Click the link to see a list of sites to update passwords and browser plugin to identify sites that have been repaired.
By now, we all know what a huge deal Heartbleed is. The massive vulnerability in OpenSSL protocol impacted 66% of all sites on the Internet at the time of its discovery, and now companies are scrambling to fix the issue. Most big companies seem to have done a pretty good job of acting quickly, but this bug is several years old so users have been at risk for quite some time regardless of how quickly a site might have patched the flaw. As such, the cybersecurity experts at LWG Consulting have compiled a great list of all the huge sites that were impacted by Heartbleed. You could have just asked the NSA for the list.
Do you have accounts on any of the sites listed below? Change your password immediately — and be sure to change your passwords on any other sites if you use the same password there.
Those looking to protect themselves from websites still impacted by the Heartbleed bug should install this browser plugin immediately. It will warn users each time they visit a website that has not yet updated OpenSSL to protect users from Heartbleed.
#2
I'm getting too old for this business. I don't know how much longer I can keep up with all these cyber threats.
I remember in the bad old days when I was poor I'd get a live paycheck in my hand every week. I'd take it to the bank and cash it. Then I'd walk around all week with cash in my pocket. When there was no more cash I knew it was time to stop spending. I kinda miss that.
#3
One of the key concepts in B.P's link is "don't write your own damn code!"
This is exactly how the OpenSSL boys got into trouble when they coded up their own memory management routines because they felt the standard libraries (malloc, mmap) were too slow. Most unfortunate, given that the standard libs have exploit mitigation code to stop just this sort of buffer problem.
#4
I'll have the computer guy take care of it on Friday when he comes to install my new computer (WHICH I HAD TO BUY BECAUSE THEY QUIT SUPPORTING XP - THANKS, YOU MICROSOFT BASTARDS).
I'd never download a plugin just because some website said I should.
Posted by: Barbara ||
04/17/2014 13:21 Comments ||
Top||
#5
Code should be treated like mines. If you abandon the mine, it reverts to open claim. Abandon your code and someone else can pick it up (like the Dutch government et al who are paying for continued support). Those guys need to get the EuroBureaucrats working on that angle.
#6
P2k, I'm frosted because there was nothing wrong with my computer. I wouldn't have minded so much if I could have just upgraded the OS, just as we did from the old Office to Office 2010.
But to have to buy a NEW computer because theywere tired of the old one . . . . >:-(
Posted by: Barbara ||
04/17/2014 15:59 Comments ||
Top||
The heartache from the Heartbleed Internet flaw is not over, and some experts say the fix may lead to online disruption and confusion.
The good news is that most sites deemed vulnerable have patched their systems or are in the process of doing so.
The bad news is that web browsers may be overloaded by the overhaul of security certificates, leading to error messages and impacting web performance, said Johannes Ullrich of the SANS Internet Storm Center.
"A good percentage of the websites are patched," Ullrich told AFP.
The patches enable the web operators to obtain new security certificates that demonstrate that they can be trusted by web browsers.
But Ullrich noted that for each patch, web browsers must update their list of "untrusted" certificates or "keys" that would be rejected.
"For the fix, the website needs to obtain a new private key and the old key has to be revoked," he said. "Browsers will not trust the old keys."
Browsers usually update dozens of keys on a daily basis, but because of Heartbleed, that may rise to tens of thousands.
If the verification process takes too long, Ullrich said, the browser may simply declare the site invalid or show an error message.
"People will see errors," he said. "They will see an invalid certificate. They can either accept the certificate or consider it invalid."
The big danger is that people may become so confused or frustrated that they ignore the warnings or reconfigure their browsers to no longer perform the security check.
"If people turn off those lists, then a hacker could get in," Ullrich said.
With thousands of websites seeking new security credentials, "some certificate authorities and website administrators have been making careless mistakes," online security firm Netcraft noted.
