Kibbles & Bytes Blog

Apple news, tech tips, and more…

KB Dog

  • The "Heartbleed" Vulnerability and Your Security

    You may have heard the worrying news about the “Heartbleed” vulnerability which affects the majority of secure Internet communications which are intended to keep your information private during transit. Most worrying to security professionals is that it a bug that has been in the wild since March 14th, 2012, and if someone were to exploit it, it’d be completely undetectable.

    For further technical details, see “*our blog post on the subject*”:http://blog.smalldog.com/article/heartbroken-about-heartbleed or the “*Heartbleed website*”:http://heartbleed.com/.

    h2. Was Any Private Information Leaked?

    We have investigated and found no evidence of attack or compromised customer data. Unfortunately, due to the nature of the vulnerability, there might not be any trace of a break-in. Since this is nearly industry-wide, but only publicized this week, there are a lot of unknowns.

    h2. Is Smalldog.com Safe to Use?

    Yes. We reacted swiftly to ensure that the bug was fixed and that any possible past use of the vulnerability cannot prevent future Internet communications from being private & secure.

    While the majority of our systems were not susceptible to this bug, the ones of most interest to you–our shopping cart web servers–were. So, we have updated our server software to resolve the issue (we already do this frequently to ensure your information is safe and as part of our “*PCI DSS compliance*”:https://www.pcisecuritystandards.org/security_standards/).

    In addition to making sure the bug was fixed, we had new SSL certificates issued so that all communications from now and into the future will be newly secured, just in case someone had been able to compromise the old ones. We have also reset all Top Dog Club login sessions so that all users will be required to log in again using the new encryption.

    h2. What Should You Do Next?

    To be as safe as possible, we highly suggest that you log into the “*Top Dog Club*”:https://checkout.smalldog.com/topdog/club/ and reset your password, especially if your password has been used for multiple websites.

    In addition to that, we agree with the general suggestion of resetting all the passwords for websites and services that you use. __*However, it’s advisable to only reset passwords for those sites which you have confirmed either were not vulnerable in the first place or have already fixed and re-secured their services, like we have.*__ That way, you’re not resetting a password on a site that may still expose your new password.

    You can check our site and others to see whether they’re vulnerable using the “*Heartbleed test*”:http://filippo.io/Heartbleed/#checkout.smalldog.com.

    h2. Is Mac OS X Server Vulnerable?

    No, the built-in software in “*OS X*”:http://www.smalldog.com/product/84566/apple-os-x-mavericks-app-for-mac and “*OS X Server*”:http://www.smalldog.com/product/84433/apple-os-x-server-app-for-mac is not susceptible to the “Heartbleed” vulnerability as it runs a different branch of the OpenSSL software which does not contain the bug. That said, if you are using a third-party installation of Internet server software from “*MacPorts*”:http://www.macports.org or “*Homebrew*”:http://brew.sh (or have manually compiled & installed OpenSSL), you may be vulnerable and should check & upgrade ASAP, if necessary.

  • Heartbroken About Heartbleed?

    Don’t be!

    The internet may not actually be a series of tubes, but it still is a complex layering of protocols, software, hardware and people. One of those protocols that we rely on heavily is SSL/TLS (Secure Socket Layer/Transport Layer Security). This protocol is what allows your data to pass securely between your computer or device and the sites you visit. It does this by encrypting the data end-to-end.

    For example, you might notice that Smalldog.com’s shopping cart URL has an “https” at the beginning. This signals that you’re viewing a secured page. Any information you enter on forms will be transmitted encrypted. Credit card numbers, passwords, and everything else are all encrypted and safe. Any site that handles credit card information, or other sensitive customer information must be “PCI compliant”:https://www.pcisecuritystandards.org/security_standards/. Here at Small Dog Electronics, we go through compliance testing each month to verify that our servers and systems check out. When something like the “Heartbleed”:http://heartbleed.com/ bug comes along, we take it very seriously and have procedures in place to resolve it.

    The bug works by exploiting a flaw in the way heartbeat messages are handled in OpenSSL. A heartbeat message is nothing more than a tiny message from a client to the server that says, “hey server, even though I’m not sending encrypted data right now, I’m still here, so don’t close my secure connection.” It does this because closing and reopening the connection takes work, so it’s more efficient to leave it open. These heartbeat messages typically contain some payload data and an indication of how big the payload data is. So a message might be “Hey server, I’m still here” and the payload size might say 32 bytes. The server hears this message and responds by returning the payload data and payload size to the client.

