August 11, 2017
Learn More
Why the 2017 Anthem Healthcare breach matters to PeopleSoft customers
A GreyHeller customer – one of the largest financial services firms in the US – licensed and implemented our ERP…...
August 6, 2017
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Compiling PeopleCode

Compiling PeopleCode

By Chris Heller • February 13, 2014

One of the very useful features in Application Designer is the ability to compile the PeopleCode for a project.  You can select Tools -> Compile Project PeopleCode from the Application Designer menu to do so.  This is particularly useful for larger projects or when you are validating a project that has just been imported into an environment for the first time.  If, for example,  someone forgot to include all of the needed PeopleCode for things to work (maybe forgetting to include a needed application package in the project definition),  then compiling the project and finding out about the problem immediately is better than hearing about later when a runtime error happens.

I prefer to do the Compile Project PeopleCode as a first step,  before running the project validation (in the App Designer menu, Tools -> Validate Project) because the project validation stops at the first error while the compile PeopleCode will try to compile everything in the project and report on what it found.

Some enhancements in this area that we’d love to see:

  • A way to have this compilation happen automatically when a project is imported.  Either an option to do this on each project import or a general configuration setting indicating that it should always be performed.
  • Some filtering mechanism to not show all of the PeopleCode programs that successfully compile.  This is particularly annoying on larger projects because you have to wade through a lot of output in order to find and resolve any errors.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / How to Prevent Student Grade Hacking in PeopleSoft

How to Prevent Student Grade Hacking in PeopleSoft

By Chris Heller • June 17, 2013

Larry just posted a YouTube video that describes how our ERP Firewall product’s 2-Factor Authentication feature can help prevent students from hacking into PeopleSoft Campus Solutions and changing grades. The video contains specifics on how 2-Factor Authentication works.

Larry created the YouTube video based on what was reported recently at Purdue University where students are facing felony charges for hacking into secure systems and changing grades (we don’t know whether the Purdue incident involved PeopleSoft).

Apparently, hacking to change grades is not uncommon:

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Chicago Office Opens

Chicago Office Opens

By Chris Heller • May 26, 2011

Chicago office opens

Well, we just couldn’t stay put in the San Francisco East Bay. Based on 2010 growth, and a great first half of 2011, we’ve opened an office in downtown Chicago. We plan to use Chicago as the access point to our Midwest and East Coast customers. And we’re hiring key technical resources…..so if you happen to know anyone who’s a strong PeopleSoft architect and lives in the greater Chicago area, please let us know. The new office address is 200 S. Wacker Drive, 15th Floor – directly across the street from the Willis (Sears) Tower.

Labels: chicago, hiring, new office, peoplesoft architect

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / PS/nVision is not configured properly on this workstation

PS/nVision is not configured properly on this workstation

By Chris Heller • March 21, 2011

Today, I was helping a customer configure our Desktop Single Signon product for use with nVision. Because this was a brand-new machine where nVision had never been run, he kept encountering the error PS/nVision is not configured properly on this workstation.

He was amazed when I gave him the solution: drop into a windows command shell and type

PSNVS.EXE /register

Magically, nVision started to work.

Huh? Why?

The error message is generated from the code that uses COM to initiate a conversation between Excel and the PeopleTools bindaries. You see, because nVision is part Excel and part PeopleTools, there’s a delicate dance that has to occur at startup between the two. COM facilitates the communications between the two.

Sometimes if the COM objects aren’t initialized properly (they’re supposed to do this as part of running workstation configuration… PSCFG.EXE, but sometimes it doesn’t work, especially when importing the settings from a file). Running nVision with the /register flag will force this to occur (if you want to unregister the COM objects, you type PSNVS.EXE /unregister).

Labels: excel, nVision

Related Articles.

Reporting against multiple Setids in PeopleSoft
This is another of those posts that I had intended to get completed a while ago, but ended up getting…...
April 9, 2008
Learn More
Baby steps with Reporting against PeopleSoft
So, you know that there’s opportunities for improving your end-users’ ability to get meaningful information out of PeopleSoft, but it…...
March 13, 2008
Learn More
Drilling Deeper into PeopleSoft Pages
For those who are familiar with our demo and posting that discusses how to drill from a report into a…...
September 21, 2007
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Introducing Automatic URL Shortening for your PeopleSoft URLs (automatic bit.ly or TinyURL for PeopleSoft)

Introducing Automatic URL Shortening for your PeopleSoft URLs (automatic bit.ly or TinyURL for PeopleSoft)

