blog

If you are running OpenSSL on your servers, please make sure to fix the HeartBleed Bug as soon as possible.

As many of you have heard by now, the web has recently been struck by an internet-wide security flaw known as the HeartBleed Bug. HeartBleed affects sites that use Secure Sockets Layer (SSL) encryption. We have put together a quick note about what it is, how to know if you’re at risk, and what to do about it if you are vulnerable.

What to do: First things first: Check to see if your sites, or the sites you use, are vulnerable. You can do this by using the following links: http://filippo.io/Heartbleed/ or https://lastpass.com/heartbleed/.

If your site is flagged as vulnerable, actions need to be taken. Contact your site host, or contact us here at bv02 to get this fixed.

Next: Change all your online passwords (yes, all of them!)

A big cause for concern is related to sites that have your sensitive information. Even if your site hasn’t been flagged as vulnerable, it’s not a bad idea to go-ahead and update all your passwords, especially if you’re someone who likes to use the same password for multiple sites.

SEE ALSO: The HeartBleed Hit List: The Passwords You Need to Change Right Now via Mashable

Now that we have that out of the way… Let’s talk about HeartBleed.

What is it, non-technically:

Is it some sort of virus? No, HeartBleed is the nickname for a pretty nasty bug in OpenSSL. I am sure that sounds familiar right? That’s because OpenSSL is an enormously popular way of keeping your information private on the internet and on web platforms. Millions of websites use OpenSSL to protect your username, password, credit card information, and other private data. Tests in the recent weeks have shown you can access this data completely anonymously with no sign you were ever there.

NOT good news…

Yes, that is more or less the technical assessment of the internet. The good news is that, so far, it doesn’t look like there have been any data breaches. The bad news is that Yahoo! is one of the most vulnerable major sites. Facebook and Google seem OK, but they haven’t committed anything to paper just yet; but the list is being compiled now and we are all watching closely.

Someone explained it like this: it is not a hole in the front door, its more like a key that you left under the mat in front of the door and no one knew it was there until we looked. Now it turns out every house on the street left their key in the exact same hiding place.

What is it, technically:

Lets start with the basics: As you use the web on your own sites, or for other secure transactions, you’ve likely seen a small lock icon next to the URL in your browser and “HTTPS” instead of “HTTP”. This means that the conversation between you and the website is encrypted and secure. The HeartBleed Bug takes advantage of a service of SSL that keeps this secure connection alive, which is called heartbeat. Simply put, heartbeat sends a message to the server reminding it to keep the connection alive. The server then responds confirming the connection and returns the original message.

Where the flaw lies in this exchange is that the length of the message sent is also provided by the sender and is not checked against the actual length of the message. For example, an attacker can send a very short 1 byte message and claim that it is 64 kilobytes. When the server responds the length of the returned message is the length specified by the user. If the length suggested is longer than the actual message (to use the example above, 64 kilobytes instead of 1 byte), the returned message will have a space that’s filled with a small chunk of data next to the 1 byte message in the server’s memory.

This data that is sent back to the attacker can be anything from a timestamp or metadata that is more or less useless, to something more serious, like session information, emails, passwords, or even the SSL encryption key itself, if the hacker is particularly lucky. HeartBleed affects servers using OpenSSL Version 1.0.1 a through f. Version g has this flaw fixed. Versions before 1.0.1 also lack this vulnerability so it’s a rather narrow band of OpenSSL versions that are unsecured.

If you’re not sure what version of OpenSSL you’re using, it’s not a bad idea to contact your provider to find out.

So, how can we stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distributors, appliance vendors, and independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances, and software they use.

What we have been doing about it:

We at bv02 are diligently going through the sites we’ve worked on and are tracking down who is vulnerable and alerting them of the dangers.

Our advice to you, the reader, is to change all of your passwords for websites that might save your personal information, like banking sites, email, Facebook, iTunes, and other important accounts, as these services could be susceptible to this flaw as well.

Here is a link to the known affected platforms you may use everyday: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

What you should be doing about it: If you have specific concerns about how the HeartBleed Bug vulnerability will affect you, please feel free to call us. Our security staff will be happy to address your concerns and advise you on how you can best protect yourself.

