HPE issues fix to stop some SSDs from self‑destructing – 10 minute mail

If left unpatched, a firmware flaw in some enterprise-class solid-state drives could make data on them unrecoverable as early as this fall

Hewlett Packard Enterprise (HPE) has warned its customers about a bug in the firmware of some of its SAS solid‑state drives (SSDs) that will render the drives dead once they reach exactly 40,000 hours of operation.

In other words, from the time these SSDs are installed and start running, their operation time is exactly 4 years, 206 days, and 16 hours. The affected hardware is used in servers and storage systems.

The good news is that HPE has released a critical firmware upgrade to rectify the issue. Based on the dates that the company started to ship these drives, the drives should not start failing until October 2020 at the earliest. While this should give customers enough time to install the upgrade, the company advises to do so immediately.

“After the SSD failure occurs, neither the SSD nor the data can be recovered,” said HPE and added that it was alerted to the flaw by another SSD manufacturer.

The company noted that other SSD models that were put into service at the same time could also be affected and it was possible they would fail nearly simultaneously. It also stated that the bug isn’t unique to HPE and could affect all customers that have bought these drives.

The bug affects SSDs that are running a firmware version prior to HPD7. These drives are usually deployed in HPE server and storage products, such as HPE ProLiant, Synergy, Apollo 4200, Synergy Storage Modules, D3000 Storage Enclosure, and StoreEasy 1000 Storage. The disk’s total power-on time can be checked using the Smart Storage Administrator. The full list of the impacted products is available in HPE’s advisory.

HPE released an update for a similar problem last year, when it announced that another firmware bug would cause a number of its SSDs to fail at 32,768 hours of operation.

Although glitches like these do not occur regularly, they bolster the case for why everybody, not just businesses, should back up their data – and do so regularly. So, if you haven’t done this in a while, or never, the time to start is now. If you’re not entirely sure how to go about it, you can also check out our article on various types of backups and the mistakes you should avoid while you’re doing it.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Have you backed up your smartphone lately? – 10 minute mail

With World Backup Day upon us, we walk you through the ways to back up your iPhone or Android phone so that your personal data remains safe

In your pocket, you carry a supercomputer that outperforms all the tech that landed Aldrin and Armstrong on the moon. Although you may have heard this claim before, it probably never really resonated with you. Now, if we rephrase that to “you carry a device in your pocket that stores almost every aspect of your life, from memories in the form of photographs to personal notes, reminders, passwords and all kinds of sensitive data”, suddenly it feels a bit more personal.

What if your phone gets locked up by a ransomware attack, stolen, bricked or even destroyed? Would you lose everything on it, or do you back it up regularly?

If you don’t back up your phone regularly, then you should start right now. And since we are celebrating World Backup Day today, we’re going to walk you through the ways to do it on both iOS- and Android-powered devices.

Backing up your iOS device

When backing up your iPhone, or any other device running iOS, you have two main options to choose from. The first option is storing a backup of your device on your computer or on removable storage connected to it. If you are running macOS Mojave or an earlier version or Windows, the process is the same and uses iTunes. First of all, you’ll have to install Apple’s iTunes software onto your computer, since you will not be able to manage your device without it (Macs have it installed by default). If you’re running macOS Catalina, then instead of iTunes you’ll find the option in the Finder.

To start the process, connect your device to your computer, using the lightning cable you usually use to charge your device.

You will get a prompt to unlock your device, using your preferred method (FaceID, TouchID, code). You may also be prompted to choose to Trust This Computer so your device can sync with it without a problem.

You then click on your device in iTunes or in Finder depending on your operating system and proceed with the whole process. For an extra layer of security, you can choose to encrypt the backup that will be locally stored on your computer. Now just click on the Back Up Now button and you’re set to go. While you’re at it you can also choose to back up your most important data to your iCloud.

This leads us to the other available option, and that is backing up your iPhone to your iCloud straight from your device. Go to the settings on your device and tap on your name and then tap on the iCloud button. Now toggle the iCloud Backup button to turn it on and then press the Back Up Now option.

While backing up you should be connected to a trusted Wi-Fi network. You can set up your iPhone to automatically back up your device to iCloud when you’re connected to a Wi-Fi network. Depending on the storage space that you have on your iCloud, with the default being 5GB, you can also toggle the apps that store data on it.

