Aruba Security: OpenSSL Vulnerability (Heartbleed) Update


We recently published an announcement for the OpenSSL 1.0.1 vulnerability ("Heartbleed Bug") that has been making big headlines this week.  This vulnerability is very serious because it can allow an attacker to get the private keys that are being used to secure the communication, making it possible to launch a man-in-the-middle or other impersonation attack.
Our engineering and support teams have reacted quickly and patch releases for all affected Aruba products have been made available. Our OEM partners, our customers with active support contracts and AirWave 8.0 beta customers have all been notified. Many members of our Airheads Community have already started taking action.
Which Aruba products are affected?

  • Affected versions: ArubaOS 6.3.x, 6.4.x and ClearPass 6.1.x, 6.2.x, 6.3.x. Previous versions of these products used an earlier version of OpenSSL that is not vulnerable.
  • Aruba Instant and Aruba Mobility Access Switches are NOT affected.
  • Aruba Central cloud-based management has been upgraded successfully.
  • Patch release for AirWave 8.0 beta is now available on our support site.
  • Patch release for Aruba Mobility Controllers running 6.3.x and 6.4.x versions of ArubaOS, including FIPS version, is now available on our support site.
  • Patch release for Aruba ClearPass 6.1.x, 6.2.x and 6.3.x versions of software is now available on our support site.

What’s your best course of action?

  • Understand that this is an industry- and internet-wide vulnerability and Aruba is not the only one affected.
  • We recommend that you review Aruba security bulletin before calling Aruba support. It is important that any affected infrastructure components are upgraded to the available patch release immediately.
  • As a pre-caution, it is recommended that you update administrative access passwords to Mobility Controllers and ClearPass after the software upgrade.
  • Security policy for some of you may require server certification on Mobility Controllers and ClearPass to be re-issued. If the ClearPass server certificate is updated, and you have utilized the “ClearPass Onboard” functionality to onboard employee mobile devices to the network will have to take one more step: you will have to educate your users to re-connect to the wireless network and onboard their devices again to download the latest server certificate.

Security update: Your Carbonite backup is safe


Dear Carbonite User,

As you may have seen in recent news, a major vulnerability has been exposed in OpenSSL, a popular web encryption software used widely across the internet. This vulnerability - dubbed Heartbleed - makes it possible for hackers to access information transmitted from your computer even though it is being encrypted via the HTTPS protocol.

Carbonite Personal and Pro subscriptions do not use the affected encryption software. Your personal data was never at risk. With Carbonite's Personal and Pro subscriptions, your data is protected by the following safeguards:

  • Encryption: Your data is encrypted while on your computer and securely transmitted to our data centers, where it stays encrypted.
  • Data centers: Our state-of-the-art data centers are guarded 24/7, employ temperature control and biometric scanners, and have backup generators in the event of a power disruption.
  • Third-party compliance audit: We recently completed a six-month audit with an outside firm to ensure all of our practices meet the strict federal guidelines of HIPAA and the AICPA guidelines for SOC 2. The external auditor found that we met or exceeded the requirements.

If any of your other online vendors have been impacted by Heartbleed and you use the same password as you do for Carbonite, we recommend changing both passwords. Your Carbonite password should only be used for our service, and data security best practices state that a password should be at least 10 characters, with capital letters, numbers and symbols. For more on changing your password, please refer to the Knowledge Base.

Thank you for trusting us with your data.


The Carbonite Customer Support Team


Lenovo Laptop Battery Recall

On March 27, 2014, Lenovo voluntarily recalled certain lithium-ion batteries. These batteries were manufactured for use with ThinkPad notebook computers that shipped worldwide between October 2010 and April 2011. Lenovo is offering replacement batteries free of charge regardless of warranty status.
View March 27, 2014 battery recall FAQs.
Lenovo sold the batteries with new notebook computers or as optional or replacement batteries on the models listed below.

  • ThinkPad T410, T420, T510, W510, X100E, X120E, X200, X201, X201s Series
  • Edge 11, Edge 13, and Edge 14 Series
  • Option P/Ns 43R9255, 51J0500, 57Y4186, 57Y4564, 57Y4565, 57Y4625, 57Y4559, 43R9254, 0A36277

These models may have shipped with 3-cell, 4-cell, 6-cell or 9-cell batteries.
Until a replacement battery arrives, you should turn off the system, remove the battery, and only power your ThinkPad by plugging in the AC adapter and power cord.

Lenovo apologizes for the inconvenience caused by this issue. Shipment of quality products always has been and continues to be the foremost concern.

Goto: for more information


Is your Xfinity modem a Public Hotspot?

An interesting subject was brought up at our Friday meetings couple weeks ago about how Comcast is testing a new service for making your Xfinity modem into a public hotspot for the community around you. They are doing this by creating a second signal for each device that is totally separate from the one that you use for your personal connection to the Internet through their modem. Comcast states that the secondary signal does not take away any of your speed for your side of the connection.

They also say that there is no cross connection, so you don't have to worry about somebody hopping onto your side of the network. This public access is only available to those Comcast subscribers of the Xfinity Wi-Fi network service.

"Comcast’s newest Wireless Gateway broadcasts two Wi-Fi signals," the company said. "By default, one is securely configured for the private use of the home subscriber. The second is a neighborhood 'xfinitywifi' network signal that can be shared. This creates an extension of the Xfinity Wi-Fi network and will allow visiting Xfinity Internet subscribers to sign in and connect using their own usernames and passwords."

This service is being piloted in Pennsylvania, New Jersey, Northern Virginia, and the greater Washington, DC metro area.

There doesn't seem to be much advantage to individual Comcast subscribers when they are at home, since anyone with a home wireless network can already set up a guest access for visitors. But subscribers could potentially benefit when their out of the house and happened to be near another Comcast subscribers wireless Gateway. Through a partnership with the CableWiFi Alliance, Comcast already has a network of more than 150,000 hotspots in more than a dozen US cities.

There been several discussions on the benefits of providing this type of service besides the obvious one of expanding a user subscription benefit, one being that it provides hotspot access for emergency use or emergency communications.

The Comcast says there is no problem with interference, one concern that I have is the number of channels that will be used in a highly concentrated area and what kind of degradation you can expect from doubling the impact from each of these connections. Are these motives intelligent enough to help with this type of issue is a question that needs to be answered. I know that with products like Aruba wireless networking that we run into this concern all the time. So I can imagine that this might not be an issue in apartment complexes where you would have many households that might be providing additional signals, congesting the airwaves.


Sophos Anti-Virus engine for Microsoft Windows - vulnerability notification


Sophos has recently been notified of a vulnerability in Sophos Anti-Virus Engine (SAV Engine) running on Microsoft Windows platforms. The vulnerability could in theory have allowed a remote attacker to manipulate the SAV Engine, which could result in protection being disabled or bypassed by an attacker.

This vulnerability affects the Endpoint Security and Control for Windows client included in our Endpoint/Enduser, PureMessage, and SharePoint products.

The vulnerability has been fixed in the January engine, which was released on the 22nd of January. If products are configured in Sophos Enterprise Console to use the “recommended” subscription, they will be updated automatically. This is the default setup, so only customers who have chosen to use ‘fixed’ or ‘previous’ subscriptions will need to take action to ensure they receive the update right away. Sophos Cloud customers and users of the standalone client will all be automatically updated.

At Sophos, we constantly invest in making our products as secure as possible. When security issues like this are identified, we prioritize fixing them as quickly and completely as possible.  We would like to thank the researcher, Graham Sutherland from Portcullis Computer Security Ltd, for identifying this vulnerability and for disclosing it responsibly.

If you have customers using SAVi or SAVDi:

From the January release onwards, SAVi and SAVDi on Windows will only run as one of the following user accounts or groups:

  • Administrators
  • LocalSystem
  • LocalService
  • NetworkService

If an application without these permissions attempts to use SAVi, it will receive the following error return code:


On SAVDi the error message will be:

“SAVI interface could not be initialized”

For additional information about this vulnerability, please see this knowledgebase article.


