Yesterday the IT world went a little bit crazy over the disclosure of the Heartbleed bug and the chance that encrypted information could potentially be intercepted by hackers.
We know that some big sites, notably Yahoo, have been exposed and Google was quick to apply the necessary patches to its servers. If you’re still worried, a number of sites have sprung up allowing you to check if a site has been patched -- thanks to Bob Grant on the comments thread to yesterday’s story for highlighting that one.
You will have heard by now that a major vulnerability in the OpenSSL library was just made public. Called Heartbleed, it affects the security of a huge number of cloud services and sites as well as various products, like operating systems and apps, which have employed it during the past two years. The impact can be devastating, as there is no way of telling if Heartbleed was exploited, or how much data may have been stolen so far.
A number of companies have already announced the patching of their OpenSSL-toting services and products. Google was among the first to do so, yesterday. Evernote, however, just revealed that its users are not affected. Microsoft has also decided to shed light on whether Heartbleed impacts its users, saying that Windows Azure, Microsoft account, and Windows are immune.
Heartbleed is a critical bug in OpenSSL that allows for the stealing of information that would normally be protected by SSL/TLS encryption. Essentially anyone on the internet can read the memory of systems protected by vulnerable versions of the popular cryptographic software library. The bug affects two-thirds of the Internet and while Google has patched its services, Android remains affected.
If you have an Android phone you can quickly check to see what version of OpenSSL it’s running, and whether the vulnerable feature, called Heartbeats, is enabled.
The Heartbleed bug is quite the devastating blow to computer security. The OpenSSL failure has the unfortunate effect of lowering computer users' confidence in SSL. However, the mistrust in SSL is misplaced, as it is only the OpenSSL implementation that is affected. No matter though, the damage is done and the flaw has been available for exploit since 2011.
When the news of the flaw was announced, many people's attention turned to Google. No, the company is not the cause of the bug, but since it controls such a huge part of the Internet, people hoped that its services were unaffected. Sorry people, Google was affected too. However, the company was also quick to patch, announcing the details of such today.
I hate waiting for my computer to boot up. My impatience stems from when I owned an XP system that took upwards of five minutes to get to a usable state no matter what I did to try and speed things along. Scarred by that experience I used to leave my system on permanently (just flipping the monitors off when I stepped away), but obviously that wastes electricity. Switching to an SSD, and configuring Windows to boot as quickly as possible, offered a decent solution.
The problem is Windows 8.1 seems to be designed to slow you down. Once your computer has booted up there is a lock screen to clear, then you have to enter your password and log to in your Microsoft account. Obviously Microsoft has done this for security purposes, and that's great. But if you don't share your computer with other people, and are confident no one will have access to your PC, you can configure the OS to bypass both delaying stages and boot straight in.
Cybercriminals are increasingly plotting for longer to pull off big heists rather than carrying out quick hits for smaller rewards.
Symantec's latest Internet Security Threat Report shows a significant shift in criminal behaviour as some of the most damaging attacks in history were carried out in the last year.
My girlfriend was on the prowl for a new vehicle not too long ago, and decided on a Subaru. Not only do the company's vehicles arguably receive some of the highest safety ratings in the States, but their policy of across-the-board all wheel drive is another nicety I love about them. Even so, she wouldn't think of ditching her safety belt, no matter how safe the cars claim to be.
Likewise, sizable portions of American society lives out in rural areas where crime and theft are almost unheard of. Yet they most likely still use locks on all of their doors, and keep them locked shut at night. Their risk of forced entry or other crimes are leagues lower than in congested urban areas (like my neck of the woods, Chicago) but they still follow plain commonsense.
It's difficult to deny Microsoft at least some of the limelight this week as the Build developer conference generated some interesting news. Bringing Windows version numbers in line with each other, Windows Phone 8.1 was finally revealed, complete with a notification center and Siri-like Cortana. The highly anticipated Windows 8.1 Update (which you may have heard something about) was official unveiled and given a launch date of April 8. Wayne, for one, liked what he saw.
