Heartbleed Bug Finally Exposed

Where you live, what you do and with who you are hanging out with will strongly influence what you know. Two years ago, when I was a website content writer perhaps I would have been the first one to know about Heartbleed. This morning, when my boss just arrived in the office, he asked me to call the IT guy, and he was seriously talking about hacking stuff. Wow, my boss is talking about hacking stuff? And I just like, where have I been?

It is true that recently what I’m doing is just preparing bunch of reports with no time to do some surfs in the internet. Well, I also have some writing projects to finish but never mind, this morning I just want to talk about Heartbleed.

So, what is Heartbleed?

Heartbleed is a serious security bug or vulnerability in the popular open-source openSSL cryptographic software library. As we know, SSL/TSL is a cryptographic service that provides security and privacy we need in communication over the Internet; it is widely used in email, web, IM and some VPNs. And Heartbleed enables the third party to steal information/data (including username and password) even eavesdrop the conversation; and the worst the third party could impersonate both service provider and user.

What makes Heartbleed different from the other bugs exploited previously?

Some bugs in software are easily fixed by upgrading the software to the latest version. However, Heartbleed is not just a bug that you could fix by upgrading the software because some memories (data, information, secrets) are already stolen and probably being exposed over the internet. Besides, so far all the attacks left nothing (no trace at all) but taken data. That’s why some further actions are required to recover the after-effect.

How to recover the after-effect of Heartbleed?

Well, there are some ways which classified into 4 categories based on how the data leaked.
  • Primary Key MaterialIn simple word, what is leaked is the primary encryption key itself. Once the key has been leaked is possible for the attacker to decrypt the encrypted data or protected service and then impersonate the service provider/owner.How to recover it is the service owner should patch the bug/vulnerability, all the leaked keys should be revoked and then issue the new key. To be safe, since the Fixed openSSL has been released, it is important for the provider to install it and also notify their users to do the same thing.
  • Secondary Key MaterialIn this matter, the after-effect is affecting the users or the one with credentials used in vulnerable service. The simple examples are username and password. The provider or service owner should do the first step as mentioned above but then the users should change their username and password, and reset their recent cookies are also required.
  • Protected ContentThe meaning of protected content is all things like document, data, email, personal information that are worth protected by encryption. For example is you have trusted a certain insurance website where all kind of your data from your home address up to your bank account is available there so both you and your insurance provider could access it easily. If somehow the contents are leaked, the web provider should notify their customers regarding the data loss and that’s why is important to restore the primary and secondary key materials first.
  • CollateralWell, this one is a bit technical which is directly related to memory content which may contain technical details. The technical details will lose its value once the openSSL upgraded to the fixed version.

How to check a website is vulnerable or not?

Moreover, there is one way you could do whether a website is vulnerable and required patch or not. Some websites are not vulnerable because it is not using openSSL where Heartbleed based on. However, though there are some websites that once vulnerable but now the vulnerability has been patched, still password change is recommended. For the list of some popular websites, please visit c|net to find out the latest status of Heartbleed bug. Or you could directly visit SSLLabs to check the Heartbleed status by using domain name.

Main source: Heartbleed.com and big thanks to CODENOMICON 


Speculation on New Released The Lorien Legacy: The Revenge of Seven

Hello hello… been along time huh?
Yeah been busy lately, got some writing projects to finish, but I will try my best to keep you update.

Well, for those who love The Lorien Legacy series, perhaps you have found out that the newest series will be released this August with titled The Revenge of Seven.

The first question that appeared on my head after the title confirmed was “Revenge against who?”, well the best answer for that question, according to me, is revenge against Five. Yeah, we all know that now Five is with the mogs and because of him Eight is death. However, speculations are all around and it would never end until the book released.

Some interesting facts I could manage to collects from the previous book, The Fall of Five: 

  • Is it ironic for Marina who has healing ability but she is the one who should face the Eight’s death, isn’t it?So some speculations said that perhaps, somehow Eight will raise again and Marina just accidentally froze him up, which is too good to be true. The best speculation I could make is, Eight will turn into another Adam, though I don’t know how.
  • Five, why and how he could with the Mogs? I hope he turns into cheese and he would eat himself.
  • Ella’s kidnapping. That’s just making everything so confusing.

The best thing I could do so I could end all this madness is waiting patiently for the next book.
However, patient is not something I could do well, I decided to find a way to release the madness.

It is through Sarah.

I don’t know, I think in the beginning it is just me who doesn’t like her. Because, I like Four and I think I don’t like Sarah because I’m jealous that she is Four’s girlfriend. However, recently I found that it is not just me, and I’m sure that I don’t hate her because she is Four’s girlfriend; I hate her because she is her.

I’ll make a list why I hate her:

  • Four is awesome and she is just nothing compared to him.
  • She is an ordinary human being with no ability. Well, I hope at least she could do karate or something. No, the only thing she really good at is photography, duh.
  • She is too flat in emotional level. I don’t get it, why Four is so fall in love with her. Well, at least she could be useful somehow but no. I have to be inside Four’s head to know the reason why he loves her that big.

However, I want to like her. So, I think there are three options available here:

  1. Improve Sarah’s character so we all could like her.
  2. Kill Sarah
  3. Find a new girlfriend for Four.

Though I don’t like her but still it is just ashamed for a character which initially designed to be prominent. She is Four’s girlfriend for a God sake, she should be prominent not just a flat character in emotional level.

Besides, The Lorien Legacy is my first Sci-Fi novels that I can stand. I don’t want to stop reading just because one of the main characters give me toothache.