TeamViewer-One alternative for LogMeIn Free


imageOne of the major changes in product availability this past 7 to 10 days that has affected me the most has been the loss of the product called LogMeIn free. This product help me out quite a bit as a management tool between my home in my office PCs. I had made a significant personal commitment to this in purchasing mobile tablet versions of LogMeIn Ignition which allowed me to access my PCs using my phone and either android or IOS tablets. So initially I went back to using our internal product called ScreenConnect but it didn't provide the security that I wanted personally so I get back into the pool to look for another solution.

One of the products it had been bandied about in industry postings, was a product called Team Viewer which has a noncommercial free product and is very much like the LogMeIn Free product that I was leaving behind. I was surprised how quick the connection was to access each of my workstations, much faster than LogMeIn Free was. But the actual capabilities of the program shows at the product is not as mature as LogMeIn Free. It does pass through sound and video fairly well with only a slight degradation of the actual video stream and the sound quality is quite good so those two things are both positive. The actual screen display seems a little bit crisper but that might be my own imagination.

I would say that more than 90% of the things that I would possibly need in doing remote support are there so being a free product this makes this a very viable replacement to LogMeIn Free. It has a very nice file transfer function which allows you to move files between the two machines very easily and again amazingly very quickly. The program takes up just shy of 300 K in memory so it does not require too many resources to run in.

The professional version of TeamViewer also includes online meeting and online presentation modes, has a one time fee but still seems a little bit overpriced to me. It does run on Windows, Mac OS, Linux and most phone operating systems. But I'm not sure I would recommend this product over GoToMeeting, GotoMyPC or the professional version of LogMeIn you know they both have continuing costs over the years. I like the broader range of capabilities that are inherent in those products. One aspect to remember is that when you purchase a license of the commercial version of TeamViewer that you don't have to purchase a license for each of the machines that you are attaching to. Those clients are all free.

WebSite to download software

TeamViewer Brochure


“Free” LogMeIn is soon to be discontinued.

imageLogMeIn has been one of my favorite tools for years and I have been using the Free version for my personal use to connect to all of my PC’s for remote control. Now LogMeIn has pulled the plug on the free version. If you still want to continue using this product you will have to purchase the Pro version that costs $99 a year though there is a discount for the initial purchase to $49 for the first year. If you want some other alternatives take a look at these two Lifehacker articles. Hopefully they will be helpful in determining which direction that you want to go.

Five Best Remote Desktop Tools

Click to view Whether you want quick access to your home computer from anywhere in the world or you're the go-to IT person for your friends and…Read…

Use Your Home Computer from Anywhere: A Comprehensive Guide to Remote Controlling Your PC

Your home computer is the perfect machine. It's customized to your exact needs, runs all your must-have apps, and holds every important file… Read…

Just as a reminder, if you are one of our customers and your office operation consists of five or more machines, consider our security suite product that includes four security components that every business computer user should consider, antivirus, anti-malware and patch management. The fourth component is the that will interest you if you need remote access to your office machine. LogMeIn Pro is part of this package and when you consider the cost of all the components if purchased separately then our security suite is a pretty sweet deal. Just $5/month/workstation gets you all of this protection. That’s $60/year/workstation, compare that to the just the cost of LogMeIn by itself at around $99 per year plus your antivirus program, plus antimalware. If you want more information on this product please don’t hesitate contacting us at 1-800-640-7506.


CNET article about $2M gas station card-skimming scheme

imageInteresting article about 13 individuals being indicted for theft, fraud and laundering from devices that they installed inside gas pumps in New York state. This appears to be another version of the skimmer device that was inserted into ATM’s to do the same thing.

If you are interested in reading the article here…

This just brings to mind that you have to be extremely vigilant in tracking charges to your credit cards even from sources that you would normally consider safe.

"By using skimming devices planted inside gas station pumps, these defendants are accused of fueling the fastest growing crime in the country," Vance said in a statement. "Cybercriminals and identity thieves are not limited to any geographic region, working throughout the world behind computers. In this case, the defendants are charged with stealing personal identifying information from victims in southern states, using forged bank cards on the East Coast, and withdrawing stolen proceeds on the West Coast."


