[kwlug-disc] Heartbleed affected sites

unsolicited unsolicited at swiz.ca
Tue Apr 15 23:56:01 EDT 2014

On 14-04-15 05:47 PM, John Johnson wrote:
> On 2014-04-15 16:32, unsolicited wrote:
>> Provide more surgical reports to the media.
> No offense. But you seem to be asking the government agencies (and
> media) for more surgical (aka edited) reports as well as more detail and
> context. Are these requirements not mutually exclusive?

No, I'm saying don't scream "CHANGE YOUR PASSWORD EVERYWHERE" without 
basis in fact. I'm saying stop speculating on what they neither know nor 
understand while coming across as authoritative as to appropriate actions.

What the technical guy said was well done. Specific areas upon 
identification of specific concerns. Not "CHANGE ALL PASSWORDS!", change 
<this one>, if you accessed during <these hours>, maybe, just in case. 
With certainty ONLY if you receive a letter from Revenue Canada. 
Specific threat identified, mitigated easily and quickly. Not 
everything, everywhere, just in case.

Heartbleed didn't reveal anything, it allowed encryption to be bypassed, 
maybe, in very specific and uncommon ways, and MAYBE there was something 
useful in there, and MAYBE somebody did something with it. Somebody had 
to utilize it, do further unreasonable and nefarious things, then 
attempt to mine it in nefarious ways.

Never mind that zeroing memory or sending true gibberish would have 
avoided it all. Never mind that properly isolated systems wouldn't let 
you get to really useful stuff. Never mind that there shouldn't have 
been anything useful in memory to send back in the first place. (Poor 
programming practices, that surprisingly didn't get revealed via code 
review. Hopefully there's some consternation in that community on all this.)

Use to be media, journalism, required a factual basis for reports. Now 
they're making it up on the fly. (OK, never mind the 'now' in that.) 
Equally irresponsible is whichever authority told them that's the right 
thing to do.

> And, to be fair, it is news if the CRA aka Revenue Canada and other
> government agencies shuts down their portals.

Absolutely. If that's as far as they went. But they went further - the 
sky is falling, and change your passwords everywhere. Even though, as 
pointed out elsewhere, all you'd be doing at the time is telling them 
your new password, and you'd have to do the same again in a few days.

>> ISPs are now using boxes, packet analyzers, that can keep up with the
>> pipes, to block encrypted (torrent) traffic. I forget the name, but
>> they're local to K-W.
> Local internet traffic equipment providers: Sandvine, Exinda.
> Local security equipment and software tools: Blue Coat

Sandvine - that's it, thanks. Didn't know about Blue Coat.

> One of the above, Sandvine, is home grown here in KW. The others are
> divisions of a foreign parent company.
> There could be others.

More information about the kwlug-disc mailing list