Microsoft came over all open source, making the Roslyn compiler as well as WinJS freely available. Brian was pleased with the tech giant's latest moves, proclaiming Microsoft is now back. Build also gave us a sneaky glimpse of an upcoming, but as yet unnamed, version of Windows that features the return of the Start menu -- all of this chopping and changing is getting confusing. Maybe next on the list of things to do with Windows will be getting rid of those apps and features that should have been killed some time ago.
When people invest in a smoke alarm, it is done with the intention of making the home safer. Should a fire start during the night, for instance, it's good to know that there's something there to alert you. While most smoke alarms are fairly basic affairs, there are some more advanced models available, including from Nest Labs -- the company behind intelligent thermostat controls and the Nest Protect smoke alarm. But there are safety concerns about the device which could mean that the sounding of an alarm is delayed, leaving owners to burn to a crisp in their beds. Perhaps.
In a message on the Nest website, the company's CEO Tony Fadell explains that a feature of the smoke alarm is being disabled and the sale of units is to be stopped. Nest Protect -- which has the tagline "Cares for your family as much as you do" -- includes a feature called Nest Wave. The idea is that should you accidentally set off the alarm by burning the toast, you can shut it up by waving your hand in front of the device. The problem is that the feature can be, to use Fadell's words, "unintentionally activated".
Security has taken center-stage at Yahoo, as the company continues to roll out encryption for its cloud services and its site in an attempt to keep users and their personal information safe from prying eyes.
"Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward", says Yahoo chief information security officer Alex Stamos. "Our goal is to encrypt our entire platform for all users at all time, by default. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem".
It has often been said that making use of any social network is an exercise in vanity or narcissism. The likes of Facebook, Twitter, Google+ and other similar tools give anyone a platform to voice their views, concerns, complaints and anything else they feel inclined to get off their chest. But what matters about each of these social networks -- for the vane narcissist, at least -- is the number of people who are actually reading the words that are published. Unburdening online can be a wonderfully cathartic experience, but all the better if it is read by tens of thousands of people rather than just hundreds.
Each network gives you its own way to keep track of your potential audience. On Facebook, it's easy to keep track of the number of friends you have, while on Twitter it's the number of followers that's important -- as well, of course, as the coveted blue verified badge. Similarly on LinkedIn, it is easy to see how many people you’re connected to, and in the case of Google+ you can check how many people have circled you. But then there is the matter of how these figures translate into actual views.
DNS software specialist Nominum has revealed that DNS-based DDoS amplification attacks have significantly increased in the recent months, targeting vulnerable home routers worldwide.
The research reveals that more than 24 million home routers have open DNS proxies which potentially expose ISPs to DNS-based DDoS attacks.
One of the great things about social networks is that it is possible to connect with people without the need to share email addresses. This means that you can remain "friends" with someone on Facebook, but not get to the point where you're handing out your email address and worrying about checking your inbox. The same is true of LinkedIn, but the difference with this "professional network" is that you're probably connecting with a larger number of people you would rather didn’t have your personal contact details. This comforting level of security was wiped out by Sell Hack.
This free browser extension -- available for Firefox, Chrome and Safari -- could be used to expose the email address associated with any LinkedIn account, regardless of whether you are connected to the person you are, essentially, spying on. Perhaps understandably, this caused a degree of upset and resulted in LinkedIn sending a cease and desist notice to the extension's developers. Sell Hack adds a "Hack In" button to social network pages which, when clicked, reveals the email address used by the account owner to create their page.
BitTorrent Sync entered the market with a clear plan to not be anything like other services, instead choosing to do things its own way and protect the end-user. This resulted in alpha and beta testing, with a slow roll-out, but slow and steady often wins the race. The service is widely available now, being updated, and encompassing more platforms.
While Android was already a part of the ecosystem, there are certain flavors of Google's OS that don't readily comply with the traditional. One of those, in fact perhaps the primary one, is Fire OS -- the operating system produced by Amazon for its popular line of tablets.