Vertical’s Voice Over IP Solution

imageOne of the nice things about the Vertical Telephone systems is that they are a Hybrid type unit. What that means is that it can handle both analog phone lines as well as IP Trunk lines and that the handsets can be both local, digital direct and can use an IP handset as well. In a recent test setup that we did for me to have a phone presence on our system from my home office we programmed an IP phone to connect to our internal MBX system. Vertical’s Edge 8000 unit will work on MBX IP®, SBX IP® and XTS IP® telephony systems. Once set up this unit gives you all of the features that you have with a regular digital phone set, just not as many buttons. All of the keys on the side are programmable so you can set them up for line presence as well as many other features. Priced at $265 this unit will give you a great addition to your current Vertical environment.



Protect your files from Cryptolocker

Sophos is one of our partners that we work with and just love their products. We have been selling their Firewall products for years and since they merged with Astaro we have been working with their the rest of the security software products as well. They have put together a little video that discusses How Cryptolocker encrypts your files and extracts a ransom.(see below).  Here is an excerpt from their demonstration site.

Our Support teams have put together a video demonstration (embedded below) that shows what Cryptolocker actually looks like and how it works.

We’ll show you what the file looks like when it infects a computer (claiming to be a PDF document), what happens when it executes, and how the cybercriminals expect you to pay up (they offer to let you pay in bitcoins). You’ll also see how layers of protection from Sophos keep this from happening.

Remember though—you really don’t want to try this at home. If you see the ransom message from Cryptolocker on your computer, it’s too late. Your files are already encrypted, and only the ransom-takers have the encryption key to set them free. It’s much better to protect yourself proactively and keep your files backed up. We don’t recommend paying the ransom.

For more information on this type of threat, you can also download our whitepaper on ransomware (registration required), or use our Knowledgebase.

Watch Cryptolocker in action!


Worst Passwords of 2013

imageThere are a lot of solution out their to help you keep track of and to make strong passwords for you online access to all of your sites. It is important to not only have strong passwords (ones that cannot be easily guessed) but also to have different passwords for each and every site that you access. That way if one is compromised then the rest of your secure sites are not compromised as well.

What Makes a Strong Password?

  • It needs to contain special characters such as @#$%^&
  • It must be at least 8 characters long.
  • It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
  • a variation of capitalization and small letters

For best protection every password you use should be unique and have the characteristics of what is a strong password listed above. You may be wondering how you are going to remember so many passwords when you have a problem remember just one! Try some of these tips in creating and remembering your passwords:

1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. Make sure that it is at least 8 characters in length. What ever you come up with use this as the focal point for creating the rest of the password. Some people call this the salt phrase.

2. Many use the following to confuse the spelling by replacing certain alpha characters with specific special characters. You can come up with your own rules for doing this but commonly people use the following.

  • Replace all the ‘a’ with @
  • Replace all the ‘s’ with $
  • Repalce any space with %
  • Replace any ‘o’ with 0
  • Replace any ‘i’ with !

3. Then for each site use either the site name or something about the site additionally added to your salt term. You can even vary the placement of the two parts to even make it more unique. Come up with some rules to use to help you remember and you will be on your way to a much safer online experience.


Phillips developing uses for Google Glass in Health Care

imageI know we are all waiting for the day that there really is something useful that Google Glass can do for you. Well here is one being developed by Phillips Healthcare and Accenture to help surgeons interact with patient data to become more efficient and effective. If you are unaware of what Google Glass is then here is a brief explanation.

Google Glass is wearable technology that looks like eyeglasses, but without the lenses. Instead, a small prism on the right side displays information via a Wi-Fi or Bluetooth connection to the MyGlass app on Android or iOS devices.

Google Glass was rolled out to early adopter this past year and Google is encouraging users to share their ideas and innovations to help develop the base of applications that this new user interface device can take advantage of. Researchers from the Philips Digital Accelerator Lab has collaborated with Accenture Technology Labs to come up with potential uses of Google Glass in Clinical settings.

Anthony (Tony) Jones, M.D., is the vice president and chief marketing officer for patient care and clinical informatics at Philips Healthcare. He explains, “The most exciting potential application of Google Glass in healthcare is the ability to allow providers to ‘virtually’ be in two places at once, which will have a significant impact on workflow and patient care.”

