You must Publish this diary to make this visible to the public,
or click 'Edit Diary' to make further changes first.
Posting a Diary Entry
Daily Kos welcomes blog articles from readers, known as diaries. The Intro section to a diary should be about three paragraphs long, and is required. The body section is optional, as
is the poll, which can have 1 to 15 choices. Descriptive tags are also required to help others find your diary by subject; please don't use "cute" tags.
When you're ready, scroll down below the tags and click Save & Preview. You can edit your diary after it's published by clicking Edit Diary. Polls cannot be edited once they are published.
If this is your first time creating a Diary since the Ajax upgrade, before you enter any text below, please press Ctrl-F5 and then hold down the Shift Key and press your browser's Reload button to refresh its cache with the new script files.
ATTENTION: READ THE RULES.
One diary daily maximum.
Substantive diaries only. If you don't have at least three solid, original paragraphs, you should probably post a comment in an Open Thread.
No repetitive diaries. Take a moment to ensure your topic hasn't been blogged (you can search for Stories and Diaries
that already cover this topic), though fresh original analysis is always welcome.
Use the "Body" textbox if your diary entry is longer than three paragraphs.
Any images in your posts must be hosted by an approved image hosting service (one of: imageshack.us, photobucket.com, flickr.com, smugmug.com, allyoucanupload.com, picturetrail.com, mac.com, webshots.com, editgrid.com).
Copying and pasting entire copyrighted works is prohibited. If you do quote something, keep it brief, always provide a link to the original source, and use the <blockquote> tags to clearly identify the quoted material. Violating this rule is grounds for immediate banning.
Be civil. Do not "call out" other users by name in diary titles. Do not use profanity in diary titles. Don't write diaries whose main purpose is to deliberately inflame.
I have been following this website for some time and these folks have not been given to exaggeration. They say:
Lest readers think "catastrophic" is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet's Web servers, consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services. The two-year-old bug is the result of a mundane coding error in OpenSSL
The publicity insures that the world's internet criminals are now all duly notified and busy taking advantage:
In the hours immediately following the public disclosure of the so-called Heartbleed vulnerability, several readers reported their Ars accounts were hijacked by people who exploited the bug and obtained other readers' account passwords.
This problem affects any unpatched (i.e. most) websites using the https security protocol. After you log in your login credentials are subject to theft if they happen to end up in an unlucky part of the web server's memory. Not clear if this affects secured non-browser specialty interfaces. What to do about it? For now, avoid logging in to any website that could cause you financial harm were your credentials to fall into the wrong hands. If you use the same login credentials elsewhere avoid those logins too. Be aware that your browser may log you in automatically when you visit a site. When will it be safe? I expect this matter will hit the front pages soon enough and the pressure will be on to get this fixed. Until then, wait.
For the long term, one easy measure everyone should take is to use a password manager. What the password manager does is to generate a unique, random, long password for each internet site you use. So if any one password is compromised the rest are safe. The passwords are stored in encrypted form on your computer. All you have to remember is your one password to log in to the password manager, then you copy and paste from there to internet logins. I use KeePass which is free: http://keepass.info/
More information: http://arstechnica.com/...