I chatted with CBC News Network's Heather Hiscox via Skype and NewsTalk 1010's John Moore to explain what it means. And what it means is this: IF (a deliberately big IF) a hacker or curious tech-savvy child manages to exploit vulnerability, he/she/it could subsequently log in as you and have all sorts of fun on your behalf. So before you do anything, change your passwords.
Now, Chicken Little isn't running screaming through the town square, and there is no reason for mass panic. It's a vulnerability, a latent weakness that some computer scientists happened to stumble upon. The affected web site owners are already aware of the issue, a fix has been made available, and everyone is busy patching things up so that this security hole will no longer remain open. There is no evidence that squillions of people were actually victimized. This is all potential.
But it's always a given that something this high-profile, this widespread and this potentially insidious will get some big headlines. And that's what we're seeing now. So for now, change your passwords, watch for updates from the major websites that you deal with - for email, banking, healthcare, government, etc. - that confirms they've fixed things on their end, and go on with your lives. The world will indeed continue to spin about its axis.
Your turn: Freaked? Not? Are we getting tired of the never-ending stream of online risks and security breaches?
It was a busy day in techland thanks to this story. I wrote this article for Yahoo Canada:
- CBC News Network - spoke with Heather Hiscox - spoke twice in the a.m., first about Heartbleed, then again when the CRA story broke. Story here.
- CTV News Channel - live with Jacqueline Milczarek via FaceTime on Wednesday, and live from CTV London with Jennifer Burke (password apps) on Thursday
- CP24 - live with Nathan Downer
- CTV National News - report by Omar Sachedina (video here and here)
- Global National - report by Mike Drolet (video here)
- The Toronto Star - article by Madhavi Acharya-Tom Yew, Reports that NSA knew about Heartbleed Bug unleash fresh worries
- Sun News Network - spoke live with Pat Bolland, and again live about 20 minutes later with Adrienne Batra, both via Skype.
- NewsTalk 1010 Toronto - Spoke with John Moore twice in the morning (story/audio here), then Jerry Agar before lunch, then Ryan Doyle for the drive home, then John Downs before tuck-in. Thursday morning, John Moore and I chatted again about password apps (see TheLoop article below), and on Saturday I yakked with Ted Woloshyn.
- CJAD Montreal - Tommy Schnurmacher on Wednesday morning, and Andrew Carter on Thursday morning.
- CKTB Niagara - Larry Fedoruk. Story here.
- 1290 CJBK London - Al Coombs - updated London listeners every day this week, in addition to my weekly Tuesday tech segment with Mike Stubbs.
- AM980 London - Craig Needles. Story here.
- 570News Kitchener - Gary Doyle (Story here: Leading tech expert advises to take internet security precautions)
- CHED Edmonton - Tencer and Grose
- CJME Regina - Kevin Martel
- St. John's - Ted Blades (On The Go)
- Yellowknife - Allison Devereaux (Trails End)
- Victoria - Jo-Ann Roberts (All Points West)
- Edmonton - Portia Clark (Radio Active)
- Saskatchewan - Craig Lederhouse (Afternoon Edition)
- Toronto - Gill Deacon (Here and Now)
- Halifax - Stephanie Domet (Mainstreet)
- Calgary - Doug Dirks (Homestretch)
- New Brunswick - Paul Castle (Shift)
- Kelowna - Rebecca Zandbergen (Radio West)
- Montreal - Shawn Apel (Home Run)
- Sudbury - Jason Turnbull (Points North)
- Ottawa - Alan Neal (All in a Day)
- Winnipeg - Ismaila Alfa (Up to Speed)
- Whitehorse - Tara McCarthy (Airplay)
- Windsor - Bob Steele (The Bridge)
- New information shows that some equipment from Cisco and Juniper - the leading providers of Internet infrastructure - is also potentially compromised. This takes an already-huge-scope story and makes it even bigger.
- A German developer, Robin Seggelmann, has come forward and said that he accidentally released the flawed code approximately two years ago. He said he was only trying to update the OpenSSL code, but inadvertently introduced the fatal flaw, which a fellow developer subsequently failed to catch.
- Heartbleed.com - a great, detailed summary of the problem, and what's being done to resolve it.
- Here's What You Need to Know About the 'Heartbleed' Bug (Yahoo Technology)
- Heartbleed bug may expose your private data (CBC.ca)
- New 'Heartbleed' bug poses major threat to user data (Reuters)
- Interview with NewsTalk1010 Toronto's John Moore (and story page)