WARNING: Heartbleed is a Silent Stalker

HeartbleedThe Internet has been reeling for the past couple of days after a very serious and widespread vulnerability called Heartbleed reared its ugly head. The Heartbleed threat might finally be all over the news tonight, as this security threat bursts out of IT backrooms and becomes public knowledge that could possibly impact millions. But most organizations have been flying under the radar, rather than warning their users to stay clear of their login pages.

TL;DR Skip straight to the bottom to see what you should do to protect yourself. Rule #1, stay logged out of sensitive sites until you see a clear advisory that the site’s been secured.

Heartbleed is an SSL exploit that could be potentially have already affected up to 2/3rds of web servers, and an undetermined number of mailservers. The result is that financial transactions, medical info, personal data, pictures, passwords, attachments, chats and pretty much everything the world has entrusted to the OpenSSL encryption library (ie. those HTTP:// URLS) has been vulnerable for almost 2 years on many servers.

Unfortunately the standard practices for corporate secrecy and IT security can also impact consumer awareness and security as well. Since people’s first instinct is to login and reset their passwords…Regardless of whether the organization has made public disclosure, and announced that their sites have been properly patched.

The first thing you need to know about Heartbleed is that any server that uses vulnerable versions of OpenSSL to secure its connections (via the https:// protocol) have been vulnerable, for up to the last two years! Some people are starting to suspect that this back-door was placed on purpose to enable government agency spying. We can decide for ourselves if this theory is plausible based on prior actions.

The second thing to know is that you should NOT reset any passwords on any suspected sites until you can be fully assured that their systems have been properly updated and re-secured. This means that the standard approach to such security issues, where everything is on a need to know basis, will need to be broken-open to the public so that we can all be assured that our passwords can be safely reset on any site that has been vulnerable.

This kind of open disclosure of potential risk is often very difficult for many types of organizations, and that’s the real problem here. Since the standard operating procedure stands in the way of real damage control, and instead favours  the “reputation management” need that can supersede the real security risks to Consumers. Many organizations would prefer to respond to issues on a reactive basis, rather than throw the floodgates open to admitting fallibility.

Continue reading


RSS is Dead…Long Live RSS!

What are we talking about when we talk about RSS?
RSS was once a bright and promising young star of internet protocols, which still serves a dwindling yet devoted audience even now over 15 years later. Yet as the geek-index of the average internet user has slowly dropped to the levels of the general consumer, so has the interest in managing one’s own syndicated content feed. Or has it?

What if it’s just the the RSS protocol itself that’s fallen out of fashion, not the supporting idea of aggregating content into your own info-tainment concierge (so to speak).

We’ve previously talked about how the average consumer is going to soon become increasingly confused by the iconography behind tap-able NFC tags and devices, and how the tap-to pass payment systems (ie GoogleWallet, ) are blurring the lines with other NFC-based services (like Samsung Wave, etc). In the end creating enough confusing that the NFC services might falter in NorthAmerca if people start to beleive that they will be charged for something every time they tap a wavey icon.

Luckily the payment systems have started to standardize around the 4-wave symbols, leaving the 3-waves (and a dot!) iconographers to map out a future between NFC, WiFi, and any lingering users fo RSS.

What’s also fortunate is that WiFi hotspots have become more recognizable for their standard signage, in bland/boring blue and using the 3-waves and a dot icon. This leaves only RSS and the myriad of other NFC services to sort themselves out with what’s arguably the best most effective icon out there.

There are many signs that NFC and payments standards are also competing for the much more visible yellow and orange-ish colours that will help them stand out on signage. Which makes it all the more important for NFC to seize the dot, and standardize around the smaller 2-wave icon.

So rather than clamour in confusion, and risk being lost in a washed out ambiguous lookign variety of icons, NFC services should pick up where RSS left off, adn simply offer a wireless-way to tap yoru way into a new form of subscription and even syndicated content. abandon
inessential.com: What we talk about when we talk about RSS

inessential.com: What we talk about when we talk about RSS.