Update on Phoenix

So here's the latest on Phoenix, my main workstation. After 7 hours of tech support from Microsoft, it has become clear that Phoenix is too corrupted to try to fix. The cause of the systemic file corruption is still under debate. There is no malware on the machine. Microsoft insists it isn't their problem, Comodo insists it isn't their problem, everybody else insists that it isn't their problem but at this point that doesn't matter to me; it just needs to work. So... I am doing a reformat and a clean install of Windows 7 as soon as I finish backing up some preferences and settings so that I don't have to spend hours again trying to get everything to work. My hope and prayer is that after doing so, I will be able to get everything back up and running quickly. I appreciate your prayers as this is exactly what I don't need right now.

Getting on the Web: What Works, What Won't, and Why it Matters

On May 1st, I had the pleasure of speaking at the AVISTA's Center for Entrepreneurship at Walla Walla Community College. I was asked to speak on the kinds of websites that work, those that don't, and why it matters. I want to thank the ACE for the opportunity.

Tabletop Season Three Gets 20 Episodes

Congratulations to the esteemed Mr. Wil Wheaton for reaching his first stretch goal on the Tabletop Season Three IndieGoGo Campaign. Tabletop Season Three will have 20 episodes!

Lindsay and I had a blast last night playing games with a bunch of great people over at a friend's house. There's nothing like getting together with good friends and laughing your butt off at each other. We played Apples to Apples, Smart Ass, and Loaded Questions (links below).

If you've never heard of or seen Tabletop, go watch a few episodes. You'll thank me later. Here's one of my favorites:

Awesome games for silly and creative people:

Source: http://wilwheaton.net/2014/04/tabletop-sea...

More on Heartbleed: The Passwords You Need to Change Right Now

The Heartbleed exploit that hit the Web this past week continues to be a threat in some vectors that you may not be aware of. By now you have hopefully begun to change all of your passwords, but here are four good articles that explain what you need to know:

"Internet Heartbleed Health Report: Which Sites Are Still Vulnerable?" by ZMap.io

"The Heartbleed Hit List: The Passwords You Need to Change Right Now," by Mashable.com

"Heartbleed bug: What you need to know (FAQ)," by CNet.com

"Not just websites hit by OpenSSL's Heartbleed – PCs, phones and more under threat," by The Register

We recommend to all of our clients that you change all of your passwords regularly on any website you use, and that you do not use the same password on multiple websites. While this can seem a daunting task if you are like me and you have a lot of accounts in a lot of places, there are ways to make this process much easier.

Stay tuned for my next post on this topic this week, where I will present to you our easy to use, practical method for creating and managing unique, unguessable, strong passwords across hundreds of accounts.

Answers to your questions about Heartbleed

An explanation of how the Heartbleed exploit works, by awesome wecomic XKCD

An explanation of how the Heartbleed exploit works, by awesome wecomic XKCD

I've been getting questions this week about the Heartbleed exploit that affects SSL (Secure Socket Layer) website servers. Here's what you need to know.

  1. Heartbleed is a serious exploit and a severe vulnerability. You should definitely be concerned about any website you use that offers secure services, and make certain that they are taking steps to remove the vulnerability.
  2. Our official recommendation is that all of our clients change all of your passwords on all sites that have secure servers (website addresses of secure servers start with https:// ). We recommend that you change passwords regularly.
  3. Heartbleed only affects websites that have secure services installed using OpenSSL. Websites that do not have secure services are not vulnerable.
  4. Our long-time hosting partner, Dreamhost, was not running a version of OpenSSL open to the exploit on any hosted websites. There were a few mail servers that were affected but Dreamhost moved very quickly in response to the exploit and none of our sites at this time are vulnerable.
  5. SquareSpace, our latest hosting and website partner, is also safe and not vulnerable to the Heartbleed exploit.
  6. PayPal, our long-time payment gateway solution, is not vulnerable to the exploit.
  7. Stripe, our latest payment gateway solution, moved very quickly in response to the exploit and had everything patched hours before any public exploit code was released. They are not vulnerable to the exploit.
  8. For the geeks among us, here are several more detailed explanations of what Heartbleed is and how this caught almost the entire Net off guard: CryptographyEngineering.com: Attack of the Week, OpenSSL Heartbleed | Vox.com: Heartbleed Explained
  9. If you have any questions or concerns about Heartbleed or any other security issues, please contact us.

The best explanation of how the Heartbleed exploit actually works that I have found is done by the awesome webcomic XKCD. Click the image on the right or the link below for viewing in full awesomeness.

Source: http://xkcd.com/1354/