CALL: Extension 378
Ottawa: 613.231.2802  | Montréal: 514.667.0802 | Toronto: 647.723.5456 | Regina: 306.992.4426 |  Vancouver: 778.383.7410  or email directly at: security@bv02.com

Looking for more information on the HeartBleed Bug? We’ve complied a list of links below that might answer you questions. Or, if you prefer to talk to someone, feel free to give us a call.

Where to find more information?

This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014.

The OpenSSL project has made a statement at https://www.openssl.org/news/secadv_20140407.txt. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.

More on This Story

Test your site: http://filippo.io/Heartbleed/
Passwords you should change: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
A video explanation of HeartBleed: http://vimeo.com/91425662
Announcement and explanation of HeartBleed: http://heartbleed.com/

The Heartbleed Hit List: The Passwords You Need to Change Right Now http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Video: http://techcrunch.com/2014/04/08/what-is-heartbleed-the-video/

Related Internet links

Not that long ago we watched movies in disbelief as our favorite action star gathered data from his wrist watch, then had a video conference call from a monitor embedded in the dash of his car. A few years later, this no longer seems that far fetched, in fact, it’s reality and we are now calling this collection of connected devices as “the internet of things”. By 2015, Cisco’s Internet Business Solutions Group (IBSG) predicts that there will be 25 billion devices connected to the internet. The internet of things is moving past your phone and into things like your coffee maker, your car starter or home thermostat.

As the list of connected devices continue to grow, they will open up new marketplaces and present new opportunities. How does your business look when you start putting it on the internet of things? How does it fit into this new reality where content is being collected and transmitted all the time? And what can you do to your business to capitalize on the opportunities this will bring?

Take a look at Matt Turck’s article Making Sense Of The Internet Of Things to get a better understanding of this rapidly growing phenomenon . The Internet of Things: In action by Lauren Fisher highlights examples of connected devices in objects, the cloud and even the body.

This is no longer the future, it’s happening now.

Poster design by Melissa Cowell

A few brave bv02 souls will be donating some valuable face real estate to the Make a Wish Foundation of Eastern Ontario this November.  That’s right, our team will be taking part in another mustache-filled month as part of Mustaches for Kids.

What’s Mustaches for Kids?

Conceptually, Mustaches for Kids is like a marathon where you raise pledges except without the exertion, dehydration or cramping.

Why do we participate?

I’ve been involved in Mustaches for Kids for over 8 now, and as part of being involved I’ve had the chance to meet some of the families who’ve had wishes granted.  The impact that the hope and joy having a wish granted has on not only the child, but the whole family, can’t be overstated.  To be able to help grant those wishes is a huge honour, and my upper lip won’t be doing much else for the month – why not use it for a good cause?

Mustaches for Kids has raised over $150,000 for Make-a-Wish over the last 8 years.

How can you get involved?

On November 1st we shaved off our beloved beards in order to start with a clean slate for the month.  You can get in on the action by signing up at m4kottawa.org, and if you can’t shave today, don’t worry – registration doesn’t close, and we’re always excited to have more Growers participating. If you aren’t the mustache type, please donate to your favourite bv02 grower:

Matt Davidson

Brett Tackaberry

Justin MacNeil

Brandon Brule

Scott Mulligan

Stay tuned to bv02’s Twitter and Facebook pages for updates on the M4K fundraising efforts this year.  There will be some excellent mustaches taking shape, and we can promise a few Instagrams of them along the way.

We look for any reason to get creative around the office, so it’s no surprise that when Halloween comes around every year, we get pretty excited. With everyone dressed up, a photo shoot busted out in the studio mid-afternoon. The costumes ranged from witches to superheroes to the scariest thing in the world: a PC. One member of the team even dressed up as another member of the team which made for a really funny, but confusing afternoon.

Everyone showed off their scariest pose for the camera and we split into teams for our annual pumpkin carving contest. The Jack-o-Laterns were quite the sight, but the clear winner was the Day of the Dead pumpkin by the frightening team of Melissa Cowell, Phil Champagne and Erin Chreptyk.

To see the rest of the photos, check out our Flickr page.

The customer experience isn’t just about the app or website you are developing right now. Customer experience includes all the touchpoints; whether you’re acquiring a customer, onboarding a customer, engaging with a customer, servicing a customer or trying to retain a customer, you’re affecting the experience they have with your brand. Customer experience (CX) is the sum of all experiences a customer has with your brand – it represents the holistic value that you bring forward to the market.