By Chris Heller • October 13, 2010
Did you know that the average PeopleSoft URL is over 100 characters long and is completely nonsensical to the average PeopleSoft user? Long PeopleSoft URLs cause confusion, make it more difficult for users to access the pages they need, limit your ability to use PeopleSoft with collaboration tools, and generally increase your cost of operating PeopleSoft. Grey Sparling has provided a very simple solution to this problem without adding additional administrative effort, without requiring you to register each individual internal PeopleSoft address to public services (causing security risks), and without adding additional infrastructure to your PeopleSoft Environment. Here’s what it does A standard PeopleSoft URL to the portal homepage is as follows: http://example.com/psp/hcm91dev/EMPLOYEE/HRMS/h/?tab=DEFAULT Here is what the same URL would be with the Grey Sparling’s PeopleSoft URL Shortener: http://example.com/ A URL directly into an Employee Self Service page may look as follows: http://example.com/psp/hcm91dev/EMPLOYEE/HRMS/c/ROLE_EMPLOYEE.TL_MSS_EE_SRCH_PRD.GBL The shortened URL would be: http://example.com/c/tl_mss_ee_srch_prd Finally, a PeopleSoft URL to an iScript to turn on tracing may look as follows: http://example.com/psp/hcm91dev/EMPLOYEE/HRMS/s/WEBLIB_GS_TRACE.SET_TRACE.FieldFormula.IScript_SQLTraceBasic would convert to We also allow you to use lowercase characters to increase readability and reduce the potential for data entry error. This works automatically across your entire PeopleSoft system. In the case of PeopleSoft HCM 9.1, for example, that’s approximately 10,000+ URLs that instantly go from from so-ugly-they-terrify-people to nice enough that you can post them publicly without people making fun of you 🙂 It even automatically understands any custom bolt-ons that you have added (or will add) to your PeopleSoft environment. Availability and Pricing This product will be available within the next couple of weeks. It is priced at $7,500, but we will be discounting it to $5,000 for organizations who purchase it by December 15, 2010. If you would like to get more information, feel free to contact us.

Related Articles.

Increasing System Availability with PeopleSoft
System Availability. This is a very important topic, that has received a lot of attention, especially in the area of…...
July 24, 2009
Learn More
Version Control for PeopleSoft demo
  In the past few weeks, we've had a lot of interest in our new Version Control for PeopleSoft product.…...
March 10, 2009
Learn More
Fixing PeopleSoft Workflow Email Notifications
Workflow History When workflow was first added to PeopleSoft 5 back in 1995, the mantra was the three Rs: Rules,…...
February 7, 2009
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Advanced PeopleSoft Security Audit – OpenWorld 2010

Advanced PeopleSoft Security Audit – OpenWorld 2010

By Chris Heller • September 20, 2010

David Pigman of SpearMC consulting presented Advanced PeopleSoft Security Audit.

Most of the presentation consisted of walking through slides of the PeopleTools security table structures, along with some discussions of things to watch out for. Some examples included key field names that are different between tables (which means Query won’t autojoin), decoding the ACTIONS field (which is a bitfield) into meaningful data, and understanding that PeopleTools like Data Mover, Application Designer, etc actually get secured by menu names (eg DATA_MOVER) that don’t actually exist as menu definitions, but are hard-coded in the PeopleTools internal code.

The presentation was good (although I don’t think that I would call it advanced audit). A little more demo vs slides would be nice as well. A number of the queries that David did show (either in ppt or in an environment) are available with the presentation to be downloaded later.

They also have a product offering with additional queries that a security auditor might find useful. Towards the end of the presentation David showed a few of these in a live environment.

Labels: 2010, OpenWorld, Oracle

Related Articles.

December is Prime “ERP Data Breach” Season… Be Prepared!
Establishing security best practices for your PeopleSoft applications is always a work in progress. As newer, more advanced threats come…...
November 28, 2018
Learn More
Best Practices for Approaching Oracle Cloud Applications – March 29th Gartner Report
Gartner recently released a report addressing the speculations around Oracle’s on-premise and cloud ERP applications. Focusing on Oracle ERP customers'…...
May 8, 2018
Learn More
Adopting Cloud: Fact or Myth – “Hybrid as a Best Practice”
Stop me if you’ve heard this one... “Do you want to get the most from your ERP? Then you must…...
September 6, 2017
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

  1. Pages:
  3. 1
  4. ...
  5. 24
  6. 25
  7. 26
  8. 27
  9. 28
  10. 29
  11. 30
  12. 31
  13. 32
  14. 33
  15. 34
Request a Demo

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands