- Should I worry about Heartbleed affecting my router?
- Why do I need another email address to access my account?
- How can big services still have security breaches?
- Why do some web pages never finish loading?
- How do I force my email account to close on another device?
- Just what is Port 80?
Links above are to Ask Leo! articles based on the transcript below.
Download the mp3 [18M]
Welcome to AskLeo! Answercast #157. I’m Leo Notenboom and I’ll be answering questions that people are asking out at askleo.com.
Today’s Answercast is brought to you by The Best of Ask Leo!. You know, I’ve been answering questions here on Ask Leo! since August of 2003. That’s over a decade now. In that time, I’ve come to answer quite literally thousands of questions. The Best of Ask Leo! is a separate email subscription where once a week you’ll get exactly what that name implies: one complete article from the Ask Leo! archives that I’ve hand-selected as one of the best. These are the most important, the most popular, the most educational, the most helpful – you get the idea – these are the best. Head out to bestofaskleo.com and sign up for your subscription today.
Should I worry about Heartbleed affecting my router?
Leo, plenty of us obviously know about Heartbleed by now and possibly the fact that this glitch is all about SSL. So, as an advanced and highly experience computer user, something occurred to me: our router’s use of SSL. In my example, AT&T Uverse is my ISP, and the model of ISP provided router is an AT&T two-wire, HGV 3801. On the router’s acknowledgements page, there is an entire section about open SSL. Basically, do you think that it’s important that SSL on a router be up to date whether they allow you to update it or not?
You know that’s a really great observation and a very good question.
My take is that it really depends on a number of factors and I’ll try to review what I think are the relevant ones. But I will say that I think it’s nothing that poses an imminent threat.
SSL on your router is not involved when you access sites on the web whether they be SSL or not. In fact, SSL on the router is really used for only one thing in most cases. When you access the router’s configuration pages, that access is typically via an https connection to the router. For example, I might manage my router by connecting to https://192.168.1.1.
That’s “https” which means SSL; which means that SSL of code of some sort is involved. If your router includes the required acknowledgements for open SSL, then it’s likely that it’s using open SSL for its SSL support.
But as is turns out, that’s not quite enough knowledge. Not all versions of open SSL were in fact affected by Heartbleed. From the Heartbleed.com page, we can see that open SSL 1.0.1 through 1.0.1F inclusive, are vulnerable. All the other versions, both before and after, appear not to be.
So, one way to determine whether or not this even applies to you is to see if you can determine the specific version of open SSL that’s on your router. That might be included in the About or Credits or Acknowledgements or some other information provided with your router. Of course, if you can’t tell, then the safest thing to do is to assume the worst.
Step one, of course, is to make sure that your router’s configuration cannot be accessed from the internet. This is typically an option in the router configuration and it actually should be turned off in general as a recommended security precaution anyway.
Now, unfortunately, how your router behaves when this function is turned off actually makes a difference. Look up the instructions for accessing your router’s configuration from its internet side. It typically involves an https connection to your internet IP address followed by a colon and a specific port number. Try it. If it can’t connect at all, that’s good.
On the other hand, if it connects even if only to display an error page of some sort, that could be bad. And I’m not talking about a certificate error, I’m talking about something like a “You can’t access this” kind of error. That implies that even with the feature turned off an SSL connection can in fact be established from the internet side. You can’t login to do anything, but you can establish an internet connection using SSL to find that out.
That, unfortunately, exposes your SSL abilities or rather your router’s SSL abilities including perhaps the Heartbleed bug to the internet.
Now, of course, you need the https connection on the inside to keep working. That’s the Local Area Network that your computers are connected to. That needs to continue to work so that you can continue to maintain and configure your router.
So, if the router is vulnerable to the Heartbleed bug, will it remain vulnerable to breaches that originate from within your own local network or from your machines?
The question really becomes, would it matter?
If your router keeps SSL exposed on the internet then it’s possible that it could be probed by bots and the vulnerability discovered. In the worst-case scenario, that might allow hackers to take over your router and configure it to their purposes. I still have a difficult time conceiving exactly how that would happen but we have to assume that it could. We just don’t know what other random data might be getting exposed as part of the Heartbleed bug.
Now, I’m not aware of any kind of probing or bots traversing the net looking for this kind of vulnerability in routers as of yet but again, I suppose it’s possible. Since you must keep your SSL active on the inside, then the vulnerability is to malware that might end up on one of your machines.
