Friday, April 11, 2014

Advice on Heartbleed-related password changes now; Security and Open Source infrastructure depends too much on volunteers, inadequately paid people


CNN Money has some guidance counseling on which passwords should be changed now because of the Heartbleed Bug, here. I’ve taken care of Google (2-step) and Facebook.  My Wordpress host sent emails recommending replacement of the Jetpack, but I don’t think in my setup it was using Open SSL.  I’ll have to look further or call them before replacing engines. 

   
Note than many major banks and financial institutions have not been found to be affected after all. Neither is Twitter, so far.

  
The Washington Post on Thursday, in an article (link) by Craig Timberg, discussed the way Open SSL and many other Internet security feature (with emphasis on Open Source, especially with Firefox) are maintained by volunteers, small companies or other engineers not properly compensated, while real enemies (especially overseas, like in Putin’s Russia) get more savvy.  

   
The Post article indicated that much of OpenSSL was the responsibility of a single person who works out of a home office, with “industrial infrastructure”, in a rural area “on the shoulder of Sugarloaf Mountain”, near I-270, about ten miles from Frederick Maryland and maybe 25-30 miles from the Washington DC line.  The article does not specify the individual or the address, of course.  But the “shoulder” of Sugarloaf is generally understood to be an extension of the ridge that extends north under the highest point along I-270 (where the road narrows to two lanes each way).  The mountain is about 1300 feet at the highest point, and usually the ridge is 600-900 feet in most places.  There is a similar ridge in northern Virginia west of Tyson’s Corner.  I drove around the area to see what living in the area looks like.  I found a road “Slate Quarry”, near I-270, that was basically one-lane, and ran back into the woods, sometimes by expensive homes.  It encountered another road that advertised an “artist’s colony” that I never found.  I wound up on Sugarloaf Road, and then Thurmont(?), seeing some places called “The Farm”, then “New Hope Farm”, and a Quaker settlement.  Some of these places may have been small “intentional communities” (see Issues blog, April 7, 2012).  I turned onto Route 80, went into Urbana for a moment (that was the name of a fictitious town in the Parker Brother’s game “Star Reporter” in the 1950s), then went back west, and tried a few more country roads, again seeing many homes, especially big homes.  A lot of people in this area, who might appear to belong to the “Doomsday Prepper “ crowd known for Second Amendment Rights and big 4-wheel drive vehicles, appear to live very well.  But they have to be able to deal with septic tanks, propane tanks for generators, and a lot of issues of physical self-sufficiency.  I think that libertarian author Charles Murray (“Coming Apart”, Book review blog, March 14, 2012) lives in the general area and might be familiar with this issue.  I have relatives in Ohio who have this sort of lifestyle in a remote area, and live well, if privately.

There were other interesting sights today.  Along Route 80, there was a "Sheriff's Youth Ranch".  There was a sign advertising the idea that college students could avoid debt by buying and renting real estate.  There were estates called "Mountainside" and "Mountain view".  In Virginia, along Route 15, there was a sign "USA Skills".   


Update: April 13

Timothy B. :Lee has a story updated on Vox late Saturday, "Here's why it took 2 years for anyone to notice the Heartbleed Bug," link here. There is a picture from a farm, and I don't know if it is the property of the unnamed person mentioned above, from the Washington Post story.  It looks familiar.  Did I pass it somewhere on Sugarloaf Road?  Memory is fading.

Addition pix below, from NW side, near route 28 intersection.



No comments: