By now everyone on the planet with an internet connection has heard about the OpenSSL bug known as "heartbleed" that can compromise secure (https:) websites (or really, any "secure" communications on any device that uses OpenSSL, including possibly your smartphone.)
So, is it time to panic? Close all your accounts? Log off and retreat to a desert island?
Probably not. Unless you are really paranoid. Which is not necessarily a bad thing.
Personally, I have not done anything. Because, what are you going to do? Anything you type (or say or record) into a computer or any other device connected to the internet is potentially vulnerable. It's a fact of modern life. Deal with it.
Basically, what this bug allows a criminal to do is see 64K chunks of the server's random access memory (RAM) in the clear. Sloppy programming allowed this. The fix is basically one line of code. The exploit is one of the oldest tricks in the book, that is, tricking a program into returning data from out of bounds memory space.
(The inverse is tricking a program into injecting code into out of bounds memory space and executing it. That's how some viruses work. This is not a virus.)
If a big online service has thousands of servers with terabytes or more of RAM, a 64K chunk is like one grain of sand on the beach, right? Plus, it's "random" as in "random" access memory. A random 64K chunk couldn't possibly contain much useful information, right? And the odds of anyone catching a random 64K chunk of data containing something interesting about me are astronomical, right?
Well, yes and no.
The problem is that the 64K chunk of RAM is most likely allocated in the same general vicinity of your browsing session and/or the OpenSSL cryptography functions. This means that stuff like your (or some other unlucky person's) login and password could be hanging around in that space in the clear. Or, a "session key," which would allow a criminal to impersonate you and your browser. Or worse yet, the server's private SSL certificate key (the keys to the kingdom), in which case all communications to and from that server are compromised.
The good news is that a lot of bad and somewhat unlikely things would have to happen for a criminal to be able to exploit this bug.
The bad news is that you could be the unlucky person to have your password or other information exposed. Or a site you visit could be compromised, and NSA (or Facebook) could be watching everything you type on it.
At any rate, I am not aware of any reported actual exploits of the "heartbleed" OpenSSL bug. But the extent of the problem is not yet fully known and we don't know what we don't know.
So, what should you do?
First, you have to wait for the online services you use that also use OpenSSL to apply the fix. (They will also likely have to install new SSL certificates). They should announce that they have done this. Most major sites have already done so. (If you're not sure, you can use one of the verification services that have popped such as this one.)
After you have confirmed that the sites you use have applied the fix, you should next change your passwords on those sites. (And don't use the same password on every site, OK?)
Beyond that, about all you can do is monitor your credit card accounts, bank statements, online merchant accounts, etc. for suspicious activity until this dies down (which may be never). But you should be doing that from time to time anyway.
And lastly, beware of phishing or other scams that try to trick you into disclosing your password and/or other credentials or any other sensitive personal information, either via email, telephone or fake websites. These creeps come out of the woodwork to "help" you whenever there's a widely reported security problem.
For more info:
Everything you need to know about the Heartbleed SSL bug
Anatomy of a data leakage bug - the OpenSSL "heartbleed" buffer overflow
Why Heartbleed is dangerous? Exploiting CVE-2014-0160
Codenomicon Heartbleed Bug page
DISCLAIMER: I am not an internet security expert. Your mileage may vary. Proceed at your own risk. May the odds forever be in your favor. Etc.
|
Topics:
|
|
Discussing:
- Alcoa Hwy construction to extend to 2030 (2 replies)
- Smith & Wesson noise problem (3 replies)
- Are Chat bots a waste of time? (1 reply)
- Musicians dropping out of President's Freedom Concert Series (1 reply)
- It's time for new blood in Congress, Barnett in - Burchett out (1 reply)
- Burning Down The House... (2 replies)
- Behind Lege Lies (1 reply)
- Peace (1 reply)
- Speak your truth, fight and believe. (1 reply)
- Large banks have too much AI data center debt? (1 reply)
- GOP misleading on federal health care funding (1 reply)
- Feds indict civil rights group (3 replies)
TN Progressive
- Alcoa property taxes will probably not go up (BlountViews)
- Smith & Wesson not a good fit for Blount County (BlountViews)
- Pellissippi Parkway extension delayed again (BlountViews)
- Blount County early voting record turnout (BlountViews)
- WATCH THIS SPACE. (Left Wing Cracker)
- America As It Is Right Now (RoaneViews)
- A friend sent this: From Captain McElwee's Tall Tales of Roane County (RoaneViews)
- The Meidas Touch (RoaneViews)
- Massive Security Breach Analysis (RoaneViews)
- (Whitescreek Journal)
- My choices in the August election (Left Wing Cracker)
- July 4, 2024 - aka The Twilight Zone (Joe Powell)
TN Politics
- US Senate joins House in rebuke of Trump over his war in Iran (TN Lookout)
- Federal judge voids SNAP restrictions on sugary foods in Tennessee, other states (TN Lookout)
- Shelby County government sues Tennessee lawmakers over school board takeover law (TN Lookout)
- Shelby Co. Health Department questions integrity of community air monitoring report data (TN Lookout)
- Former CoreCivic CEO Damon Hininger floats replacing Blackburn in U.S. Senate (TN Lookout)
- Trump administration to appeal dismissal of criminal charges against Kilmar Abrego Garcia (TN Lookout)
Knox TN Today
- Joseph Clift: He Transported Supplies (Knox TN Today)
- 1976: The Great American Road Trip (Knox TN Today)
- Rosens’ next mission + SOUP + Terry Wilson ++ (Knox TN Today)
- Turning the dream of homeownership into a reality (Knox TN Today)
- Above & Beyond: The Green Sea Turtle is a conservation success story (Knox TN Today)
- Chris Talley: Serving his community through family, education, and healthcare (Knox TN Today)
- 6/23 HEADLINES: News and events from Knox, World, USA, Tennessee & Historic Notes (Knox TN Today)
- How did you get a nickname? (Knox TN Today)
- Maryville College: 43 Knox County Scots receive diplomas & 64 on Spring Dean’s List (Knox TN Today)
- Storm Safety: Practical steps every household should take (Knox TN Today)
- In pursuit of victory, Tennessee coaches the world (Knox TN Today)
- Meet Caleb, Monday’s Parent-A-Child (Knox TN Today)
Local TV News
- Conservationists protect 638 acres near Smokies in 'legacy-scale project' (WATE)
- Knoxville budget gives $11.5 million for street paving amid rising cost of fuel, asphalt (WATE)
- Deadly crashes highlight need for safety improvements to Broadway corridor (WATE)
- Ground broken for Homes for Hometown Vets pilot program in Loudon, Monroe counties (WATE)
- Retirement OK'd for 3 Knox County Sheriff’s Office employees indicted in corruption case (WATE)
- In-N-Out targets Alcoa location at Springbrook Farm development (WATE)
News Sentinel
State News
- Rock City discloses traffic impacts as it seeks gondola approval - Chattanooga Times Free Press (Times Free Press)
- ‘Sickening drama’: Chattanooga loses two homeless outreach employees, no longer delivering supplies - Chattanooga Times Free Press (Times Free Press)
- Southside Chattanooga creperie Adelle’s closing after 10 years - Chattanooga Times Free Press (Times Free Press)
- Collegedale police say teen confessed involvement in homicide. Landfill search called off - Chattanooga Times Free Press (Times Free Press)
Wire Reports
- Senate votes to block Trump from resuming Iran war - The Washington Post (US News)
- Judge vacates Trump policy allowing arrests at immigration courts - Politico (US News)
- House passes sweeping bill to lower housing costs, sending it to Trump’s desk - NBC News (US News)
- Wall Street ends lower on semiconductor selloff as AI spending concerns mount - Reuters (Business)
- US Supreme Court says Rastafarian man shaved by prison guards can’t sue - Al Jazeera (US News)
- Energy secretary says $17.5B in loans will help 'unleash the next American nuclear renaissance' for reactors - Fox Business (Business)
- Troubled Reflecting Pool faces fresh scrutiny over vandalism claims and duck deaths - AP News (US News)
- SpaceX Draws $89 Billion Demand for Debut High-Grade Bond Sale - Bloomberg (Business)
- Leader of group convicted in antifa-inspired attack on Texas ICE facility handed 100-year prison sentence - CBS News (US News)
- Micron’s Red-Hot Run Hits a Wall as Stock Suffers Worst Drop in More Than a Year - Barron's (Business)
- Alphabet added to Dow Jones Industrial Average, replacing Verizon - CNBC (Business)
- Ransom note about Nancy Guthrie's disappearance says she died, according to reports - The Guardian (US News)
- FedEx posts strong earnings results in last quarter with freight business - CNBC (Business)
- SpaceX stock dips below $150 debut before rebounding - Yahoo Finance (Business)
- San Francisco ABC affiliate KGO-TV at risk of losing FCC license - SFGATE (US News)
Local Media
Lost Medicaid Funding
Search and Archives
TN Progressive
Nearby:
- Blount Dems
- Herston TN Family Law
- Inside of Knoxville
- Instapundit
- Jack Lail
- Jim Stovall
- Knox Dems
- MoxCarm Blue Streak
- Outdoor Knoxville
- Pittman Properties
- Reality Me
- Stop Alcoa Parkway
Beyond:
- Nashville Scene
- Nashville Post
- Smart City Memphis
- TN Dems
- TN Journal
- TN Lookout
- Bob Stepno
- Facing South
You sir are wrong way wrong!
(link...) The correct thing to do is to visit my good friends blog right smack here (link...)
Reality, read my blog...this team is the most elite unit in the world and to be honest I am dam proud to have been a part of it and to have blogged about it.
This is a dynamic time in the world of encryption, Many new methods are being developed many old developments are being broken.