Warnings about the danger have grown over the past week, with everyone from website operators and bank officials to Internet surfers and workers who telecommute being told their data could be in danger.
The bug is a flaw in the OpenSSL encryption at "https" websites that Internet users have been taught to trust.
The Heartbleed flaw lets hackers snatch packets of data from working memory in computers, creating the potential for them to steal passwords, encryption keys, or other valuable information.
The security firm CloudFlare reported last week that it appeared impossible to use Heartbleed to steal certificates to impersonate a website, but then reversed itself after a "challenge" to the security community brought out evidence that these thefts were possible.
Google said that some versions of its Android mobile operating system may be vulnerable to Heartbleed. On Monday, it urged developers to create new security keys to ensure that apps and other services can be trusted.
Trend Micro security specialist Veo Zhang said the latest evidence shows mobile phones are potentially vulnerable in two ways.
"This is because mobile apps may connect to servers affected by the bug," Zhang said in a blog. "However, it appears that mobile apps themselves could be vulnerable. ... We have found 273 in Google Play which are bundled with the standalone affected OpenSSL library, which means those apps can be compromised in any device."
Some of the first evidence of hackers using Heartbleed has begun to surface in recent days.
British parenting website Mumsnet announced Monday that members' data had been accessed, potentially compromising 1.5 million accounts.
Officials in Ottawa said personal data for as many as 900 Canadian taxpayers was stolen after being made vulnerable by the Heartbleed bug.
The Canadian Revenue Agency last week shuttered its website over concerns about Heartbleed.
#1
Naw, that's just the NSA cracking the new stuff. When it speeds back up in about a week, you'll know they got through everything. (Kinda like how they don't want you to leave a police interview until they're through...)
Posted by: ed in texas ||
04/17/2014 7:22 Comments ||
Top||
#2
Maybe the NSA didnt get the older keys and this is a great way to get the new ones.
In employing the word “blog,” we consider a site operated by a single individual or a small group that has primarily an informational purpose, most commonly in an area of special interest, knowledge or expertise of the blogger, and which usually provides for public impact or feedback. In that sense, it appears clear that many blogs and bloggers will fall within the broad reach of “media,” and, if accused of defamatory statements, will qualify as a “media defendant” for purposes of Florida’s defamation law [emphasis added] as discussed above.
There are many outstanding blogs on particular topics, managed by persons of exceptional expertise, to whom we look for the most immediate information on recent developments and on whom we rely for informed explanations of the meaning of these developments. Other blogs run the gamut of quality of expertise, explanation and even- handed treatment of their subjects. We are not prepared to say that all blogs and all bloggers would qualify for the protection of section 770.01 [emphasis added], Florida Statutes, but we conclude that VanVoorhisÂ’s blog, at issue here, is within the ambit of the statuteÂ’s protection as an alternative medium of news and public comment.
As emphasized, it applied in this case to a specific area of Florida law. But it does establish a precedence.
#2
Senator Schumer will double down twice as hard to make sure this intelligence doesn't spread. Only party qualified mouthpieces are to be reserved such protections.
[An Nahar] A court incarcerated Drop the heater, Studs, or you're hist'try! a Salafist leader to seven years for fraud Wednesday for keeping his mother's U.S. citizenship secret when filing candidacy papers in Egypt's 2012 presidential election.
The country's electoral law stipulates that a candidate's parents must hold only Egyptian citizenship.
Judicial sources said Hazim Abu Ismail was sentenced for not revealing his mother's nationality when he filed to stand in the 2012 election that was won by the Islamist Mohammed Morsi ...the former president of Egypt. A proponent of the One Man, One Vote, One Time principle, Morsi won election after the deposal of Hosni Mubarak and jumped to the conclusion it was his turn to be dictator... Abu Ismail was tossed in the calaboose Drop the heater, Studs, or you're hist'try! after the army ousted Morsi last July. He had denounced Morsi's removal as a "military coup."
