************************************************
April 2014 Newsletter
************************************************

In this Month’s Newsletter…

* Heartbleed Vulnerability Information
* Yahoo’s Email Change Has Big Ramifications
* Featured Client: childrenssoftwareonline.com
* From the Blog…

Heartbleed Vulnerability
——-
Rest assured that all LexiConn servers are safe from the Heartbleed vulnerability. The majority of our servers were not vulnerable to this attack, and the handful that had a susceptible version of OpenSSL were patched within hours of the vulnerability’s announcement.

In case you hadn’t yet heard, Heartbleed is a bug in the very popular OpenSSL cryptographic library used by many modern servers throughout the world. OpenSSL provides the backbone for the encryption used for secure communications over the web.

The bug allows a hacker to gain access to random “chunks” of memory from the server. Over time, a hacker *could* get the secret key for the SSL security and then go back and decrypt the sensitive data they collected. All this could have been done without triggering anything unusual in the logs or the attacker being on the machine being targeted.

While all of this may seem very daunting and it should indeed be taken very seriously, the actual threat to most websites was negligible. Getting patched shortly after the announcement of the vulnerability would have been the key to remaining secure, and this was done for any affected LexiConn machine. To read more about this vulnerability and how it was handled, reference our blog post.

http://www.lexiconn.com/blog/2014/04/heartbleed-all-lexiconn-servers-patched/

Yahoo’s Email Change Has Big Ramifications
——-
Yahoo recently upgraded their DNS to include a signature that tells ISP’s and other mail servers that an email from their domain is valid. This signature, known as a DMARC record, is only included in emails originating from Yahoo servers. This seems like a great idea to cut down on unwanted spam, however it has caused problems with legitimate email delivery as well.

For example, many merchants have the FROM address on their order notification emails set to the customer’s email address, as opposed to an email address at their own domain name. If the customer has a Yahoo address, this email would get blocked if you are forwarding it to a provider like Gmail, Hotmail, AOL, etc., as your server is seen as the origin of the message as opposed to originating from a Yahoo server. The problem isn’t limited to receipts, as this could apply to form submissions, and forwarded email as well, depending on how these are set up.

Setting a FROM address to an address that matches your domain name will avoid receipts/submissions from getting marked as spam, as they would now originate from an expected domain. You would no longer be able to reply directly to these messages though, as you would need to manually change the address back to the customer or the person who submitted the form. More details about this change and how to specifically fix it in ShopSite can be found in our blog.

http://www.lexiconn.com/blog/2014/04/shopsite-tip-order-notification-blocking-may-affect-you/

Featured Client: childrenssoftwareonline.com
——-
This month’s featured client is childrenssoftwareonline.com. Children’s Software Online is a business focused on providing parents and teachers with educational computer software geared toward supplemental learning.

http://www.childrenssoftwareonline.com/

For more detailed information on this month’s featured client as well as a listing of all past featured clients, please go to:
http://support.lexiconn.com/news/viewforum.php?f=4

From the Blog…
——-
Here are some recent posts from The LexiConn Blog:

Heartbleed – All LexiConn Servers Patched – Details about this vulnerability and how we handled it.
http://www.lexiconn.com/blog/2014/04/heartbleed-all-lexiconn-servers-patched/

ShopSite Tip: Order Notification Blocking May Affect You! – Recent changes affecting some email deliverability.
http://www.lexiconn.com/blog/2014/04/shopsite-tip-order-notification-blocking-may-affect-you/

Five Hidden Pitfalls of Remotely Hosted Shopping Carts – A look at some problems with remotely hosted shopping carts.
http://www.lexiconn.com/blog/2014/04/five-hidden-pitfalls-of-remotely-hosted-shopping-carts/

Like what you’re reading? Subscribe by Email ( http://feedburner.google.com/fb/a/mailverify?uri=LexiConnBlog&loc=en_US ) to our blog and receive an email when a new post is published.

As always, feel free to contact us with any questions you may have. Complete contact and support options can be found at:
https://support.lexiconn.com/

Sincerely,

- The LexiConn Team

If you have a moment, please let us know how we’re doing!
http://www.shopperapproved.com/surveys/full.php?id=3552