Change your passwords

It is amazing just how many passwords we all collect if we use the internet. To even be reading this lowly blog you probably had to use at least one password. If you engage in any online commerce you generally have to register with the website and come up with yet another password. Online banking = password. To access online credit card accounts we have yet another password. Sometimes we do have to deal with real people regarding the latest credit card account thefts – ah but there is that secret word or name. Then there is the social media and more passwords.

Heartbleed is the newest known security glitch or breach and this one is by far the worst one yet. Data – our personal data has been leaking from websites using OpenSSL as their cyber security. This has been going on for two years. Those of us not deeply into security or all the code necessary to link our web browsers with a secure website so we can buy new underwear or whatever trust that the tech guys know what they are doing. At first NSA claimed innocence. The question then became – “when did NSA know”?. Bloomberg News last week informs us that NSA knew shortly after the bug was introduced into OpenSSL and NSA has been exploiting the bug for two years.

The advice from internet security experts is to change all of our passwords – as soon as we know that each website has installed working (verified) patches. If passwords are changed before solid patches are in place we are going to have to figure out another strong password. There are password lock box apps that require a master password to access. I have not used one – many people swear by these apps.

After I sent a friend an easy to understand article on how to create strong passwords – she responded that she keeps hard copies of her passwords and never has the websites keep her personal information or passwords on file. But what she doesn’t understand is — that for passwords to work, that these passwords, email address and/or user names are kept on file by the companies we are doing business with.

Here’s a very simplified version of how the secure https websites work. Note the difference between http and https – that s at the end of http indicates that this is a secure link.

There is a whole lot of computer code working in the background. Actually behind pretty webpages there is a whole lot of code which controls the look, feel, and design of webpages. The commercial websites using OpenSSL generate a very long string of numbers and magically hooks up with our computer to collect the data that we typed onto the online forms.

This data including the passwords is magically combined with the very long string of meaningless numbers. At the business end there is a master decryption key which again makes the meaningless data from us with our purchase order into something that the computer can send out to be boxed up by humans or computers. Also the banks are sent our credit card information.

It is really pretty amazing just how much of our lives are dependent on cyber security. NSA was supposed to be the DEFENSIVE part of internet security. But that government boondoggle has cost we taxpayers – or we the people -billions of dollars. One way or the other NSA is the bad guy – either they were too incompetent and they missed this major bug – or they found the bug – kept quiet about it and exploited the bug for their own purposes. What was Obama’s role? When did he know about this bug? So far NSA and the white house claimed to have learned about the bug last Monday. TechNet.com has two must read articles published on Monday 14 April 2014 about the impact of the Heartbleed bug as well as an article about how NSA has failed at its job which is supposed to be cyber defense. NSA is all about cyber warfare because it is run by the military. Once we get all the different spy agencies attached to the internet feeder hubs to disengage we might see all of internet speed increase. There is no way that massive SPYING and copying everything is NOT slow down even “high speed” internet.

So change your password and read advice on creating a strong password – do not use 1234.

Update one.

Emptywheel.com a.k.a Marcy Wheeler a lot to say about Obama’s white house response to the Heartbleed bug.
http://theweek.com/article/index/259910/why-obamas-response-to-the-heartbleed-bug-is-so-troubling

If you read Techdirt.com, the Guardian.com and Emptywheel.com you will gain a pretty good overview of just how bad the Heartbleed bug is and why you need to change you passwords. We may never know how much information malicious hackers like the NSA may have stolen.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: