[kwlug-disc] Heartbleed affected sites
unsolicited at swiz.ca
Tue Apr 15 23:56:01 EDT 2014
On 14-04-15 05:47 PM, John Johnson wrote:
> On 2014-04-15 16:32, unsolicited wrote:
>> Provide more surgical reports to the media.
> No offense. But you seem to be asking the government agencies (and
> media) for more surgical (aka edited) reports as well as more detail and
> context. Are these requirements not mutually exclusive?
No, I'm saying don't scream "CHANGE YOUR PASSWORD EVERYWHERE" without
basis in fact. I'm saying stop speculating on what they neither know nor
understand while coming across as authoritative as to appropriate actions.
What the technical guy said was well done. Specific areas upon
identification of specific concerns. Not "CHANGE ALL PASSWORDS!", change
<this one>, if you accessed during <these hours>, maybe, just in case.
With certainty ONLY if you receive a letter from Revenue Canada.
Specific threat identified, mitigated easily and quickly. Not
everything, everywhere, just in case.
Heartbleed didn't reveal anything, it allowed encryption to be bypassed,
maybe, in very specific and uncommon ways, and MAYBE there was something
useful in there, and MAYBE somebody did something with it. Somebody had
to utilize it, do further unreasonable and nefarious things, then
attempt to mine it in nefarious ways.
Never mind that zeroing memory or sending true gibberish would have
avoided it all. Never mind that properly isolated systems wouldn't let
you get to really useful stuff. Never mind that there shouldn't have
been anything useful in memory to send back in the first place. (Poor
programming practices, that surprisingly didn't get revealed via code
review. Hopefully there's some consternation in that community on all this.)
Use to be media, journalism, required a factual basis for reports. Now
they're making it up on the fly. (OK, never mind the 'now' in that.)
Equally irresponsible is whichever authority told them that's the right
thing to do.
> And, to be fair, it is news if the CRA aka Revenue Canada and other
> government agencies shuts down their portals.
Absolutely. If that's as far as they went. But they went further - the
sky is falling, and change your passwords everywhere. Even though, as
pointed out elsewhere, all you'd be doing at the time is telling them
your new password, and you'd have to do the same again in a few days.
>> ISPs are now using boxes, packet analyzers, that can keep up with the
>> pipes, to block encrypted (torrent) traffic. I forget the name, but
>> they're local to K-W.
> Local internet traffic equipment providers: Sandvine, Exinda.
> Local security equipment and software tools: Blue Coat
Sandvine - that's it, thanks. Didn't know about Blue Coat.
> One of the above, Sandvine, is home grown here in KW. The others are
> divisions of a foreign parent company.
> There could be others.
More information about the kwlug-disc