I have a confession to make...
When I started in tech all those years ago, I believed that increased productivity would lead to more free time for workers. I was young and naive. In hindsight I realize how wrong I was. I am directly responsible for many people losing their jobs in a number of industries by creating "efficiencies". The people who still have work have to work longer and harder to protect themselves because of the throngs of unemployed people who will gladly work long hours, which of course makes matters worse. The ability to work from home and email have shackled people to their jobs 24/7. In this way, I honestly believe that world is a worse place because of me.
I Am Sorry.
Another Day... more Heartbleed News... I think I'm worse the CNN with an airplane
Does your browser respect certificate revocations?
With keys leaking due to heartbleed, it's important that your browser properly handles revocations. The above link is an SSL page with a revoked cert, if your browser doesn't throw an error or warning and just loads the page you might have problems. A clever hacker might be able to impersonate a site (yes, they would need to poison DNS, but there are vulnerabilities there).
For Me, Safari throws a warning, FF blocks it, Chrome just lets things happen.
On This Day
In 1967 - The Surveyor 3 spacecraft was successfully launched from Cape Kennedy, Florida on its mission to the Moon. It was the first to carry a surface soil sampling scoop.
Holy Thursday (also known as Maundy Thursday, Covenant Thursday, Great and Holy Thursday, Sheer Thursday and Thursday of Mysteries) is the Christian feast, or holy day, falling on the Thursday before Easter. It commemorates the Maundy and Last Supper of Jesus Christ with the Apostles as described in the Canonical gospels. It is the fifth day of Holy Week, and is preceded by Holy Wednesday and followed by Good Friday.
If you don't know, Aereo is a web service that allows you to watch television remotely. They have hundreds of mini antennae on the roof of a building that they a subscriber can control and watch over the internet. They only allow people local to the antenna to have access to it (so I can get access to NY programming but not programming from Boston). This is great for people who live in a city like NY. If you don't have line of sight to the Empire State Building you can't always get a signal. Digital TV has made this worse since it's all or nothing. If you live in an apartment and can't mount an antenna on the roof your only choice is to pay for cable. Aereo presents another choice, you rent access to an antenna in their farm, and watch it over the internet. You only get the programming that is being transmitted over the air so you're not "stealing" anything. The broadcasters don't like it and are suing Aereo, the case is going to the Supreme Court next week.
After the past week, I'm reminded why I moved from infosec back into development. That move, and taking up Yoga are the 2 best things I''ve done for my heart.
This is why filtering on the internet is hard:
The EW comments sections turned Dick Van Dyke into **** Van ****. That's sad y'all.
— Anika (@manicpixiedane) April 17, 2014
I'm reminded of a usenet newsgroup that used to be blocked a lot. It was a fan group around Captain Picard from Start Trek: TNG... the group was named alt.bald.sexy.captain
- Today's Background Image : The Last Supper - by Giampietrino
Yes, I took a day or 2 off from Heartbleed, but it appears that it's time to get back to it.
It's great when someone smarter then you is saying the same things as you are. Again, passwords aren't the real problem, the website's keys are.
A comment on the above link:
I have to tell you a quick story, Christina. Last week, I spent a night patching a number of clients' systems. One of them called me then next day accusing me of taking advantage of the exploit to make some money since the news said that, "If you don't change your passwords your SSNs might be stolen". So, he felt, "all we need to do is change passwords and since the system doesn't store SSNs there's no need for action". I sent him a number of articles setting him straight, but it left me to wonder if there are firms out there that haven't fixed things because a non-technical manager / CEO depriortized it based on a 3 minute report on the radio.
IMHO, Users should be advised to check with their providers. If a site hasn't posted someplace what their heartbleed status is; users should email / tweet/ call them. Users should be advised not to use systems where the heartbleed status isn't clear. I agree that users can't fix this, but I feel they need to pressure website owners to get this fixed.
80,000 certificates have been revoked.. this means that there are around 420,000 affected certs out there.
It's simple, the problem isn't passwords, the media is wrong. The problem is the fact that the keys to the encryption have been leaked. Unless your provider changes them, there's nothing you should be doing.
I'm at the point that I have to say it's up to every one of you to pressure your provider. If a site you have an account on hasn't let you know if they were effected or not you need to contact them and ask. It's really simple and 2 part question:
1) Was your site affected by the Heartbleed Bug?
2) If so, have you upgraded openSSL and revoked the certificated (and if not, when?)
I spent some time bugging my bank last week. Their initial answer which was from a script was something along the lines of, "We here at [Goliath National Bank] take your security seriously and look into all problems". When I pressured them further I got a, "if you feel uncomfortable change your password". I explained that I was a technology consultant and why that was useless (that might have been using False Authority Syndrome to my advantage). They said they'd look into it. After bugging them a few times they eventually updated their script and posted something in their news section over this past weekend. At the end of the they they were not affected.
And we have #2...(after the Canadian Tax Authority
On This Day
In 1976 - The Helios-B deep-space probe made what was then the closest controlled approach to the Sun at 43 million km or within 0.3 AU.
It seems it always happens. Whenever we get too high-hat and too sophisticated for flag-waving, some thug nation decides we're a push-over all ready to be blackjacked. And it isn't long before we're looking up, mighty anxiously, to be sure the flag's still waving over us. - Yankee Doodle Dandy
Skipping over the hate issues for a moment. Freedom of speech protects a person from government censorship. Freedom of speech does not mean that a Private Institution is required to give you a platform. That's why I'll take down comments on my blog that I find offensive. The government can't force me to take down a post but Facebook / Twitter/ my ISP can. I have to right to get on a soapbox in a public park and discuss my views, I don't have a right to do it inside a mall. Assuming that St Anthony's High School is not a public school (very good bet) they have every right to confiscate the flag, and suspend or expel the students.
Unfortunately, PA is an all party consent state, so this is technically wiretapping but...
Schools are not courts so the rules of evidence don't apply. Just because it was obtained illegally, doesn't mean a principal can't act on it. I didn't realize that bulling had to be repetitive, anyway the mother supposedly reported the bullying in the past.
What principal in the world listens to a student being bullied orders the student to erase the recording and calls the police to have the victim arrested for wiretapping?
What fracking planet do I live on... and how do I leave?
- Today's Background Image : - In The Blue by A Bloke Called Jerm
Happy Tax Day!
On this day
In 1977 - The first West Coast Computer Faire took place in Palo Alto, California. The star of the show would turn out to be the Apple II. The computer featured a built-in keyboard, 16 kilobytes of memory, BASIC, and eight expansion slots all for $1,300.
In 1996 - Donna DaGrossa's water broke, clearing the way for her mini Damien's entrance.
- Today's Background Image : Clouds and Crosses over Haleakala - Astronomy Photo of the Day
- 1 of 8