Creative Storytelling in web, iOS, and Film

Articles

Mobile Devices Affected by the Heartbleed Bug

Mobile Devices Affected by the Heartbleed Bug

Did you know? Mobile devices affected by the heartbleed bug are everywhere. The now notorious heartbleed bug affects any Internet related device, not just servers. To that end, you should be aware of how this bug may impact your use of the Internet via a mobile device, such as a phone. As just one example, users of Cisco servers/apps may be exposed to the bug. Here is a quick rundown, thanks to security provider SilverSky and Singlehop: Work phone: At least four types of Cisco IP phones were affected. If the phones are not behind a protective network firewall, someone could use Heartbleed to tap into your phone’s memory banks. That would yield audio snippets of your conversation, your voicemail password and call log. Company video conference: Some versions of Cisco’s WebEx service are vulnerable. Hackers could grab images on the shared screen, audio and video too. VPN: Some versions of Juniper’s virtual private network service are compromised. If anyone tapped in, they could grab whatever is on your computer’s memory at the time. That includes entire sessions on email, banking, social media — you name it. Smartphone: To let employees access work files from their iPhones and Android devices, some companies opt for Cisco’s AnyConnect Secure Mobility Client app for iOS, which was impacted by Heartbleed. An outsider could have seen whatever you accessed with that app. Switches: One type of Cisco software that runs Internet switches is at risk. They’re notoriously hard to access, but they could let an outsider intercept traffic coming over the network. Overall, the safety approach is to change your passwords and even potentially (if allowed) your user ID. Our team is continuing to evaluate best practices relative to the heartbleed bug. Remember, if you want to test a site to see if it is affected, use this...

read more

Fighting the Heartbleed Bug

Fighting the Heartbleed Bug

[ updated 4/11/14 ] Many of our clients are interested in fighting the “heartbleed bug.” Is this something you need to take seriously? If so, how should you manage your actions? First of all, what is the heartbleed bug?  The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by  “vulnerable versions” of  OpenSSL software. What this means in layperson’s terms is that the bug will compromise the secret keys used to identify the various service providers and as a result, capturing Internet traffic, the names and passwords of the users for affected sites and the actual content of those sites. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate those services and users. Put another way, it’s bad stuff. How do I know if I’ve been affected? The real issue is that if you haven’t been affected yet, you may be in the near future. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. It’s likely that the host of your web services uses Apache or other web management software – that also includes the use of OpenSSL. R/com Studios uses Apache on our servers, as an example. Many online web services use TLS to identify themselves to the user (you) and to protect an individual’s privacy and transactions. You might have networked appliances with logins secured via the existing implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services. What versions of OpenSSL are affected? OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable NOTE: OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug. What operating systems are known to be affected? Some operating system distributions that have shipped with potentially vulnerable OpenSSL version: Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013 NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c) Operating system distribution with versions that are not vulnerable: Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14 SUSE Linux Enterprise Server FreeBSD 8.4 – OpenSSL 0.9.8y 5 Feb 2013 FreeBSD 9.2 – OpenSSL 0.9.8y 5 Feb 2013 FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC) NOTE: Mac OS X Server may or may not be vulnerable. Mac OS X Mavericks uses OpenSSL 0.9.8y, and Mountain Lion has 0.9.8r, neither of which is vulnerable to Heartbleed. The most recent release of Safari is not affected, either. What should I do? First of all, look for updates to any software you use. Read about options. Install if you have confidence to do so. For sites that you use relative to the use of a user ID and password, change them. Change them today. Then, plan on changing them again in 15 days. Hopefully, fixes will be distributed and people will be updating their servers, access, and versions of OpenSSL by then. Test the sites you own, visit,...