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11125 views]
Top|| File under: Arab Spring
[FOXNEWS] Algerian police violently dispersed an attempt by opposition activists to stage a protest in the capital against the president's running for a fourth term in Thursday's elections.
Only a few members of the grass-root organization Barakat were able to assemble in central Algiers Wednesday before police tackled them and forced them to march away in front of a group of international journalists.
Past protests by Barakat -- which means "enough" in Arabic -- were allowed to take place in Algiers.
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11127 views]
Top|| File under:
[An Nahar] Rwanda on Wednesday warned not enough was being done to prevent future mass atrocities as the United Nations ...an idea whose time has gone... passed a resolution pledging to heed the lessons from the country's 1994 genocide.
The U.N. Security Council adopted a resolution solemnly calling on states "to recommit to prevent and fight against genocide and other serious crimes against international law."
The resolution "underscores the importance of taking into account lessons learned from the 1994 Genocide against the Tutsi in Rwanda," a summary said.
The resolution also called on Secretary General the ephemeral Ban Ki-moon ... of whom it can be said to his credit that he is not Kofi Annan... to "ensure greater collaboration between existing early warning mechanisms for genocide prevention and other serious international crimes."
While broadly welcoming the resolution, Rwanda's U.N. ambassador Eugene-Richard Gasana questioned whether enough was being done, citing examples of recent conflict in Syria, Central African Republic and South Sudan.
"The horrific things coming from the CAR, Syria, South Sudan will in some cases convince many that the U.N. is still grappling to match its normative principles with realities on the ground," Gasana said.
"Preventing mass atrocities has a long way to go... Since 1994 the U.N. has deployed efforts and tried to learn from failures of the recent past," he said. "The question is whether this capacity is adequate."
Gasana said mechanisms, such as the International Criminal Court ... where Milosevich died of old age before being convicted ... , for tackling war crimes have been "prone to political manipulation," while other initiatives were "ill-equipped and without sufficient capacities."
"As a result, some of these efforts may not amount to much, and the pledges of 'never again' will sound just as hollow today as they were after the genocide," Gasana said.
Gasana said the U.N. in future should not only be quicker to deploy peacekeepers, but also do more to "address the root causes of conflicts: improving democratic governance, reducing poverty and inequality, ensuring national reconciliation."
Colin Keating -- New Zealand's former U.N. ambassador and president of the Security Council in April 1994 as the horrors of the genocide unfolded -- apologized for the failure to do more to protect the massacred civilians.
"I had the dreadful responsibility in April 1994 of presiding over a Council which refused to recognize that genocide was being perpetrated against the Tutsi in Rwanda, and failed in its responsibilities to reinforce the United Nations peacekeeping mission in Rwanda to protect as many innocent civilians as possible," Keating said.
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11122 views]
Top|| File under:
#1
Gasana said the U.N. in future should not only be quicker to deploy peacekeepers, but also do more to "address the root causes of conflicts: improving democratic governance, reducing poverty and inequality, ensuring national reconciliation."
In other words - the benefits of colonization, without the colonizer.
#2
The UN will gladly transfer funds from the ex colonists to the ex colonies and will do the accounting to make sure that nothing is noticed when it goes missing in the process.
#3
As opposed to what happens to (say) Venezuela, where Russia and China get all the benefits of being colonizers without even having boots on the ground; that's all subcontracted to Hezbollah and Cuba.
[Al Ahram] The authorities in Saudi Arabia on Wednesday beheaded a citizen convicted of shooting dead a compatriot, the interior ministry said.
Mohammed Matrak Mohammed al-Dosari was found guilty of killing Mubarak Zafir Manahi al-Dosari using a machinegun, the ministry said in a statement carried by the state news agency SPA.
The killing came after a fist fight over a financial dispute, it said.
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11127 views]
Top|| File under:
#1
All together: Gimme that old time religion.
