Film Score Monthly
FSM HOME MESSAGE BOARD FSM CDs FSM ONLINE RESOURCES FUN STUFF ABOUT US  SEARCH FSM   
Search Terms: 
Search Within:   search tips 
You must log in or register to post.
  Go to page:    
 Posted:   Apr 10, 2014 - 11:45 AM   
 By:   johnjohnson   (Member)

http://www.bbc.com/news/technology-26971363

 
 Posted:   Apr 10, 2014 - 12:21 PM   
 By:   Francis   (Member)

Yeah... I dread going through all my online accounts and changing the passwords.

 
 
 Posted:   Apr 10, 2014 - 12:44 PM   
 By:   Thor   (Member)

I'm not doing anything untill they tell me to change it. Many of the institutions are upgrading their software first.

 
 Posted:   Apr 10, 2014 - 7:07 PM   
 By:   ZapBrannigan   (Member)

The worst thing is, this vulnerability was wide open for two years, and prior to this week's patches being installed, exploits of it left no trace in a server's logs. Nobody knows what or how much confidential data has been stolen already, or by whom. I can't recall another online security threat that was this alarming.

 
 Posted:   Apr 11, 2014 - 12:12 AM   
 By:   Francis   (Member)

The worst thing is, this vulnerability was wide open for two years, and prior to this week's patches being installed, exploits of it left no trace in a server's logs. Nobody knows what or how much confidential data has been stolen already, or by whom. I can't recall another online security threat that was this alarming.

I can, and we have a certain Edward Snowden to thank for exposing it (!). Compared to the implications and worldwide abuse of that threat, this heartbleed bug seems harmless really. At least it has a solution.

 
 Posted:   Apr 11, 2014 - 1:08 AM   
 By:   ZapBrannigan   (Member)

I can, and we have a certain Edward Snowden to thank for exposing it (!). Compared to the implications and worldwide abuse of that threat, this heartbleed bug seems harmless really. At least it has a solution.


In my estimation, that makes three things you don't understand. But we've always disagreed about various things and I don't plan to bicker.

 
 Posted:   Apr 11, 2014 - 1:37 AM   
 By:   Francis   (Member)

I can, and we have a certain Edward Snowden to thank for exposing it (!). Compared to the implications and worldwide abuse of that threat, this heartbleed bug seems harmless really. At least it has a solution.


In my estimation, that makes three things you don't understand. But we've always disagreed about various things and I don't plan to bicker.


First off, I'm not keeping track, second make me understand please o wise one. big grin

 
 Posted:   Apr 11, 2014 - 2:51 AM   
 By:   ZapBrannigan   (Member)

Well, the three things you implied are

- that the NSA's data mining project was a bigger threat to us (as opposed to terrorists) than heartbleed is.

- that Snowden did a good thing. He actually handed over a vast amount of our Defense and national security info to Russia-- vital materials having nothing to do with the lofty goal of securing our privacy and everything to do with giving advantage to Vladimir Putin in any conflicts that might arise.

- that heartbleed is no big deal. The big deal is that nobody knows what data has been stolen over the past two years, or by whom. And this involves two-thirds of all the servers on the Internet.

And as I implied before, I don't think we'll end up agreeing.

 
 Posted:   Apr 11, 2014 - 3:45 AM   
 By:   Francis   (Member)

Well, the three things you implied are

- that the NSA's data mining project was a bigger threat to us (as opposed to terrorists) than heartbleed is.

- that Snowden did a good thing. He actually handed over a vast amount of our Defense and national security info to Russia-- vital materials having nothing to do with the lofty goal of securing our privacy and everything to do with giving advantage to Vladimir Putin in any conflicts that might arise.

- that heartbleed is no big deal. The big deal is that nobody knows what data has been stolen over the past two years, or by whom. And this involves two-thirds of all the servers on the Internet.

And as I implied before, I don't think we'll end up agreeing.


Well I respect this post a lot more than your previous one. Heartbleed will be fixed, the problem is known and the companies who use the OpenSSL version that contains the bug will simply make the adjustments to make the system less vulnerable. The abuse of the bug is also limited in that it only allows for getting people's credentials and impersonating them or try to scheme them, same old really as this type of cybercrime has been going on for quite some time and will continue in other forms.

The NSA data mining project and PRISM however goes a lot further and is more aggressive in its intent and scope, not just storing your data but also linking your presence on the internet and whereabouts, banking activity etc. We're not talking about someone who steals your username and paswords, or reads your mails, no we are talking about someone who will look for every bit of information about you (including camera and phone recordings) and link it all together. The fact that this is orchestrated by a government in secrecy is unacceptable and no threat of terrorism IMO allows for someone invading the privacy of civilians (with the exception of probable cause and in such a case with the cooperation of the providers, not behind their backs), let alone the privacy of leaders of friendly countries. It also creates an advantage as it is prone to being abused for own political and financial gain. Whereas someone exploiting the heartbleed bug, I doubt such a person has an empire to run!

In regards to Snowden, he shouldn't have been in Russia in the first place, but giving how whistleblowers are treated in the US, he had little choice. I very much doubt that his intel is of any worth to Putin, his being there however is as it shames the US. He is just being drummed up to be a Russian defector as to not have to face what this man truly did, expose the big brother mentality that can't be fixed like a simple software bug.

You say the big deal is that nobody knows what data has been stolen over the past two years, or by whom. And this involves two-thirds of all the servers on the Internet. What we do know is that the NSA has been doing just this systematically for who knows how long, I'm willing to bet it's a lot longer than two years. And not just the NSA, I'm not ignorant that it ends there.

We can both differ on what is more harmful, but I'm merely point out that one is a system flaw that was not intended (I surely hope not), the other is intended and as such to me a hell of a lot more worrisome than some hackers out to make a buck.

 
 
 Posted:   Apr 11, 2014 - 7:59 AM   
 By:   dan the man   (Member)

By degrees of danger I agree. The worst of 2 evils.

 
 Posted:   Apr 11, 2014 - 8:17 AM   
 By:   solium   (Member)

I thought Steve Rogers took care of this?

 
 Posted:   Apr 16, 2014 - 2:34 AM   
 By:   ZapBrannigan   (Member)

Snowden and His Accomplices:

http://online.wsj.com/news/articles/SB10001424052702303603904579495391321958008#printMode

 
 Posted:   Apr 16, 2014 - 3:19 AM   
 By:   Francis   (Member)

I guess the wall street journal is pissed they didn't win a Pulitzer Prize as well as George Polk award in the last week. roll eyes

Plus it has also been confirmed and reported in the media that Heartbleed was in fact exploited by NSA to gather information. No big surprise there.

 
You must log in or register to post.
  Go to page:    
© 2014 Film Score Monthly. All Rights Reserved.