Wednesday, April 16, 2014

Heartbleed: What You Need To Do

Most of us have heard the news about the "Heartbleed" vulnerability, which possibly allows hackers to retrieve your login password or other personal information from many popular web sites. So what's it all about?

"Heartbleed" refers to a vulnerability in an encryption library that's used by many different web servers. The library is called "OpenSSL," and it's what's used to make online commerce, banking and other activities secure. OpenSSL is not the only encryption library available, but it's one of the most popular.

Wednesday, February 26, 2014

SSL Vulnerability Closed in OS X Update

Apple released Security Update 2014-001 yesterday, which closes the vulnerability discussed in my last post. Mountain Lion and Mavericks users should install this update ASAP. Note, if you are a Mountain Lion user and do not wish to update to Mavericks at this time (completely understandable, but fixable), then do not install the OS X 10.9.2 update. Select just the Software Update that includes Security Update 2014-001 as shown in the screenshot below.


OSX Software Update

The vulnerability allows your secure traffic to services such as iCloud, Gmail, and others to be intercepted. For specific details of this vulnerability, please consult the excellent writeups in ArsTechnica, The Safe Mac and Threatpost. If you haven't updated your iPhone or iPad to iOS 7.0.6, please do so now to fix the same vulnerability in iOS.

Monday, February 24, 2014

Public Service Announcement for iOS and OS X users

On Friday, Apple released version 7.0.6 for iOS (iPhone / iPad) users. Go to Settings on your iOS device and install this update now.

What's the deal? A very serious vulnerability that exposes the secure communication link between your device and any services that you use (Gmail, Facebook, Dropbox, online banking, etc).

The exploit package is already being circulated on the Internet. This vulnerability affects not only iOS, but also OS X. Apple has not patched OS X yet, so stay tuned here. I'll post when Apple releases the update for your Mac.

If you'd like to read the technical details of this vulnerability, read this and this. But first, please update your devices!

Tuesday, July 9, 2013

Cloud for Small Business - Hot or Not? Redux (UPDATE 2/24/14)

Google Apps. Microsoft Office 365. What are they and why do we care?

Interesting questions. What does every modern office need? A productivity suite to create and edit documents, spreadsheets and presentations. A messaging system, for sending email and enabling chat. A calendaring system, to facilitate time management and shared scheduling. A collaboration system, to corral projects, tasks, data and team members.

The classic solutions consists of the Microsoft Office productivity suite, Exchange Server for email and calendaring, and Sharepoint Server for collaboration. Why would we consider anything else?

Thursday, April 4, 2013

"Badges? We don't need no steenking badges!"

All too often I've encountered a certain type of person in an enterprise, business or personal setting who questions the need for a secure network environment. Actually the word "questions" is too weak; this type of person actively opposes network security measures. And very often they're in a decision-making position for their organization. One otherwise intelligent manager that I once worked with recommended that we discontinue our enterprise antivirus and disconnect our firewalls.

What reasons are given for their opposition? "Security is too inconvenient." "We don't have anything a hacker would want." "Security is a waste of money." "I use (a Mac / Linux / Microsoft Security Essentials) and I'm not vulnerable." Despite all evidence to the contrary, such persons throw up obstacles to even the most basic of security measures. How does one deal with such deliberate, even prideful, ignorance?