FRII Break Room

Informal tech chatter from the geeks of Northern Colorado’s largest commercially available data center

Home » Archive by category "PSA"

Warning: Email phishing attacks are targeting you

Do you know how to tell a legitimate email from a targeted phishing attack?

fish hook

Phishing scams try to “hook” you into believing they come from legitimate businesses so that you’ll reveal personal or secure information.

Sometimes it’s not easy to tell what’s real and what isn’t, even for the most sophisticated email user. This article will help you or someone you care about learn what to look for so that your information stays safe.

Within the past few years, there’s been an increase in the ability of the average email user to detect and delete spam. This has not gone unnoticed, particularly by the spammers who have a direct financial interest in obtaining our confidential information. Because of this, the percentage of people who respond to spam has remarkably decreased. Now, though, we’re seeing an increase in the type of targeted spam known as phishing. We’ve entered the next evolution of email scams, and things are just heating up.
Continue reading

PSA: Heartbleed OpenSSL Vulnerability

heartbleed vulnerability icon

The Heartbleed OpenSSL vulnerability should be taken seriously. FixedOpenSSL has been released. Please see heartbleed.org for more information. (image from heartbleed.org)

Warning: OpenSSL vulnerability.

I’ll skip trying to re-explain everything and just link to: http://heartbleed.com/

The short version is that OpenSSL versions in the last ~2 years are vulnerable to having basically any confidential information stolen. Any exploited servers are vulnerable to having previously sniffed traffic decrypted, even after patching out the vulnerability. It is recommended that you regenerate your SSL private keys and certificates, even after patching, and revoke the previous certificates with your certificate authority.

All in all, very bad. Approximately 1/3 of the Internet is effected. FRII is advising all customers to take this extremely seriously (as we are) and take every precaution. FRII has already patched all potentially vulnerable portions of our infrastructure, and any potentially compromised certificates will be revoked and replaced as soon as possible.