It kind of looks like this: somehow you get malware on one of your machines. This malware is somehow tailored to look for the Heartbleed vulnerability in routers. If it determines that yours somehow is vulnerable, then it can do, well, whatever to the router. Perhaps it configures it so that a hacker can reconfigure it.
Now, all of this is predicated on you getting malware on your machine. So, don’t do that! Malware is bad for any number of reasons and this is just one more. In fact, it isn’t the most important reason. To be clear, I’ve not heard of any malware that does this kind of router Heartbleed-sniffing stuff at all – yet.
My advice, honestly, is to make sure your router is secure and in particular, turn off the remote and internet configuration access. Then keep your machines free of malware. In other words, do what you probably have been doing. Don’t sweat this for now. On the other hand, if for whatever reason, this concerns you anyway, then check with the router manufacturer for any specific on the Heartbleed vulnerability for your specific model and then consider upgrading the router’s firmware if they offer one with a fix. If they don’t offer a fix, and it’s vulnerable, then you basically have two choices. Again, go back to “don’t sweat it for now”, or replace the router. I’m not rushing out to replace any routers.
Why do I need another email address to access my account?
I can’t login to my account as it keeps saying it wants another email to use as recovery. I do not have one. Do I have to get another account from somewhere in order to use Hotmail now? If so, I’ll start using the new one and get rid of Hotmail. What an inconvenience in that I have no access to my own account!
No, this isn’t some conspiracy to get you to create yet another email address. Heck the email address technically doesn’t even have to be yours – but it does have to be setup before you need it.
Recovery addresses are nothing new. And they’re certainly not limited to Hotmail. Almost all of the free email services allow you to set one up. In fact, it’s strongly recommended that you do. They’re used if you ever lose access to your account.
For example, let’s say you lose your password and you can’t login to your account. You then click the “I forgot my password link” (or whatever it’s called for the service you’re using) it then sends a password link to the recovery email address. The assumption, of course, is that you have access to that recovery email account. Once you get the password reset link, then you can change your password on your primary email account and login again.
Now, the recovery email address is something you need to set up before you need it. Obviously, if you could set one up without logging in, well, then… hackers can do that and probably hack into your account. That approach just isn’t going to work.
So you have to configure, in your account settings, a recovery email address before you need it. Typically, it’s another email account, ideally at another email service, that you also have access to.
Now, it’s important to point out that it doesn’t help to set up a recovery email address that doesn’t work. I’ve seen people just type in bogus email addresses as their recovery address. I’ve also seen people let the recovery email account simply expire and get closed because they never used it.
This is such a bad thing because if you ever lose access to your primary account, you’re going to need that recovery address to work and it will be too late to change it or set it up. If it’s configured, but it doesn’t work, you may not get access to your account back.
Typically, the right thing to do is to set up a recovery address at another service. Say, set up a Yahoo account to be the recovery address for your Gmail or Hotmaill account – that kind of thing. Then set up the other way too. Set the Gmail address to be the recovery address for the Yahoo account and then make sure you login to the recovery account from time to time so that it never gets closed for inactivity.
It’s possible, though, not recommended, that you use the email of a very trusted friend as your recovery email address. I say “very trusted” because with the recovery address, they could hijack your account quite quickly and easily and there would be no going back. You wouldn’t even have a legal recourse since you proactively gave them access. I’ve seen too many relationships and friendships go bad to ever recommend this but I have to throw it out as one possibility.
Finally, it’s just possible that some systems are very strongly recommending or perhaps insisting that you create a recovery email address. Just do it.
What the system is responding to are the incredible number of account hacks that happen every day. If people had a recovery email address set up and working, they would be able to regain access to their accounts quickly and relatively easily. If they don’t, well, then their account gets hacked and it could just as easily be gone forever. So, stop looking for evil intent. The services here really are trying to protect you.
How can big services still have security breaches?
I can see how an individual might let their guard down and get hacked but how in the world can a huge company like AOL let this happen? Below is a copy of the email I received from AOL (and that email of course is a report of the recent account hack that AOL suffered).
How can this happen? Because security is hard. In fact, it’s way harder than you or I can even imagine. And to be clear, I’m not trying to make excuses here. I just want you to understand that security, well, it’s really, really hard.
