NT - Eric or Jack - IT issues - Heartbleed?

[BulldogTom]

Jack or Eric (or any of you other IT Geeks out there).

We have a situation at my day job and I just wanted to see what you guys think. I believe this is a HeartBleed issue, but our IT guys are not sure.

We have 4 Toshiba business hubs on the network in our offices, which we use to fax, scan to e-mail, scan to files, print, copy, etc. The system has been stable since we installed the biz hubs about 9 months ago. About 10 days ago, the scanning function stopped working. We could scan a document, but the scan would not go to the e-mail address or file address. Toshiba came out and says their machines show the scans are being delivered to the network (I am not sure that is the correct way to say it) and that when it gets to the network operating system, it is being blocked from delivery. Toshiba says it is a Microsoft issue. Microsoft says it is a Toshiba issue.

The curious thing to me is that about 10 days ago, Microsoft put out the patch for the security issues related to Heartbleed. I don't know if this is a coincidence or not. Just seems very curious. And if I understand Heartbleed, it was using the operating system to re-route traffic on the network to a different location. If they patched the vulnerabilities in the network, would it make sense that the patch is stopping the network traffic from the Toshiba machines from going to their destination?

I am an accountant and tax preparer, not an IT geek. So if this sounds totally stupid, please tell me so. No offense will be taken.

Thanks for your thoughts.

Tom

Hollister, CA

[Catherine]

I have NO idea if this could be related to Heartbleed, but it could be something as "simple" as a permissions problem. Some of the permissions are buried layers deep in the anti virus software, and could be stopping the scanners from delivering the scans (writing them to disk): they may have "lost" the permission to write.

After that gets checked, I'd be lost (and defer to Jack, Eric, etc).

[kcjenkins]

I've sent it to my boys, Tom, asking their thoughts. Will post as soon as I hear back, [they are always super busy, of course].

[Eric]

I'm not much of an IT guy. I'm more of a software/web guy... and all of my web servers run Linux. I've never touched/maintained a Windows server.

I have my doubts about whether it's Heartbleed related. To my knowledge, Windows servers weren't affected by the vulnerability... unless third party software was using OpenSSL. Of course, who knows what Microsoft puts in their patches.

Anyway, just based on my general knowledge of how these things can work, here are some possibilities.

File delivery can happen a number of ways. Sometimes they work by FTP. Sometimes the machine uses a specific user account to access the network and place files. Maybe that user account is also being used for email delivery.

If it's an active directory user account, an administrator should check the status of that account. Is the account locked? Has the password expired? Maybe that user can no longer access the necessary network locations due to some other permissions issue?

The administrator's best bet is to view any error logs generated by the bizhub to see if they're descriptive enough to point at a specific issue. If not, look at error logs related to user account access. Look at email error logs to see if emails are being bounced for some reason.

[kcjenkins]

FROM MY SON:

From the description this doesn't sound connected to HeartBleed to me. With that said, I don't discount that a Microsoft patch, in response to HeartBleed, might have unintentionally broken something that affect the Toshiba software. Heart Bleed did not "re-route traffic to a different location". Its not a virus, it is a vulnerability that a hacker could exploit. Its a bug in a very popular software library that, if exploited, would expose data from a server.

Here is a great cartoon that actually explains what HeartBleed is and how its exploited: http://xkcd.com/1354/