What You Need to Know About the ‘Heartbleed’ Bug



(Screenshot heartbleed.com)

The world was hit with the news this week that some versions of a common encryption component used to protect your “secure information” had a serious flaw that gave hackers room to steal private data.

The component, OpenSSL, is used to encrypt your private information as it passes over the Internet, effectively turning your emails, passwords, IM chats and private social media into an undecipherable web of nonsense to anyone else but you and the service on the other side.

The “HeartBleed” bug gives hackers the ability to extract some of that information from sites with the vulnerable version of OpenSSL.

According to Business Insider, developers behind OpenSSL had already fixed the issue before it was announced.  Service providers and businesses will need to apply fixes to servers, a step most large providers have already taken.

But that doesn’t necessarily mean everyone is in the clear.

Security firm Codenomicon, whose researchers played a role in the bug’s discovery, is urging people to change their passwords.  As a security best practice, Citon recommends using different passwords for different types of accounts to protect against this and many other types of attacks.  Switch things up — it’s best not use the same password for Facebook and your online banking account.

(Customer systems covered by a Citon managed service agreement will be checked for HeartBleed vulnerability. Notification will be sent if any patching is needed and Citon will provide guidance on the potential impact.)

Have a few more questions for our IT team? We’re happy to help you out.

Your Name (required)

Your Email (required)

Your Message




Joy on the job?




Every business is different – the goals, services and priorities shift from workplace to workplace. This is what makes our world go round. Businesses work with one another to provide their own expertise, creating a well-oiled machine that fuels the American workforce and creates the communities, cities and country we aspire to be a part of.

Citon fits into that equation as the company that provides area businesses with the IT tools they need to succeed. In doing so, it strives to improve the lives of those it does businesses with – one job at a time.

Joy is the ingredient that transforms good service to tremendous service. It sets companies apart and, ultimately, improves lives and the collective experience.

Take Menlo Innovations, for example. Its CEO and chief storyteller, Richard Sheridan, is the author of a book that addresses this very issue: Joy, Inc: How We Built a Workplace People Love. As a testament to his theory, his company has received numerous awards throughout the years for its dedication to joy in the workplace. It has consistently won the Alfred P. Sloan Award for Workplace Flexibility since 2006, largely in part due to its joy factor.

It’s safe to say Sheridan practices what he preaches – and it works.

Guy Kawasaki, former chief evangelist for Apple and author of Enchantment: The Art of Changing Hearts, recently wrote an article in which he stressed the importance of intentionally creating a joy-filled workplace. Referencing the work of Sheridan, he compiled a list of the key components to a joyful workplace:

Imagine joy. Set out to intentionally build the company and workplace that you want to work for. If you don’t try to build a joyful company, you’ll never achieve one by accident.

Build community. Good attitudes spread. A contagious joyful attitude can spread from your employees, to your clients, and to the community. A rising tide of joy floats all boats.

Foster communication. An open work environment creates natural opportunities for conversation and growth. “A culture that embraces and honors its people with a changeable space encourages serendipity.”

Use storytelling. Engage your clients and visitors with stories of your company and your team. “If you can get the world to start telling your company’s stories, you will reinforce your mission every single minute of every day, even when you’re not in the room.”

Tear down towers of knowledge. One person shouldn’t be so integral to your organization that they can’t go on vacation or has to be on-call all the time. While these could seem like job security, ultimately, it’s too much pressure on one person and the infrastructure.

Design for living. “Whatever you do for a living, design plays a role.” Design helps tell your companies story and should help create the joyful user experience for your brand.

Kill fear. “Fear is one of the biggest killers of joy,” so it holds your team back from making bold decisions unless the bold decisions mirror what management wants. Which, come to think of it, often means they’re not really bold.

Make mistakes faster. “Small, fast mistakes are preferable to big, slow, deadly mistakes.” Create a culture where people can fail and succeed to survive and thrive. A small, fast mistake means you’re learning. A big, slow mistake means you’re dumb.

