Headline Of The Day

Via Mashable:

The NSA knew about the Internet security bug Heartbleed and regularly used it to gather intelligence for at least two years, anonymous sources told Bloomberg. If the report is true — both the White House and the NSA say it's not (see below) — the NSA could have collected information like passwords and private communications from hundreds of thousands of websites, since Heartbleed is a bug in the popular open-source encryption software OpenSSL, used to secure data flowing from users' computers to hundreds of thousands of websites, including Gmail and Facebook. Almost two-thirds of all sites on the Internet use OpenSSL, according to estimates, making this bug possibly one of the most dangerous the Internet has ever seen and potentially allowing the NSA to access information on millions of users.

Heartbleed Bug Roils Technies

The Boston Globe reports on the Heartbleed bug that has IT departments scrambling across the nation.

The word “Heartbleed” meant nothing at the start of the week. Today it is one of the hottest topics on the Internet — a simple security bug in an obscure piece of software that could compromise the personal information of millions. And while the Internet’s biggest companies scramble to fix the problem, users had better get ready to upgrade their own security practices. “It’s not an academic exercise,” said Trey Ford, global security strategist at network security firm Rapid7 LLC in Boston. “I think this is a really big deal.” So big that Ford thinks people should take a time out from online retailers, financial services sites, or online destinations that require entering sensitive information — names, addresses, credit card numbers. “I probably wouldn’t log into those for a couple of days or so,” he said.

In a quote that immediate landed on thousands of blogs, one web security expert said of the seriousness of the Heartbleed threat, "On a scale of 1-10, this is an 11."  The bug was discovered by the Finnish company Codenomicon and they have created a website to explain the situation.

Sticky News For Astroglide

Whoopsie. Wired is reporting that lube maker Astroglide has accidently exposed a list of over 250,000 customers. Google searches on their customer's names now reveal their addresses and their preferred lube. Google is working on removing the info from their caches and many of the links are now dead, but apparently the information has been out there for years. There are some big names on the list, according to the article.