There is plenty of panic to go around surrounding the announcement of a major security flaw in OpenSSL, the open-sourced version of the security connection used by most web servers to encrypt information between users, sites, and companies. Here's some basic info on "Heartbleed," and what you need to know:
1. What the heck is SSL? And should I worry whenever that lock appears in my browser? Or when I see ‘https://’?
SSL stands for “Secure Sockets Layer.” It refers to the connection between your computer and the company hosting whatever website you are currently browsing. Take a banking website, for example. Ideally, you’d want that connection to be secure against hackers being able to see the information being transmitted back and forth -- In this case, sensitive information like your social security number or your credit card numbers. Companies that have a SSL connection will encrypt any information transferred between your computer and the company.
That’s why you see the lock in the upper left-hand corner of your browser. Companies with an SSL connection have paid for an SSL Certificate, and notify their users via the lock icon. Additionally, the “s” in “https://” is another signifier of an SSL connection, and stands for “secure.”
For more information, check out this video.
In theory, this is how it should work: encryption of information on an SSL should guard against anyone gaining access and decrypting that information. Except when it doesn’t. As security experts discovered, a flaw in the open-sourced version of SSL has been a vulnerability for about two years, and could allow a hacker to get access to private information as well as the key to decryption. It’s especially problematic when considering that about 2/3 of the web-serves use OpenSSL. Cue terrifying nickname: the “Heartbleed” bug.
2. I’ve heard I shouldn’t change my passwords yet. Why not?
In simple terms, if a site is compromised, changing your password won’t do much until the company that runs the site installs a patch. A better strategy is to wait until sites have a chance to fix their “Heartbleed” woes, and then change your password. Otherwise you might simply be giving a hacker your new password.
3. Which sites are affected by “Heartbleed”?
*UPDATE: While changing your password on a website that isn't yet secure could be dangerous, many companies are now saying they have patched or updated OpenSSL flaws in their system and that users should update login information. Mashable has a good running list of sites and their status.
The developed part of Europe is perking up, but the other part of the continent is anything but steady these days, the International Monetary Fund and World Bank say.
More and more women are deciding to have double mastectomies when they are diagnosed with breast cancer. TV host Samantha Harris is just the latest. But it's not the right choice for everyone.
From the Marketplace Datebook, here's what's coming up April 10:
- In Washington, a look at the nation's balance sheet. The Treasury Department issues its monthly statement for March.
- Drone delivery is just one of the topics at the fourth annual PostalVision 2020 Conference getting underway in the nation's capital.
- Golfers tee off in Augusta, Georgia during the first round of the Masters Tournament.
- F. Scott Fitzgerald's novel "The Great Gatsby" was first published on April 10th, 1925.
- And think eloquent thoughts. April is National Poetry Month.
Before a Senate hearing on Comcast’s proposed merger with Time Warner Cable, the company dropped a lengthy memo to the Federal Communications Commission, summed up in a blog post. In part, it argued that the merger would be good for competition in broadband, since Comcast’s rivals— including telecoms like Verizon and AT&T— are so big.
Which is a different question from whether they offer broadband services that actually compete with Comcast. Andy Hargreaves, a Pacific Crest Securities analyst who looks at both TV and tech, thinks Comcast already dominates, with other companies unable to consistently offer similar speeds.
He estimates that the merged company would have the best-quality service in about 70 percent of the U.S. market. He thinks that’s a problem -- it gives the company power to keep jacking up prices. “They are exceptionally good at raising rates,” he says.
However, he doubts these questions will sink the deal. Merging the companies, he says, doesn’t actually make it much harder for a real competitor to emerge.
“It’s already near impossible,” he says. “So raising the bar from really, really, really, really, really, high to really, really, really, really, really, really, REALLY high is not that big a deal.”
David Balto, an anti-trust lawyer and a former Federal Trade Commission official, thinks the merger will likely be approved. Comcast and Time Warner haven't been competing with each other before the merger in existing markets, so consumers aren’t losing choices.
“You may not like the competitive environment,” he says, “but there are scores of mergers that the FTC and the Justice Department have approved because they could not find a loss of competition.”