Skip to main content

 Or anything that might reveal information you would rather not reveal to a hacker.
The problem is a hole discovered in the most popular form of encryption used by web servers.

 A bug in software used by millions of web servers could have exposed anyone visiting sites they hosted to spying and eavesdropping, say researchers.
  The bug is in a software library used in servers, operating systems and email and instant messaging systems.

   Called OpenSSL the software is supposed to protect sensitive data as it travels back and forth.
  It is not clear how widespread exploitation of the bug has been because attacks leave no trace.
  "If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle," said a blog entry about the bug published by the Tor Project which produces software that helps people avoid scrutiny of their browsing habits.
 Statistics from netcraft say that 500,000 web servers run this software.
  The Heartbleed bug can link just about any information from security keys to the actual content of your message.

  What really annoys me is that the vulnerability was inserted in 2011.
  Stuff like this is unacceptable. The security of the internet is simply too low for the average user. And the NSA is partly to blame. Although most of the blame can be put on tech companies, because their business models reward new features, but there is no financial reward for fixing bugs.

  In a related note, today is the day that Microsoft stops supporting Windows XP. This doesn't mean that Windows XP will stop working.
   What it means is that if a security bug is discovered in XP, you are on your own. There will be no fixes created. And things will just get worse in the future.

10:15 AM PT: To put some perspective on this, consider a few facts:

#1) There is a glut of stolen ID's.

 Just in time for the holidays, the price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity.

    For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there.
 I've read about websites you can visit where they have databases so you can select the type and area of the ID you want to steal, as if you are shopping at Amazon.com. It's insane!

10:17 AM PT: #2) Just how big is ID theft in America? Big.

 Identity theft victims suffered more than $24.7 billion in direct and indirect losses in 2012 -- that's more than the combined $14 billion in losses consumers experienced from other types of theft (burglary, motor vehicle theft and other property theft) in the same period.

The Bureau of Justice Statistics highlighted these and other staggering statistics in its 2012 Victims of Identity Theft report, which was released this month. About 16.6 million U.S. residents ages 16 and older were victims of at least one incident of identity theft last year. That's about 7 percent of the population in that age group, and they most often experienced misuse of existing bank and credit card accounts.

 This one gets me. Everyone is paranoid about your car getting stolen, or your house getting broken into, but no one worries much about your ID being stolen, even though it can be a huge headache, and is much more likely.

10:19 AM PT: #3) It has gotten so big that hackers are changing tactics.

 In recent weeks, two companies have publicly described their experiences with what has become a popular hacker tactic: cyber extortion. Cybercriminals have threatened to disclose sensitive data or cripple websites unless their victims pay hundreds or even thousands of dollars in ransom.

  Like kidnappers and terrorists, cyberciminals have been demanding ransoms for years. But cases of digital extortion appear to have grown more frequent in recent months and involved more high-profile victims, according to Matthew Prince, chief executive of the security firm CloudFlare.

   “The brazenness of the attacks has increased and they are targeting household names,” Prince said in an interview.
EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

