What Is It?

By now I’m certain you’ve heard of the Heartbleed bug. If you haven’t, then you should know that it is a flaw found in one of the most common open source SSL implementations on the internet that COULD allow an attacker to get sensitive information from the web server. A successful attack could expose the server’s SSL private keys that would allow the attacker to decrypt the data traveling to the site, such as usernames and passwords.

As of now there have been no confirmed attacks using this bug, but an exploit of the bug is completely untraceable so there’s no way to be certain if a site has been targeted.

Places to learn more:
General information
LastPass and the Heartbleed Bug
How Heartbleed Works: The Code Behind the Internet’s Security Nightmare

How can you tell if a site is affected?

First, you need to figure out how vulnerable your data might be. There are several  lists of vulnerable sites that you can manually search through and several online tools that can be used to check specific sites (lastpass and SSL Labs have two particularly useful tools, linked below). There is a Chrome extension that can help identify vulnerable sites as you visit them. The folks at www.Mashable.com have a “hit list” of sorts that lists several sites that they have had direct communication with and recommendations as to what you should do to protect yourself on those sites.

Since Google’s Android operating system is built on open source principles, it is heavily integrated with OpenSSL so any Android device may be vulnerable to this bug as well. Lookout Security has developed a tool to check your device for vulnerability (linked below). If your device is vulnerable you will have to wait for an update for the device.

How can you protect yourself now and in the future?

Once you’ve identified what sites you’ve used that contain sensitive information, you need to change your passwords. You should make sure that they have patched their systems before you change your password for good but many experts are saying that you should change the passwords now just to be sure that any data captured in the last 2 years is safe.

Many systems online were not affected at all because they run on server platforms that don’t use OpenSSL (like Microsoft IIS). These sites have not been compromised by this bug and you should make your own judgment as to whether or not you should change your passwords. If you have used the same username and password combination on an unaffected site as you have on an affected site, you should change your password on both, and make sure they’re different this time.

If you have two factor authentication in place (which you should on any service that supports it) you are at an advantage since even if someone has your username and password they don’t have your second authentication method (typically an app or a text to your mobile phone). You should probably still consider changing your passwords on these sites to be safe.

If you use a password manager (like LastPass or Keepass) then you should most likely regenerate new passwords for your important sites. If you’re using LastPass, they have updated their app to include a tool that will automatically alert you of the Heartbleed status of any sites that you have saved or generated passwords for and give you suggestions as to when you should change their respective passwords.

You should never use the same logon and password for two important sites (like your banking site and your email). If you are using the same information on multiple sites that are important to you, you should change them now so that they are different.

The best thing you can do is not panic and stay aware of the current status of this bug. Keep checking the status of your frequently visited SSL enabled websites and if any of your important sites aren’t patching their systems, find a different company to do business with.

Would you like to learn more about the cool new features in Office 2010 and Windows 7? Still not sure what has changed since previous versions? Do you use Microsoft Office but would like to learn tips and tricks to be more productive at home, school or at work? Perhaps you are a new user who has questions on how to get started with Windows 7 or using the Office ribbon? Or would like to learn how to protect your computer from malware and viruses. Or perhaps you are just stuck and need answers.

The Microsoft Most Valuable Professionals (MVPs) are here to help!

The MVPs are the same people you see in the technical community as authors, trainers, user groups leaders and answerers in the Microsoft forums. For the first time ever Microsoft has brought these experts together as a collective group to answer your questions live. MVPs will be on hand to take questions about Microsoft Office 2010 or Office 2007 products such as Word, Excel, PowerPoint, Outlook, Access, Project, OneNote and more. As well as Windows 7 and earlier versions such as Windows Vista. In addition to Microsoft Office, the chat will cover Windows related topics such as upgrading, setup and installation, securing your PC, Internet Explorer, personalizing your computer desktop or having fun with Windows Live Essentials to share photos, make movies and more. All levels of experience are welcome from beginners and students to intermediate power users. Please join Microsoft and the MVPs for this informative Q&A style chat and bring on your basic and your tough questions!

Join the Chat!

When: October 14, 2010 – 10:00 A.M. – 11:00 A.M. Pacific Time

Additional Time Zones

Add to Calendar

You can follow this on Twitter at #msmvpchat

Join the event on Facebook: Chat about Microsoft Office & Windows with MVP Experts!