For example, photos can be quite taxing since, depending on their quality, their size can range from approximately 1 MB to 10 MB, or even 100 MB if we’re talking about videos. So, you might need either to expand your storage or alternatively to move the media files to another repository.

RELATED READING: Types of backup and five backup mistakes to avoid

Backing up your Android device

Now, Androids are a different beast in that you don’t really need any software suite installed on your computer to manage your Android device or its storage. To back up your photos and media onto your computer, all you have to do is plug it into your computer using a USB cable.

The phone will then ask you if you will allow your computer to access your phone data, which you will agree to. Your phone will then appear in your File Explorer (Windows) or Finder (macOS) and you can browse through the files on your device and copy them or drag and drop them into the folder of your choice.

To put it in simple terms: your Android device basically functions as an external storage device such as a USB or an external drive. Although it’s worth mentioning that some manufacturers do have software, such as Samsung’s DeX, but you don’t necessarily have to use it.

As with iOS devices though, there is another option – you can back up your data to the cloud. Backup options here vary from brand to brand, with many offering their own take on how to store your data; to make this a bit simpler, we’re going to stick to Google’s version since it should be available across most Android devices.

The most straightforward route is going to the settings, then scrolling down until you find Google Settings. Once you’ve tapped on that button, it should redirect you to the Google Settings menu, where you’ll find the Backup option (which may have slightly different names on different versions of the OS).

You can toggle the Backup option on and then press the Back up now button, which will back up your data to Google Drive. There’s also a separate option to back up your photos and videos to the Google Photo app.

And always remember…

Regardless of which kind of device you have, the best practice is to have multiple backups of your data so that in case you lose your phone or one of your backups gets corrupted, you’ll have an extra one to fall back on. Never underestimate the value of planning ahead, since it can save you from a migraine later on.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

HPE issues fix to stop some SSDs from self‑destructing – 10 minute mail

If left unpatched, a firmware flaw in some enterprise-class solid-state drives could make data on them unrecoverable as early as this fall

Hewlett Packard Enterprise (HPE) has warned its customers about a bug in the firmware of some of its SAS solid‑state drives (SSDs) that will render the drives dead once they reach exactly 40,000 hours of operation.

In other words, from the time these SSDs are installed and start running, their operation time is exactly 4 years, 206 days, and 16 hours. The affected hardware is used in servers and storage systems.

The good news is that HPE has released a critical firmware upgrade to rectify the issue. Based on the dates that the company started to ship these drives, the drives should not start failing until October 2020 at the earliest. While this should give customers enough time to install the upgrade, the company advises to do so immediately.

“After the SSD failure occurs, neither the SSD nor the data can be recovered,” said HPE and added that it was alerted to the flaw by another SSD manufacturer.

The company noted that other SSD models that were put into service at the same time could also be affected and it was possible they would fail nearly simultaneously. It also stated that the bug isn’t unique to HPE and could affect all customers that have bought these drives.

The bug affects SSDs that are running a firmware version prior to HPD7. These drives are usually deployed in HPE server and storage products, such as HPE ProLiant, Synergy, Apollo 4200, Synergy Storage Modules, D3000 Storage Enclosure, and StoreEasy 1000 Storage. The disk’s total power-on time can be checked using the Smart Storage Administrator. The full list of the impacted products is available in HPE’s advisory.

HPE released an update for a similar problem last year, when it announced that another firmware bug would cause a number of its SSDs to fail at 32,768 hours of operation.

Although glitches like these do not occur regularly, they bolster the case for why everybody, not just businesses, should back up their data – and do so regularly. So, if you haven’t done this in a while, or never, the time to start is now. If you’re not entirely sure how to go about it, you can also check out our article on various types of backups and the mistakes you should avoid while you’re doing it.



Amer Owaida


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

General Data Protection Regulation: What It Means For Your Business – 10 minute mail

Coming into effect in May 2018, the General Data Protection Regulation will give EU data protection legislation a much-needed update and simplify data protection routines for businesses operating in the EU. For some companies, preparing for GDPR compliance entails a review of security practices, while others need to completely realign their focus and begin by putting security first. In this blog post, we explain what the GDPR means for your business and how Disposable mail can help you start working with security.