    In the exploitation of this transaction a malicious client would send a heartbeat message with a very small payload (say 10 bytes), but it would lie and say that the payload size was very large (50,000 bytes). When the server goes to respond by sending back the payload, it mistakenly grabs 50,000 bytes worth of data from its memory. This could include all kinds of data that this client should NOT know about. It could be anything the server was working on at that time: other client secure data, passwords, or even encryption keys. This is all very bad, so we want to stop it from happening.

    Fortunately, the fix for the bug is fairly simple. Servers running OpenSSL need to upgrade their version. Because it’s possible that encryption keys and certificates could have been compromised, it’s advisable to also replace those keys and certificates. Here at Small Dog Electronics, we’ve done both of these things. We’ve also reset login sessions in case an old user login session was still active or compromised.

    So what else should you know? *OS X itself is not vulnerable to the bug.* We use custom software versions and configurations on our servers to allow us to keep up with the latest bug fixes in a more timely manner, but in this case, it meant our version included the bug.

    Because we’re lovers of security here, we suggest everyone “update their Top Dog Club passwords”:https://checkout.smalldog.com/topdog/club/#topdog_settings just to be extra safe. Additionally, since OpenSSL is very common software used all across the web (somewhere around 60% at last estimation), we also suggest that people update passwords for accounts on other sites. As always, we recommend choosing “good, strong passwords”:https://www.google.com/intl/en_US/goodtoknow/online-safety/passwords/.

    Please don’t hesitate to reach out to us on “*our blog,*”:http://blog.smalldog.com “*Twitter,*”:https://twitter.com/hellosmalldog or “*Facebook*”:https://www.facebook.com/hellosmalldog if you have any questions about our security, what we’ve done to patch the Heartbleed bug, or you’d like help updating your account passwords.

  • _Dear Friends,_

    It is definitely rumor season as we move into spring and Apple is clearly working on new toys and tools. “*The Apple Worldwide Developers Conference*”:https://developer.apple.com/wwdc/ (WWDC) is coming up in June and as usual, it sold out in minutes — this time through a lottery system for the tickets. If my observations of the level of activity out at the Apple campus in Cupertino are any indication, there is a lot of work going on that we will see soon.

    We have gotten our “*Hammerhead USB/Lightning cables*”:http://www.smalldog.com/search?search=hammerhead+lightning in stock and they are now available online and in our stores. I am very happy with this new product. While we could have purchased less expensive cables, we chose to buy cables that have the Apple MFI — or “Made for iPad & iPhone” — license. This assures you that your cable will always be up to Apple specifications. These are high-quality cables that feature a flat cable design to eliminate tangling. They have aluminum ends for durability and are available in a 1 meter (3.28 feet) length and in red, black or white. Everyone needs a spare cable and I think this is a great product to consider. They are $18.99 each.

    I have been planning my route back to Vermont as soon as I get the all clear that mud season is over. I will be riding my Indian Chieftain and taking the route on the western side of Florida up to Asheville to visit our friends at Charlotte Street Computers and then onto the Blue Ridge Parkway.

    My special for this week is a road warrior’s bundle. We are going to take care of your charging needs while on the road. I am assuming that you have a Mac and either an iPad or iPhone, so we will get you the gear you need to protect and charge these devices. If you are like me, you do not want to be constantly plugging and unplugging your Mac power charger, so we will start with either a 60W or 85W Apple charger for your Mac. For some added protection, we will include a Hammerhead neoprene case for that Mac, too. For your iPad or iPhone, we are going to include the Hammerhead 12W charger and one of our new USB/Lightning cables.

    This combination would normally sell for $144.00, but exclusively for Kibbles & Bytes readers, this special is only *$119.99!*

    “*Purchase the Road Warrior’s Bundle here!*”:http://www.smalldog.com/wag900001361

  • 2014 Pricelist & More

    For our entire line of products for both Hammerhead and Chill Pill Audio, check out our full “*2014 Dealer Price List here.*”:http://vendor.hammerheadcase.com/pricelists/HH-CP-Reseller-List_040914.xlsx

    Let us show you what our small town Vermont hospitality can do for you. Call or “*email us*”:mailto:connect@hammerheadcase.com (phone number below) any time for quotes, samples or just to chat! If we haven’t met in person, we’d love to come meet you and talk shop.

    We look forward to becoming your vendor, partner and friend!

    ??The Hammerhead & Chill Pill Team??

