Learning from the Heartbleed Bug – What Happened and How to Fix
Happy Tax Day! Happy Blood Moon! Happy Google Glass Day!
Last week was a productive one as I was in Vegas for NAB. I learned a lot about broadcasting practices along with hardware and software that can improve even my systems. I got some great videos regarding items for podcasters. I even went out and bought a new item – the Tascam DR-60D – for my camera rig.
This week is all about video creation and posting. A few videos have been put up on Geekazine, including the Livestream app for Glass.
Lots of products to review in the bin. Dyson, Verizon, and more. We have a winner for the AMD R7 250 video card – Mike Rodriguez. Congrats and thanks to all who participated! Another contest is in the works.
Hotline – 608-205-4378 – geekazine (at) gmail.com
Subscribe to the podcast via: iTunes – Stitcher – YouTube
You can catch me on Twitter @geekazine – Facebook Group – About.Me
Other shows: Day in Tech History – Geekazine Special Media Feed – iPad365 – This Week in Google Glass
Geek Smack: Learning from the Heartbleed Bug
Last week we found out about a major problem in OpenSSL technology which hackers could find and exploit. But guess what – people knew about it way before that. So here is what transpired in the last week.
Lets start with the What: The Heartbleed bug was announced last week as a major vulnerability where passwords had to be changed on many major websites using the OpenSSL software.
What happens – in Secure Socket Layer (SSL), the computer needs to encrypt and decrypt user data. That memory area apparently was filled with unprotected information. A hacker that accessed a data server could obtain the unencrypted data within the data’s memory.
Most of the time this was a password and username data but in some cases also included credit card information.
The bug was first discovered by security firm Codenomicon – along with Google researcher Neel Mehta. The name was coined because SSL technology is called “Heartbeat”.
There are many sites that were not affected. These are sites that do not use OpenSSL. Still, a lot of major websites did use OpenSSL. This included: Facebook, Instagram, Pinterest, Tumblr, Google, Yahoo, Etsy, GoDaddy, Minecraft, Flickr, Netflix, Soundcloud, YouTube,Box, Dropbox, Github, and more.
Most have already checked their records and patched their systems. They are suggesting you change your passwords to pretty much all of these systems.
Keep in mind for someone to get your password it had to pass-through the encryption/decryption process of OpenSSL. If you haven’t logged into the system, your password would not be in there. Nonetheless, its still better to be safe than sorry.
There has been a big question of whether passwords are the best way to log in. A lot of websites have switched to two-factor authentication – although both parts would have passed through this bug.
As for the timeframe – did we know about the bug before it was announced? Before Codenomicon found it? One report said the NSA knew about the bug, another said no. Some have speculated this bug has been going on for years.
So it could mean your information is still on a list and hasn’t been touched yet. However, now that people know they need to change passwords, your information may be surfacing to the top of the list.
This is why it is important to change your passwords. NOW. Remember – Two words together, capitol and lowercase letters with a number either at the end or within the password and a special character within
Geek Smack! episode 296 Tech News:
- Galaxy S5 Hacked – Fingerprint scanner was hacked, your Paypal account may be at risk
- 10 GBps Wifi – Quantenna is readying a chip that will pass 10 Gbps throughout your home
- Netflix on Comcast – Since the agreement, Netflix streaming boosts by 65% on Comcast networks
- Toshiba 4K Laptop – For those in video production or those theater nuts, 4K laptop from Toshiba are available for 2014 school year
- Office365 Personal – This plan makes a lot more sense to people like me but still there should be a freemium model
- Akamai Sends Bad Patch – Akamai announced their Heartbleed patch was not working right
- Airbnb for Retail – You could get a retail pop-up shop for special traffic. This is a better idea than AirBnB itself
Geek Smack! Geek News
- XBox One Update – April update will add game update savings bar, GameDVR algorithm tweaked
- Gmail Update – You can now add photos easier to your Gmail account from Google+ or your phone
- Mozilla new CEO – After controversy of pushing out the old CEO, Chris Beard is named new CEO. Wait. Beard?
- Google Buys Titan Aerospace – Google gets into the drone game, too.
- Pay with Your Hand – Palm print technology might be a better way to make a payment
- Glass Kit Kat Update – New XE16 update will add a lot, but lose video calls?
- Google Reads Your Email – Go ahead. Not much there.
Geek Smack! is a weekly video show and podcast that comes out every Tuesday evening. Your host: Jeffrey Powers – talks tech news, IT news and geek news for the week. Geek Smack! is ©2014 under a Creative Commons no-deriv license. The cold never bothered me anyway. If you would like more information about what is technology, recent news, Geekazine, and Jeffrey Powers, feel free to contact him. Jeffrey Powers does interviews, just ask!