Learning from the Heartbleed Bug – What Happened and How to Fix

Play
Geek Smack! Show

Geek Smack!

Happy Tax Day! Happy Blood Moon! Happy Google Glass Day!

Last week was a productive one as I was in Vegas for NAB. I learned a lot about broadcasting practices along with hardware and software that can improve even my systems. I got some great videos regarding items for podcasters. I even went out and bought a new item – the Tascam DR-60D – for my camera rig.

This week is all about video creation and posting. A few videos have been put up on Geekazine, including the Livestream app for Glass.

Lots of products to review in the bin. Dyson, Verizon, and more. We have a winner for the AMD R7 250 video card – Mike Rodriguez. Congrats and thanks to all who participated! Another contest is in the works.

 

Subscribe to Geekazine:

RSS Feed - Via YouTube
Twitter - Facebook

Tip Me via Paypal.me/jeffpowers
RSS Bandwidth by Cachefly Get a 14 Day Trial


Click Here to Support the Sconnie Geek Nation!

Be a Patreon: Part of the Sconnie Geek Nation!

In Wisconsin, friends are called "Sconnies". Even if you're not from Wisconsin, you can be part of the Sconnie Geek Nation through my coverage! By pledging, you join the Geek Sconnie Nation! Plus, you help me cover costs so I can continue the coverage of Gadget tech, music tech, and geek culture through the shows.

Hotline – 608-205-4378 – geekazine (at) gmail.com

Download the showDownload the audio version

Subscribe to the podcast via: iTunesStitcher – YouTube
You can catch me on Twitter @geekazineFacebook GroupAbout.Me
Other shows: Day in Tech HistoryGeekazine Special Media FeediPad365 – This Week in Google Glass

Geek Smack: Learning from the Heartbleed Bug

Last week we found out about a major problem in OpenSSL technology which hackers could find and exploit. But guess what – people knew about it way before that. So here is what transpired in the last week.

Lets start with the What: The Heartbleed bug was announced last week as a major vulnerability where passwords had to be changed on many major websites using the OpenSSL software.

What happens – in Secure Socket Layer (SSL), the computer needs to encrypt and decrypt user data. That memory area apparently was filled with unprotected information. A hacker that accessed a data server could obtain the unencrypted data within the data’s memory.

Most of the time this was a password and username data but in some cases also included credit card information.

The bug was first discovered by security firm Codenomicon – along with Google researcher Neel Mehta. The name was coined because SSL technology is called “Heartbeat”.

There are many sites that were not affected. These are sites that do not use OpenSSL. Still, a lot of major websites did use OpenSSL. This included: Facebook, Instagram, Pinterest, Tumblr, Google, Yahoo, Etsy, GoDaddy, Minecraft, Flickr, Netflix, Soundcloud, YouTube,Box, Dropbox, Github, and more.

Most have already checked their records and patched their systems. They are suggesting you change your passwords to pretty much all of these systems.

Keep in mind for someone to get your password it had to pass-through the encryption/decryption process of OpenSSL. If you haven’t logged into the system, your password would not be in there. Nonetheless, its still better to be safe than sorry.

There has been a big question of whether passwords are the best way to log in. A lot of websites have switched to two-factor authentication – although both parts would have passed through this bug.

As for the timeframe – did we know about the bug before it was announced? Before Codenomicon found it? One report said the NSA knew about the bug, another said no. Some have speculated this bug has been going on for years.

So it could mean your information is still on a list and hasn’t been touched yet. However, now that people know they need to change passwords, your information may be surfacing to the top of the list.

This is why it is important to change your passwords. NOW. Remember – Two words together, capitol and lowercase letters with a number either at the end or within the password and a special character within


Geek Smack! episode 296 Tech News:

  • Galaxy S5 Hacked – Fingerprint scanner was hacked, your Paypal account may be at risk
  • 10 GBps Wifi – Quantenna is readying a chip that will pass 10 Gbps throughout your home
  • Netflix on Comcast – Since the agreement, Netflix streaming boosts by 65% on Comcast networks
  • Toshiba 4K Laptop – For those in video production or those theater nuts, 4K laptop from Toshiba are available for 2014 school year
  • Office365 Personal – This plan makes a lot more sense to people like me but still there should be a freemium model
  • Akamai Sends Bad Patch – Akamai announced their Heartbleed patch was not working right
  • Airbnb for Retail – You could get a retail pop-up shop for special traffic. This is a better idea than AirBnB itself

Geek Smack! Geek News


Geek Smack! is a weekly video show and podcast that comes out every Tuesday evening. Your host: Jeffrey Powers – talks tech news, IT news and geek news for the week. Geek Smack! is ©2014 under a Creative Commons no-deriv license. The cold never bothered me anyway. If you would like more information about what is technology, recent news, Geekazine, and Jeffrey Powers, feel free to contact him. Jeffrey Powers does interviews, just ask!

(Visited 67 times, 1 visits today)

Geekazine.com