What You Need to Know About the Heartbleed Bug

heartbleed bugA security flaw, known as the Heartbleed bug, has been identified with many of the popular websites across the Internet - Yahoo, Dropbox, Netflix and YouTube have are some of the sites that have been identified. This weakness occurs in the popular OpenSSL library originating at many web site servers. Information typically protected by encryption called SSL/TLS holds private keys and passwords that as a result of the bug can be stolen. 

What Is OpenSSL?
Before you can understand the Heartbleed exploit, you should have some familiarity with the technology that it impacts. Early in the creation of the Internet, developers realized that they needed to build in certain security features to solve two main problems. First, users needed a way to verify that the server they were communicating with was who it claimed to be. Second, users needed a way to encrypt communications between themselves and the server.

SSL, an encryption technology that allows you to share your confidential information with a web site securely, solves these two problems. Sites can buy digital certificates from trusted authorities that verify the site's identity. These certificates can also work with encryption keys to make sure that information sent to the site can only be read by the site. For example, if you buy a new office printer from Amazon, only Amazon can read the transaction, no matter who tries to intercept it. Likewise, websites using SSL can also create an encryption key for each individual user. A copy of each of these keys is stored on the website and on the user's computer. In this way, no matter who tries to eavesdrop on the communication, only the user can decrypt it and read the plaintext message.

Since the technology to perform these tasks is so complex, several companies have created packages to make handling SSL functions easier. OpenSSL has been, by far, the most popular of these packages. Developed under an open source license, OpenSSL is free to use. It has become a staple for many web-based companies.  In fact, OpenSSL comes as a standard feature on some of the most popular web hosting platforms and even many popular web applications.

What Does Heartbleed Do?
When you connect to a server that runs HTTPS, a "handshake" occurs whereby the client and server agree on the connection's security. Once the handshake is complete, the client sends a "HeartbeatRequest" message to ensure that the server is still "alive" or present. The response message from the server to the client is a "HeartbeatResponse" message.

During this back-and-forth communication, a coding error within OpenSSL creates a vulnerability. Attackers can access up to 64KB of the server's memory. This 64KB may contain the user's username and password, or worse yet the private key for the server itself.

It's self-explanatory what a hacker can do with your user name and password, but what about the server's private key? This private key lets the hacker masquerade as the target server, tricking you (or your browser) into thinking that a phony website is the official one for a specific company. What's more, the hacker can decrypt previous sessions to read your data from prior transactions.

How Do I Recover From Heartbleed?
Once a server has been properly updated, changing your password is the final step in completing a new secure and private connection.  However, changing your password won't help if the fix has not been implemented on the server side. Mashable and other sites have published a list of popular sites that were affected. But once the fix has been implemented changing your password to that website is required.

While many websites have not been affected buy this bug, it is highly recommended that everyone follow best practices as it relates to their passwords across the Internet.  On every site users should use unique, complex and at least eight character passwords to protect themselves.  Some sites offer two-step authentications for even greater protection.  Finally, use programs like LastPass or 1Password to manage your passwords. 

We realize some of this can get pretty technical and the story continues to unfold. Call Ease Technologies today at (301)854-0010 or contact us here to learn how you can cut costs and accelerate your growth with Ease’s unique IT support services and solutions for organizations in Baltimore, Washington or Fairfax.

How to Increase the Battery Life on Your iPhone

Many iPhone features and services offer plenty of conveniences, but too many running under certain conditions can chew through your battery life quickly.  If you are traveling a lot and don't have regular access to keep your iPhone charged here are some important steps that can carry you through the day.  Everyone is different and you will likely need to customize these settings on the way you use your iPhone. Disabling a lot of services is counter productive, but tuning certain settings can make a big difference. 

General Settings Adjustments

• Turn off location-related system services
Managing the location based apps and use of the iPhone's GPS is a significant way of dialing back power hungry apps.  The iPhone is all about mobile and location services are a very important component of that functionality.  You may want a weather app to use location based services, but may not feel the need for a music app to have that same functionality. 
Go to Settings > Privacy > Location Services > select specific apps

• Disable Background App Refresh for Apps
One of the new features for developers in IOS 7 was the Background App Refresh.  This is a way for developers to provide apps to offer functionality while idle.  Not all your apps need to do this and many can be disabled as a background process all together. 
Go to Settings > General> Background App Refresh > select specific apps

• Deactivate push notifications
Items like Mail, Messages, Reminders and Calendar are very good at keeping you updated and likely important to leave on for push notifications.  There a plenty more that are running and could be disabled too. Run through the list you do not need to hear from and turn off alerts from those noisy nonessential apps.
Go to Settings > Notification Center > scroll down and select specific apps

Specific Apps Settings

• Disable Location and Background App Refresh for Facebook
Facebook is a hugely popular app on the iPhone.  As an app it takes advantage of both Background App Refresh and Location services.  If you don't need to have a constant flow of updates coming in from Facebook this is one app that you should turn off specific settings and will help conserve your battery.  
Turn off Location Services: Go to Settings > Privacy > Location Services >Facebook
Turn off Background App Refresh: General>Background App Refresh>Facebook