Posted by: ed in texas ||
04/17/2014 7:15 Comments ||
Top||
[CBSNEWS] President B.O. put Russian President Vladimir Putin ...Second and fourth President of the Russian Federation and the first to remain sober. Putin is credited with bringing political stability and re-establishing something like the rule of law, which occasionally results in somebody dropping dead from polonium poisoning. Under Putin, a new group of business magnates controlling significant swathes of Russia's economy has emerged, all of whom have close personal ties to Putin. The old bunch, without close personal ties to Putin, are in jail or in exile or dead... on notice Wednesday evening, warning that further actions to destabilize the interim Ukrainian government will result in consequences from both the United States and Europe.
In an interview with CBS News White House Correspondent Major Garrett , Mr. Obama said it was "absolutely clear" that Russia had violated Ukraine's illusory sovereignty and territorial integrity by annexing Crimea last month, and they continue to do so by supporting "non-state militias" in southern and eastern Ukraine.
Still, the White House has not abandoned diplomatic solutions. Secretary of State John F. I was in Vietnam, you know Kerry Former Senator-for-Life from Massachussetts, self-defined war hero, speaker of French, owner of a lucky hat, conqueror of Cambodia, and current Secretary of State... traveled to Geneva Wednesday evening to prepare for four-party talks with European, Russian and Ukrainian officials.
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11126 views]
Top|| File under:
Japanese Defence Minister Itsunori Onodera has reaffirmed the nation's plan for a 2014 first flight of the Advanced Technology Demonstrator-X (ATD-X) fighter: a prototype for a future fighter to replace the Japan Air Self-Defence Force's Mitsubishi F-2.
Looks like the Japanese won't be buying the F-22J...
"In February I myself visited at Mitsubishi Heavy Industries' (MHI's) Komaki Minami plant where the ATD-X is being built," Onodera told the Foreign Affairs and Defence Committee of the Upper House on 10 April. "There I was briefed that the first flight will take place this year." Spare parts have got to be an issue along with the coming defense cutbacks. The Japanese don't want to be tied to a loser, so they are going on their own, apparently...
The ATD-X, also known as Shinshin ('Heart of God'), is being developed by the ministry's Technical Research and Development Institute (TRDI), with the main contractor of the project being MHI. It has been designed to be a stealthy air-superiority fighter with enhanced manoeuvrability. The Japanese Ministry of Defence (MoD) will use it to research advanced technologies and system integration, after which it plans to produce a 'sixth-generation' fighter encompassing i3 (informed, intelligent and instantaneous) concepts and counter-stealth capabilities.
"Originally MHI planned to roll-out the ATD-X before the media in May, soon after Japan's Golden Week holidays, followed by the first test fight," an official at TRDI told IHS Jane's on 15 April. "Now it is several months behind schedule."
Onodera also said in the Diet that the MoD will decide by FY18 whether to build its future stealth fighter domestically or by international joint development, based on parameters such as technological achievements and cost effectiveness.
#1
I suspect this is also pushed along by the fact the Japanese know that the only sense that Obama has their back is the one that it's handy to stick a knife in if he feels like it.
Poland is also arming itself heavily. The world is realizing that right now, America is nobody's ally.
#3
But g(r)omgoru, I'm not sure you can really say that Obama's helping them though. He gives them enough crap to make an absolute mess of things, then goes and plays golf while whoever he just 'helped' winds up in a far worse mess than before. Just look at how well Libya and Syria have turned out.
The Obama touch - Whatever he touches turns to stinky brown stuff.
#6
Any bets on whether it's gonna be a nuke delivery capable platform? (As the F-22 isn't.) The Japanese are worried about supply line issues, particularly the probability the there's built in faults in Chinese supplied chips in what we're selling. And, no, not a drone, but it's probably set up to be a drone controller.
Posted by: ed in texas ||
04/17/2014 7:13 Comments ||
Top||
#7
Not a drone?
