Heartbleed

No doubt you have heard about the Heartbleed security vulnerability, discovered earlier this week by engineers from Google and another security firm, and how it potentially could permit eavesdropping on Internet transmissions thought to be securely encrypted on some two-third’s of the Web’s servers.

Here is a pretty good lay explanation of how Heartbleed works:

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics from Elastica Inc on Vimeo.

UPDATE:  And maybe an even better illustration here!

As this is a matter basically to be resolved by the sites and service providers themselves — the IT people at my workplace are scrambling to get any appropriate fixes in place, as is surely the rest of the tech world — end users can’t do much about the potential threat until the sites they use have been patched, otherwise the new passwords and critical private data will just continue to be exposed.  (You can do some degree of testing yourself using the form at http://filippo.io/Heartbleed/, for example.) 

NOTE: None  (of the good guys) knows whether this vulnerability has
actually been exploited.  But the enormous potential for havoc indicates
that we should better be safe than sorry.

So my personal approach is to avoid using any sites or service providers (just for those that I have previously set up accounts or provided personal data, and log into with an “https://” protocol, of course) that I am uncertain about, then when I am assured that they have implemented the fixes, change my passwords.  And if I MUST use those sites in the meantime, I am prepared to change my passwords at least daily to hopefully minimize my exposure.

For a more complete and technical rundown, visit http://heartbleed.com.

Hangout with Ivi!

This morning Ivi  cranked up a Google Hangout session (similar to Skype, in case you were wondering) from the CIEE office at the U. of Ghana.  She was using her new Chromebook, delivered by emergency “courier” (thanks to the wonderful generosity and helpfulness of the Africa-visiting Hughes family from New York!), to replace her purloined MacBook.  She reports that the new device boots super-fast and even though cloud-centric, should meet all of her needs, particularly with the offline versions of the requisite Google apps.  Alas, I was saddled with a non-mic, non-audio and non-camera’d desktop machine in my office so my participation was mostly limited to silent one-way video, but I did get in a little texting now and then between work spurts.   Can’t tell you how great it was to see her smiling face even if I didn’t catch her voice.  But I’m sure Kim will tell me all about it over lunch.

Over the Mountain and Back

Rain, constant rain, today.  We attempt to depart at noon to pickup Nik’s incoming flight, but a mechanical failure prompts the use of a backup vehicle if we are to come even close to our schedule.  Rain turns to snow as we near the summit.  By the time we arrive and find Nik waiting during the half-hour delay, all is clear and bright.  Again we slog through rain and snow and fog during the return, but this time we have Nik to regale us with stories of his past few days with his friends.  And at the close of the afternoon, safely back home:  a rainbow.

Nik Breaks for Spring

We run over the mountain today to drop Nik for a commuter flight to Portland where he will share his college spring break with friends, some coming from as far as Kentucky.  We wonder if Nik’s 6′ 3.5″ frame can be accommodated by the cozy aircraft, but not that long after we arrive back home, we start receiving texts announcing his successful touchdown and hookup with his friends.