read more

Dealing With Public Relations Challenges

Dealing With Public Relations Challenges

As we move into a new year, dealing with public relations challenges is something a number of our clients are concerned with. There are multiple sources for managing bad PR, but every organization can benefit from some basic strategies. Our team collaborates with clients to help them through challenges. Easy access to the websites, blogs, and Twitter can help create viral problems for people and organizations. There are plenty of examples of a PR crisis every year, and there are lessons to be learned. One of the most interesting is that many firms just ignore the possibilities of something bad taking place. Not knowing how to counter, manage, and dilute a crisis can have long term affects – we’ve seen people lose their jobs, sales, and other issues as a result of not managing a PR crisis appropriately. To help the conversation on crisis management get started, here are some of our basic rules for consideration: 1. Be Prepared! — When we ask our clients, “what are your biggest issues of concern,” they typically come up with a list of potential problems. When I ask, “how have you prepared?” – we’re often told, “we hope we don’t have to deal with this.” Crisis management is often about speed. If you’ve prepared for potential problems by having an action plan, pre-planned statements, and appropriate staff or managers ready to support you, you’ll be better prepared to stop the spread of the crisis. As a simple example, a newspaper will often write up obituaries for famous people. They aren’t dead yet. But, in the event they do die, the newspaper wants to be first to share the details that people will want to know. Certainly there are blanks to fill in, but if the background data is complete, then the process if much easier to manage. 2. There is no Excuse for Being Unprepared — For those of you who are familiar with the book, The Art of War, you already know that “readiness is all.” For reasons I cannot fathom, most of the companies we work with, and public entities in particular are reactionary – they don’t have the necessary plans in place for public relations management. There may be a crisis plan, but it’s outdated, isn’t related to the current management, or is incomplete. It can take years to build a strong reputation. It can take hours to bring it all down. Don’t let the priorities of daily activities interfere with your readiness. 3. Know the Answers to Questions Before They are Asked — When something goes wrong, the media (or employees, clients, etc.) will often try to “fill in the blanks” for information they don’t have. How often have you seen a story on a crisis modified a day or two later – that’s because the facts may be different than the expectations or assumptions. What will you be asked in the event of a significant issue? One thing we do is to create a “media role-playing engagement.” We take the top five threats and then pose journalist-style questions to our client’s management or PR team. These are hard questions – the what, why, how, when and where issues. We can do this exercise question by question rapid-fire. So, in just a few hours, you can have the...

read more

Saving Time with eMail Management

Saving Time with eMail Management

Let’s talk about email. While there are no set rules that you must follow, my job involves helping people in multiple environments with their email – and as our firm also hosts many entities email solutions, we learn a lot about what not to do – and what to do. And that means we need to work on saving time with email management. Most of you are using email that is based on the IMAP protocol. What’s important about this is that when you delete an email locally, you also delete it on the server. If you keep the email locally, you’ll also keep it on the server. The key threat here is that if you keep all of your email, you’ll eventually run out of room. All email accounts only have a set level of storage, just as a hard drive does. Learn what IMAP is and how it affects you. As noted, the key is running out of room – called a quota in IMAP discussions. We recommend moving older email off the IMAP server and into mail folders on your own hard disk (often called “local folders”). Here’s how to create a local mail folder using different email clients: Thunderbird, Outlook Express, or Windows Mail (Vista) -File Menu -> New -> Folder.. -Give the mailbox a name (i.e “archived mail”) and Create as a subfolder of “Local Folders” Microsoft Outlook -File Menu -> New -> Folder.. -Give the mailbox a name (i.e “archived mail”) and place the folder inside “Personal Folders” Apple Mail -Mailbox Menu -> New Mailbox.. -Give the mailbox a name (i.e “archived mail”) and set the location to “On My Mac” NOTE: You can also set the mail folder to be within a specific account – just make certain the storage is local, not on the main server. Remember that the Trash is just another IMAP mail folder. When you delete a message, the message is just moved into the Trash folder. We recommend setting your email software to empty the trash when you exit the email application. Another issue involves workflow and the management of email that is inbound. I am a perfect example of someone who is totally wrong about how I manage my email. But I am recovering from this disability. I expect to be a recovered email manager by January 2nd. Learn how to manage your email more effectively. Note only will this help with efficiency, it will also help reduce space on your email server and on your local (in your computer) hard drive. So, use some of your upcoming holiday break time to become a more effective user of email. It can only make 2014 a more productive...

read more

Adobe Theft Could Affect You!

