Tech Tips
iOS 8, iPhone 6, Conditional Call Forwarding
Are you getting this error after buying a new iPhone?
If you are like me, you use a different voicemail service than the standard voicemail that your wireless carrier provides. For example, I use Google Voice voicemail (which, by the way, I mention extensively in my book, The Cheapskate’s Guide to Traveling with Your iPhone) because it can transcribe my voicemails into text messages and it lets me check my voice messages on a computer. When purchasing a new phone, one must reset the alternate voicemail setting or else messages begin to be delivered to the standard voicemail again. Usually, this isn’t a big deal to do. It simply requires dialing a particular code on your phone, hitting send, and presto! However, when I recently purchased a new iPhone 6, it was not that easy.
For some reason, the Conditional Call Forwarding (CCF) code I normally used returned error messages. Being the first day of the new iPhone 6, I thought that perhaps AT&T’s system was overloaded. I tried a few times that day and still no luck. Being a Friday, I tried a few times again on Saturday and Sunday and thought for sure it would work. No luck at any of those times. Assuming it was a problem with my account, on Monday I went into my local AT&T store and figured they could “fix the glitch”. However, the knowledgable person I talked to said he was having the exact same problem with his new iPhone 6 as well. He said he believed it was a problem with iOS 8 and there was nothing he could do at the store to fix it. So off I went to do a little research on the Internet.
The first thing I found was an App, Divert Calls, that claimed it could set up Conditional Call Forwarding. I wondered if it could work around the problem I was having, so I downloaded the App and tested it. As it turns out, the App itself doesn’t actually change the CCF setting. It merely creates the code for you so you can paste it into the Phone App dialer and send it. Once I found that out, I thought I was dead in the water. However, Conditional Call Forwarding is actually three different settings. The code I had been using (which starts with **004*) changes all three settings at once. The Divert Calls App gives you three individual codes for CCF (*61*, *62*, and *67*) . So I went ahead and tested the first code. I was pleasantly surprised that it worked! I tried the other two codes and they worked as well! It was a little bit of a pain, but at least my Google Voice voicemail was operational again.
I did a little more research and found information that corroborated my findings (such as this forum thread for Google Voice). I also found out that you can call AT&T and have them set up Conditional Call Forwarding for you. So let me sum up what I know and don’t know:
- The iPhone 6 and/or other iPhones running iOS 8 have a problem setting up Conditional Call Forwarding (CCF) on AT&T’s network using the usual **004* CCF code.
- I am not sure if this problem exists on other wireless networks, such as Verizon, Sprint, or T-Mobile.
- The problem can be worked around by setting up each individual call forwarding option (Unanswered, Unreachable, Busy), or calling AT&T and having them do it for you.
- The codes can be generated by the Divert Calls App, but it is not necessary if you know how to generate the codes yourself.
- I have no idea if AT&T and/or Apple are aware of this problem yet
For the record, here are the various Conditional Call Forwarding codes (replace 1234567890 with the number you are forwarding to):
- Set all CCF options: **004*1234567890# <- This is the code that is currently NOT working with iOS 8 and/or the iPhone 6 on AT&T’s network
- Call Forward if Unanswered: *61*1234567890#
- Call Forward if Unreachable: *62*1234567890#
- Call Forward if Busy: *67*1234567890#
If you have any further information on this issue or are experiencing it on other wireless networks, please comment below!
Update: If you are getting error messages with the three individual CCF codes, try turning off LTE and entering them again.
iOS 8 Download Too Big? Use iTunes Instead
If you’re like most people with a 16 GB iPhone or iPad, you probably don’t have enough free space on your device to download and install the iOS 8 update using the built-in wireless update method. While the download is only about 1 GB big, in order to download, prepare, and complete the upgrade, your device needs nearly 6 GB of free space. Even I had to free up a little space on my 32 GB iPhone to meet this requirement. If you have a 16 GB iOS device and you don’t want to delete almost everything from your device, there is a way to download and install iOS 8 without requiring so much free space.
Prior to iOS 5, iTunes on a Mac or PC was required to update our iPhones, iPads and iPod Touch devices. Now it is the nearly-forgotten optional method. However, by using iTunes to download and install iOS 8, it is not necessary to clear out so much space from your iOS device. For more information, here is Apple’s support article describing how to use iTunes to update your iOS device. Mashable also has an article discussing using iTunes to update your iOS device.
