• Some calm, yet firm, advice for those wondering about Heartbleed

    by  • April 10, 2014 • 0 Comments

    heartbleedI’ve been putting off this post for a few days to allow for the immediate freak-out to die down and to let some actually good advice to surface. I’m now read to provide the following advice and resources:

    What happened?

    Basically, for the past two years there’s been a flaw in the security software behind somewhere near 60% of all “secure” Web sites on the Internet. That whole “make sure the site you’re logging into says ‘https://’” advice, well, that was the part that was broken. No one stole your password per se, but this hole could allow someone to get it and the site they got it from would have absolutely no idea that it happened.

    For a slightly more technical explanation watch this short video from the Security Now podcast.

    Is it serious?

    Bruce Schneier, the security guy security guys listen to says “‘Catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.” ‘Nuff said.

    Do I need to change my passwords?

    Yes. Especially if, and I’m sorry if this language offends you, your passwords are crap. And chances are, your passwords are crap. Test your passwords using https://howsecureismypassword.net/. If your password strength isn’t measured in millenia, your password is crap.

    Oh, and if you use the same password for more than one site. You password is crap.

    This is not news folks. You’ve heard this before and ignorance is no longer bliss when it comes to this stuff.

    Do I need to change them right now?

    This is the biggest problem caused by this whole mess: it depends.

    Services that ran certain types of servers, or non-problematic versions of the SSL software, were not effected by this problem and therefore don’t have this as a reason to need you to change your password. (Unless you should anyway since your passwords are crap. See above.)

    Services that were effected need to fix the problem on their end before changing your password will do any good. Sure, you could go change your password right now, but if they fix the problem tomorrow, you’ll just need to change your password again.

    (See Naked Security’s “Heartbleed heartache” – should you REALLY change all your passwords right away? if you’d like further details.)

    So, how do you tell?

    Well, yesterday I got an e-mail from IFTTT.com telling me that they’d fixed the problem and that I should change my password. Full marks to IFTTT but don’t expect that from everyone.

    LastPass Heartbleed TestMashable has a great page titled The Passwords You Need to Change Right Now where you can look up major services to see if it’s time to change your password. Go there as soon as you’re done reading this unless you’re a LastPass user.

    If you use LastPass they have a service that will go through your accounts and let you know which services have the problem, whether they’ve fixed their server or not, and if it’s time to change your password. You can find instructions on how to do this on their page titled “LastPass Now Checks If Your Sites Are Affected by Heartbleed.”

    What should I do from this point forward?

    Improve your passwords! Seriously folks, we’re not kidding any more. Install LastPass and create a 100% unique and random password for every site you use. Also, if a service uses two-factor authentication and you can do it (i.e. you can receive text messages on any sort of cell phone) turn it on.

    If you run a server, or know someone who does, read/send this EFF blog post on Why the Web Needs Perfect Forward Secrecy More Than Ever and do it.

    Yes, this is a pain. Yes, things like complex passwords and two-factor authentication, adds some time it’ll take to log into a Web site. But so does locking your door when you leave the house in the morning. That doesn’t mean you’ve wasted the extra five seconds it took just to be a little more secure.

     

    Is an iPad an “e-book viewer?” Jury to decide in Jeppesen app case Read more: Is an iPad an “e-book viewer?” Jury to decide in Jeppesen app case

    by  • April 8, 2014 • 0 Comments

    JeppesenNow this is very interesting…

    Does Apple’s iPad fall under the “e-book viewer” category?

    A jury in Denver will be asked to make that determination to settle a high-stakes contract dispute between a small appmaker and Jeppesen Sanderson, the aviation-navigation giant headquartered in Englewood.

    At the heart of the case is the Jeppesen FliteDeck app that thousands of pilots — including those with major carriers such as United and Frontier Airlines — now use on an iPad in the cockpit instead of heavy binders filled with paper flight manuals.

    SolidFX claims its 2009 contract to develop apps for accessing Jeppesen’s terminal charts on e-book viewers encompasses the iPad, originally released in 2010. In fact, SolidFX says it chose the term e-book viewer rather than the more widely used “e-book reader” to cover “future devices that allowed for viewing of e-books that were suitable for the airplane cockpit.”

    According to court documents, Jeppesen argues that “the iPad is not an ‘e-book viewer’ simply because a user can read an e-book on it any more than an iPad is a digital camera just because it can be used to take digital photos.”

    Read the full article @ The Denver Post.

    Tuesday Tech Tip: Replace your DRM’ed iTunes tracks with open versions

    by  • April 8, 2014 • 0 Comments

    iTunes Cloud Download iconIn 2009, Apple finally decided to drop DRM from the iTunes music library. That didn’t help much with songs purchased before that decision, however. Fortunately, if you still have these crippled tracks sitting in your library, there’s an easy way to kill the DRM with a few steps.

    It used to be that most digital music was riddled with DRM. Terrified music labels essentially decided we were all thieves and couldn’t be trusted. Because of that paranoia, when the iTunes store launched, all the songs were wrapped in DRM. Basically, if you bought music between 2003 and 2009, these songs are still crippled. Here’s how to set them free.

    Basically:

    1. Find them
    2. Delete them
    3. Re-download them

    Read the full instructions @ Wired.com.

    Harvard discovers three of its library books are bound in human flesh (not)

    by  • April 4, 2014 • 0 Comments

    Harvard Human Skin Book

    UPDATE 5 April 2014:

    Baaaaaad news for fans of anthropodermic bibliopegy: Recent analyses of a book owned by the HLS Library, long believed but never proven to have been bound in human skin, have conclusively established that the book was bound in sheepskin.

    Source: Harvard Law School blog

    Original post:

    There’s something undeniably creepy about big, expansive libraries. The hushed whispers, the almost artificial quiet, and the smell of dusty tomes combine to create a surreal experience. But when it comes to creepy libraries, Harvard University might take the cake… you see, at least two of its books are bound in human skin.

    A few years ago, three separate books were discovered in Harvard University’s library that had particularly strange-looking leather covers. Upon further inspection, it was discovered that the smooth binding was actually human flesh… in one case, skin allegedly harvested from a man who was flayed alive. Yep, definitely the creepiest library ever.

    Read the full article @ Roadtrippers.com.

    Squirrel!

    by  • April 3, 2014 • 0 Comments

    Flickr logoThis morning when I parked my car this guy was just sitting there eating his nut without a care in the world. Yes, I’ve got a great zoom on my camera, but I got within 5 feet of this guy without him even twitching at my presence. It wasn’t until a car drove by that he hopped up into the tree.