Given their skill in robotics, I'd expect the Japanese to be the first to field a drone capable of autonomous air combat maneuvering. Drones flying in support of their controller would be both a force multiplyer and a natural evolution.
#8
If they can keep the same sort of schedule fidelity on this that MHI is on the Mitsubishi Regional Jet, it is safe to say that the bird won't fly for at least 4 years. That bird I already 3+ years late and they finally joined ac 1's wing and fuselage earlier this month
Now is the time for politicians to once again pledge a chicken in every pot...
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11125 views]
Top|| File under:
#1
Folks ate a lot of beans during the depression. Even in the 40's and 50's, every meal did not necessarily contain beef or pork. People also raised their own chickens, rabbits, and ostrich. Supply and demand are our friends.
#3
Sure back in the dust-bowl era rule of thumb was one ostrich per person per winter. Unless you were well off to own a tortoise herd it was the best thing going price wise.
I'm going to regret this, I just know it, but this is snark of the day...
#6
Venison. Good for you and it provides entertainment as well as sustenance.
Posted by: no mo uro ||
04/17/2014 7:43 Comments ||
Top||
#7
Unless you were well off to own a tortoise herd it was the best thing going price wise.
We still celebrate the time of the tortoise drives here out West, usually on Memorial Day on the freeways.
And yes, most folks in the towns raised chickens and the occasional pig. Also lots of barter between folks. Municipal governments weren't in full jackass mode then.
#8
I want to interrupt the humor-fest to say y'all do realize that back in the 90's there was an Emu bubble down here, complete with advertisements talking about how exponential growth was possible and that you wanted to get in on the ground floor.
#10
We still have turtle races out thisaways on Independence Day, like what GW attended in Woodward OK, to celebrate our cultural heritage, but we run the Box Turtle though a bit more ornery than the Desert Tortoise the marbling and variation of diet makes up for the extra effort.
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11130 views]
Top|| File under:
#1
Our President is on record saying that under his schemes the price of electricity would undoubtedly skyrocket. No one in the MSM seemed to think this was newsworthy, despite its economic effects. But then, economics is boring, isn't it.
#2
This summer I think will be a real scorcher. So with almost all of Central America showing up thanks to no borders and getting on a grid not designed for such huge increase in populations, and eco-terrorists shutting down coal plants, and food prices going up, and water reservoirs going dry, I am sure the Chief Executive everything under control /sarc.
#4
I get my electricity from a municipally-owned utility. There has been no change in the $/kwh rate for me going back to December 2013, it runs around 11 cents/kwh.
#5
#2 Mr B, Hello. Contrary to media reports this is supposed to be a cool spring. Many records have been broken already in the states and Canada. This year finally they have forecasted three possible hurricanes. Every year they have called for large historic activity. The Russians are preparing for the coming mini ice age now(300 years). The Russian space station director is a big believer in the cooling trend. Sun spot activity is at an historic low of three. Normal I understand is 3000 for the same time period. Media has suppressed this information here and in Europe. Media here is either controlled by our government or they slavishly comply to this administration.
Posted by: Frank G ||
04/17/2014 13:13 Comments ||
Top||
#7
electricity demand is based not just on weather but on economic activity
interestingly, because electricity prices are so high in europe, some manufacturing is coming back to the US -- so we will likely have a relatively high demand
having said that, the electricity system is pretty compartmentalized; high temperatures in, say California, will create a supply problem even if high temperatures in, say, Colorado will not
its almost impossibly complicated to predict supply shortages this far in advance
Posted by: lord garth ||
04/17/2014 20:53 Comments ||
Top||
[Al Ahram] Ukraine's defence ministry said on Wednesday that pro-Russian forces of Evil had seized six armoured vehicles dispatched by Kiev to the eastern town of Kramatorsk to quell a separatist insurgency. The ministry said the column had been initially blocked in Kramatorsk by local residents and then "seized by bad boys". It added that the column had since been moved by the forces of Evil to the flashpoint eastern city of Slavyansk.