One tip: if you start the update and iTunes says it will take many hours to download, quit iTunes (confirm that you want to quit since a download is in progress) and then re-launch iTunes. Start the update again and you just might get the download to only take minutes instead of hours. I used this trick twice on an iPhone and iPad to save myself a lot of time waiting!
September 2014 Apple Announcements – What You Need to Know
As has become customary around this time of year, Apple recently announced their latest iPhones. However, this year Apple also made two other big announcements: Apple Pay and Apple Watch. There are a ton of details about the new iPhones, Apple Pay, and Apple Watch on the Internet already if you are interested in learning more. What I’d like to do here is give a brief synopsis of the Apple announcements and their impact for most people.
To be brief, while the new iPhones are obviously more technologically advanced than previous models, there are two main features that are probably the most important. The most obvious change with the iPhone 6 is that Apple has introduced two new screen sizes. The “standard” size iPhone 6 is now 4.7″ (measured diagonally), with the iPhone 6 Plus measuring 5.5″. For those people who have wanted an iPhone with a larger screen, their wishes have been granted. Of course, not everyone is happy with the fact that the iPhone now has larger screens, because a larger screen means a larger phone and larger phone is harder to fit into pockets and purses. The other significant addition to the iPhone 6 and 6 Plus is the capability to make payments with Apple Pay, which I will cover soon.
In addition, there are several improvements to all supported iPhones coming soon with Apple’s new operating system, iOS 8. It is sometimes difficult to differentiate the features of Apple’s new iPhones and the new operating systems that are introduced at around the same time, since they seem to all blend together in discussion. But even if you don’t purchase a new iPhone 6, your current iPhone (if it is an iPhone 4S or newer) will soon have some new capabilities with the free iOS 8 upgrade. The key features I’m looking forward to are:
- Continuity, which will allow users with iPhones, iPads and/or Macintosh computers to work with their devices more seamlessly
- Wi-Fi Calling, which will allow iPhones to be able to use Wi-Fi networks to place calls when cellular coverage is weak
- Family Sharing, which will allow families to have individual iTunes accounts that can share purchased music, movies, books, and Apps.
- Voice Messaging, which will allow users to send voice/sounds in text messages.
Back to Apple Pay, which is Apple’s new payment system that works by simply holding an iPhone 6 or 6 Plus near a compatible contactless reader. The idea is that you can store your credit cards within the Apple Pay system so that you do not need to swipe your card to pay. Combined with the fingerprint sensor on the iPhone, this should make transactions faster and more secure. It will also work for on-line payments. Apple has announced that Apple Pay will cover 80% of the United States credit card market at launch. That is significant. If Apple Pay can fundamentally transform the way people make payments, Apple will have made yet another huge impact on our everyday lives.
Finally, Apple announced the Apple Watch, which is Apple’s first “smartwatch”. I assume Apple simply couldn’t get it ready in time for the holidays, because based on the buzz it has generated so far, it would have likely been the year’s hottest tech gift. As it is, Apple is planning to release the Apple Watch in “early” 2015, which I take to mean the March/April timeframe. Given that it is probably 6 months away, we all have plenty of time to learn more about what the Apple Watch will be able to do before it launches (which will be significantly expanded based on 3rd-party Apps). What I will say about the Apple Watch at this time is that it could drastically change the way we monitor our own health and fitness. Because health and fitness are so important to a key demographic, namely women, the Apple Watch has the potential to create a significant market for smart watches. Other previous smartwatches have not been successful in establishing a viable market but if anyone can crack it, it seems Apple is in the position to do so.
If you have any questions about the latest Apple technologies, or any other technologies, please feel free to contact me and I’ll be happy to answer your questions. Based on the new Apple announcements, are you likely to purchase a new iPhone or Apple Watch? Are you excited about the possibilities of Apple Pay?
The Facebook Messenger App is NOT the Devil!
The Facebook Messenger App – Could it be SATAN!? No, just some sensationalist claims gone viral.
I originally posted this article to my Life, Liberty, and Technology blog, but I thought the information was important enough to repost here as well.