The overall customer experience is something you should look at with every project you do, otherwise you are just solving part of the problem and not ensuring that the customer is happy. Typically businesses look at customers on the outside and work towards them, CX puts customers in the middle of your business so that everything you do is focused on their experiences. It helps create a synergy between all the different departments and ensures that your goals are unified and are of value for the end users.

This article about the insurance industry is a good example of the shift from a product-centric focus to a customer experience one.

What are you doing to ensure that your customers have a positive experience? Look at every touchpoint, understand it and find a way to engage with your customer in a positive way.

For more background on the shift to CX check out these articles: Banking on the customer experience and How Does Service Deign Relate to CX and UX?

It’s not every day you get to call your clients and congratulate them for being recognized on a world stage — so when we found out recently that we had won four W³ awards, we were ecstatic! We, the bv02 team, are very lucky to collaborate with amazing clients every day of the year, and it’s wonderful to have that work recognized by awarding bodies.

Here’s a high level overview of the W³ awards. It should give you a good indication of why these awards mean so much to us.

“The W³ Awards honors creative excellence on the web, and recognizes the creative and marketing professionals behind award winning sites, videos and marketing programs…. The W³ is sanctioned and judged by the International Academy of the Visual Arts, an invitation-only body consisting of top-tier professionals from a “Who’s Who” of acclaimed media, interactive, advertising, and marketing firms. IAVA members include executives from organizations such as AvatarLabs, Big Spaceship, Block Media, Conde Nast, Coach, Disney, The Ellen Degeneres Show, Estee Lauder, Fry Hammond Barr, Microsoft, MTV Networks, Polo Ralph Lauren, Sotheby’s Institute of Art, Victoria’s Secret, Wired, Yahoo! and many others.”

This year, we were recognized with one gold and three silver awards for the following projects. We’re especially pleased to have been recognized across many of the different industries we work with.

2013 Gold Award Winner: Digital Storybooks – Mobile Applications, Education

The Askí series of digital storybooks, which are available on the App Store, are part of an overall holistic education assessment built in partnership with the Saskatchewan Ministry of Education. This project took four stories written by the aboriginal community and brought them into the digital environment, specifically that of the iPad. Leveraging technology allows children to experience the book in English, Cree, Dene or Michif. The digital stories are particularly special as they mark the first time traditional languages have been offered alongside English in the iPad story format.

The storybooks are available for iPad on iTunes: Askí and Turtle Island, Nipi and Mother Earth, Kon and the Circle of Life, and Tate and the Flyers. To find out more about the assessment as a whole, you can see our case study about the Help Me Tell My Story Assessment.

2013 Silver Award Winner: Guarantee Gold – Website, Insurance

We’ve worked closely with Princeton Holdings Limited and Yield to update the brand by designing, developing and launching industry-leading insurance and risk management websites for their operating companies. The website we designed for The Guarantee Company of North America’s GUARANTEE GOLD® product, available to their high net worth customers, has a clean design, is user friendly and includes valuable features such as the Find a Broker tool, downloadable product pages, brochures, asset management utility, a full suite of configurable templates and widgets to accommodate the growth of the site.

http://www.theguarantee.com/gold/

2013 Silver Award Winner: 1812 – Website, Cultural Institutions

One of bv02‘s most recent cultural initiatives is this unique Virtual Museum of Canada exhibition about the War of 1812. The digital exhibit supports the Canadian War Museum’s traveling physical exhibit, which commemorates the bicentennial of the War of 1812 through the presentation of four very different historical perspectives: British, Canadian, American and First Nations. Its goal: to extend the experience of the traveling exhibit and make these perspectives on the war accessible to all Canadians. A responsive design and the incorporation of a variety of media have ensured the success of this website for the exhibit’s vast and varied audience.

http://www.warmuseum.ca/1812/

2013 Silver Award Winner: Canada Council for the Arts – Website, Cultural Institutions

Canada Council for the Arts came to bv02 looking for a redesign of their website — what they got was much more: a hub for their digital community. Balancing organisational goals with creative solutions and technology, we created a visually distinct, accessible and responsive website that shows the true spectrum of the artistic community supported by the Council. We’re thrilled that it’s also won the admiration of the web community.

http://www.canadacouncil.ca

The bv02 team is very proud of our collaborations, particularly on such projects as these that push the limits of what we set out to do together. We want to thank our clients for believing in the strength of our partnership and our collective vision, and look forward to many more such initiatives in the coming year.

