This week, a doozy of  a security risk was revealed concerning the way data is encrypted between computers and web servers on the Internet.

It's called Heartbleed and you may have heard of it by now. 

If you are a client of mine - and as it is my obligation as your technical administrator - I wanted to take a minute to address my services and your exposure to this vulnerability.

Microsoft Windows Terminal Services

If you receive terminal service/remote desktop solutions from me, your services are ran on Microsoft Windows 2008 R2 servers.  Inasmuch, Microsoft has confirmed that their platforms are not affected by the Heartbleed vulnerability so your site and its data and your communications between them are not subject to this risk.

http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx

Google Apps

If I manage your Google Apps environment, as of Thursday April 10, 2014, Google confirmed that they've patched all of their servers for their major services, so your mail, contacts, calendars, and so on - stuff I manage for you under Google Apps - are also secure:

http://www.engadget.com/2014/04/09/google-heartbleed-patch-info/

Online Backup

If you receive an online backup product from me, I've received a verbal confirmation from the vendor that their solutions are not subject to this vulnerability.

VOIP Phone Solutions

If you receive your VOIP solutions from me, I've received verbal confirmation from the vendor that their solutions are not subject to this vulnerability.

Third Party Website Hosts and Operators

You need only be concerned about this vulnerability if your website conducts any form of secure transaction, such as logins, taking payments, or processing orders.

If your website just serves-up webpages with information, you are not affected by Heartbleed. If your website takes in any information securely, it is likely subject to this vulnerability.

If your website or email service or backup service is hosted by a third party, it is their responsibility to patch their servers and advise you of their status. I recommend you contact them immediately for a status.

Third Party Cloud-Based Services

Nearly all websites are affected by the Heartbleed vulnerability including popular brands like Netflix, Dropbox, Twitter, Facebook, large banking institutions, and the like. The situation right now is rather fluid and broad but I'd recommend the following approach:

1. Take an inventory of the 3rd party websites that are related to your business and that you frequent; ie, your financial institution, online business software, file sharing software, and so on.

 

2. Visit their websites or blogs for the latest update/information about their vulnerability to Heartbleed.

 

3. Following their confirmation that their vulnerability has been addressed, you would want to change your password with that service at the earliest opportunity.

Android Phones

Finally, Google has confirmed that some versions of the Android (Droid) operating system are exposed to this vulnerability. The models and versions vary. Those who run Android/Droid operating systems on their phones will want to apply updates throughout the weekend or discuss this matter with their cell phone carrier/provider. To test whether or not your Android phone is vulnerable, you may wish to try this solution.

If you have any questions or concerns, please feel free to contact me.

R

The other day I was helping a client with an HP Officejet 8600. The printer was connecting fine to the wireless network with either a dynamic or static IP assignment. I could ping it, browse to it, and even change settings through the web console. A-okay.

Then, after just two or three minutes, it completely disconnected from the network. I couldn't ping it or browse to it. The system state LED still read that it was connected and nothing had changed in the unit's config.

Crazy-making.

It took me some time to narrow down the possibilities. What it turned out to be is the 5ghz wireless signal coming from the wireless router. The 8600 uses a 2.4ghz wireless frequency. When I disabled the radio on the router for the 5ghz network, and exclusively offered the 2.4ghz network, and cycled the power on the router, the machine stayed on the network. 

Of course, this action would prevent the higher-speed network from working. Bummer-drag. But it did get the unit online and satisfy the client. I guess that's what matters.

R

A client of mine has undergone amazing growth. Just four years ago, they started with just two employees. Today, they're almost up to twenty-five.

With all that rapid growth, they had to make purchases without talking to their IT consultant. They picked up cheap computers from retail stores in order to satisfy their immediate needs. 

What they ended up purchasing were under-powered machines that were made for non-commercial consumers with low-grade operating systems, sub-standard parts with short warranty cycles, loads of software they didn't need, and mis-matched productivity software. They also weren't purchasing their software in volume licenses increasing their licensing management and paying premium for software.

Well, last week, they had grown to a point where they needed a server to host local applications. Unfortunately, very few of their PC's have professional licensing that would instantly interact with the server. They made their IT expenses based on the needs of yesterday and not their future. Now, they're in a position where much of this equipment will need to be replaced.

Learn from their costly lesson, friend. Talk to your friendly neighborhood IT consultant. Don't recklessly spend simply for today's benefit. Be prudent. Manage your purchases. Create a strategy. Plan for meeting today's requirements and tomorrow's anticipated needs. 

R