Let me review some of what I’ll call the fundamental principles that are at play in a situation like this.
Principle #1: All software has bugs. I think this is something that non-programmers have the hardest time with. The thinking is that if we just do it right in the first place, we wouldn’t have all these problems.
Here’s the fact: Even the best software, the very best software you’ve ever used; the most stable; the fastest; the best and most loved software you can think of – you know what, it still has bugs. There is simply no such thing as bug-free software – period. Anyone who tells you differently is either lying to themselves or to you. At best, software manufacturers try to insure that the bugs that do remain are of insignificant impact but there’s simply no way to anticipate and eliminate all bugs. Most – sure. All? Absolutely not.
And that’s primarily due to Principle #2: Today’s systems are unimaginably complex. Seriously. Even the people who are supposed to understand them from top to bottom, don’t. At least not completely.
Many of the bugs that I referred to in the first principle, are actually a side effect of, not explicit programming errors (those happen too), but rather errors in the way that these enormously complex systems are built. Remember, they have to be built in such a way that individuals can build them. That means they’re built in parts. Parts that can be understood. And those parts are then put together to form the larger whole. Very often, the problems that result are from simple misunderstandings or erroneous assumptions as these parts are put together.
And remember, we expect these systems to never crash, never lose any data, never deny access to those who are authorized – while simultaneously they must never allow access to those who should be denied. All of that while being both lightning fast and easy for just anyone to use. Complexity. Incredible complexity is the result.
Principle #3: You can’t retrofit security. Systems often try to – don’t get me wrong but it’s a path fraught with potholes and pitfalls. The deal is that security, true security, good, comprehensive security, needs to be baked in from day one.
That’s one of the major reasons that Windows 9x software was abandoned in favor of the Windows NT-based systems we use today. Windows 9x was based on MS-DOS, which had zero consideration for security. It just wasn’t part of the concept of that operating system. There were no such things as accounts or permissions. Windows 9x tried to bolt stuff on but it could not overcome the fundamental assumptions made in its MS-DOS foundations.
Windows NT was a complete rewrite with multi-user account and security control built in from the very beginning. Windows 2000, XP, Vista, 7 and 8 all derive what they are from Windows NT. Yes, Windows has its issues, I get that but what it is and does today simply could not have been built using the old MS-DOS based roots.
Principle #4: Complexity and evolution are at odds with security. Systems evolve. Whether or not you want more, the world, the market, the public in general, does. We want more features; we want more power, we want more games, we want more options.
As a result, systems evolve. Evolution increases complexity. Evolution of an already complex system is even worse. Evolution means that the security that you had baked in may need to handle issues and situations that it was never designed to do. Things that were never even dreamed of, say, a decade ago. So the security measures get tweaked and adjusted, they get modified and evolve themselves with the hope that nothing breaks. And of course, we want all the things we did a decade ago to keep on working.
Principle #5: You need security experts to do security right. Security as a concept is hard enough. Security as an implementation is crazy hard because the margin for error is so small. For example, encryption is trivially easy to do wrong, or maybe not wrong so much as not right enough.
Account management is the same way. To this day, there are some services that are making bad decisions like perhaps actually storing passwords (which AOL did not do, by the way). Because the people didn’t know any better or they’re in a hurry or who knows what other reasons there might be.
This is perhaps one of the larger risks of today’s incubator or entrepreneurial startup models. A small number of people get together and create something because they have expertise in that something. That’s awesome; and they produce an awesome product or service around that something. But none of them are security experts. They may have heard of it or they may have some notion of best practices like not storing plain text passwords so they get the big things right but it’s the small things that will bite them.
Principle #6: People remain the weakest link. All of the technology in the world won’t save you from the mistakes of human beings. If a tech in your data center falls for a phishing attempt – a really good phishing attempt – and they do exist – then you’ve just bypassed even the best security. Maybe your security expert, an honestly, good, true expert, overlooks a case that can happen only in one in a billion times and then you grow to the point where you’re doing a billion transactions a day. Maybe adding a feature to your decades old system uses an interface in a way that was never envisioned when it was created several years ago and never tested against since.
Maybe, maybe, maybe you just piss off the system administrator and before he quits, he leaves all of the security information on an anonymous hacker’s website. Like I said, I’m not saying that any of these are justifications for security breaches but given the enormity, the age and the evolution of so many of these systems over time, it’s really no surprise. Throw in some human frailty along the way and in a way it’s a surprise that it doesn’t happen more.