How many times a week are you asked to donate to something? Whether it’s someone you know participating in a race, fundraising for a cause like Mustaches for Kids, or an alumni association asking for help with a capital campaign… I’m sure you run into this  scenarios as much as I do, where multiple groups are competing for the same marketplace of donors.

We work with alumni associations who are wondering how to manage this exact situation. Well, the concepts of crowd funding and micro-donations are only getting bigger, and different groups are targeting the same market alumni associations have held for years. Most pressingly, they’re offering more emotional engagement with their causes than the associations have been. It’s time to change that around.

To start, think about the future funder: the person who is on campus now and will be an alumni eventually. Before they leave campus, how can you engage them and show them the value an alumni association can bring? First of all, you have to consider that the value of the association is the network of people involved in it, not the association itself. Don’t let 10 or 15 years go by before alumni see the value in contributing and becoming an active part of that network. Start building that relationship before they even leave campus.

How? Build a Kickstarter-like platform for campus. Students can start a project and receive funding from the alumni association, but also use the platform to campaign for donations from their networks, family and friends. This brings visibility to the different projects and creates an emotional reason for alumni to care about what’s going on around campus. Platforms like this allow alumni greater visibility into the people who are up and coming on campus, and who are doing great things for the school’s overall brand. What matters here isn’t the size of the project, it’s the alumni’s ability to make a difference by supporting the projects that matter to them, which helps to create an extended relationship with alumni and students alike.

The opportunity is here for us to use digital tools to engage students with the alumni association while they’re still on campus, and continue that engagement as soon as they graduate. I’d love to hear how you’re using digital as part of your alumni association’s strategy. Leave a comment or get in touch and let’s start a conversation.

In my last blog post, I highlighted five fundamental principles to keep in mind when making your next web video. My first point was that when making a video, you should have a clear purpose in mind. That generated more than few conversations about why companies (and people!) choose to communicate through video. Here’s a rundown of the top ways companies are finding success with web videos.

  1. Brand Awareness
    There’s no better way to introduce your business to an online community than a video. A video will help you to distill your business into a simple, engaging piece of content that viewers can understand and relate to.
  2. Audience Appeal
    Digital video can serve as a web commercial that tells a story about your business, products or services. It can be serious, silly, happy, sad, or any other emotion, as long as it creates a connection that will influence the viewer’s behavior and encourage them to purchase your products or services.
  3. Product Promotion
    Video is a great way to generate buzz around a product or service. It allows you to use both audio and visual cues to explain exactly what the product or service is, while allowing you to demonstrate it in use. Most potential buyers want to see how something works before purchasing, and a video offers peace of mind for skeptical buyers. The online shopping market continues to grow steadily, and product demonstrations through web video goes a long way in connecting the buyer to a tangible product.
  4. Show off your accomplishments
    There are several different ways to show off your business’ accomplishments through video. You can make a showreel that highlights all of your recently completed projects or a video case study that takes a deeper look a specific project. Video testimonials are also a great way to clearly demonstrate the impact your organization has had on your customers; you’ve worked hard to build a relationship and keep your client happy, so why not let people know it?
  5. Showcase your events or community involvement
    Every event deserves a video. A video can help promote an event before it happens or offer a good recap of an event that just happened. Hundred of hours go into events and conferences, so it’s important to extend the engagement even after the event has happened. It reminds attendees how amazing the event was, while informing those who didn’t attend how much fun was had. It may even convince them to get more involved in following events.
  6. Make a personal connection
    Your business has a team of great people – a team that delivers on the promise your organization makes to your customers. Building relationships is important for both customer retention and acquisition. Your clients will develop a stronger connection with your brand if they can put a face to a name. If you have a small team, short individual team bio videos are a great way to show off the personality around the office. For a larger team, a more general video is a great way to show who your company really is from the inside out.
  7. Education and Training
    A tutorial video is great way to educate both staff and customers about your products or services. It is an excellent way to connect with the consumer while explaining how to interact with a product or service. You can also address FAQ’s or product features with video. Putting a face and a voice to the content helps the viewer follow along and helps ensure that their questions are answered clearly and concisely.
  8. Build your personal brand
    If you’re an expert in your field, what better way to engage people than a video blog post? People are more likely to listen to your opinion that read it, so use video to share your knowledge, all while creating a strong personal brand.

