This week, sites like Soundcloud announced that they would be routinely logging users out to protect them from Heartbleed, a bug in OpenSSL software that’s used to encrypt traffic but ends up leaving users vulnerable.
The bug was recently uncovered, and there's now a handy guide explaining how the flaw works, what information can be extracted and how it can be stopped. The bug has enormous implications that could put the majority of the Internet at risk. Essentially, the security vulnerability allows hackers to spy on communications, data and other information of users on websites that otherwise appeared to be safe and encrypted without leaving a trace in the logs. This bug has existed for at least two years, leaving keys usernames, passwords, and other information open and accessible to anyone who knows how to navigate the system.
According to a report from Wired, the NSA may have been using Heartbleed to conduct spying operations on a mass scale. There is, however, currently no concrete evidence suggesting that the agency has done so.
“It would not surprise me if the NSA had discovered this long before the rest of us had. It’s certainly something that the NSA would find extremely useful in their arsenal,” University of Pennsylvania professor of cryptography and computer security Matt Blaze told Wired.
Whether or not the NSA is involved, the security flaw is certainly cause for major concern. A new version of OpenSSL has been created, and it’s up to service providers to integrate the new software to prevent future attacks.
A programming flaw in widely used Internet security software may have left thousands of websites vulnerable to having users’ passwords stolen. The glitch has been dubbed “Heartbleed,” and security analysts are still struggling to determine the scope of the problems it may have created.
The Yahoo-owned site Tumblr was the largest website to announce on Tuesday that it had been affected by the bug, according to the Los Angeles Times. Officials at Yahoo urged users to change their passwords for Tumblr as well as all other websites.
The technology website CNET reported that testers were able to exploit the glitch and lift passwords from other Yahoo sites as well.
Yahoo issued a statement Tuesday saying it had repaired the main vulnerabilities.
"As soon as we became aware of the issue, we began working to fix it,” the statement read. “Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now.”
Heartbleed is a vulnerability in OpenSSL technology. That is the encryption technology used by 66 percent of all servers on the public Internet. Analysts have not gone so far as to tell people to stay off the Internet completely, but they have suggested that people stay away from sensitive things like online banking until the flaw is completely understood.
The scope of this is immense," said Kevin Bocek, a vice president at Venafi, a Salt Lake City cyber security company. "And the consequences are still scary. I've talked about this like a 'Mad Max' moment. It's a bit of anarchy right now. Because we don't know right now who has the keys and certificates on the Internet right now.”
An update to OpenSSL has already been released so that sites can fix the problem. For now, though, it will be up to users to determine if sites they regularly use have updated the software making them safe again.
"Avoid things like online banking and avoid sensitive sites if you're not sure," said Andrew Storms of CloudPassage. "Some people will see it as overkill. But I think that's the simplest guidance. If you can hold off doing something online for a couple days, then you should."
A Business Insider story offers suggestions to users for protecting themselves. The story indicates that researchers who discovered the bug let programmers know several days in advance of announcing the vulnerability, so most sites should already be in the process of updating their servers' software. Once users have confirmed that has been done, they should change their passwords to the sites.
Athlete Raija Ogden was only meters away from finishing a western Australia triathlon when she was injured by a falling drone.
Ogden was treated at the scene before she was taken to a hospital, where she had to get three stitches to treat a head wound.
“Basically we should all just thank our lucky stars that there [were] no injuries to a child or nobody’s eye got taken out,” Ogden said after the incident.
The drone’s operator, local photographer Warren Abrams, had set the drone up to hover about 10 meters above the race. His intention was to capture images of the triathletes in the final 10km stretch of the run portion of western Australia’s Geraldton Endure Batavia triathalon.
In the initial investigation, Abrams suggested that someone else had briefly taken over flying the drone, causing him to lose control of it. However, because such an attack could easily be carried out with a smartphone, Abrams said that it would be extremely difficult to determine who was responsible for the attack.
Conflicting reports about the incident have surfaced in local media. While some say that the drone fell directly onto Ogden, others say that she tripped and fell after being startled by the falling drone.
Abrams maintains that video footage clearly demonstrates that the drone did not, in fact, fall onto Ogden; it fell directly behind her.
Ogden disputed this version of events, noting that she sat down after the drone hit her because she thought she was going to faint.
Australia’s Civil Aviation Safety Authority is looking into the reports. The authority’s rules state that unmanned aircraft, such as a drone, must fly at least 30 meters away from people. Furthermore, drone operators must be certified by the agency; news reports raised questions as to whether Abrams was legally certified to operate the drone.
Geraldton Triathlon club has apologized to Ogden.
A beloved New Hampshire substitute teacher quit her job after her school told her she had to unfriend students on Facebook.
Carol Thebarge, 79, took to Facebook to announce that her 35-year career as a paraprofessional and substitute teacher had come to an end after she was left with no choice but to quit.
