menu

Slabmedia

Thoughts & Articles

Heartbleed leaves our Servers alone BUT this is what you need to know.

Jim Infantino
Heartbleed leaves our Servers alone BUT this is what you need to know

from xkcd - the genius cartoonist we love.

This past weekend, the Heartbleed exploit hit the news. It was and still is, a big bad story. The exploit is difficult to understand, but it is widespread and even if our servers were not affected, it's important you know what happened and what you can do to secure and fix your email connections if you are having any problems.

Heartbleed is an exploit that promtps servers to send back sensitive information via inquiries made on secure certificate connections. Most servers run Open SSL which was written a long time ago in the programming language C. The hacker can specify a large number of characters to come back via a query. The computer being queried sends back information in it's short term memory - called a "buffer." In the text returned the hacker might find strings of text like passwords or credit card numbers that were supposed to be encrypted but are now sent back in the open.

This is why it is important that you change your passwords for all accounts as soon as you can.

The Heartbleed exploit has been active for at least a couple of years now. If you use the same password to check your email as you do to login to google or facebook or twitter or your bank or any other site, it is important that you change your email password and the password to the admin level of your site, as that password may have been compromised. This is important because if your password is out there, a spammer could log in to your mail account and send out spam. No one wants that.

You can change the password for your email at mail.pair.com - under settings > password. You can change your password for your admin account under Slab Menu > Change My Password.

Additionally, you may want to use an SSL server bigslab.mail.pairserver.com for your incoming mail server. Make sure you check the Use SSL box in your mail program account settings. If you get a warning during initial connection, just click "connect." The certificate is valid, but you may see this message regardless. This will encrypt your incoming mail using the newly set secure certificates. If you are already using outgoing.slabmedia.com for your outgoing mail, there may be an issue while the certificate is reset. Restarting your computer should take care of this. Settings are all on the LEARN section of our site.

I hope this helps. Again, our servers were not affected by this exploit, but it is important that you begin to think up new passwords. Here is a good page on that.

Thanks for being part of the Slab family,

- Jim

Another word about email and security.

Jim Infantino
Another word about email and security
Does your password consist of any word found in any dictionary? Does it contain important dates or numbers in your life such as the birth of your child or parts of your social security number?  How about a famous quote or song lyric?  Did you set your password by running your finger down a row of the keyboard, or by picking numbers in a sequence?  Do you use the same password for more than one account or do you have it written down in a ‘hidden’ location?  If you answered “yes” to any of these questions, you are either an adrenaline junkie who loves to walk a dangerous line, or you simply need more information about how to protect yourself from hackers and identity thieves.

You may think that you are not a target for an attack; after all, what can someone do with access to your most recent email to your mom and those spam offers from your local gym?  The ugly truth is that hackers who break in to personal email accounts gain access to a lot more information than you might think.  Once in your account, they can request new passwords from any other online account you might have such as bank accounts, vendor accounts where you store your credit card information, medical records, social security information... the list goes on and on.  All they have to do is click on the “lost password” button for the other account and wait a fraction of a second to pick up the incoming email with the key to all your data and information.

Pretty scary, right?  So now you have two choices: you can sit on your hands and hope for the best, or you can get yourself a new, safer password and stop worrying about your online safety.  We vote you take the second option.

Still with us?  Good choice!  Here are the keys to a stronger and better password that won’t be impossible to remember but will keep your information and data safe:

Use a phrase instead of a single word.  If your old password was “smurf” try “smurfsareblue”.  A step above even that is to use a mnemonic device to remember your phrase.  So if your original password was “bicycle”, and your new phrase is ‘In my dreams I’m faster than Lance on my bike’, your new password would be “imdIftLomb!”. Notice that we added complexity with a mixture of lowercase, capital letters, and special characters.  You can throw some numbers in there as well to up the ante, but don’t fall in to the common trap of adding the number “1” to the end of your password, switching the number "0" for the letter "o" or the current year!  Those little numbers are about as effective as a butter knife in a shoot-out.

Now that you have the information that you need, hurry up and change your password already!  If you have any further questions about password strength, email security, or anything else we could answer for you, please don’t hesitate to shoot us an email here at SlabMedia!  Happy interneting!

- Freddie