heartbleed-300Heartbleed Vulnerability

This is a very serious vulnerability. If you have not changed your passwords on the various websites that you visit, you should. A vulnerability in the OpenSSL library exposed the ability to obtain certain passwords, and possibly the certificate private key which would allow an attacker to obtain user names and passwords. Sites such as Amazon, Google and Facebook all had and patched this vulnerability.

A majority of the internet servers run with OpenSSL, so this is very large scale vulnerability. Whats even more concerning is the fact that this was not detected for over 2 years.

To test if a site is vulnerable, you can use this URL https://filippo.io/Heartbleed/.

If you are running Fortinet Products, version 5.0 of the code is vulnerable and you need to upgrade to 5.07 to fix the vulnerability. Certain Juniper and Cisco products also have the flaw.

You should also change VPN and Firewall passwords of any systems you manage that are exposed to the Internet. This will ensure you are protected.

evaluate-300Make Sure You Evaluate Before You Purchase a Technology

I have seen numerous people in my career have buyer’s remorse on a technology product that did not work as expected. They listened to a good pitch or trusted marketing material – that is never the way to purchase a product…

You should first establish some sort of testing criteria. This will allow you to create a baseline on which product performed the best. You should ask for at least 2 different references so you can discuss how the product is working.

I also like to look at how the company is doing financially. You do not want to purchase a product that will be dead or gone in a few years.

Total cost of ownership is also important. Make sure you understand how the maintenance contracts work and what your cost will be over 3-5 years. Sometimes the cheapest product for the initial purchase is not the cheapest in the long run.

Finally, I think support is important. I would call the technical support line to be sure that they are timely in their response and that you can get to them in a reasonable manner. You want to make sure you can get support if you need it.

Following these simple steps can help you avoid buyer’s remorse.

techTipOfTheMonth2

Do you think you are too small for a hacker to attack you? Think Again

According to a Symantec Survey, cyberattacks rose 300% in 2012. The reason? Most small businesses are attractive because they have weaker security systems in place. Small businesses are also flocking to cloud systems that do not incorporate strong encryption technology. This allows hackers to get easy access to sensitive data behind a door with nothing but a simple lock.

How can you prevent from being attacked? Make sure you patch your largest vulnerability – your people. Have them use strong passwords and teach them to look for sketchy emails. You should also invest in the best cloud security application you can afford.

iPad Mini GiveawayWin an iPad Mini

We at TBJ are looking to grow our business and we would like to enlist your help in finding clients who might benefit from our services. For any qualified leads that result in a meeting, you will be entered into a quarterly drawing to win an iPad Mini. Our best leads come from referrals and we would like to reward you.

If you know of someone that you network with that could benefit from our services, use the form below or email us at sales@tbjconsulting.com

If you have a referral, please Enter the Details Here

Technology Thoughts From a Teenage Perspective

Since I am a technology guy and my children have grown up around technology there entire life, I thought I would have my teenage daughter write an article for the newsletter. So this is a new section featuring my teenage daughter Kat… (In fact, she used google docs to share the articles with me.)

s5-300Samsung Galaxy S5

The Galaxy seems to be Apple’s biggest competition to the iPhone, but the general consent on the S5 is that its not too impressive. It seems that on this phone they decided to make it look more like the Galaxy Note 3 but with an increased size and a texture on the back to help better grip the phone. The size is borderline too large as this is a phone, not a Galaxy Note. I haven’t actually seen anyone with this phone, although plenty of people have the S4. It might end up being a flop like the iPhone 5c but only time will tell.

One of the main differences between the S4 and S5 is its sensors. The S5 includes a feature that allows you to swipe your fingerprint to unlock the phone and a heart rate sensor in the Health 3.0 app. However, if you do end up getting this phone, don’t use the fingerprint feature because hackers can easily get into your phone.

The other main difference is the camera. The S5 has a 16MP sensor as opposed to a 13MP sensor. Another cool feature is that they’ve reinforced the outer casings so that the phone can be completely submerged in water for up to thirty seconds without any damage.

In all honesty, the S5 isn’t all that much better. If you can live without these simple upgrades, then I would suggest just getting the S4.

mobile-security-300Employees Slacking on Security of Their Mobile Devices

A survey says that 15% say they had a password compromised.

Many employees still don’t take BYOD security seriously, a new survey shows: Nearly 45% have accessed sensitive corporate data on their personal devices via unsecured networks, such as those at airports or coffee shops. Some 45% of employees on average have more than six third-party apps installed on their personal mobile devices, and 15% admit to having had a personal account or password compromised. There’s an attitude among a few that they aren’t responsible for locking down their mobile devices: 15% say their responsibility for this is “none to minimal,” while about 10% have no password, PIN, or other security on the mobile devices they use for work.

The study, conducted by Osterman Research and commissioned by integrated identity management firm Centrify, included responses from more than 500 enterprise employees of organizations in North America with more than 1,000 employees.

Tom Kemp, CEO at Centrify, says it’s surprising that 15% of the respondents had a password hacked or stolen. “And this means that the number is even greater, given that many users may not know their password has been stolen or don’t want to admit it. So we may be talking about 25% or more of passwords hacked,” Kemp says in an email interview.

The survey also shows the challenges for enterprises to enforce corporate security policy on personally owned devices. “Better education is needed, but also corporations should look to use ‘container’ or ‘workspace’ technologies on mobile devices that provide a dual persona on the device,” for example, Kemp says. Mobile vendors such as Apple and Samsung already are adding this type of workspace separation to their products, he says.

A revealing item from the survey, 32% say they would rather catch the flu or vacation with their mothers-in-law than inform their bosses that they had lost an unsecured mobile device.

internet-security-300Final Thought of the Month – Internet Security

It has become clear that people still don’t seem to understand the threats the Internet poses. The most revealing items get posted to Facebook. Telling people you are on vacation is crazy – do you want someone to rob your house? Also, putting details such as your birthday on that public site? It is one of the items needed to steal your identity!

The other item that is amazing to me is the email attachments that people seem to click on. A bank would not be sending an email asking for personal information. Same thing with Ebay or Paypal… And clicking on spyware could install something on your computer that can steal your password and bank account information. For that reason, you should not use the same computer for internet banking and for general Internet browsing.

The issue is not so much the technology, but the people using the technology. We need to educate ourselves and others about these threats and technology best practices. This will help prevent some of these easy attacks and better protect yourself from a security breach.