The best systems, in my opinion, don’t make the assumption that we can stop this from happening or that this will never happen. That’s naïve. The best systems have an answer for the question, “What do we do when this happens and how do we reduce the damage if and when it does?” It’s kind of like backing up that way. You can’t say my disk will never fail – or if you did, you’d be wrong and possibly also naïve. What you can say is, “How do I prepare for the day it happens and how do I reduce the impact if and when it does?”
Why do some web pages never finish loading?
I use Firefox. On the tabs, open at the top of the page, if I refresh the page and it’s reloading a green, spinning circle appears. Why is it that on some pages, that circle is there constantly? Is that page constantly refreshing or something?
You know, I’ve been noticing this from time-to-time myself on various websites. I don’t think it’s browser related since you’re running Firefox and I’m running Chrome.
I can’t specifically say what it is in your case, but I have several ides of what it might be and I kind of sort of know what it is in mine.
Web pages have become incredibly complex. It’s pretty amazing. You think that you’re accessing a single page on a simple site like say, askleo.com. I just did a test of one page, the “What Security Software do you Recommend?” page. Just loading that one page makes 344 different requests from at least 51 different domains – and my pages aren’t nearly as complex as some of the other sites you might visit every day. Though, based on the results, I might be trimming a few things now that I’ve looked at it.
Once you throw in advertising, and analytics, and images and who knows what else… it all adds up.
So, why does that matter? Well, I mean in practice, it impacts the overall page speed, of course, but eventually everything loads, right? The spinning ball stops spinning – maybe. Here’s the deal. If there’s a hiccup with even one of those 300+ requests – a hiccup that causes the browser to wait for a response that might never actually come, for example, the browser will see the page as still being loaded and it will keep spinning that little page loading indicator until it times out.
Now, my experience is that when this happens, the hiccup usually doesn’t matter. By that I mean, I often can’t tell what’s missing or what’s causing the problem. Maybe it’s an image that didn’t load, maybe some random analytics file, maybe it’s some random advertisement. The bottom line is that it’s something that might not matter and that I would never notice.
So, where do these hiccups come from? Well, I can’t speak for you but my current ISP setup is occasionally dropping DNS requests. By that I mean, the browser’s going to ask “What’s the IP address for askleo.com?” and the DNS request times out after, as it turns, a fairly long time. So with 51 different domains being referenced on a single page, that has a chance of happening to me. And it does. It’s something that I need to work with my ISP. Unfortunately, the ISP I’m talking about is in the process of being fazed out after being purchased and it’s a mess. A mess with no real support.
But basically, anything that interrupts the communication between your browser and the various resources on the web page, could manifest as a page that never finishes loading, or at least takes an exceptionally long time.
There are two other scenarios that come to mind as well. You mentioned refreshing – yes, a web page can tell the browser “reload me every so many seconds.” Not many do and not many do it very quickly but whatever the time is, if the page actually takes longer to load that time, it will never finish loading before it starts loading over again. If you have a slow internet connection, for example, that could be at play for pages that do this.
Another scenario, are pages that we now call infinite scroll. Infinite scroll is where some websites use a model where you don’t go page to page but rather you just keep scrolling down. Facebook is a great example, when you scroll down some amount the browser then fetches more content automatically to keep throwing on to the bottom of what you are looking at. Depending on how the page is architected, this can actually appear as constantly loading – as can pages that update a portion of themselves, such as little new message notifications, without needing you to actually reload the page.
I’m not saying that all pages that do this cause this. In fact, if properly written, they don’t have to. But if they’re written a different way, I’m not even going to say improperly, just differently, they certainly can. But bottom line, my money’s on the complexity of web pages and the numerous opportunities of any single hiccup to slightly confuse your browser into thinking that it’s not done.
How do I force my email account to close on another device?
Hello, Leo. I left my Hotmail account open on another device meaning I logged in on someone else’s computer and forgot to close out. I think the individual left the page open, possibly viewing my email. They have a Mac. I have a PC. Is it possible to figure out if my Hotmail account is open on another computer? Is there any way of closing it out without having access to the other device? Perhaps by changing the password? Does your account have a timeout and automatically close? It’s imperative that this person not have access.