"Today will be my last day at Stevens High," wrote Thebarge on her Facebook page. "I was given an ultimatum; to either delete every student from my Facebook page and do not post pictures of them, or be terminated."
"Those of you who know me and my philosophy in life, that of marching to the beat of my own drummer, would assume I would choose the latter of the two choices,” continued Thebarge. “And I did.”
Thebarge went on to note that the same administrator first asked her to delete thousands of students as friends on Facebook four years ago and said she actually began the process, but after about 50, she stopped.
“At that time, I could not begin to fathom on where to begin,” wrote Thebarge in her post. “Now I have over 3000 … the parents that I had in kindergarten, to those I had in the sixth grade who are now grandparents. It was like picking a needle out of a haystack. And when I did delete at that time, I had students that were asking me ‘what did they do wrong that I would do this to them.’ And then I hid my list. And I realized that I, who always taught them to ‘live their truth’, was demonstrating deceit. So I unblocked it and she [administrator] left me alone. Until now.”
Now, the administrator gave Thebarge the ultimatum after a fellow teacher was accused of sexual assault against a 14-year-old student. The dedicated substitute refused to delete her students, so she decided to quit.
"I will continue to stay in touch with all of them here,” Thebarge continued on Facebook. “No man or institution will dictate my relationships here, or otherwise that are within the range of my own consciousness. This is not rebellion. It is standing up for my beliefs ... for silence and compliance is agreement.”
School Superintendent Middleton McGoodwin defended the school’s policy and said that although Thebarge is a great teacher, she is not exempt from following the rules.
“In truth, being a caring, lovely woman doesn’t give you immunity to ignore a school board policy that’s designed to protect everyone,” said McGoodwin.
According to reports, a change.org petition was drafted to ask McGoodwin to reinstate Thebarge, and so far, it has gotten almost 700 signatures.
Mazda is recalling 42,000 Mazda6 cars because spiders are building webs in the fuel systems.
Yellow sac spiders, which are attracted to hydrocarbons, build webs in the vent hose of the vehicle, causing pressure to build and crack the fuel tank.
The recall includes the Mazda6 models from 2010 to 2012 equipped with 2.5 liter engines.
Mazda says there have been no injuries or fires as a result of the spiders.
In 2011, Mazda recalled vehicles for the same spider problem.
They originally tried to solve the problem with covers on the vent lines, but the spiders got past them.
Cheiracanthium is a venomous spider about one quarter to 3/8 of an inch long.
Mazda will update the cars’ software this month to monitor fuel pressure, according to The Associated Press.
Five-year-old Kristoffer Von Hassel managed to hack his father’s Xbox live account. He now has the attention of Microsoft and the gaming world.
Kristoffer found a security flaw through Microsoft’s Xbox One console. It allowed him to log into his father’s Xbox Live account without permission, reports CNN.
"I was like ... yeah!" Kristoffer told KGTV-10.
It all began after Christmas when Kristoffer’s father, Robert Davies, noticed he was logging into his account and playing games inappropriate for his age. When Davies asked Kristoffer how he had done it, he showed him the hack he discovered.
Kristoffer found a work-around for his father’s password by “first typing in a wrong password, then typing only space keys and hitting enter when shown a password verification screen, allowing him into the account,” reports the Huffington Post.
"How awesome is that?" asked Davies, who works in online security himself. "Just being 5 years old and being able to find a vulnerability and latch on to that. I thought that was pretty cool."
This is not the only hack Kristoffer has discovered. One other includes getting past the lock on a smartphone by holding down the “home” key long enough.
Microsoft was notified of the security flaw by Davies and they will be issuing a fix for the vulnerability.
"We're always listening to our customers and thank them for bringing issues to our attention," the company said in a written statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."
To show their appreciation to Kristoffer, Microsoft gave him four games, $50, and a yearlong subscription to Xbox Live.
Microsoft even included Kristoffer’s name on a list of security researchers who have “helped make online Microsoft products safer.”
The U.S. government was behind the development of a text-messaging network in Cuba that was intended to spread unrest among the nation’s youth. A new Associated Press story indicates that the U.S. Agency for International Development modeled the network after Twitter and named it ZunZuneo, the Cuban slang for a hummingbird’s tweet.
According to documents cited in the story, the network was intended to fly below the radar of Cuba’s strict Internet usage restrictions. The Miami Herald reported last year that “Cuba’s Internet remains one of the least free in the world.” In order to evade Cuban regulators, the USAID sought to build a subscriber base by promoting “non-controversial content” such as sports scores and hurricane updates. Once a sufficient number of subscribers was reached, operators of ZunZuneo would introduce political content.
The content would be aimed at creating mass gatherings, or “smart mobs,” charged with a message of political change. One USAID document said the goal was to encourage citizens to “renegotiate the balance of power between the state and society.”
USAID spokesman Matt Herrick told the AP that the agency was proud of the program.