Unless you’ve been living under a rock, you are well aware of all the dire warnings about Facebook’s “new” Messenger app floating around the Internet. At first I wasn’t going to write anything about it, but it seems that the story continues to get bigger. So I feel it necessary to discuss the warnings and how it all got started.
An article written by Nick Russo for a Houston radio station claimed that the Facebook Messenger app would have permissions to do all sorts of privacy-invading things if you installed it. For some reason, the article went viral. Well, it probably went viral for the same reason people send chain letters about virus hoaxes. It had just enough sensationalism mixed in with an authoritative tone to seem credible. The name of Nick’s radio station is “The Bull,” and perhaps that should have been an indication to people reading it that his article was for the most part, BS.
I’m not sure why this radio personality felt it necessary to pretend to be a technology expert. The very first time I read the article I knew there was something just not right. I tried to research his claims for some friends who were asking and for the life of me I couldn’t find anything about this guy stating that he had any professional experience besides working in radio. There’s nothing wrong with working in radio, but if you’re going to use your platform to disseminate information, please be sure you know what you’re talking about! As far as I’ve seen, Nick has not yet written an apology for his fear-mongering article, but rather has shifted into portraying himself as some sort of privacy advocate. Once again, I’m all for privacy advocates, but if you’re going to advocate – know of what you speak beyond just a cursory scratching of the surface.
Nick Russo made a lot of outlandish claims regarding what the Facebook Messenger app could do. The first problem with his claims were that he didn’t make a distinction between smartphones. I knew right away when reading his article was that there was no way Apple would allow an app like that to get into their App Store. Certainly it might be possible with an Android-based phone, however unlikely it would be, but Apple puts every single app submitted to their store through an approval process. Every. Single. App. Yeah, there’s no chance that Apple would allow Facebook Messenger, or any other app, to do the following as claimed by Nick Russo:
- change or alter your connection to the Internet or cell service … for its own reasons without telling you.
- send text messages to your contacts on your behalf … when they want
- see through your lens on your phone whenever they want .. listen to what you’re saying via your microphone if they choose to
- read your phone’s call log, including info about incoming and outgoing calls … Facebook will know all of this
- read e-mails you’ve sent and take information from them to use for their own gain.
- read personal profile information stored on your device … addresses, personal info, pictures or anything else
- Facebook will now have a tally of all the apps you use, how often you use them and what information you keep or exchange on those apps.
It’s not like Apple iPhones are some off-the-wall brand that can be safely overlooked when discussing smartphones. They are just a *little* popular, to put it lightly. So to write an article like this with such extreme claims and not know about Apple’s approval process is simply irresponsible. But even if we were to ignore iPhones for the moment, does anyone really think that Facebook would want to do most of what is claimed above to their users? Perhaps Mr. Russo should have put in a call to someone at Facebook to ask a few questions first? Or at least do a tiny little bit of research on this thing called the Internet before publishing an article like this? I bet even the resident PC guy at “The Bull” probably could have warned Nick that his claims were pretty far out and to be careful before publishing his article. But alas, Mr. Russo took a little sliver of knowledge and believed he knew more than he did – running off like “The Bull” in a china shop and starting a viral tidal wave in the process.
To be fair, in theory – extreme theory, what Nick Russo claims above could possibly be accomplished by highly malicious apps running on some smartphone platforms. But Facebook Messenger isn’t a malicious app. And Nick must have found that out because in his next article he states, “I’ve now learned that both the New Facebook Messenger App and the original Facebook app have many of the SAME permissions.” Yes, I’m sure he did learn a few things once his article went viral! But perhaps those things should have been learned BEFORE publishing! As it turns out, the Facebook Messenger app (which isn’t new, but has been out for years), does virtually nothing different than any other similar app, including the normal Facebook app that billions of people already use. Oops!
Apparently once he found that out, Nick choose to portray himself as a privacy advocate, championing the idea that he made people more aware of the privacy choices on their phones. Fair enough, but let’s call a spade a spade. If he really cared about people’s privacy choices, he would have done some research and consulted with technology experts so that he could have written a balanced article. Any good that he has done has been completely obscured by the hysteria he created. Advocacy by accident at best. Fear-mongering at worst.