I remember a time when you had to go to a specific room in your house if you wanted to use your computer. It was creatively named “THE computer room”. Emphasis on “THE”. This room was the only room in your house where there was a computer, and if you wanted to do something on said computer, you usually had to schedule time or compete in feats of strength. Today, I have a computer in a holster on my hip (it’s a phone, but still), I’ve got a laptop that I can take everywhere, I’ve got a desktop in my “computer room”, and if I’m feeling really squirrelly, I could take home one of the netbooks from work. Not only can I have a computer everywhere I go, but virtually every TV on the market now has connectivity options for hooking up a computer so you can surf your faciespaces and mytubes and tweeterbooks from your sofa during commercial breaks without having to trudge one room over to “THE computer room”. One problem, my laptop is heavy (it’s a little old) and it makes my legs hot if it’s not on a table. Plus I can’t leave it connected all the time (it’s how I do my job). My desktop is way too large to carry into the living room and it’s fans are so loud that i can hear them right now across the house (also, the wife would get angry if I started running cables through the walls). And the netbooks? Well they’re great, but they’re not mine.

Read the rest of this entry »

Think back to the last time you took your poor failing (or failed) computer to your nearest G.O.D. (Geek On Duty…I just made that up and I hope it sticks). What was the first question that came out of his/her mouth? Was it “Do you have a recent backup”?  I bet you a coke that your answer was “uh…no…should I?”. And the answer is YES you should. Most computer users consider their data to be critical to their existence. Their music, family pictures, that doctoral thesis you’ve been working on for every waking moment of the last year of your life. But the Internet is filled with horror stories of ill-timed power outages, cats with an uncanny ability to find the delete key on the keyboard, and other similar tales of catastrophe. If this information is so critical to your digital life then why aren’t you taking the steps to make sure that when (that’s right, when, not if) your beloved computer decides to take a vacation (or a permanent trip to the beyond) it can be restored without tears or massive expense?

There are countless backup methods available. Some free, some not so much. Some manual and (many more now than before) completely automated. These methods range from simple self written batch files with a well placed xcopy command to massive applications that sync data to multiple locations across the planet and ensure that there are no duplicate files. Whatever method you use to back up your data, the most important thing is that it’s backed up. So what are you waiting for? Get your data safe!

GFI software was founded in 1992 and has been offering various network and content security products to small/medium sized businesses ever since (one of their most well known products is GFI Languard, which is great). Their newest product is GFI Backup 2009 – Home Edition. With Backup 2009 – Home Edition GFI has attempted to make home backup as easy as turning on your computer. Let’s see how they did with that lofty goal.

Read the rest of this entry »

Overall Rating:

Networks are getting larger and larger every day. Between company mergers and normal expansion some corporate environments are getting down right massive. With more computers in a system you have to contend with larger levels of interaction to make sure that all of those computers are running well, configured properly, and are actually physically in your building. Add to that the overhead associated with making sure that all the software in your environment is accurately accounted for, licensed, and approved through company policy and you’ve got an administrative headache that would make even the most efficient multi-tasker go off the deep end. With the increase in complexity we have seen an increase in “Asset management and tracking” software availability. These packages range from the complex (and expensive) to the relatively simple (and often completely free).

One of the packages that falls into the later category is Lansweeper. Lansweeper is a hardware and software inventory package that can be installed on any Windows machine that is also running Microsoft SQL Server or SQL Express. It has the ability to scan and display hardware information, software information, windows information, user information, configuration information, and any custom registry locations that you desire. They have two packages, one of them is an advertisement free fully functional freeware version and the other is a paid “Pro” version with certain added features (such as active scanning and Active Directory integration). Due to the current economic environment I chose to install the freeware version on my system to do some asset tracking.
Read the rest of this entry »

Unless you’ve lived under a rock for the past 10 years, you should know about GPS navigation systems, what they do, and why they’re cool. If you have been living under a rock, then you can get a quick rundown on GPS functionality and “cool factor” by reading our other GPS related articles (Go outside and play – Garmin Colorado 400t Review and Magellan Maestro 3210: Review). In short, a GPS navigation system uses satellite signals to tell you where you are and compares this information to locally stored maps to tell you how to get where you’re going.

