What Type of Client are You?

Hosting, News, Web Wise

Although the subject may seem a bit personal, it really is something web designers need to understand to provide you the best solution.

A web solution can be provided to any client, but if the client type is not fully understood the solution provided can be a failure.

“Why client terminology vs. customer? I see customer as one time buyer, where as a client, your there for the long run. “

There are three common types of clients I commonly see, which one are you? Continue reading “What Type of Client are You?” »

Beware of Heartbleed/OpenSSL Vulnerability Phishing Scams

News, Security, Web Wise

It seems like whenever there is a major virus outbreak or vulnerability announced, such as the Heartbleed vulnerability, scammers and malicious hackers are not too far behind trying to cash in on the moment and innocent.

Here is a phishing email (http://en.wikipedia.org/wiki/Phishing) recently received in one of my not-so-important email accounts. One that is used mainly for signing up for things like demos of products or coupons and promo codes.

Usually those places end up re-selling your email account, thus increase spam/phishing emails directed to that account. So I never use any of my main/important email accounts in those situations and neither should you.

Below is the subject and body of the message, along with a screen capture of what it looked like.

SUBJECT OF SPAM MESSAGE: Heartbleed/OpenSSL vulnerability: password change recommended


BODY OF SPAM MESSAGE: (hyperlinks removed for precaution)

Continue reading “Beware of Heartbleed/OpenSSL Vulnerability Phishing Scams” »

IRS misses XP deadline, will spend $30M to upgrade remaining PCs – Computerworld

News, Security

According to the IRS, it has approximately 110,000 Windows-powered desktops and notebooks. Of those, 52,000, or about 47%, have been upgraded to Windows 7. The remainder continue to run the aged, now retired, XP.

via Update: IRS misses XP deadline, will spend $30M to upgrade remaining PCs – Computerworld.

Most very large businesses are in the same boat. The only difference is that they are not playing with your money. Its hard to swallow the magnitude of how many devices are still on XP; not only with the IRS but world wide.

The only winner in any of these situations is Microsoft. They make on average an additional $200 a year, per PC, just to provide security updates and patches to vulnerabilities that may be found in THEIR product after the superficial April 8th deadline.

Although Microsoft did give a warning nearly 6 years ago regarding the deadline to get rid of XP machines.  The problem with this is most programs designed and in use were designed for XP architecture.  And if you have any programming background you know it is not easy, nor cheap, for those businesses to “redesign” their product for a new OS while maintaining one for another.

Is the business or corporation you are currently at in a similar boat? Would like to hear about it, please comment below.

Heartbleed Zero-Day OpenSSL Security Vulnerability

News, Security, Web Wise

heartbleedAlthough April Fools day recently passed, this is no April Fools joke. One of the most major security threats to the internet as a whole was on display for all to see. This vulnerability is listed as “zero-day” because the software developers have had zero days to fix them when the vulnerability was discovered.

On Monday, April 7th, 2014, a major bug in OpenSSL was revealed which allows attackers to read information from the memory from servers that had OpenSSL installed. Roughly 66% of the internet uses this application to secure your data.  Northwoods Web Designs uses OpenSSL as well but was not using the version(s) that were vulnerable.

What is the Heartbleed bug?

This security bug takes advantage of a bug in OpenSSL (all programming applications have bugs, yes even Apple and Microsoft), which allows any normal user to read information that was stored in memory without any additional privileges on the server.

Continue reading “Heartbleed Zero-Day OpenSSL Security Vulnerability” »