Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Does the Heartbleed Bug M...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

MindMover

(5,016 posts) Sun Apr 13, 2014, 08:42 PM Apr 2014

Does the Heartbleed Bug Mean You Should Stay Off the Internet?

Update: The NSA knew about the Heartbleed bug for at least two years and actively exploited it in order to gather intelligence, Bloomberg reported on Friday. This means that under the pretense of protecting Americans, the NSA intentionally didn't notify millions of Americans that they were vulnerable to identity theft. Go read that book, now.

On Tuesday, news broke that the safeguard many websites use to protect sensitive information on the internet has had a major security flaw for about two years. These sites use a security system called OpenSSL to encrypt data like content, passwords, and Social Security numbers. But thanks to a small coding error in a popular version of OpenSSL, nicknamed "Heartbleed," hackers can potentially steal sensitive data from vulnerable websites. Richard Bejtlich, chief security strategist at FireEye, a network security company, notes that there's no evidence that malicious hackers have exploited the flaw yet. But the secrecy-minded Tor Project, which enables anonymous internet browsing, nevertheless recommended on Monday that, "If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle." Here are seven reasons why you might want to stop looking at cat videos right now:

1. Lots of popular websites have the security problem.

According to the New York Times, up to two-thirds of sites on the internet rely on OpenSSL. A user on Github, an open-source coding site, compiled a list of sites that were allegedly vulnerable after a test was conducted on Tuesday. The Github list included Yahoo, Flickr, OkCupid, and Eventbrite, among dozens of other companies. (Some may have since updated their security.) Facebook and Google both released statements confirming they are not affected by the flaw. If you'd like to test a specific site to see whether it's could be exploited—although this doesn't meant that it has—go here.

http://www.motherjones.com/politics/2014/04/heartbleed-bug-internet-security-ssl

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 9 replies, 962 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
9 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Does the Heartbleed Bug Mean You Should Stay Off the Internet? (Original Post) MindMover Apr 2014 OP
No. It means you're already screwed. nt Xipe Totec Apr 2014 #1
Hardly PSPS Apr 2014 #2
Thanks for the sanity Egnever Apr 2014 #5
You misinterpret Xipe Totec Apr 2014 #9
No. I will take my chances. I know that my bank is safe. n/t RebelOne Apr 2014 #3
LOL... nt MindMover Apr 2014 #4
I hate to point this out nadinbrzezinski Apr 2014 #6
Frankly, I have nothing to hide and if they want to listen to my plans on ... MindMover Apr 2014 #7
You know, it gets to the point where nadinbrzezinski Apr 2014 #8

PSPS

(13,590 posts)
2. Hardly
Reply to Xipe Totec (Reply #1)
Sun Apr 13, 2014, 09:36 PM
Apr 2014

These articles that claim "two thirds of the Internet relies on OpenSSL" are woefully misinformed, at least as far as major websites go. OpenSSL is a staple on resold and shared servers, but no major website is run on such a system. Maybe it's more accurate to say that 2/3 of Internet websites run on servers that have the OpenSSL option, but that's not the same thing. Most of the websites run on such systems don't use SSL anyway (DU for example.)

Then there's the technical aspect of Heartbleed. The method it uses to "steal" data consists of getting data contained in up to 16K of random memory at a time. It's not defined in any way, it's just 16K or random bytes, and it's only during an SSL session which most traffic on the Internet doesn't use.

But fear sells more papers and magazines, and garners more people to watch ads on TV, I guess.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Xipe Totec

(43,889 posts)
9. You misinterpret
Reply to PSPS (Reply #2)
Mon Apr 14, 2014, 06:08 AM
Apr 2014

I said nothing about how serious the risk was. I merely stated that it was already in the past. Whatever might have happened has already happened.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

nadinbrzezinski

(154,021 posts)
6. I hate to point this out
Reply to MindMover (Original post)
Sun Apr 13, 2014, 11:05 PM
Apr 2014

but I assume they are out to get me. No, it is not paranoia. They are.

So live and be happy, because today it is this, tomorrow it will be another exploit. Welcome to the National Security State

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

MindMover

(5,016 posts)
7. Frankly, I have nothing to hide and if they want to listen to my plans on ...
Reply to nadinbrzezinski (Reply #6)
Sun Apr 13, 2014, 11:08 PM
Apr 2014

Tuesday, they will learn that I might be at this park or that park ....

but I am certainly not ordering some fertilizer off the internet delivered to a warehouse in San Diego ....

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

nadinbrzezinski

(154,021 posts)
8. You know, it gets to the point where
Reply to MindMover (Reply #7)
Sun Apr 13, 2014, 11:11 PM
Apr 2014

you need to assume that you need to live your life. I think we reached that point of absurdity a tad ago though. And I mean this by saying, FUCK HOOVER... and of course FUCK AGENT MIKE.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Does the Heartbleed Bug M...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.