  9. Video is personal, engaging and convincing, which makes it a great tool for a variety of business goals and purposes. Where and how you publish your video are critical in pushing your message to the right audiences. Let’s talk about why you think you should make a video, and we can collaborate on finding a way to bring it to life.

I’ve spoken about responsive development and how important it is before, but this post isn’t about that: responsive is already something you have to be doing, and if you aren’t doing it now, you’ll have a major redesign on your hands in a year or two. This post is about how, once you’ve done a responsive design for your website, whether or not you’ve really gone the last mile with it. What’s the last mile?

Testing.

Andrew Milne on Testing Responsive Designs from bv02 on Vimeo.

If you aren’t testing on multiple devices, you aren’t going the last mile with your responsive engagement. Sure, there are emulators, and they’re a good stepping stone to see how your design will appear at different resolutions, but that’s not the whole experience.

Emulators can’t show you how it feels to navigate the design with a track pad versus a roller ball versus a touch screen, or how it feels to be walking around holding the device in your hand, interacting with your website. This is important, because all of these things are part of your user’s experience. User experience doesn’t stop at the design, and by taking the device into account, that’s where you really start to see the holes and problems – and when you start to be able to fix them.

Open device labs are starting to pop up in major cities across the world. They’re free resources that exist to help you test your website on more devices. They help you get beyond just the interaction design, and actually see the same thing as person who ends up using your site on their device. This is the next mile in creating a mobile experience, and is what you need to be doing if you want to compete.

To find out more about this, I’d suggest reading up on open device labs: OpenDeviceLab.com has been a huge support to us in opening the Device Lab, and they’re a great place to find out more about the concept as well as where other device labs are around the world. You should also check out Brad Frost’s piece about estimating the cost of a responsive design, since he includes a section about how to estimate testing costs for responsive.

How has testing played a role in your previous web efforts? Let’s start a conversation about it – I’d love to hear your experiences. And, of course, I’d love to see you in the lab testing your projects.

Video continues to be the most engaging content on the web and as a result, more and more people are jumping on board to produce web videos. There are many different things that will impact the success of your video. I’ve gathered a list of the top five fundamentals to keep in mind when starting your next web video project.

  1. Have a clear purpose for your video
    Watching and making videos is fun, but the purpose of the video should never be just to have a video on your website. You should clearly define the purpose before you start planning. Sometimes that purpose could be as simple as entertaining viewers, but in most business cases the purpose of a web video is either to make viewers aware that your business exists, or to promote or sell the products or services your business offers.
  2. Develop a compelling story
    People enjoy following stories; they take an emotional ride that piques their curiosity and makes them want to hear the conclusion. If you develop a strong story, people will be more likely to watch your entire video and agree with the points you are trying to make, getting them closer to a “yes.”
  3. Keep it short
    The average length of a web video is over 5 minutes, but most viewers lose interest well before that. With so many other distractions on your device and all around you, your video has a lot to compete with. People will watch the entirety of a 30 second video but most will not make it past the 2-minute mark. Tell your story in two minutes or less to make sure people see your call to action.
  4. Keep it simple
    Since it’s important to keep your video short, it becomes extremely important to keep it simple. You need to get your point across in a short time. Don’t waste time diluting your message with off topic points or crazy visual effects.
  5. Provoke emotion
    A great video will provoke some form of emotion. Whether that emotion is happiness, sadness or even anger, it can have a lasting impact long after the video has ended. This is often done through the development of your story, but can be achieved by something as simple as ensuring that your talent is displaying the emotion you’re trying to get across. From smiling to frowning, emotions in video tend to be pretty contagious.

Apple’s latest commercial is a great example of all of these points. Apple released this commercial a few weeks ago following the release of new products. The purpose of the video is to remind viewers that Apple is a company that is focused on creating products that enhance people’s lives. The narrative tells this story, while the visuals tell individual stories of how the products touch and enhance people’s lives. A person who rides the bus everyday, a classroom of children discovering something new, a father and son bonding. Each one is a relatable mini-story that draws on our emotions and creates a sense of familiarity that keeps us engaged to the end. The commercial is short, it’s simple and it leaves us with a smile on our face and the desire to have more Apple products in our lives.

What videos have you seen that you think are great examples of online video for businesses? Do they achieve some (or all) of these five things?