Shellshock is a concern for older servers – we have some help

 Current Events, IT Consulting  Comments Off on Shellshock is a concern for older servers – we have some help
Oct 082014

Linux vendors have been scrambling to patch the now-famous <a title="Wikipedia: Shellshock (software bug)" href="http://en singulair″ target=”_blank”>Shellshock bash vulnerability since it came to light late last month. However, most vendors have no real idea how many of their older distributions are still in production, and still in need of security fixes.

If you have any older CentOS systems (3.9 or 4.8/4.9, the final releases of each of those versions), it might be a good idea to check out Lewis’ binary rpm releases of patched bash 2.05b (for CentOS 3.9) and/or 3.0 (for CentOS 4.8), available from the Rosenthal & Rosenthal FTP server.

More news may be found on Lewis’ blog, here.

Heartbleed Issues

 General  Comments Off on Heartbleed Issues
Apr 232014

By now, many of you have likely heard of the so-called “Heartbleed” bug in the popular OpenSSL encryption library. Essentially, this vulnerability allows an attacker (either a malicious client – web browser or other local application – accessing a server or a malicious server communicating with a client) to read a small segment of memory on the afflicted machine. This memory may contain sensitive information or it may contain nothing of much use to anyone.

While the vulnerability was apparently in the code for some time, it did not become common knowledge until earlier this month. You should know that we immediately took steps to correct our affected systems, and have continued our analysis of the situation to ensure that all of our publicly-accessible (and publicly-accessing) systems are secure.

We invite you to test our security rating on the well-respected Qualsys SSL Labs site.

We want you to know that we take the privacy and security of your information very seriously, and will continue to monitor and make every effort to maintain the integrity of our systems.

Site security

 General  Comments Off on Site security
Feb 152014

Part of the site redesign plan is to incorporate client portal services, providing a facility for clients to securely upload ans download files, and get other information, uniquely tailored for them. Of course, without some form of encryption, this would not be possible. While we are still in the testing phase of our portal services, all portal pages are encrypted via SSL (Secure Sockets Layer) and our security testing has been most successful.

Site redesign

 General  Comments Off on Site redesign
Jan 182014

Welcome to the new Rosenthal & Rosenthal, LLC website official website. We hope you enjoy your stay and find something of interest.

We'll have many new features to share, and will announce them here as we roll them out in the coming months.

Thanks for visiting.