Unfortunately, there are several reasons that you don’t want to login to your email account on the computer of someone that you don’t actually trust. Walking away while it’s still logged in is really only just one reason.
First things first – yep, change your password. On most email systems that should invalidate any other open sessions. Or at least invalidate them more quickly. If it does not then no, I’m not aware of any way to force the other sessions to close. There’s typically a timeout but it will vary from service to service and I’m actually not sure what it is for Hotmail.
Also, as long as you did not check “Remember Me”, your account credentials will be forgotten as soon as this other person closes the browser. Gmail actually has a feature you probably want. It will show you how many other places the account is currently open and even have a “close other sessions” button but I’m not aware of such a feature for Microsoft accounts such as Hotmail.
Now, clearly, you don’t want this person to have access to your email – that makes total sense but I really need to ask a harder question. How much do you trust them? Really? Would they be the kind to use that access however brief to do something?
I don’t know what – but things like changing security settings or accessing your contacts list or that kind of thing. If so, changing your password probably isn’t enough. You need to treat it like the account has already been hacked. I’ll point you at my article, “Email hacked, 7 Things You Need to Now” for what to do next.
Let’s get even a little bit more paranoid, shall we?
When logging into your account on another person’s computer, you’re placing an incredible amount of trust in that person. Why? Well, they could intentionally have key loggers installed. They could get access to your password or other credentials.
Heck, it doesn’t even have to be intentional on their part. They could have malware. You could be exposing your account credentials to hackers by logging in and using a machine that’s infected with malware. That’s why, first things first, change your password. Even if this doesn’t close the open sessions immediately (it probably will) it actually protects you from a variety of other possibilities. Possibilities that are sometimes, perhaps even more unsavory than having someone you know reading your mail – possibilities like someone you don’t know reading your email or even sending email from your account.
Just what is Port 80?
I’m trying to set something up and it says I need access to Port 80. What is Port 80 anyway? A search around the internet says it’s a software construct, one of about 65,000 ports. What does that mean? Where is it? In fact, where are all of these ports? In software? Where “in” the software? Where do these software constructs actually reside? In RAM? They must be ‘somewhere’. The computer is a physical entity and they’re inside it, physically, at some level, somewhere. Where? Are these ports permanent? Are they constructed as needed? What part of the software are they? Do they exist within Windows? Within the Bios perhaps or somewhere else?
Ports are one of those mysterious things that actually have a very specific and very well defined meaning to computers and the internet. But for the rest of us, well they’re just so much magic. Let’s see if I can clear some of that magic up.
First, you’re right, a port is nothing more or less than a software construct. it’s an idea; a concept, a number – nothing more. It’s not a physical thing at all. It lives in the software that’s written to run on devices that interconnect to each other over the internet; more correctly, any TCP-IP based network. But I’ll focus on the internet as the most ubiquitous example.
And for clarity, TCP-IP is just the protocol; the language that defines how computers talk to each other over a network.
To understand how ports work, we need to step back just a little and first understand what happens when computers attempt to communicate with each other on the internet. When you, for example, go to a web page from a website like askleo.com, several things happen. First, your computer or more correctly, your web browser running on your computer, has to turn that string, askleo.com, into the IP address of the computer out there on the internet that actually holds the askleo.com website.
Now the internet is all about numbers and in fact, only numbers at its core, and this is no exception. So, step one is that askleo.com is transformed into an IP address: 18.104.22.168 in this case. That number is used by all of the networking equipment between you and the askleo.com web server to route your request to that server.
That means your ISP; the ISP your ISP connects to; the ISP that the server hosting company connects to; they all use that number just like you might use someone’s street address to send them a letter – except that on the internet, that street address is just a number – a number as it turns out between 0 and 4 billion (with a few exceptions).
So, your request makes it to the server; what then? Most servers sitting on the internet can actually do many things. More than just give you web pages, they can send and receive email, manage databases, upload and download files and much, much more. How does the server know what it is that you’re asking it to do?
That’s where port numbers come in. The request so far has been to an address. That identifies the server. And the port number, 80 in this case, tells the server what it is you want it to do.
Port 80 happens to be the port number used to identify requests for web pages, specifically web pages that you ask for using http. There’s nothing special about 80. It could be any number actually but, other than sometime back people that designed all of these things decided to standardize on the number 80 to represent web pages.