• Switch to manual fetch for your Mail
Email is set to automatically push mail at a certain frequency.  This means the app is regularly polling and downloading mail.  Making the change to a manual fetch will reduce battery consumption.  This is a simple change and still provides you access to your mail, but only when you open the Mail app will it connect and then retrieve email to your phone.  
Go to Settings > Mail, Contacts, Calendars > Fetch New Data > Push to Off & Fetch Manually at bottom

iphone control center

Tips While on the Run

Managing a few of these configurations from the swipe-up Control Center is a quick and easy way to tackle several battery issues when you know you are going to be running short on juice for the day.  The Control Center gives you quick any easy access to common apps and settings.  Just swipe-up from any screen to access these controls.

• Disabling Wi-Fi and Bluetooth
When you are out and in situations you know you will not be able to access a familiar Wi-Fi or Bluetooth services simply turn those off for the day. In the Control Center they are simple off and on buttons. 

• Enable airplane mode in areas of bad coverage
When you are in a spot with little or no coverage, you should really just take yourself offline and put your iPhone in Airplane mode.  Probably nothing gobbles up battery life more than the iPhone looking for services. A 40 minute ride in and out of long tunnels or underground on the Metro can be a huge drain.  In the Control Center is the one button selection with the airplane icon.

• Turn off auto-brightness; adjust manually
Auto-brightness manages screen levels during different lighting situations, but that screen is also a big drain on the battery.  Manually adjusting the brightness to something a little darker can help.  In the Control Center is a slider to manually adjust.  

Purchase an External Battery Pack

If you are always on the go and constantly running out of juice, a Mophie mobile battery case added to your iPhone can help you get through the day.  Sometimes know matter how diligent you are about managing the battery consumption on your phone it may be best to just get an extra battery back on your phone.  Mopie offers a nice selection of options for all types of iPhones. 

Call Ease Technologies today at (301)854-0010 and learn how Mobile Device Management solutions can help improve your organization in Baltimore, Washington or Fairfax.

How to Set Up An Easy HTML Signature in Outlook

Instead of manually signing each outgoing email message you can set up a signature in Outlook that will be appended automatically. Such signatures can either be a simple text signature, or you can take an extra creative step and set up a customized HTML signature.  Don't be scared off with the idea of using HTML the simple steps and code are explained below to make a creative signature in Outlook.

Creating the HTML

If you want to set up a customized signature, the best way to set up the code is creating the signature HTML and copying and pasting it into the Outlook configuration form. You can use any type of HTML tag, but avoid adding code that can flag malware filters such as JavaScript. HTML is a very simple code that is used in most all web pages.

Below is an example of some HTML code that includes a name, phone number and a website:

<strong>Joe Smith</strong> <br/> 10320 Little Patuxent  Parkway<br/> Columbia, MD 21044 <br/> (301)854-0010 <br/> <a href="">Ease Technologies, Inc.</a> 

Joe Smith
10320 Little Patuxent  Parkway
Columbia, MD 21771
Ease Technologies, Inc.

Save this code in a text file or any HTML editor. You'll need to keep the file open to copy and paste the code to the Outlook settings window. If you have a large organization and want to standardize signatures, you can store the file in a shared location to distribute the same signature format across all company emails.

Accessing Outlook Signature Settings

Click the "File" tab and click "Options" in the left navigation panel. The window that opens is where you configure most of Outlooks settings. If you need to change any Outlook configurations, this window is usually where those settings are found.

In the left panel, click "Mail." In this window, click "Signatures." A new window opens where you can configure your Outlook signatures.

Click "New" to create a new signature. Outlook lets you store several signatures, so you can switch signatures as you write new emails, or you can use different signatures with your accounts. Storing several signatures is beneficial if you run several businesses from one office.

Type a name for your stored signature. This name can be any personalized name that helps you remember the signature. Click "OK." Outlook opens the window where you copy the HTML you created earlier.

Go back to your HTML file, highlight the HTML and press "Ctrl+C" to copy the code. Go back to the Outlook configuration screen and press "Ctrl+V" to paste it into the signature configuration text box.

Click "OK" and your signature is saved.

Benefits of HTML Signatures

Many larger organizations mandate branded signatures for their corporate communication. Such signatures provide an extra opportunity to market and increase brand awareness.

The HTML signature above is a simple example, but you can spread your own brand by including your logo, Facebook, Twitter, G+ links and more.

Call Ease Technologies today at (301)854-0010 or contact us here to learn how you can cut costs and accelerate your growth with Ease’s unique IT support services and solutions for organizations in Baltimore, Washington or Fairfax.


Using VPNs for Your Online Privacy

cloud computingAs more ISPs and government entities monitor Internet activity, users rely on services such as virtual private networks (VPNs) to protect their online privacy. Several VPN services offer users a way to browse the Internet anonymously and avoid being tracked to their home or office. If you don't want your information "sniffed" on the Internet, a VPN might be for you.

