Total Eclipse of the Heartbleed
|Total Eclipse of the Heartbleed|
|Broadcast Date||April 14 2014|
Andrew Zarian is on the show and we’ll kick around some Heartbleed news to scare the SSL out of you, plus what the governments doing to help patch software. And Jessica Dolcourt helps us decide if Windows Phone’s Cortana will inspire us to ditch Siri or Google Now.
- TechCrunch reports Windows Phone 8.1 arrived today for developers as a developer preview. While the OS is not finished, pretty much anybody can get it by signing up for a free Microsoft developer account and starting a project. Of course you voice your warranty and you can’t roll back to Windows Phone 8, so it may not be for everyone. Reviews of the OS came out today too with many people raving about Microsoft’s voice-activated assistant Cortana. That feature is only available in the US.
- Engadget posted Google has agreed to buy Titan Aerospace, makers of solar powered drones. You may recall Facebook was in talk with Titan Aerospace a few months ago. Facebook bought a different company called Ascenta. The WSJ says Google intends to use the drones as part of its Project Loon attempt to broadcast the Internet from floating weather balloons.
- Mozilla’s Mitchell Baker announced the appointment of Chris Beard to the Mozilla Board and the position of interim CEO. Beard has worked at Mozilla since 2004. He has an MBA from the University of Edibnburgh and worked in senior product and marketing roles at HP and Sun as well as founding the Puffin Group which was acquired by Linuxcare. Beard joined VC firm Greylock in July 2013.
- Friday we told you Cloudflare had opened a server to be hacked, to see if private keys really could be extracted from a server by exploiting the Heartbleed vulnerability. It took 9 hours for someone to do so. Ars Technica reports software engineer Fedor Indutny and Ilkka Mattila at NCSC-FI obtained the keys. As of Saturday, CloudFlare had confirmed four “winners”, the other two being Rubin Xu, a PhD student in the Security group of Cambridge University and security researcher Ben Murphy.
- A more worrisome exploitation of Heartbleed came from the Canada Revenue Agency which reported 900 Social Insurance Numbers stolen by someone taking advantage of Heartbleed. The CBC reports the theft was discovered by admins who were patching the CRA’s servers. The agency is still examining the breach to see if data related to businesses had been removed as well. The agency did not describe how the attackers used Heartbleed to gather the numbers. Anyone affected will be provided with free credit protection.
- Akamai is reissuing all SSL certificates and security keys used to encrypt connections between its customers websites and visitors
- Of course patching the bug is not simple as Akamai has learned the hard way. PC World reports Akamai is reissuing all SSL certificates and security keys used to encrypt connections between its customers websites and visitors. Akamai THOUGHT its customers were less vulnerable to Heartbleed because of custom code related to how the keys were stored. Akamai released that code Friday to help out other researchers. As if to demonstrate the value of open source, researcher Willem Pinckaers found defects in the code Sunday. Akamai’s code left three of six critical values of an RSA key unprotected allowing an attacker to calculate the rest of the key.
- Of course maybe all this could have been fixed years ago if the US NSA had let companies know about Heartbleed. Bloomberg reported Friday that two sources told them the NSA knew about Heartbleed for two years. A statement from the Office of the Director of National Intelligence said, “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong.”
- Of course that doesn’t mean the US government agencies don’t find out about flaws and keep it to themselves sometimes. The New York Times reports the White House response to allegations the NSA knew about Heartbleed was to issue a statement saying there is now a “bias toward responsibly disclosing such vulnerabilities.” The exception of course is when there is “a clear national security or law enforcement need.”
News From You
- Submitted by pnthrldy
- A glow-in-the-dark road that debuted in the Netherlands on a 500 meter stretch of the N329 highway, replacing streetlights
- Ars Technica republication of the Wired UK article on a glow-in-the-dark road that debuted in the Netherlands on a 500 meter stretch of the N329 highway, replacing streetlights. The markings are not merely reflective, but created with photo-luminescent powder integrated into the road paint, developed in conjunction with road construction company Heijmans.
- Submitted by AllanAV
- Jefferies analyst Peter Misek claims Apple wants to raise the price of the iPhone 6 $100 if they can get the carriers to agree
- MacRumors article passing along the StreetInsider story that Jefferies analyst Peter Misek claims Apple wants to raise the price of the iPhone 6 $100 if they can get the carriers to agree. No carrier will likely WANT to raise the price in this world of bargain smartphones but Misek argues “Carriers realize that the iPhone 6 will likely be the only headline-worthy high-end phone launched this year and that they will lose subs if they do not offer it.”
- Submitted by tekkyn00b
- Comcast’s Netflix speeds have improved dramatically since the two companies agreed to an interconnect contract
- Verge article that noticed Comcast’s Netflix speeds have improved dramatically since the two companies agreed to an interconnect contract. Comcast is the 5th fastest streamer at an 2.5Gbps for Netflix streams in March, vs. the average 1.15 Mbps it reported in January.
- Submitted by melchizedek74
- Cortana vs. Siri vs. Google Now: An early look at how Cortana stacks up (hands-on)
- Windows Phone 8.1 review: A magnificent smartphone platform
- Windows Phone 8.1 now available to download
- Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say
- Trove of Software Flaws Used by U.S. Spies at Risk
Pick of the Day
- via Mike
| Preceded by:
"Live from Greenville High School"
| Total Eclipse of the Heartbleed
|| Followed by:|
"Twitter Gets a Gnip"