Adobe Theft Could Affect You!

Do you use an Adobe product? Photoshop? Premiere? Illustrator? Have you ever registered online or purchased cloud-based services from Adobe? If so, the Adobe theft could affect you. Yes, you could be one of the up to 38 million users who are affected by the theft of private information from Adobe this past October. The security breach at Adobe is turning out to be much more widespread than the company first let on. When Adobe announced the breach on October 3, it said that attackers stole user names and encrypted passwords for an undisclosed numbers of users, along with encrypted credit or debit card numbers and expiration dates for up to three million customers. Krebs on Security now reports on the full extent of the attack, confirming the 38 million figure now admitted to by Adobe. And, we may not have seen the end of this – the total number of people may be far beyond the 38 million we know about. According to Krebs on Security, the 3.8GB file includes more than 150 million usernames and hashed passwords, all taken from Adobe. The same file also apparently turned up on a server with the other stolen Adobe data.Adobe admits that 38 million active users users were affected, whereas the other usernames and passwords could include inactive IDs, test accounts and IDs with invalid passwords. Adobe is still investigating, and given the tendency of users to repeat the same usernames and passwords across multiple Web services, inactive account holders could still face a security risk. Adobe is trying to notify inactive users of the breach, and has already reset passwords for active users who were affected.To make matters worse, Krebs on Security and Hold Security both report that hackers captured source code for Adobe products including Photoshop, Acrobat, and Reader.Hold Security noted that the source code theft could have far-reaching security implications.This includes possible new viruses, malware, and security breaches of personal information.Active Adobe users affected by the breach should have received a notification from the company by now, prompting them to change passwords. We suggest you consider making changes to how you manage your personal security. Adobe notes that users can employ several strategies to keep their data safe, such as setting different passwords on each site or setting up a password manager. The key is to not let your current settings remain in effect. If you’ve been using a password related to any Adobe product, or if you paid Adobe money via a credit card, change your passwords (for every account on every website)...

read more

Welcome to the New R/com Studios Website

Welcome to the New R/com Studios Website

Welcome to the New R/com Studios Website One thing that never ends is the ongoing need for change. Our world of digital technology changes so rapidly, that every new introduction is almost a simultaneous signal of obsolescence. Hopefully, we’ll dodge a techno bullet with our new website. The new site is completely responsive. Open it in your PC or Mac browser, and then drag the width of the browser open and closed. You’ll see what responsive is all about. This way, one single design composition will support smart phones, tablets, and desktop PCs. We’re converting clients websites to function this way – and we’d love to help you move things forward as well. We’ve also changed the way in which are products and services are being presented. Now, we’ve categorized everything into three specific “studios” that develop and deliver specific content: Web Studio iOS Studio Film Studio We’re offering the same overall product and services, but with better capabilities, more affordable pricing, and even greater quality than ever before. The new site will help you find what you need faster, and you’ll see how our workflow, pricing, and deliverables work. During the coming weeks, we’ll also be rolling out updates to our Content Management Software, our Survey Software, as well as new services for hosting and web app...

read more

Office for Mac 2011 Fixes Released

Office for Mac 2011 Fixes Released

Microsoft’s Office for Mac 2011 14.3.8 fixes “critical issues,” including “vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” See Microsoft Security Bulletin MS13-085 for...

read more

Going Back in Time With Apple and the Mac

Going Back in Time With Apple and the Mac

Let’s turn on the way-back machine… There was a time when digital media was a new and untested environment with computers. Today, you can grab 1080p HD video with your phone, edit it in your phone, and have it broadcast on CNN within hours. Back in the rusty ole 1990s, things were not quite as simple. That’s not to say that it wasn’t a fun period of time. It was awesome. During 1995, we were actively collaborating with Apple, Radius, Adobe, Panasonic, Sony, and other firms to create a digital video environment on the desktop. Although long gone, I started to use the term, “desktop video” in 1988, when my publishing company, Aegis Development was first creating 3D animation software for the motion picture industry. During this period, we had re-introduced Apple to NAB, and we were bringing them back to SIGGRAPH as well. We produced the entire shows during that time period, and it was a remarkable series of steps that while rocky, proved that digital video was the future. I was just ending my time as a sometime racing driver, and my collaboration with my team always included motion, music, and graphics. Apple wanted to highlight a “bundled” solution named after Star Trek (the Piccard bundle) in their return to SIGGRAPH. So, we created a really fun music video for them. We shot the piece using Panasonic cameras. We captured the video using a prototype of a new product we were involved with designing and marketing – Radius VideoVision Telecast. We edited the video using Adobe Premiere (I think it was V3-Beta something). The music was authored by my guitar-playin’ fun lovin’ collaborator Stephen Recker. We collaborated on the arrangement – and it was recorded in a nice little studio in North Hollywood. It was a blast to put the piece together – and you should have seen people’s jaws drop when we launched the piece at that year’s SIGGRAPH show. Design elements evolved from our design team and the remarkable Harry Marks, and trade show management by Carolyn Goates added up to a huge win. We still do that type of thing, by the way… We just do it with things like GoPro cameras, Adobe Premiere CS-6 or Final Cut Pro X, or… but we still make companies look really good when they launch new products or create...

read more

Change the Culture, Change the Perception

Change the Culture, Change the Perception

One of the things we continually suggest to our clients is to consider your culture and compare it against that of your competitors. Once you know what the playing field is like, consider taking steps to create a process that puts your firm above the noise – be unique. Salesforce Chatter is a unique solution that large companies are beginning to use to ensure the best possible client relationship. In today’s world, getting feedback from the customer in real time is huge and almost essential. Check out this short video that explains how Salesforce Chatter works, and how Virgin America will use it to maintain their unique market position:  ...

read more

Do You Want to Create a Mobile App?

Do You Want to Create a Mobile App?

More of our business is centered around mobile app development than ever before. Creating an application that runs under iOS or Android is completely different than coding for a stand-alone software app, or a server-driven web app. In fact, a mobile app may include all of the variables in app development: mobile, web, and stand-alone. One of the most common discussions we have with clients about mobile apps relate to the how and why of app creation. Many clients think they want an app, but until we speak, it’s a bit of a mystery. This is important, because it means a certain type of developer may convince a business owner that they need a mobile app, when in fact, the opposite is true. Let’s take a quick look at some of the reasons why you may wish to create a mobile app and some of the key elements that the common business will want to consider including: Social Media links: If you’re going to create an app that connects your clients to you, consider including the ability for group broadcasts of tweets, Facebook updates, etc. Sometimes, manufacturers of products are concerned about clients communicating with each other, but they/you shouldn’t be. These can be your biggest evangelists. Use them. Empower Your Clients: Starbucks makes buying coffee fast and easy with their app. Other food services create automatic payments via mobile apps. these functions empower their customers. If you’re selling a product used by professionals who are “on the go,” give them the option to re-order or order via an app. They’ll feel very connected to you, and as such, will become increasingly loyal over time. Reward Your Audience: What is it that your client needs? Give them rewards, coupons, invitations, etc. These rewards don’t always need to be for your product or service, either. By creating a “Draw” via your app, you will create ongoing and increasing customer interest in staying in touch. Solve the Problem: Don’t create an app just to say you have one. There are literally hundreds of these appearing every day, and they are diluting the marketplace. Make certain your app solves a problem. Do your customers need to reach you and can’t easily do so? Do electronic payments help your clients? Solve the problem, and create a better relationship. And don’t expect app development to be a Craigslist type of engagement, either. App development is serious business, and as you work your way thru the process, you’re very likely to come up with improvements, modifications, or changes in direction. That costs money – and as such, you need to have a special relationship with your partner/vendor. Trust is essential. Collaboration is key. And finally, expect that your app may be rejected by the distribution source at least once prior to making it to the world of mobile app sales. If you’re interested in mobile app development, don’t hesitate to give us a call. We’d be happy to share how our mobile development process works, and how we might be able to help you get the most from your jump into the mobile marketplace....

read more