Wednesday, April 09, 2014

My heart bleeds for you

I woke up early this morning to the sound of a ringing cell phone - one of the risks of being a media nerd, I guess. The big news of the day is a scary one: researchers have discovered a security vulnerability that could affect upwards of two-thirds of all web sites currently online. It's called the Heartbleed Vulnerability, and it means these sites may have made it relatively easy for complete strangers - hackers and curious, tech-savvy children alike - to "scrape" websites and obtain personal information, up to and including usernames and passwords.

I chatted with CBC News Network's Heather Hiscox via Skype and NewsTalk 1010's John Moore to explain what it means. And what it means is this: IF (a deliberately big IF) a hacker or curious tech-savvy child manages to exploit vulnerability, he/she/it could subsequently log in as you and have all sorts of fun on your behalf. So before you do anything, change your passwords.

Now, Chicken Little isn't running screaming through the town square, and there is no reason for mass panic. It's a vulnerability, a latent weakness that some computer scientists happened to stumble upon. The affected web site owners are already aware of the issue, a fix has been made available, and everyone is busy patching things up so that this security hole will no longer remain open. There is no evidence that squillions of people were actually victimized. This is all potential.

But it's always a given that something this high-profile, this widespread and this potentially insidious will get some big headlines. And that's what we're seeing now. So for now, change your passwords, watch for updates from the major websites that you deal with - for email, banking, healthcare, government, etc. - that confirms they've fixed things on their end, and go on with your lives. The world will indeed continue to spin about its axis.

Your turn: Freaked? Not? Are we getting tired of the never-ending stream of online risks and security breaches?

Media:

It was a busy day in techland thanks to this story. I wrote this article for Yahoo Canada:
Heartbleed fallout could drive fundamental change
And this one for Bell Media's TheLoop.ca:
Heartbleed - the 2 things you must do now to protect yourself
I did a bunch of interviews to support this story. In no particular order, here they are:
  • CBC News Network - spoke  with Heather Hiscox - spoke twice in the a.m., first about Heartbleed, then again when the CRA story broke. Story here.
  • CTV News Channel - live with Jacqueline Milczarek via FaceTime on Wednesday, and live from CTV London with Jennifer Burke (password apps) on Thursday
  • CP24 - live with Nathan Downer
  • CTV National News - report by Omar Sachedina (video here and here)
  • Global National - report by Mike Drolet (video here)
  • The Toronto Star - article by  Madhavi Acharya-Tom Yew, Reports that NSA knew about Heartbleed Bug unleash fresh worries
  • Sun News Network - spoke live with Pat Bolland, and again live about 20 minutes later with Adrienne Batra, both via Skype. 
  • NewsTalk 1010 Toronto - Spoke with John Moore twice in the morning (story/audio here), then Jerry Agar before lunch, then Ryan Doyle for the drive home, then John Downs before tuck-in. Thursday morning, John Moore and I chatted again about password apps (see TheLoop article below), and on Saturday I yakked with Ted Woloshyn.
  • CJAD Montreal - Tommy Schnurmacher on Wednesday morning, and Andrew Carter on Thursday morning.
  • CKTB Niagara - Larry Fedoruk. Story here.
  • 1290 CJBK London - Al Coombs - updated London listeners every day this week, in addition to my weekly Tuesday tech segment with Mike Stubbs.
  • AM980 London - Craig Needles. Story here.
  • 570News Kitchener - Gary Doyle (Story here: Leading tech expert advises to take internet security precautions)
  • CHED Edmonton - Tencer and Grose
  • CJME Regina - Kevin Martel
I also did a series of interviews with the CBC Radio Syndication unit, including
  • St. John's - Ted Blades (On The Go)
  • Yellowknife - Allison Devereaux (Trails End)
  • Victoria - Jo-Ann Roberts (All Points West)
  • Edmonton - Portia Clark (Radio Active)
  • Saskatchewan - Craig Lederhouse  (Afternoon Edition)
  • Toronto - Gill Deacon (Here and Now)
  • Halifax - Stephanie Domet (Mainstreet)
  • Calgary - Doug Dirks (Homestretch)
  • New Brunswick - Paul Castle (Shift)
  • Kelowna - Rebecca Zandbergen (Radio West)
  • Montreal - Shawn Apel (Home Run)
  • Sudbury - Jason Turnbull (Points North)
  • Ottawa - Alan Neal (All in a Day)
  • Winnipeg - Ismaila Alfa (Up to Speed)
  • Whitehorse - Tara McCarthy (Airplay)
  • Windsor - Bob Steele (The Bridge)
Update - Friday:
  • New information shows that some equipment from Cisco and Juniper - the leading providers of Internet infrastructure - is also potentially compromised. This takes an already-huge-scope story and makes it even bigger.
  • A German developer, Robin Seggelmann, has come forward and said that he accidentally released the flawed code approximately two years ago. He said he was only trying to update the OpenSSL code, but inadvertently introduced the fatal flaw, which a fellow developer subsequently failed to catch.
Related links:

4 comments:

ifthethunderdontgetya™³²®© said...

I want to check to see if the apartment manager got my rent check, since I'm out of town and it wasn't cashed as of Monday. But I don't want to log onto online banking for a couple days (or so I have read).

I guess I'll have to call him...egads!
~

Karen S. said...

Thanks for the FYI. You are my go to source for this stuff! Seriously.

Mike Wood said...

A calm techie ship in a password storm. Thanks for the info, Carmi

Cloudia said...

We were forced to go digital.

Now we are paying prices that were not part of the sales routine the whole world endured over the past 20 years.

IT has changed our world, our lives for the better. . . AND for the worse.

ALOHA from Honolulu
ComfortSpiral

=^..^= <3