Rely on discipline. There’s no replacing hard work and accountability for your work. Discipline creates results. Joy and discipline are not polar opposites nor are joy and anarchy the same thing.

Catalyze teamwork. At Menlo Innovation, they work in a pairing system. Each week they switch pairs and maximize the skills of each employee as they rotate through different pairings. This pairing and re-pairing strengthens the whole team.”

Need some joy? Contact us.

Your Name (required)

Your Email (required)

Your Message

The Benefits of Going Pro with Wireless Routers



As a small business, it might be tempting to purchase a wireless router from a big-box electronics store — they’re cheap and, in terms of connecting your business to the Internet, they work.

But, those low costs come with a great risk. Home routers are increasingly becoming the target of online criminals who are exposing vulnerabilities and creating loopholes to steal sensitive data.

According to the Internet Storm Center, a wave of comprised Linksys home routers were reported in February within a span of a few days – and that sort of mass exploit isn’t rare. The same fate hit Asus routers, which have also recently been subjected to hacks.

The virus impacting traditional home router systems is being labeled as “The Moon.”  Here’s how it works: The virus essentially takes over the router and scans for vulnerabilities. This could mean a weak password or other non-secure avenue that allows hackers to access the system.

In the midst of the panic, Linksys released a statement on its website indicating the company is aware of “The Moon” and is working to eradicate the problem. However, Craig Young of Tripwire says the issue is far from over.

“In recent years, the computing power of the average home router has increased substantially to support features like streaming media and file or print sharing,” Craig Young of Tripwire told the BBC. “These additional features offer new attack surface while the additional computing power creates new possibilities for what an attacker can do with a compromised device.”

While perhaps more affordable at the onset, the use of a vulnerable router is one that could lead to greater costs down the road – not only to your business, but also to your customers and overall professional reputation.

Want to know more? Fill out this form to get our attention:
[contact-form-7 404 "Not Found"]

Protect Yourself from Ransomware Attacks

security_vector_icon_368The virtual criminal underworld has adopted a new way to make a quick dishonest buck through “ransomware,” a practice by which cyber criminals use spam to access and hold your files ransom.

According to the United States Computer Emergency Readiness Team (US-CERT), ransomware cases began popping up in 2013. In less than one week after the phenomenon’s emergence, more than 12,000 users fell victim to ransomware schemes, largely through infected emails.

The most common ransomware on the scene is CryptoLocker. By using the same techniques used to encrypt files for good, cyber criminals have found a way to put data behind bars… and then dangle the key in front of you.

Here’s how it works:

A user is exposed to spam through an email or link, which opens the door for the games to begin. That spam often includes a malware attachment that infects the user’s PC. It attaches and encrypts all of the user’s documents. At that point, they’re locked out of their own data. In the midst of this, they’re provided a link to unlock their files – for a price, typically between $100 and $300.

Will the hackers start to adjust the price based on the number of files? Almost certainly. The number of CryptoLocker-like attacks is going to skyrocket, which means the need to guard against these attacks is more important than ever.

Here’s what you can do to protect yourself:

  • Use a good spam filter. Spam is still the #1 entry point for malware.
  • Use a good firewall with application defense and antivirus features. Packet filters don’t cut it.
  • Use a good AV/anti-malware product. They are not perfect, but they will stop a lot of the junk before it has a chance to do damage.
  • Use software restriction policies on Windows and blacklist known malware executables.
  • Keep your systems patched. Java, Acrobat and other problem programs can be used to automatically launch malware.
  • Use a good backup system. If you don’t pay the ransom, you better have some good backups to recover from.
  • Restrict user rights. CryptoLocker can only encrypt files the user has access to.
  • Use your brain. Most malware doesn’t work without one crucial ingredient: a sucker to open the email or attachment. User awareness is key.
  • Respond quickly. “Ransomware” needs time to encrypt files. Shut down infected machines immediately and live CD-based tools to clean up the mess.


We’d love to tell you more. Fill out the form below to get our attention:
[contact-form-7 404 "Not Found"]