General Data Protection Regulation: What It Means For Your Business

Legislation for a digital world

Unlike tech innovation, the wheels of legislation move slowly. The current Data Protection Directive that will be replaced by the GDPR came into force all the way back in 1995 – that’s right, the year Windows 95 was brand new and the movie Hackers (Disposable mail team’s all-time favourite) was released. Although the Data Protection Directive was updated with an amendment in 2003, it could not keep up with the developments in the tech world. To the delight of journalists and the horror of courts throughout Europe, there was a growing number of disputes that existing legislation simply couldn’t handle. One particularly well-known example is the Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González case from 2010, when a Spanish citizen requested that Google remove his personal data. Legal issues in a digital world clearly needed laws drafted with modern technology in mind.

Enter the GDPR, developed to bring EU legislation up to date with the increasing digitalisation of data. Introducing novelties like the right to be forgotten and Data Protection Officers, the regulation will unify data protection practices in EU member states and establish a greater focus on security and privacy.

Adopted by the European Parliament in April 2016, the new legislation will come into force on the 25th of May, 2018. Sofia Gunnarsson, founding partner of Sharp Cookie Advisors, a Swedish law firm specialising in tech law, says: “This regulation is already law and is valid, in contrast to a directive that requires national implementation processes in order to take effect. The EU legislation on data protection is set. There is, however, some room for interpretation that is left by the legislator to the national supervisory authority, but I do not expect to see national variations. We can expect to receive complementary guidelines for interpretation from the EU as we come closer to 2018.”

What does it mean for businesses?

One of the leading principles behind the GDPR is to protect European citizens’ rights by keeping their personal data safe, but what about businesses? Regardless of the sector, a unified data protection regulation offers a streamlined way of working with data throughout the EU, but it also brings a whole new set of challenges. Companies need to evaluate their data processing and security practices to ensure they comply with the GDPR when it comes into effect. For those who have been working with security on a daily basis, this will require some additional work to ensure appropriate measures are in place, which might mean restructuring their existing security workflow and perhaps adding to it. However, for companies that have never prioritised security before, the next two years could prove nothing short of stressful as failure to comply with the regulation can result in considerable fines.

While preparing for compliance can be overwhelming, Sofia Gunnarsson emphasises staying focused: “From my work as a data protection specialist advising data-driven companies, the greatest challenge is, and has been, to think small. By thinking small, I mean to clarify a unified management led strategy in your company on privacy and privacy engineering while focusing on very specific issues.”

The GDPR outlines a range of measures companies working with data ought to adopt and many of these measures are, in fact, best practices that do not only help protect businesses from non-compliance fines, but also improve their overall web security. Hopefully, the new legislation will encourage more companies to take a step towards a safer internet and make security a priority by incorporating security best practices.

“Under the GDPR, the company will be required to demonstrate its compliance, which can be met with certain internal processes such as maintaining a register of data processing, to have a process to delete all data, ensure data portability and information security, and report data breaches. Many companies will also be required to appoint a data protection officer, a professional within data protection that acts as an advisor and performs data protection audits on behalf of the company,” explains Sofia Gunnarsson.

“The first question every organisation should ask themselves is – do we keep records on each processing of data we perform? A register is a basic tool to keep track of what personal data your organisation collects, process, share, store, delete etc. You use this one register to assess where in the organisation you should focus any further analysis and compliance activities.”

Security breach notification

The GDPR introduces a new security breach notification framework for all organisations working with data, including third-party data centres. The framework aims to make data controllers and processors accountable for data privacy breaches and is one of the bigger changes this legislation brings. To protect data, companies are required to implement “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.” (Regulation (EU) 2016/679) However, even preventive measures do not guarantee perfect security as attackers are constantly developing new ways to access sensitive information.

In case of a security breach that puts personal data at risk, authorities need to be notified within 72 hours. The affected company has to provide detailed documentation informing the authorities about the nature of the breach, a risk assessment, and an account of the steps taken to resolve the situation. If the data that has been exposed is highly sensitive, the organisation also needs to communicate the breach to all data subjects affected.

To prepare for compliance from a system level, Sofia Gunnarsson advises to “begin with the critical IT-systems, regarding system sensitivity, prone to cyber-attacks, geographic location, third party dependent. If you’d rather start your sensitivity analysis from the categories of data – which different categories of data and personal data do our systems use, which types of data are needed, any sensitive data.”