Bottom line, there are many articles that debunk Nick’s claims. Here is another article discussing some of Nick’s claims as “myths”. Facebook even posted an article discussing the privacy concerns. So the moral of the story is that we can’t believe everything we read – especially when it comes to technology topics. While we may not like the fact that Facebook is making everyone use a separate app for Messenger, spreading misinformation isn’t helping anybody.
Is Your Web Site Secure?
A recent major security vulnerability in web content management systems WordPress and Drupal last week highlighted the need for business owners to be more aware of potential risks to their web sites. The use of content management systems (CMS) to build web sites has exploded in recent years. Where in the past most web sites were built from simple text and graphic files, CMS based web sites employ relatively complex software systems running in the background. These systems, like any other software system, have potential security issues from time to time and need to be maintained just like any other software system.
Business owners need to understand if their web site is based on a content management system so they can take proactive steps to maintain the security of their web sites. With older simple web sites, the web hosting company was primarily in charge of securing the web site. With CMS based sites, the web host can be secure, but the CMS can still be vulnerable. Securing the CMS is the responsibly of the business owner. While most business owners would assume their web designer is on top of the security of their web site, managing a CMS requires more of a technical skill set. The reality is that most web designers are not technology professionals and may not be managing the underlying technology of a CMS based web site.
My WordPress Maintenance and Support service covers my clients from security issues like this, as I actively maintain and support the underlying technology behind WordPress-based web sites, whether or not I developed the web site for the client. But regardless of the type of web site your business has, if you have any question regarding the security of your site, feel free to contact me so that I can evaluate it. I can determine the underlying technology your site uses and if your site is at risk of any security vulnerability.
I Know You’re Not Using Handsfree While Driving! Review of Plantronics Voyager Legend
I can see you! Yeah, you in the car! You’re holding up your cellphone to your ear while driving! In the State of Illinois where I live, this was made illegal at the first of the year. Yet you’re still doing it. If I’m seeing you do it, you can be sure the police can see you as well. Enforcement has started in earnest and it’s a easy ticket to write. I personally know some people that have been recently cited for it. The sad part is that for the cost of the ticket, they could have purchased a handsfree device and avoided the hassle. So here is my gentle reminder to you – get a handsfree device before you get pulled over. Besides, it really is safer because I know some of you have trouble driving even with both hands on the wheel!
To help you out, please review the article I wrote earlier in the year about choosing a handsfree device. But as an update to that article, I wanted to share with you a review of my new handsfree device. I’ve been using it about 6 weeks now so I think I have a very good handle on it.
My previous Bluetooth headset was a Jawbone Era. Overall it worked well enough, but I was becoming irritated with a few quirks of the device when using it with my iPhone. They were infrequent enough that I wasn’t exactly in the market for a new headset, but I had found one in my normal course of technology research that seemed promising. When I found out that Best Buy had a sale running on that particular unit, I went ahead and jumped at the opportunity to get one.
The Plantronics Voyager Legend is an over-the-ear style headset. I tend to like over-the-ear headsets, but I know some others don’t. Still, even if you haven’t been a fan of over-the-ear styles before, I would suggest that you give the Voyager Legend a try before you dismiss it. The reason I like the over-the-ear style is because these devices tend to stay put on my ear better. With the Voyager Legend, the weight is so evenly distributed that I have often forgot it was on. Sometimes I even forget that I have taken it off, which is a weird phenomenon, but I attribute it to the fact it is so comfortable that my body can’t really tell the difference when it is on or off. Also, the way the device is designed, most of the bulk is in the part of the device behind the ear. There is only a thin microphone that extends from your ear, so overall I think the device is quite understated. In other words, you don’t look like a Borg while wearing it as some Bluetooth headsets might tend towards.
That being said, what really matters with a Bluetooth headset is the sound quality of the call. The biggest critic I know is my wife, whom I tend to talk to quite frequently over the phone. She immediately said the Voyager Legend did a much better job of reducing ambient noise. In fact, I can have the windows of my car rolled down some and she can’t hear it, even at highway speeds. About the only problem with the noise reduction is wind is blowing directly on the headset. Unfortunately direct wind noise is something that no headset seems to be able to deal well with. Also, the Voyager Legend seems to pick up the sounds from something like a Radar detector, which drives my wife crazy. Other than those quirks, the sound quality seems to be excellent, as the callers on the other end can hear me clearly and distinctly with virtually no background noise. As I said in my previous article, this is extremely important to me since I use my phone for business.