skybluewater, Pat K California, Thumb, Alumbrados, paradox, Mimikatz, True North, Odysseus, jexter, grollen, Timaeus, roonie, Liberal Thinking, PeterHug, DebtorsPrison, Sprinkles, MouseThatRoared, Shockwave, OLinda, eeff, xynz, wenchacha, Creosote, Heart of the Rockies, bara, opinionated, TheMomCat, Zinman, missLotus, Athenian, cyberKosFan, CoolOnion, chimpy, roses, oceanview, librarianman, Terre, fumie, Cedwyn, Alna Dem, dksbook, jdmorg, Texknight, kharma, psnyder, NYC Sophia, CitizenOfEarth, pat bunny, coldwynn, wordene, MA Liberal, brainwave, Steven Payne, defluxion10, liberte, lcrp, 2dot, Dood Abides, Wayward Wind, walkshills, Diana in NoVa, Deward Hastings, Steven D, lukyluke, solesse413, eztempo, rmx2630, xxdr zombiexx, environmentalist, oortdust, sawgrass727, Gowrie Gal, davidincleveland, maybeeso in michigan, historys mysteries, Bluesee, unclejohn, sc kitty, one of 8, Bad Cog, basquebob, dewtx, snacksandpop, stagemom, Brooke In Seattle, YucatanMan, eru, Sun Tzu, where4art, Overseas, stevemb, Ice Blue, Sandino, kaliope, PinHole, Tunk, Ginny in CO, Pluto, sillia, peacestpete, Ekaterin, Alan Arizona, xaxnar, Jim P, forbodyandmind, Knucklehead, myboo, vigilant meerkat, 417els, rl en france, cookseytalbott, Prognosticator, raincrow, Lefty Coaster, blueoasis, NBBooks, triv33, MJ via Chicago, twigg, Rosaura, JVolvo, tommyfocus2003, anninla, llbear, onionjim, BlueMississippi, IL clb, nother lurker, Unknown Quantity, CA Nana, Clive all hat no horse Rodeo, blueoregon, shaharazade, Statusquomustgo, NancyWH, markthshark, PatConnors, Aaa T Tudeattack, Sapere aude, FlamingoGrrl, Cronesense, Loudoun County Dem, camlbacker, ColoTim, yoduuuh do or do not, Wino, edsbrooklyn, Mary Mike, terabytes, Dave in Northridge, dclawyer06, getlost, SeaTurtle, bobswern, millwood, GeorgeXVIII, leonard145b, bewild, Don midwest, on the cusp, TomP, Empower Ink, gizmo59, jwinIL14, CroneWit, Amor Y Risa, JeffW, flowerfarmer, ChocolateChris, wayoutinthestix, poligirl, OleHippieChick, Involuntary Exile, elwior, Buckeye Nut Schell, jamess, monkeybrainpolitics, Cassandra Waites, hwmnbn, envwq, temptxan, BYw, billybam, sydneyluv, rhutcheson, CIndyCasella, legendmn, maggiejean, prettygirlxoxoxo, Louisiana 1976, J M F, ceebee7, greengemini, nchristine, Carol in San Antonio, CanyonWren, mkor7, LibrErica, petral, manucpa, elziax, MKSinSA, johnosahon, kevinpdx, ArthurPoet, rebel ga, Larsstephens, Words In Action, Just Bob, parse this, The Jester, NJpeach, serendipityisabitch, secret38b, biggiefries, LeftyAce, Polly Syllabic, ATFILLINOIS, gulfgal98, Puddytat, Yasuragi, nirbama, Betty Pinson, Floande, Oh Mary Oh, fiercefilms, Actbriniel, Onomastic, annieli, kerflooey, Bluefin, allenjo, ban nock, slowbutsure, vahana, OldGrammy, ontheleftcoast, FarWestGirl, asterkitty, Teiresias70, Alice Olson, smiley7, boomerchick, marleycat, sethtriggs, thomask, worldlotus, antooo, peregrine kate, chira2, foresterbob, Marihilda, Auriandra, No one gets out alive, SuWho, vger7, anodnhajo, Siri, molecularlevel, IndieGuy, nellgwen, orpurple, a2nite, 2thanks, ANY THING TOO ADD, congenitalefty, swedepi, This old man, Mr Robert, belinda ridgewood, Lilredhead, MartyM, ricklewsive, lunachickie, Brown Thrasher, jennyp, dotdash2u, Purplehead, Windowpane, Robynhood too, Lily O Lady, Blue Bell Bookworm, jusjtim35, TheMeansAreTheEnd, jbob, eyo, goodpractice, unfangus, alice kleeman, bwtsang, Smoh, ET3117, Hey338Too, Demeter Rising, chicklet, Portia Elm, CyberLady1, duhban, Metric Only, The Marti, RUNDOWN, thanatokephaloides, Skyye, ginimck, BMScott

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site