Data protection by design and default

Alongside the obligation to report breaches, companies also need to be able to show that they are constantly working with data protection principles and incorporating “data protection by design” into their routines. This makes it necessary for companies to implement: “appropriate technical and organisational measures /…/ which are designed to implement data-protection principles /…/ in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.” (Regulation (EU) 2016/679) Policies can range from regular security audits to up-to-date best practices and organisation-wide data protection education. In short, this is a way for organisations to illustrate their compliance with the GDPR in their everyday work.

Sofia Gunnarsson points out that companies will need to rethink why they work with data: “The principles of data minimization and privacy by default will mean that companies will be required to have a clear purpose of their use of data before collection. By contrast, it is not an uncommon practice to collect available data and let the business development and analytics later decide how to use such data. Given that many companies have a strategy to increasingly leverage end user data, the development of these new systems and processes have stakeholders across the organisation. As such, the area of data protection and security will require top management commitment and effort spanning much of the organisation.”

Enforcement

National data protection authorities will continue their work as supervisory authorities, supporting citizens, advising organisations, and investigating compliance. A few actions supervisory authorities have the power to take are issuing warnings, ordering organisations to notify data subjects of personal data breaches, imposing a ban on data processing, and imposing administrative fines. Fines can be as high as 10 000 000 EUR or up to 4% of the total worldwide annual turnover of the preceding financial year.

How Disposable mail can help you implement security measures

May 2018 might seem far away, but it is important to keep in mind that preparing for GDPR compliance could entail structural changes, educating the staff, and updating your entire way of working with data. What needs to be done depends on every organisation’s existing level of security measures, as well as the nature of the data that is being processed. Disposable mail can be a valuable piece of the data protection plan puzzle, helping you deploy safer code with automated security audits and encouraging an ongoing security dialogue. Our scanner is updated bi-weekly to keep up with the latest vulnerabilities and enable you to make your web application more secure.

We aim to educate developers about web security and give them the tools and knowledge to take security matters into their own hands. With our extensive knowledge base, detailed scan reports, newsletters, alerts, and regular blog posts, we wish to inspire companies to adopt a security-oriented way of thinking. Making your website safer doesn’t have to be complicated, intimidating, and costly, but it is a long-term team effort that requires an awareness of risks as well as remediation knowledge.

The GDPR is bringing great changes to the way businesses work with data protection and web security. Introducing a focus on security into your workflow with Disposable mail is just one of many parts of the compliance transition, but it can be a good place to start. There are plenty of companies and law firms that specialise in digital matters and can advise you on the GDPR to ensure your business complies with the new legislation.

Sofia Gunnarsson’s final piece of advice is not to lose sight of your business goals: “Do not forget to focus on the business while being compliant! Much of the available advice of the GDPR comes from compliance advisors, experts in many areas, but with a low interest of the sales side of your company. Embrace the opportunity to design your digital services and IT-systems with, e.g., the data protection legislation’s constraints (and opportunities) in mind. Too little has been told about the strategic value that the product owner and business development have over data compliance issues. At Sharp Cookie Advisors, we guide our clients to adopt a sales-focused strategy. In some cases, the strategy has led to the client’s decision to realign its product and service portfolio, creating new services or remarketing existing services with clearer purpose and expectations in relation to the end users.”

In the meantime, Disposable mail can help you get on the right track by prioritising security, so why not sign up for a free trial? We are ready to guide you towards a more secure website, one vulnerability at a time!

Read more

If you’d like to delve deeper into the legal text, check out the complete General Data Protection Regulation.

For more advice on working with security, read our CEO’s article on why security matters and learn how you can incorporate security into your daily routine in 7 steps.

There are several good guidelines of how to prepare for the GDPR, for example this one from the Swedish Data Protection Authority (in Swedish). To learn more about internal processes companies will need for GDPR compliance, read Sofia Gunnarsson’s article on the topic (in English).

If you have any questions, don’t hesitate to reach out at hello[at]detectify.com.


About Sofia Gunnarsson:

Founding Partner of law firm Sharp Cookie Advisors, Sofia Gunnarsson is an experienced lawyer in internet law, data protection, and international commercial law.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.