Heartbleed Bug Demonstrates Deep Vulnerabilities of the Web

shutterstock_68921602 Heartbleed Bug

If you haven’t yet heard, a massive vulnerability in a key piece of security software was announced this week. Researchers call it the Heartbleed bug.

Simply put, it is not your fault. Web servers at banks, airlines, and shopping sites use a type of encryption called Secure Sockets Layer or SSL. Your browser will display a lock icon in the address bar and maybe even change colors to green demonstrating you have a secure connection. Many websites use a piece of Open Source software, meaning nobody owns it and everyone can see the code, called OpenSSL.

OpenSSL is where the vulnerability was found. The problem is that 2/3 of all internet sites using SSL to secure the communication between your browser and their server use OpenSSL.

Why is that a problem? This bug means hackers can intercept what is supposed to be encrypted information between your browser and the bank’s server. In other words, what is supposed to be unreadable is readily readable to criminals.

And it gets worse.

In the past 24 hours or so word has leaked out that the core equipment used for the internet itself and most corporate networks has this bug too.  According to Network World, Cisco and Juniper routers are affected.

This is where it gets really ugly.

Fixing the OpenSSL bug on a website is relatively easy and the majority of websites have already put in the patches. Tracking down every router, taking it offline, and installing patches from the vendors is a very time consuming and difficult process that might take months.

Initially I wasn’t too concerned about you and me. This latest round of news truly has me worried and you need to take action now.

I am now suggesting to you and everyone you know that you take the time to change your password on every bank, shopping, travel, etc. website where you transact business with username/password and/or credit card information.

And then do it again in a week and then again in a month.

Too difficult to remember all of your passwords? There are tools to help you besides sticky notes on the side of your monitor.

Protect your passwords using software like Password Safe1Password, or pwSafe. Those applications are a securely encrypted safe in which to store all of your passwords. Use the random password generator in the software for creating your passwords.

When you use software like those three, use an entire password phrase as the master password. Something you can remember like the old “The quick brown fox jumps over the lazy dog”, but make sure to use spaces and capital letters, even use the quotation marks if you’d like.

Here are some basic rules:
•        Always use a password, never let a password be blank
•        Always change a password immediately after receiving one that was given to you
•        Use as many characters as possible when creating a password, don’t just use eight use 16 or 20 or more
•        Use different passwords everywhere, at least for sensitive information like banks or anywhere they might store your credit card information

UPDATE 4/12/14 11:30 PDT – McAfee has a handy tool for testing websites for the Heartbleed vulnerability. You can use it to test a site you might visit BEFORE you go to the website. Click HERE for McAfee’s tool

More Co-ops Are Needed


Why don’t places, like Santa Cruz, California, for example, have more co-ops outside of colleges and universities?!?

From the Wikipedia definition of a cooperative:

A cooperative (“coop“) or co-operative (“co-op“) is an autonomous association of persons who voluntarily cooperate for their mutual, social, economic, and cultural benefit.[1] Cooperatives include non-profit community organizations and businesses that are owned and managed by the people who use its services (a consumer cooperative) or by the people who work there (a worker cooperative) or by the people who live there (a housing cooperative), hybrids such as worker cooperatives that are also consumer cooperatives or credit unions, multi-stakeholder cooperatives such as those that bring together civil society and local actors to deliver community needs, and second and third tier cooperatives whose members are other cooperatives.

I lived a good portion of my life in Minnesota where farmer co-ops are giant businesses, controlled by the member farmers, like Cenex and Land O’Lakes. Credit unions are member owned co-ops, act a lot like banks with checking accounts and car loans, and yet credit unions made only one-fourth the number of bad loans compared to the big banks.

Look at what Minneapolis is doing! From a Minneapolis Star Tribune article, “Co-ops boosting retail on Central Avenue in northeast Minneapolis”:

Dan Nordley, a small-business owner who is also a leader in the cooperative movement that has deep roots in Minnesota history, said the success on Central is positive across many fronts.

“Too much business is disproportionately driven by people who just want to make money on money,” he said. “This one is more about providing goods and services to a community that needs it for its general livelihood.”

Co-ops already have set up shop in two other buildings in the area. The first was a co-op grocery, Eastside Food, that opened 10 years ago this week and now boasts 4,475 members. In 2011, some of its members formed Northeast Investment Cooperative (NEIC) to buy, rehab and manage commercial property. It’s now filling its first building at 2504-06 Central.

Co-ops are business owned by the members who shop there. What a great idea for taking control of your own, and community’s destiny when disillusioned with a cold, corporate approach.

I am partial to co-op food stores. There were many good stores in Minnesota like Lakewinds and The Wedge. The best part is they answer to the customer-owner, stocking food that is requested, particularly organic or non-GMO foods, strive for great customer service, and when the store turns a profit a dividend check is issued to each shareholder-customer!

I discussed this on KSCO Presents on November 13, 2013, in light of New Leaf Community Markets in the Santa Cruz area being bought buy a regional chain out of Portland, Oregon, which is owned by a private equity firm. And I wondered aloud on-air why the center of the fresh, local, produce world doesn’t have more co-ops.

We need to consider a nationwide movement of creating customer friendly, community focused businesses that serve the interest of the dual-role customer and shareholder.

What better way to signal Wall Street we are unhappy with their ways?