Heartbleed need not kill your trust in internet security – but it’s time to change passwords for Facebook, GMail, YahooMail, Dropbox

So yesterday I paid for pesto with cash instead of my credit card, because of Heartbleed. I started the morning with an urgent message from my friend Thomas O’Dell, who was especially concerned about alerting our friends in the cvil service. Not about pizza orders to sure, but internet security. A quick check was enough to make me turn to cash.

Reputable sites were describing Heartbleed as “one of the biggest, most widespread vulnerabilities in the history of the modern web.” Holy cow!

“OpenSSL [which provides security protocols] runs on 66% of the web. … [and] chances are, you interact with it several times a day. That interaction can be as simple as entering in a password for an email account or as complex as sending a private message or photo or even filing your taxes.

…this vulnerability has actually been around since December 2011. Lots of software packages started using the vulnerable version of OpenSSL in May 2012. So for two years, any app, website, bank or private messaging app that uses OpenSSL has been vulnerable to this bug.”

To learn more, Google “Heartbleed”, search twitter or read Heartbleed.com for the bad news:

Heartbleed Bug

So this morning I checked my restaurant site using the LastPass Heartbleed checker and was informed that:

“The SSL certificate [for the restaurant] was valid 1 year ago at Dec 3 00:28:51 2012 GMT. This is before the heartbleed bug was published, it may need to be regenerated.”

Well, I do hope small businesses in Singapore are getting help from IDA or their ISP or webpage vendor to sort this out immediately. [Update from CNA (10 Apr 2014): “IDA is urging all website owners in Singapore to heed the advisory issued by SingCERT]

CNET consulted experts and suggests we do not log into accounts from afflicted sites until we are sure the problem has been patched. So wait until notification (48 hours?), then change your password!

This recent Mashable article lists sites which have initiated a fix already. But they have yet to inform users. Knowing this, though, it is time to change your password, in case a compromise was experienced, even if theft of data has not been detected:

  • Facebook
  • Tumblr
  • Google, GMail (has two factor authentication)
  • Yahoo
  • Dropbox (has two factor authentication)

Regular changes of secure passwords can be tiring and difficult and all the more so with multiple devices, unless you get help from a password manager. I am now making proper use of 1password by AgileBits who happily report that 1Password’s technology is not built on OpenSSL and so it’s encryption remains safe.

I do suggest to my students that they use the free LastPass and to study the basics in order to use it well. Mostly they ignore me(!) but they might be a little more interested now. Thus episodic problems like these are ultimately helpful.

Oh, if you already have a LastPass account, it is now time to change your password too! LastPass fixed the problem and integrated a check for Heartbleed vilnerabity.

Once you have a password manager app, generating new secure passwords are easy to frequently do, but it will require some dedication. Still, if that’s all we need to overcome Heartbleed, technology can recede once again into the background.

Update: See “Heartbleed bug: What you need to know,” by Jane Wakefield. BBC News Technology, 10 Apr 2014.

Plastering posters around campus and the fight to be heard!

Suzanne Ou the ICCS Intern is lending the Evening of Biodiversity a hand and plastering An Nee’s poster on notice boards around campus.

In the process she is learning about circulation, traffic, the campus layout and the fight for space. Later, we’ll see that while this might not be an exercise to reach the masses but it will reach the rare individual to whom this will be just what the doctor ordered!

We would usually do this three weeks in advance but its been a tough month and I am glad we are going ahead.

Remember, details are up on Habitatnews and register here if you can join us on Wed 16 Apr 2014: 6.30pm – 8.30pm!

20140410 eveBioD noticeboard

20140410 eveBioD noticeboard02

20140410 eveBioD noticeboard03

20140409-EOB II poster for Habitatnews

Where Suzanne put up posters today
NUS notice boards for posters

All ready for honours thesis submissions at the Department of Biological Sciences

This dramatic arrangement set up by the department admin signalled an important day for Life Sciences honours students – thesis submissions are due from the cohort. There are 35 environmental biology students subnitting thesis.
In my time, this was a New Year’s Eve ritual, and many of us share fond memories of this rite of passage.

Because I was handy on a Mac, I helped a few cohorts of my juniors typeset their thesis with Microsoft Word 5.1 on the Zoology department’s Mac IIcx. Table of Contents were generated with styles and embedded Excel tables meant the process and its may shortcuts was fast. The Mac Extended keyboard and its function keys were a boon.

And after more than two decades, the 2.5cm x 2.5xm x 3.5cm x 2.5cm, double-spaced, Times New Roman 12 point reflex is still embdded in me.

Office agog about ethernet drag

They do have a point; this is what I see from Speedtest today:

Just the other week, I reported blazing speeds:

We’ve called about the hiccup and ComCen is usually quick to respond.
Once they figure out where we are!

The desktop pc users need their connection restored to do work but a laptop user like myself can tether my MacBook Pro via an iPhone. It’s useful when managing events and sharing manuscripts with students – right now I am clearing honours thesis, editing minutes for the Biodiversity Roundtable, converting lecture slides to white background before uploading to the IVLE module page and writingwriting emails to settle the Evening of Biodiversity.

If the connection fails me, I go home!

Update: minutes after posting, my network speed was back up but the rest were groaning at 1mbps.