On my way to work I've heard a few "experts" on the radio "explain" what the heartbleed exploit was. Sadly, they had no idea what they were talking about or how to explain it so that average Joe could understand. Here it is in a nutshell: a bug was discovered in OpenSSL, the library that handles encryption for secure connections. Encryption garbles up the information so that only the sender and the receiver can read it. The bug lets third-parties read portions of that garbled text. This is bad because "it undermines the very core of the systems we've used to provide privacy and security on the Internet for the last twenty years." Bruce Scheiner thinks this may have been an accident, so maybe not an NSA attack. And for the nerds, you can do a Heartbleed test here.
The Heartbleed Bug is a bug in this very popular software. Boiled down to its essence, what it means is that, under certain circumstances, its possible for an attacker to reach across the Internet into a machine running OpenSSL and grab copies of all sorts of sensitive information up to and including copies of that machines encryption keys. And thats a Big Deal, because what makes your encrypted communication with someone else secure is the fact that only the two of you have the key. The key is what lets you take the encrypted gibberish and translate it back into the original, readable message. So if someone else can get their hands on a servers keys, all secure communications between that site and anyone else are suddenly readable by that person.
So thats half of why Heartbleed is so bad. Heres the other half: it turns out that this bug has been sitting in the OpenSSL software since December of 2011. So ever since then, for more than two years, all those systems using OpenSSL for their security e-commerce sites, banks, government sites, mobile apps, devices, etc. were silently wide open to anyone who knew about the bug.
|Petition spurs CRTC debate|
|10 Webcam Feeds From Around the World|
|The #UBB Is Not Dead Yet, Just Delayed; #CRTC To "Revise" Bill|
|"Whatever happened to the IPv4 address crisis?"|
|“Facebook should be regulated like a cigarette company.”|
|“What can we do to make responsible use of plastic a reality? First: reject the lie.”|
|How to Avoid Jury Duty|
|On Instagram, Everyone Takes the Exact Same Photos|
|“This incredible inconsistency can make English really hard to master for non-native speakers.”|
|Japanese Robot Serves Ice Cream From Inside a Vending Machine|
|“Sending you changes in your media feed that are calculated to adjust you slightly to the liking of some unseen advertiser.”|
|“Lifting the electric motors out of Teslas and putting them in the chassis of other, formerly gas guzzling cars.”|
|Review of BenQ's treVolo S Portable Electrostatic Bluetooth Speaker|
|“Rejuvenation is Finally an Industry.”|
|“The cost could be so near to zero it will effectively be free.”|
|Go the Fuck to Sleep: A Children's Bedtime Book|
|“He portrays these abandoned malls as apocalyptic ruins.”|