“USAID is a development agency, not an intelligence agency, and we work all over the world to help people exercise their fundamental rights and freedoms and give them access to tools to improve their lives and connect with the outside world,” he said.
Sen. Patrick Leahy, D-Vt., said several aspects of the program were troubling.
“There is the risk to young, unsuspecting Cuban cellphone users who had no idea this was a U.S. government-funded activity,” he said. “There is the clandestine nature of the program that was not disclosed to the appropriations subcommittee with oversight responsibility. And there is the disturbing fact that it apparently activated shortly after Alan Gross, a USAID subcontractor who was sent to Cuba to help provide citizens access to the Internet, was arrested.”
The nature of the program is sure to spark more controversy, but it is unclear what lawmakers will do with the information. Herrick noted the program was reviewed by investigators last year, and it was found to be consistent with U.S. law.
ZunZuneo no longer operates in Cuba.
USAID said the program simply ended when it ran out of money in 2012. Internet service is still restricted in Cuba. Cuban users of the network told the AP it disappeared as mysteriously as it appeared. By late 2012, anyone who tried to access the network’s website was redirected to a children’s site.
“The moment when ZunZuneo disappeared was like a vacuum,” said one user. “In the end, we never learned what happened. We never learned where it came from.”
Chicago is the American city with the most active online users in a committed relationship who are looking to cheat, according to Victoria Milan, a site dedicated to helping facilitate the practice.
According to the website, Chicagoans spend 25 percent more time on the website than the national average. They spend more hours online, chat more, and send more pictures, messages and virtual gifts than residents from any other city.
“I can’t help but notice that Chicago is the coldest large city here,” Victoria Milan CEO Sigurd Vedal said. “And when things get cold, cheating gets hot.”
According to Facebook data accumulated between 2010 and 2011, Vedal’s estimate is not completely off-base. During the winter, people are more likely to begin new relationships.
Following just behind Chicago in most active Victoria Milan users is Los Angeles (21 percent more time spent online than the national average), New York City (18 percent), Houston (11 percent) and Dallas (9 percent).
A 16-year-old Mexican girl was allegedly brutally murdered by her best friend after they got in a dispute over naked photos that were leaked on Facebook.
According to reports, Erandy Elizabeth Gutierrez stabbed her best friend, Anel Baez, 65 times in the neck after Baez invited her over so that they could patch things up after their dispute. Baez had allegedly uploaded naked photos of the pair to Facebook, and authorities suspect that Gutierrez wanted revenge.
"It may seem that I am very calm, but in my head I have killed you at least three times," Gutierrez reportedly tweeted just weeks before the murder occurred. The teenager also allegedly pledged to “bury” her friend “by the end of the year.”
Police say that when Gutierrez arrived at Baez’s home, she asked to use the bathroom, but instead went into the kitchen, grabbed a knife, and proceeded to stab her friend repeatedly, leaving her in a pool of blood. The teenager left the scene and attempted to remove herself from the situation entirely.
Gutierrez was eventually arrested at Baez’s funeral, where she was pretending to grieve along with friends and Baez’s family.
Police say Gutierrez will be charged with murder this week, but because she is a minor, she will most likely be prosecuted in juvenile court and may only serve up to seven years in jail if she’s found guilty.
Facebook CEO, Mark Zuckerberg, made $3.3 billion last year by exercising his stock options in the social networking company he founded, according to the New York Post.
In 2012 the 29-year-old executive made $2.3 billion from his initial stake in the company. Zuckerberg sold 41.35 million shares of Facebook for $55.05 apiece in December to help pay the taxes on the 2012 windfall according to regulatory documents filed Monday.
Facebook stock hit $61 per share in January of this year making the company worth $150 billion. At 10 years old it hit that milestone faster than any company in history, according to Business Insider.
“He has more wealth than anybody could ever hope to use in a lifetime,” James Cody told Bloomberg at the time. Cody is a managing director at Harris myCFO, Inc.
The rapid growth in the company’s value and Zuckerberg’s enormous stock options were made possible as he delivered on his promise to increase ad revenue from mobile devices. Investors apparently like what they have seen. It is reported that Facebook now gets over half of its revenue from advertising directed at smartphone and tablet users. In light of that the company’s stock has more than doubled in the last year.
Zuckerberg isn’t keeping all of the money for himself though. He and his wife, Priscilla Chan, donated $1 billion worth of stock to the Silicon Valley Community Foundation last year. That move put the couple at the top of the The Chronicle of Philanthropy’s list of most generous Americans.
“What he has done with his wealth so far speaks to the fact that he’ll do more good for charitable purposes,” Cody said.
Currently Zuckerberg owns 426.3 million Facebook shares. Although he only receives a $1 annual salary from the company, he is currently worth $25.7 billion. Even with giving away stock to charities, Zuckerberg is making over $2.5 billion a year on average. That’s not bad for a guy who founded his company in a Harvard dorm room.