  • The Chill Box

    *The Chill Box* is the next evolution in the Chill Pill line-up. Our new mobile speaker comes in a solid aluminum brush form factor, providing you solid stereo sound on the go!

    Whether you want to plug directly in or play wirelessly through Bluetooth, the Chill Box can integrate with your smartphone, allowing you to play your tunes, take a phone call or check on the long-lasting lithium-ion battery’s life.

    Come in Deep Purple, Lime Green, Electric Blue and Tuxedo Black.

    *$99.99 MSRP*

    !http://blog.smalldog.com/images/3883.png?1396967617!

  • NEW: Flat Lightning Cables

    Last but not least, we have our brand new *Hammerhead Lightning cables.* These 1m cables are “*Apple MFI-certified,*”:https://developer.apple.com/programs/mfi/ meaning that they are officially made for iPhone, iPad and iPod (with Lightning ports, of course!). They also feature a flat cable design for no tangles, and aluminum ends for durability.

    Available in Red, White and Black.

    *$18.99 MSRP*

    !http://blog.smalldog.com/images/3884.png?1396968449!

  • NEW: Folio for iPad Air

    *The Folio* now comes in a slimmer design for the iPad Air so you can take advantage of what the Air has to offer you; a light experience! This case offers a more casual, discreet look for the iPad with its new premium, textured exterior, providing you excellent protection from impact and scratches while offering maximum functionality with a variety of viewing angles.

    Comes in Black, Red and Purple. 

    *$29.99 MSRP*

    !http://blog.smalldog.com/images/3882.png?1396966649!

  • NEW: Bumper for iPhone 5c

    Our next product, *the Bumper for iPhone 5c*, is a new spin on our old Bumper case for iPhone 5. We listened to what everyone had to say about the old bumper and it now features a thicker design made out of dependable TPU for more durability and less wear and tear.

    Available in Lemon Yellow, Watermelon Red, Deep Purple, Black and Electric Blue. 

    *$9.99 MSRP*

  • NEW: Jacket for 5/5s

    This solid case is built from a double-injected molded design of strong polycarbonate and flexible TPU for effective shock protection. It also features ‘anti-slip’ sides to keep the phone securely in your hand, and of course, easy access to every port and button you’d need to access!

    Available in Watermelon Red, Black, Lemon Yellow, Sky Blue and our own unique “Hammerflage,” which comes in a Purple and Orange design. 

    *$14.99 MSRP*

  • AppleCare: Because WE Care!

    It happens regularly…technology breaks. Nothing is perfect, and in the age of constant change, that statement is truer than ever. It forces us…

  • !http://blog.smalldog.com/images/3885.png?1396975266!

    Happy Spring, everyone!

    Since we last checked in, there have been some exciting changes over here. From beefing up our team to adding new products to freshening up our look, we’ve been busy.

    First up: *New products* — most notably, the flat, never-tangle Lightning-to-USB cables, cases for iPhone 5c, 5s and more (see below for details). We have also adjusted our product pricing across the board so that you can benefit from increased margins while being able to offer your customers better value. Read on for more product details and a full, updated pricelist.

    You may also have noticed a *refresh to our brands’ look and feel.* It was time to switch things up, and over the next couple of months, you can expect to see some changes to our website, sales sheets, packaging, and other materials. Some changes are bolder than others, but you can be sure that Hammerhead and Chill Pill will remain recognizable as quality, value brands in the marketplace.

    Recently, Lance Millett left us to run his own business in Arizona, where he is following his passion for nutrition products. We will miss his vision here, but we wish him well! Dana Flint, Jonny Wanser, and Rob Amon have joined Tony Amenta here at the Hammerhead/Chill Pill headquarters in Vermont.

    Dana has been a long-time Small Dog Outside Sales Consultant in the Manchester, NH and greater Boston area, and he brings business-to-business expertise to the wholesale salesforce. For the last year, Jonny was the Manager of Small Dog’s S. Burlington location, where he honed his customer service and sales skills, and he’s excited to take on new projects. Rob is one of Small Dog’s longest-tenured employees, and has created new opportunities for Small Dog since the beginning. (Little known fact: Rob actually created the wholesale division of Small Dog back in 2008.)

    We will all be working together to ensure you get the great products you want and as always, our philosophy is to offer you the best possible customer service and support. Our team email is “*connect@hammerheadcase.com,*”:mailto:connect@hammerheadcase.com so please drop us a line if you have any questions!