The “quirks” that I had endured with the Jawbone Era I’m thankful to say do not exist with the Voyager Legend. The biggest thing that was a problem was that the Jawbone Era would at times “flake out” when making or answering a call. In other words, I would make a call or answer my phone, but the sound didn’t work. So I didn’t know that someone else had picked up the call I made or I wouldn’t hear anybody on the other end. Similarly, it would seem that on occasion I could hear someone but the other person couldn’t hear me. I had to shut off my Jawbone Era and turn it back on to fix the problem. This was obviously not cool when I was driving. Additionally, there were times where the caller on the other end could hear me, but the sound quality was very garbled. This was especially true in my home office, where I have been spending more time lately working on Web Site projects. That area of my house unfortunately has low cell phone coverage and somehow that seemed to affect the performance of the Jawbone Era. I have not experienced these problems with my new Voyager Legend. About the only quirk I have experienced is that occasionally if I hold down the button on the headset to give voice commands to my iPhone, the Voyager Legend doesn’t always activate Siri. It has only happened a few times and it isn’t enough of a problem to be a big nuisance.
A couple of nice features about the Voyager Legend that I like is that I can answer a call by simply saying “answer” or ignore the call by saying “ignore”. This feature so far has worked flawlessly for me. Also, if you are not wearing the headset when a call comes in, simply putting it on automatically answers the call. That is a nice feature that I’ve found convenient. The battery life is also excellent, as it features 7 hours of talk time. For my usage, I can forget to charge the Voyager Legend for a day or two and still have enough battery life to make it through a third day. The magnetic charger included with the headset is a nice touch, although I don’t find it as secure fitting as say the Apple Magsafe or even the magnetic chargers that came with some older Jawbone models.
Normally the Plantronics Voyager Legend is $99. However, I found it on sale for $79 at Best Buy when I bought it. Regardless $99 is actually a good price for a Bluetooth Headset of this quality, as many comparable models go up to $120 or even $150. Beyond my personal experience, the headset has been well-reviewed by many other sources. So I wouldn’t hesitate to recommend it for purchase, especially if one can find a good sale on it. As usual with any Bluetooth headset, make sure you purchase it from a retailer that offers a liberal return policy in case the headset just doesn’t quite work for you.
Are you still ducking the new handsfree laws? What are your favorite handsfree devices?
Beware of Toner Pirates
One of the more common scams to target business owners are the colloquially named “Toner Pirates”. These people represent companies that call unsuspecting businesses and attempt to sell printer toner or ink cartridges over the phone using high pressure tactics. Usually Toner Pirates claim to be calling from your “supplier” and mention special prices that you must take advantage of that day or that prices will be going up and you must buy now. They may even know the models of equipment your company uses. The problem is that most Toner Pirates are selling overpriced and/or low quality products.
Steve Clark, owner of Metro East Office Machines, told me the best way to deal with anyone who calls offering high-pressure sales on toner and ink is to know who your current supplier actually is and mention them to the caller. Usually they will hang up, but if they persist, simply let them know you will call your supplier back to confirm the offer. If you don’t have a particular supplier, simply ask the caller to identify their company name, location, and a call back number. The key is to simply realize that the high pressure sales tactics usually indicate a scam. Steve also mentioned that Toner Pirates target an area for a particular time period and that they seem to be targeting the St. Louis Metro East area currently. If you would like to talk to Steve, who is a trusted local supplier, feel free to give him a call at (888) 367-1742 or e-mail info@metroeastofficemachines.com
I found the following infographic online that has some additional helpful tips for recognizing and dealing with Toner Pirates. Have you or your company been scammed by Toner Pirates?