VPNs and your Online Privacy
All traffic can be logged on the Internet. When you access a website, each router hop and connection to the web server is visible to others. If someone is eavesdropping on the connection they could gain access to your data, which would include any information sent along with your IP address.

To avoid these types of activities, a VPN allows you to "tunnel" over the Internet. Tunneling refers to packaging the data, encrypting that data, and sending the data to the intended recipient through the VPN server. Your connection and your data are protected. If someone is eavesdropping on any of these connections they won't be able to use the data, or to decipher its origin.

Additional Benefits of VPNs
VPNs provide complete, open access to the Internet without the filters imposed by an ISP or work Internet connection. Your work or ISP will not be able to log your activity, and they will not be able to see any website or application you connect to through the VPN service provider.

Additionally many VPN providers offer proxy services. A proxy is a server that acts as a middleman for your Internet access. Each time you access a website, the VPN's IP address is used and your home or office IP address is shielded. This is great when you want to access sites from work, but you do not want those sites to have logs of your work IP address.

Final thoughts
It may sound as if the use of a VPN would provide foolproof anonymity, but there is a final weak link to consider: the VPN service itself. Such services may be keeping logs of your activities. These activities are likely to be tied to your account, which typically have some type of identifiable information such as billing information or your email address, which can be traced back to you.

Some VPN services keep such logs for only a few days, and other services do not keep logs at all. If logs are only kept for a few days, this is usually not enough time for someone to gain access to the VPN service's logs to see your information. However, a VPN service that does not log at all is the most secure and anonymous for most users. Each VPN service should tell you what type of logs they use and how long the logs stay active.

If you want some anonymity on the Internet, find a VPN service that not only offers the encryption and proxy services you need, but one that does not keep any logs for a long length of time. The protection will provide you with the ability to keep your connections private even if someone accesses your VPN account.

Call Ease Technologies today at (301)854-0010 or contact us here to learn how you can cut costs and accelerate your growth with Ease’s unique IT support services and solutions for organizations in Baltimore, Washington or Fairfax.

5 Simple Tips to Make Your Outlook Life Easier

Outlook tipsIf you're a busy businessperson, Outlook is the center of your communication. Customers are moving from phone calls to emails, so you need to cater to customer preferences. To keep up with customer emails, Outlook 2013 has several options you can set that help you automate and simplify your email experience. Here are five ways to make your Outlook experience more convenient.

1. Minimize Outlook to the System Tray
Instead of minimizing to your taskbar, you can minimize to the system tray. It's more convenient to have an icon in the system tray rather than take up space in the Windows taskbar especially if you have several programs open at one time. Outlook still sends you notification of new email, and you can instantly open new messages directly from the system tray.

Right-click the Outlook 2013 icon in the notification area in your Windows taskbar. Click "Hide When Minimized" in the menu.

The next time you minimize Outlook, it will set an icon in the Windows system tray.

2. Set a Future Delivery Date for Messages
One of my favorites is you can write a message and have Outlook send it at a future date instead of sending it right away. This is beneficial if you're going on vacation and need to send a message at a certain date.

With the email message open, click the "Options" tab. Click "More Options" in the bottom-right corner.

Click "Do not deliver before" and select a date. Click "Close." Make sure you leave Outlook open to ensure the message is sent while you are away.

3. Set Outlook as Your Default Email Program
Most people prefer one email program. It's easier to make Outlook your default email program, because you can more easily reply using your Outlook account. With Outlook as your default email, it automatically opens whenever you open email. Here's how to set it up in Windows 7:

Click the "Start" button and type "Default Programs" in the search text box. Press "Enter" and then click "Default Programs" in the search results page. Click "Set your default programs" to open a configuration screen. Choose "Outlook" from the list of programs and click "Set this as a default program." Click "OK" to save the settings.

Now, whenever you double-click an email or click an email link online, Outlook will open by default.

4. How to Increase the Font when Reading Email
Outlook lets you set your font size when you send email, but your sender might choose a small font that's hard to read. You can change the font on-the-fly to make it easier to read.

To change font size, open your email and hold the Ctrl key on your keyboard. With the Ctrl key pressed, scroll up on the mouse scroll wheel. The font size is increased as you scroll. You can also use this method to make the font smaller.

5. Read Message Headers
Message headers can give you lots of clues when it comes to the origin and legitimacy of a message. If you can read the headers, you can identify phishing scams and people spoofing email senders.

To view the headers, double-click the email message to open it in a new window. Click the "File" tab and then click "Info." Click "Properties." The headers are shown in the "Internet Headers" text box.

Email headers are read from last to first. The last server in the list is the originator.

Call Ease Technologies today at (301)854-0010 or contact us here to learn how you can cut costs and accelerate your growth with Ease’s unique IT support services and solutions for organizations in Baltimore, Washington or Fairfax.

Sign up here for monthly newsletter

Upcoming Events

Calendar Icon

Upcoming Events

MSATP - Lunch & Learn Webinar Series
4/29/2014 12:00 PM - 1:00 PM

Wounded Warrior iPad Training
5/15/2014 11:00 AM - 1:00 PM

Blog Archive

Archive by Years