The idea is for the surgeon or other medical professional to be able to verbally request information on patient status or show images like X-Rays, MRI or other digital images to be able to quickly and simply access information as a reference while working on the patient. Patient vitals or other information would also be at their fingertips to be able to react quickly as necessary to best take care of the patient all while keeping their eyes on the patient.

“It sounds simple, but small workflow improvements like this can reduce errors and have a significant impact on patient care,” Jones says.

Surgery is not the only place where this technology can make an impact. Think about first responders, either medical, fire or police that could be looking forward at the scene and have information being presented that will make their response more informed, safer and of course help with providing a positive outcome.

Currently there are some real issues with this technology that will need to be overcome before it becomes widely accepted. Battery life is the first one that comes to mine. some method of extending the battery life needs to be adapted before this becomes a valuable tool. Also, the display is still a little small so the detail will need to get better so that more information can be displayed at a time. This is a good step and I am looking forward to seeing where this goes into the future.


Android vs. Window 8.1 (what’s best on a tablet)

imageI just posted and article about the ASUS Transformer Book Duet notebook/tablet that hopefully will be coming out in the near future. This unit provides both operating systems on the same system whether it is in tablet or notebook format so you don’t have to make a choice between one or the other. But if you have to make a choice now between the two, which should you choose?

James Kendrivk wrote for Mobile News/ZDNet an interesting article that describes the “4 advantages Windows 8.1 has over Android in mobile”. Take a look at his article, he makes some interesting points.


The World Premiere of SmugMug Films


New feature in announced from SmugMug called SmugMug Films. This is going to be available on YouTube and will have its own channel that you can subscribe to and is a film series that “will take you behind the lens with the world’s most exciting photographers.”

It is not meant to be an educational how to but I can’t imagine that you won’t walk away with some knowledge of how they did it and how you might learn how to do it.

SmugMug is hoping that we will be inspired to pick up our own camera and get out there and create some masterpieces of our own.

Watch Preview Now


PR: Nuance Dragon Assistant for Intel® RealSense™ Technology

Press Release

imageI always love the thought of having a conversation with my computer and having it respond with meaningful information just like it was portrayed on Star Trek. I already use Nuance’s Naturally Speaking for a lot of my long winded typing so taking it to the next step and having either complete control over computer functions or asking a series of questions and have the computer understand the direction of the questions that have been posed to the computer just like you would expect from a normal interaction between individuals. 

The current release of the “next-generation Dragon Assistant designed for Intel® RealSense™ technology”, was announce by Nuance Communications, Inc. and is available on Acer, Dell, HP and Lenovo 2 in 1, tablet, Ultrabook, notebook and AIO devices and will also be available on ASUS and Toshiba in early 2014.

Dragon Assistant, which comes with two selectable personalities (American Female and British Butler), lets you have an ongoing dialogue with your Intel-powered 2 in 1, tablet, Ultrabook, notebook, and all-in-one devices. Simply tell it to play music, get answers, connect with friends and find content – all by using your voice. Dragon Assistant even lets you check your calendar, get maps and directions, find flights or book a dinner reservation. Also available offline, people can play music from their hard drive, control their device, dictate notes and more without an internet connection.

“Our vision with Intel RealSense technology is to make computing more immersive and enable human-like natural interaction,” said Mooly Eden, senior vice president, general manager Perceptual Computing, Intel. “Intel has worked closely with Nuance at the system level for Intel-based devices; to create a leading voice solution that understands how humans speak, and searches like humans search, rather than forcing us to learn new commands to communicate with our devices.”

To learn more and see what Dragon Assistant can do, visit

To read the entire press release click here!


Is 2014 the year for Windows Tablets to have their first strong boost in sales?

imageSo the simple question is whether the corporate world is going to make its first will push into replacing notebook purchases with tablet purchases. This is the real area that has a use for a Windows based tablet if there is one. Gartner seems to thing that this will one of the 2014 trends but I am still in a wait to see stance about this. Window’s main advantage is the ability to run natively programs such as Microsoft Office and of course Outlook. While there are ways to work around this on the other devices, having this one capability for most of us pounding with Office through out the day would much rather have it running device that we are used to. Add in other job related applications that require Windows as the base operating system and all of sudden you have a real reason to buy this type of device. I am surprised that it hasn’t happened as of yet and that is the main reason that I still hold the wait and see attitude.