Infographic courtesy of 4skyline.com
Apple Introduces Big Productivity Upgrades
Last week Apple introduced new operating systems for the iPhone and iPad plus their Macintosh computers. As Apple is known for, they had one big keynote address where they demonstrated the major new features of their upcoming operating systems. The new operating system for the iPhone and iPad will be called iOS 8 and the new OS for the Macintosh will be named OS X “Yosemite.” Both will be available as free updates sometime this fall. What was interesting about this particular keynote address was the apparent lack of any big announcements. To an average consumer, there did not seem to be anything particularly earth-shattering that came out of Apple last week. However, the relatively understated tone of the keynote masked what I believe to be a very important focus for Apple and one that should have a pretty immediate impact on users.
First off, know that Apple’s big keynote speech in the early summer is held at their “World Wide Developer Conference,” which is basically Apple’s big convention for people who write software. Their keynote audience is comprised of both highly technical developers and average technology enthusiasts. So generally Apple lays out their plan for their upcoming operating systems as well as talking about the underlying technical advancements that developers can use for new and improved software. In years past, it seems that the tech journalists covering Apple conferences have been left underwhelmed. However, after this year’s keynote speech it seems that many tech journalists were actually excited about Apple’s announcements, even though to an average person they may have seemed relatively ho-hum. This only served to underscore my own observations about Apple’s announcements and why they will be so important going forward.
While most of Apple’s announcements seemed either minor or of interest only to developers, this is a situation where the whole is greater than the sum of its parts. Without going into a great deal of technical information, Apple seems to have identified that society has become more tech savvy and people are using a variety of devices to get things done. Apple is going to make using all those devices a lot more seamless and natural which I believe will be greatly beneficial to busy people, especially professionals. For example, a user will be able to start an e-mail on their iPhone and seamlessly finish it up on their Macintosh computer. Or vice-versa. They can also throw an iPad into the equation. Apple calls this new focus “continuity.” Historically Apple has always been the undisputed master at converging seemingly disparate technologies together so if anyone can make device continuity a reality, it will be Apple. From the demos shown, it seems Apple has already nailed it and we simply need to wait until the new operating systems are available this fall.
Here are a few other nuggets of new Apple tech that I think will be highly important to busy people and professionals:
– Apple introduced MailDrop, a technology that will allow a much easier method to send encrypted attachments over e-mail. The lack of an easy-to-use encrypted e-mail system has been a real thorn for many of my clients and this could be a real game changer.
– While current iPhone owners who also own a Macintosh computer have been able to seamlessly carry on iMessage conversations on either device, they could not do so with SMS text messages. They will be able to do so with the new operating systems this fall. The ability to carry on texting conversations at one’s computer is a real time saver. Once people see just how amazing this feature is, I think it will be a real competitive advantage for Apple.
– Similarly, users with a Macintosh computer will be able to manage phone calling from their iPhone. This will be true if the iPhone is next to them or across the room. Macintosh users will be able to identify incoming callers on their computer screen, initiate phone calls from their computer, and use their computer as a speakerphone (or use headsets). For those people who do a lot of work at their computer, these telephony integration features can also be a huge time saver.
– Apple has finally embraced a technology that has been languishing in the marketplace for years. “Wi-Fi Calling” is a technology that allows a cell phone to tap into a Wi-Fi network to make phone calls when the cellular signal is weak. While there are some ways to do similar things now, none are as slick or simple as Wi-Fi Calling. This technology requires both device manufacturers and wireless carriers to support it. There have been a few Android phones that feature Wi-Fi Calling, but so far only T-Mobile and Sprint have provided lukewarm support. Now that Apple has thrown their weight behind it, expect all the major carriers to fully embrace this technology, which should be a boon to users that have weak cellular signals inside their homes or offices.
The development of these technologies, along with some others I have not touched on, show a new focus on Apple’s part to bring a much needed advancement in the way people are using their technology. No other technology manufacturers can come close to the level of seamless integration between mobile devices and desktop/laptop computers that Apple is deploying this fall. Given that no other companies have the ability to leverage technologies across disparate systems like Apple does, I don’t expect this gap to close in the near future. I believe that it is becoming very clear that Apple is positioning their products as the go-to devices for those who are serious about maximizing their productivity. While the old perception (an incorrect perception, but a common one nonetheless) was that Apple products were for “creatives” or just consumers, I believe that business people and professionals who ignore Apple’s products going forward will be doing themselves a great disservice.
New Vulnerability – STOP using Internet Explorer on Windows XP
Seriously, you’ve got to stop using Internet Explorer if you are running Windows XP.