Posted by: Fred ||
04/17/2014 00:00 ||
Comments ||
Link ||
[11127 views]
Top|| File under:
#1
Seized seems an odd word to use for soldiers changing sides in a civil war.
[AnNahar] Ukrainian and pro-Russian forces flexed their military muscles in the restive east of the country on Wednesday, a day ahead of high-level diplomatic talks on the escalating crisis.
Ukraine's defense ministry said that pro-Russian forces of Evil had seized six armored vehicles dispatched by Kiev to the eastern town of Kramatorsk to quell a separatist insurgency.
The ministry said the column had been initially blocked in Kramatorsk by local residents and then "seized by krazed killers". It added that the column had since been moved by the forces of Evil to the flashpoint eastern city of Slavyansk.
Continued on Page 49
Rep. Blake Farenthold, R-Texas, has introduced a bill that would officially stop paying any federal employee who was currently held in contempt of Congress.
Farenthold specifically mentioned Attorney General Eric Holder after introducing the legislation in the House of Representatives, insisting that he should not receive a paycheck after failing to turn over documents related to the Fast and Furious scandal.
"The American people should not be footing the bill for federal employees who stonewall Congress or rewarding government officials' bad behavior," Farenthold said in a statement. "If the average American failed to do his or her job, he or she would hardly be rewarded. High-ranking government officials should be treated no differently than everyone else."
I dunno, Laficornia state senators can be convicted for felonies and still get a paycheck...
Farenthold's aggressive effort against Holder is not surprising. During a Congressional hearing with the Attorney General last week, Farenthold told Holder that he felt that he shouldn't even be allowed in congress.
#1
Perhaps Rep. Farenthold has a point. Obviously finding the odious, obstructionist, race baiting Holder in 'Contempt of Congress' means absolutely nothing.
#2
They should also include fines like the EPA does....you know, $100k-200k a day. That help even more than just killing their salary. When they don't pay, send 200 US Marshals to 'politely' request they pay up.
#7
The Pubs need to take a Simon Wiesenthal Center (SWC) approach, putting Holder, Cummings, and the rest of these scoundrels on notice that the investigation and prosecution of their lawlessness and criminal activity will not end when Champ leaves office. The same should go for republican crooks as well.
#8
Latest revelations (if true) should put him in prison. Let it play out before other steps are taken. I don't want to hear "he's already been punished enough" because some fool played cards to early and for show.
A multi-volume chronology and reference guide set detailing three years of the Mexican Drug War between 2010 and 2012.
Rantburg.com and borderlandbeat.com correspondent and author Chris Covert presents his first non-fiction work detailing
the drug and gang related violence in Mexico.
Chris gives us Mexican press dispatches of drug and gang war violence
over three years, presented in a multi volume set intended to chronicle the death, violence and mayhem which has
dominated Mexico for six years.
Rantburg was assembled from recycled algorithms in the United States of America. No
trees were destroyed in the production of this weblog. We did hurt some, though. Sorry.
The heartache from the Heartbleed Internet flaw is not over, and some experts say the fix may lead to online disruption and confusion.
the ephemeral Ban Ki-moon
International Criminal Court
[Al Ahram] The authorities in Saudi Arabia on Wednesday beheaded a citizen convicted of shooting dead a compatriot, the interior ministry said.
...Second and fourth President of the Russian Federation and the first to remain sober. Putin is credited with bringing political stability and re-establishing something like the rule of law, which occasionally results in somebody dropping dead from polonium poisoning. Under Putin, a new group of business magnates controlling significant swathes of Russia's economy has emerged, all of whom have close personal ties to Putin. The old bunch, without close personal ties to Putin, are in jail or in exile or dead...
Rep. Blake Farenthold, R-Texas, has introduced a bill that would officially stop paying any federal employee who was currently held in contempt of Congress.