If you are connecting to the server to send email, you might connect to it using port 25, the SMTP (Simple Mail Transfer Protocol port). If you are connecting to download a file while using FTP, you might use port 21. If you are connecting to perform remote administration, as I do myself frequently, you might use port 22, the SSH (Secure Shell Protocol port). If you are requesting an encrypted web page using https, well, that’s a different port number too – port 443.
Normally, you never need to know about these ports because the software you use, your web browser, your email program and whatnot already know, because it’s a standard, which port to use for what kind of request. But ultimately, a port is nothing more than a standardized number that’s included in a request that your computer makes of another computer to identify exactly what kind of request it is.
You might think of it as a department if you were sending a letter to a large company. The IP address would be equivalent to the physical address of the company and the port number might be the department within the company that’s supposed to handle your letter. Rather than having someone read your letter as soon as it gets to the company to try and figure out where it’s supposed to go within the company, the port number, the department, tells exactly who in the company should handle your letter.
That metaphor is actually not too far off when it comes to what’s actually happening on the server. Remember, a server is just a computer, not unlike yours or mine. It has programs running on it. Some of those programs are conceptually said to be listening for incoming requests on the ports that they’ve been assigned. So, when a request arrives at the server the number 80, as part of that request, tells the server’s networking software, also just another program, that the request should be handled by the program that’s currently listening to handle http requests. In other words, as soon as it sees the number 80, it knows that this request is for the web server program that handles http.
If it’s email you’re sending to the server, then port 25 tells the server to hand off the request to the mail server software that’s running on that machine.
So, let’s say you make an attempt to send mail to a server that’s not running mail server software. What then? The request your computer makes of the server at its IP address includes the port number 25 indicating that it wants the request to handled by the SMTP mail server software running on that machine. But there’s no mail server software running there to handle it. The networking software with no program to handle a request to that service identified by that port number rejects the request. In fact, it rejects even the attempt to connect because there’s nothing to connect to. That server doesn’t handle mail requests, which are identified by port 25.
That would be like your written mail being addressed to a department that doesn’t exist at the company that you send it to. The letter’s going to get rejected. If you ever manually configure an email program like Outlook or Thunderbird, you’ve seen port numbers. They’re defaults like 25 for sending but sometimes your ISP will tell you to use a different number. They’ve set up their servers to use a different number to identify the mail that’s being sent by their customers. If you enter that number wrong, mail fails to send because the port number you entered is like addressing to a department that doesn’t exist.
Port numbers also play an important role in how firewalls work. A firewall might sit conceptually in front of a server on the internet. It could be software on the server itself or it could be hardware. One of the firewall’s jobs is to look at each request that’s being made of the server and decide if that request should be allowed through. And one of the things it looks at is the port number identifying the service that’s being requested and that’s included with the request.
Let’s say I want to disable remote administration of my server from any IP address other than my own. Requests for other services like web pages on the askleo.com website, need to be allowed through.
The firewall needs only to look at the port number included in incoming requests and if it’s port 22, indicating the administration access that I’ve talked about, it automatically then denies the request unless it happens from my IP address. If the port number is something other than 22, the request is allowed through without any further checking. For me, that’s an added layer of security preventing hackers from trying to break in through an administration port while still allowing the server to continue act as a web server to anybody.
So, ultimately, a port number is just a number that’s included with requests made at servers to indicate what kind of service the request is all about. It’s just a concept – a number that’s used by the software at both ends of an internet connection.
I do the Ask Leo! Answercast every week so if you have a question about your computer the internet, technology, that kind of thing, head out to askleo.com to search for an answer or to ask your question. You might hear it answered here in a future Answercast.
I also put out a newsletter every week. The Ask Leo! newsletter includes answers and fixes, and safety tips, and opinions, and even the occasional answer as to why things are the way they are.
Please back up! You know I plug this every week because it’s so incredibly important. I’ve written three books about it (actually four books about it). It’s just that important. Nothing can save you from almost any disaster, like a proper and recent backup.
All of my answers, they are are based on my own personal experience and should be used entirely at your own risk. Unfortunately, I just don’t know you, your abilities, or the specifics of your machine and those of details can make a tremendous amount of difference.
The Ask Leo! Answercast is a production of Ask Leo! and is copyright 2014. Thanks for listening. I’m Leo Notenboom and I’ll be back soon with another Ask Leo! Answercast.