The choices are going to get better as the year progresses so keep your eyes open for some of the new products that you will have to choose from.


AT&T Unite Pro-Black

imageIf you are willing to get saddled with a 2 year commitment here is an interesting product from AT&T. The Unit Pro allows you to connect up to 15 devices at one time so this is perfect for those situations where you need a portable hot spot at show or conference and you need to provide a group with internet access. It even allows an option for a special guest Wi-Fi option for added security with on-time visitors.

The unit has a bigger battery in it so you can use it for up to 16 hours before recharging. It also has the ability to provide a battery boost for your phone. With the included cable, simply attach your smartphone to your AT&T Unite Pro and share the charge from the hotspot’s battery.

With Dual-Band Wi-FI and global connectivity you will be able to use here in the US as well as abroad. With AT&T Unite Pro, you can travel internationally and stay connected globally in more than 200 countries around the world. Dual-Band Wi-Fi broadcasts both 5 and 2.4GHz, advanced settings like Guest network, block device and WPS, access internet and email on the go, on screen data usage and customization capabilities, use BatteryBoost in airplane mode where Wi-Fi is restricted.

Save $150 if you commit to a two year contract and you will need to sign up for either Mobile Share or a minimum DataPro 5GB plan. If you have the need this may be the unit you want for your travel kit.

Addendum: I had a comment mentioning that this unit can be purchased at Walmart without a commitment for $99.95. You can purchase either a one week access for $15 or one month for $50.


Looks like another Office365 phishing scam!

imageIt looks official but if anyone asks you for login information for anything then don’t trust them. Don’t give them this information. It is an easy rule of thumb that will keep your information safe.

If you have any questions don’t hesitate giving us a call.

We appreciate anyone that let’s us know when they receive anything like this so we can alert you to this kind of issue. We can’t be reminded too often!


ASUS' Transformer Book Duet–Dual Identity

imageIf you are not sure whether you want a tablet or notebook, whether you want to use it with Android or Microsoft Windows then maybe this will help you with that decision. The Asus Transformer Book Duet TD300 is a 13.3 inch PC with dual OS. It is a tablet that comes bundled with a keyboard dock that has its own hard drive and ports. The real interesting thing about this unit is that it will run both Android 4.2 and Windows 8.1 on the fly whether you are in tablet mode or laptop mode.

This is a pretty nice little machine running an Intel Core I7 processor, 4GB RAM, 13.3 inch screen that supports 1,920 x 1,080 resolution, 128GB SSD in the tablet and 1TB hard drive in the keyboard. The unit weighs in at 4.1 pounds which is a little heavy for an UltraBook, and is about half an inch thick. This is very comparable to a Surface Pro 2 in weight but a little thicker. There’s also the usual array of extras, 802.11ac Wi-Fi, Bluetooth 4.0 + EDR, a headphone jack, 1 x USB 3.0, 2 x USB 2.0, 10/100Mbit/s LAN, an HDMI 1.4 output, and support for MicroSD cards.

The real kicker here is that ability for the unit to instantly switch between Android and Windows 8.1. That’s nice for those of us that need to be able to switch back and forth at a whim but it doesn’t sound like they will include some of the nice features of the Samsung Ativ Q which allows you to pin Android apps to the Windows Start Screen. Starting at $599 this looks like it might be very interesting indeed. There has not been a launch date as of yet but this looks like a nice alternative to having two different devices.


Google jumps into the Home Automation Pool

imageGoogle with all that cash in their pocket is letting some of it go to acquire Nest for $3.2 billion. Nest makes smart thermostats and smoke alarms for the home and with all the focus at CES 2014 on Home Automation devices it isn’t surprising the Google grabbing someone like Nest.

Look at the ZDNet article by Larry Dignan for more detail on the acquisition and what it means for Google and the industry at large. He shows some interesting insight on how Google may use this acquisition and what it means for us consumers.

Nest Announcemant:

Page 1 ... 2 3 4 5 6 ... 46 Next 20 Entries »