As I predicted in my recent articles about “The End of Windows XP” (part 1, part 2, part 3), the Internet Explorer browser that is part of Windows XP would be the most vulnerable part of the operating system now that Microsoft has officially ended support. I strongly advised that people should stop using Internet Explorer and switch to another web browser such as Google Chrome. Hopefully you have heeded my advice because a new vulnerability has been made public that effects every version of Internet Explorer ever made, including the now unsupported version of Internet Explorer 8 that runs on Windows XP.
Microsoft Security Advisory 2963983 details the vulnerability called CVE-2014-1776. It basically allows attackers to run code on your computer, which can potentially give them access to do malicious things to or with your computer.
If you are using Windows XP, please take action to install and use a different web browser immediately. Unless Microsoft goes against their own policy, Internet Explorer in Windows XP will NOT receive a security update and you will remain vulnerable indefinitely if you continue to use Windows XP. If you need help with this, please contact me and I will be happy to help.
This Bug Makes My Heartbleed – What You Need to Know
Aw, this bug even has its own logo. Isn’t that precious?
Early this week a security vulnerability was made public, given the name of “Heartbleed”. Unlike most security vulnerabilities that never make much news, warnings about Heartbleed quickly spread around the Internet and has even made the mainstream media. Given the propensity for false alerts to spread around the Internet, I’ve been waiting to make sure that this wasn’t an overblown “Chicken Little” situation. However, the news has reached a fever pitch, so let me try to set the situation straight for any one who is confused by all the hysterical warnings.
Heartbleed is the name given to a bug discovered in a particular implementation of SSL/TLS, which is the encryption protocol used for most secure web transactions. This protocol is used by nearly every web site from banks to social media. The bug allows an attacker to gather small amounts of random data from a server that had otherwise been encrypted. Since encrypted data is often sensitive data, the random data that an attacker could have gathered may have been valuable, such as usernames, passwords, credit card numbers, social security numbers, etc. The biggest concern of security experts is that it may have been possible for an attacker to get the “private key” from a server, which would in theory allow them to decrypt all communications from a server at that point. If the security key of a major server had been compromised, a lot of very valuable data could have been extracted.
Make no mistake, Heartbleed is indeed a very critical bug. Any server that was affected and not yet patched their software is putting their users’ data in serious jeopardy. However, for all the dire warnings of impending doom, I believe the hysteria has been overblown quite a bit. This bug even has its own web site and logo!
At this point, most reports are advising people to change their passwords on their online accounts. Obviously it is never a bad idea to change your passwords. It can’t hurt anything and if your username and password was compromised this will effectively protect you. However, based on everything I’ve read so far, the likelihood of your account being compromised is pretty low. While popular, not every web site used the affected version of the SSL implementation. And if the bug had been known to criminals (or intelligence agencies) ahead of the pubic announcement, then the damage would have been done already. Changing your password would prevent any future intrusions, but any valuable data would likely have already been compromised.
Based on my research, it appears that the Heartbleed bug was not known to the criminal underground prior to the pubic announcement this week. It certainly is possible that the NSA or other government intelligence agencies did know about the bug, so keep that in mind. Even if it had been known, the chances of criminals recovering data in a way that could compromise accounts is fairly low, given the fact they could only recover small amounts of random data from a server with each attack. Large-scale attacks would have likely triggered security alerts prior to now, so the bug would have been discovered earlier. Account numbers such as credit cards may have been more easily recovered, but if they had been, you probably would have already had your account compromised by now and taken steps to remedy that. Or your account will be compromised in the future and the only thing you can do is to proactively change your credit card number, which can be a big pain obviously
The bottom line is that ideally you should be changing your passwords with some regularity anyway, so this situation should only enforce the necessity of that practice. Otherwise, it is a potential avenue for identity theft of which there is no evidence of the attack actually being used so the likelihood is low. The reality of Heartbleed is that it is mostly a reminder (albeit a very loud and well-publicized reminder) to proactively protect yourself from identity theft. Companies like Lifelock are probably very happy as I’m sure they’ll see a surge in new subscriptions soon. Otherwise, as for yourself, change your passwords just to be safe and keep an eye on your financial accounts as usual, but please don’t lose any sleep.