For the most part, one GPS navigation system is just like any other GPS navigation system. Sure, some of them navigate better than others (this is usually because the manufacturer has better maps), some have better user interfaces, and some of the newer high end models even have fancy extras like MP3 players built in, but on the surface they are all designed to tell you where you are and get you to where you’re going. So why should you care which GPS you get? Simple, decide what you want out of the device and buy the one that has the features that match. If all you need is to get from point A to point B, go for something simple with an interface that you like and you should be pleased, but if you want a little “extra” out of your trips then you’ll need to look for a GPS with a little more “bang for your buck”.

So what’s so special about the Garmin Nuvi 350 Travel Assistant ? Let’s find out.

Read the rest of this entry »

Some of our more “chronologically enhanced” readers might remember a time in their childhood when dad decided that the family should pile into the trusty station wagon (sans seatbelts of course) and see the country (for you younger readers, this time should be referred to as “back in the day”). You might have gone to drive the famed Route 66 or traveled countless hours with your thighs sticking to the vinyl seats to ride a smelly burro through the Grand Canyon. Wherever your ill fated journey’s final destination was supposed to be, there was always one part of every trip that was guaranteed to be ever present, the giant multifold map (or if your dad was particularly adventurous, the full sized road atlas of the lower 48 plus Alaska and Hawaii). Have you ever used a standard multifold map? Probably. Have you ever successfully re-folded one back to its original form? I seriously doubt it, unless you’ve got a doctorate in “map-folding-ology”.

Read the rest of this entry »

Ok, the cat’s out of the bag. I’m a geek. Not only am I a geek, but I’m a geek with “prominently defined antisocial tendencies” (at least that’s how it was described to me by a medical professional way back when). I’m also a self proclaimed “Social Observer” (read: “That creepy guy in the corner that never says anything but watches everyone else have fun”). These “personality traits” offer me a LOT of “alone time”, often spent inside my own head, giving me ample opportunity to formulate odd theories and observations about our human existence (or at least my personal perception thereof). Some people have called me “weird” because of this. I, of course, prefer the use of the term “eccentric” to quantify my “unique” level of sanity mainly because the term eccentric conveys the perception of one having; A) large sums of money or B) a “higher than average” level of inelegance (the former is unequivocally false while the later is open for debate) .

One of my most prominent “Observational theories” as of late has been the “Best Buy – Circuit City Conundrum”. Don’t let the auspicious title fool you, this theory has nothing to do with Best Buy or Circuit City, I simply use those two stores as the easiest proof of the existence of the model. The basic model (which I will outline further in a moment) can be applied to any “entity” that has a general match partner in the same level of service. So the following model can be applied to stores, hospitals, restaurants, or any other service or retail based establishment that you can think of as long as there is another establishment that follows the same general business plan. Ok, enough babbling (“eccentric ramblings” perhaps?) let’s get down to the model.

Read the rest of this entry »

There used to be a time when our society was built and maintained by blood, sweat, and hard work. Today, however, our world runs on information and communication. With the ever growing amount of digital information that we create, modify, and share on a daily basis the need for ensuring the security of that information also increases.

One of the most common methods in today’s world for transferring our important data from one place to another is the ubiquitous USB memory key (or Thumb drive, or Memory stick, or little magic contraption of wonderfulness). With the current availability of high capacity, small form-factor USB flash memory comes a universal availability of inexpensive storage devices. Don’t believe me? Go to your local computer store (heck even Wal-Mart) and look for the USB drive section, if there is not an entire aisle in the store dedicated solely to these little titans of data migration then there is definitely a large section of one.

This universal availability comes at a cost though, more of us every day are loading Gigabytes worth of personal, corporate, or even government related information onto these, for the most part, COMPLETELY unsecured devices. There is also a growing trend, in all forms of consumer electronic devices, towards making everything as small as the laws of physics will allow. How many Über-micro cell phones have you lost? When’s the last time you set that Ipod mini down and couldn’t remember where? Now compare the size of most modern electronic devices to your USB drive, it’s virtually invisible isn’t it? So what happens when you misplace your memory key (which, incidentally, I did this morning. No idea where that thing is.) that contains all of your personal photos, hours of music, or top secret plans to take power from your boss and rule with an iron fist? Your only option, in most cases, is to hope that some Good Samaritan finds it, realizes that you’re the only geek in the place, and returns it to you. That’s a pretty scary “disaster recovery plan” if you ask me.

Read the rest of this entry »