We’ve all heard stories about people who were once overweight and unhealthy that turned things around dramatically and became very fit. I think in all these stories the individual had some sort of “aha” moment that triggered in them the necessary motivation to change their lifestyle.
I wouldn’t say I’ve ever been exceedingly unhealthy or overweight, but about a year ago I did have an aha moment of sorts that caused me to dramatically change my lifestyle as it relates to my health. Since then I’m down about 20 pounds to a more ideal weight and feel better than ever.
This aha “moment” took several months (perhaps longer) to come together. It all boiled down to this: based on certain things I’ve been researching and learning about over the past couple years, I’ve come to the expectation that within the next 30 years, people will defeat heart disease, cancer, and the other ailments associated with aging. I could go into why I believe this, but that would take at least another blog post. Hopefully I’ll write that some day.
Anyway, if we assume I’m correct (and I of course believe I am), what does that mean? In thirty to forty years or so, the age-related ailments (including cancer and heart disease) that kill people today will not kill people. So if I’m alive in 40 years, I can expect to live much longer.
The key point here is that I still need to be alive and reasonably healthy when these breakthroughs happen. Some breakthroughs might happen within 20 years. Some might take 50 years.
By making small lifestyle changes that historically might have increased longevity by a year or two (and the healthy portion of my life by around 10 years), I might make it to the point where I can take advantage of these new medical technologies and increase my lifespan dramatically.
After coming to this realization, I just needed to learn more specifics about all the things I could do to be more healthy. Then I put that learning into practice. That’s also a good subject for another blog post or two.
As an example, for years I used to drink a couple cans of Mountain Dew per day. About a year ago (when my aha moment hit me), I just stopped one day. And it wasn’t hard at all – because I had a new, very powerful motivation.
There’s currently a HUGE internet security flaw, dubbed “heartbleed“, out there and you’re likely impacted. Don’t login to any site until you know they’re secure (read more below). After the sites are patched, you’ll want to change some passwords – including at some big sites like google, yahoo, and facebook.
What is it?
On any website where you have a user-specific account that you “log into” (social media sites like facebook, banks, shopping sites, etc.), the traffic between your computer and that website is secured by something called SSL. If the website name in the address bar at the top of your browser starts with “https:” instead of just “http:” then the traffic is being sent via SSL. Data protected with SSL looks totally scrambled and is undecipherable to anyone but you and the intended website.
In order for a website to do SSL, their servers (computers) need to know how to encrypt/decrypt data and do a bunch of complex mathematical algorithms. Rather than every company trying to write their own software for that, they use standard SSL software packages.
One of the most commonly used SSL software packages is called OpenSSL. It is used by 2/3 of the websites on the internet (and also by email systems, chat services, etc.).
Just like with any other software, new versions of OpenSSL are released over time. Some companies decide to download the latest version and install it to their servers and some do not.
On March 14, 2012, a version of OpenSSL (version 1.0.1) was released that had a bug in it. Technically the bug was in a portion of the software called the “heartbeat” (which is where the name for the “heartbleed” bug comes from). The bug was still there in subsequent versions of OpenSSL (versions 1.0.1a – 1.0.1f). This bug was just recently discovered by internet security professionals (over two years after it was introduced). The bug has been fixed in the latest version (1.0.1g).
If a website has one of these flawed versions of OpenSSL, a bad guy can pretty easily read all the data out of the memory of that server. This includes usernames and passwords for people logged in to the website. The data could also include credit card numbers and other sensitive data, but really, if someone gets your username and password, they can login as you and see or edit everything on the service that you can see or edit.
Another problem with this vulnerability is that when such a security breach happens, it leaves no trace in the security logs of the server, so the company has no idea if someone just stole all their data.
Even though this vulnerability was out “in the wild” for over 2 years, it may be that no “bad guys” knew about it until it was publicly disclosed just a couple days ago. However, now that everyone knows about it, it’s a free-for-all. All the bad guys, and organizations like the NSA, are likely filling huge disc drives with tons of user data from the still-vulnerable websites.
Many websites were never vulnerable – they either don’t use OpenSSL, or they don’t use the “heartbeat” portion, or they never upgraded to one of the flawed versions. But many sites did use one of the flawed versions at one point. If a website used one of the flawed versions, even if it recently upgraded to the fixed version, there’s no way to know whether some bad guy did or didn’t steal the server’s data when it was using the flawed version.
What should I do?
- Don’t log into any website until you know it’s patched.
- Check to see if a website you want to log into is vulnerable, is patched, or was never vulnerable in the first place (that may be hard to tell).
- They (your bank, etc.) may have sent you a notice about this with a recommendation of what to do.
- Check this list of some of the biggest sites on the internet that includes their Heartbleed patch status, or this list of the top 1000 sites, with fewer details on recommendation and it’s not updated.
- Use this tool to check the status of a specific site. Type in the URL (e.g. “yahoo.com” – without quotes) into the text box and it will give you some information based on what it can detect from the website’s server.
- Don’t use any site that’s still vulnerable. Keep checking, it could take a while for all sites to get patched.
- If a website is now patched, but may have been vulnerable in the past, you should login to that site and change your password. Otherwise a bad guy might have your data (including your username and password) saved on a disc somewhere, just waiting to get around to using it.
- Change your password at all sites where you use the same password for multiple sites. It sucks remembering tons of passwords; so many people use the same password for many sites. The problem is, if a bad guy got your password to “stupidsite.com” and you use the same password there that you use at your banking website, they could log into your bank account, too. So even if your banking site was never vulnerable, it would still be a good idea to change that password in a case like this.
- As always, keep monitoring your credit, etc. for suspicious activity.
* In this article, I’m a bit loose with terminology and fuzzy with details to make things easier for the lay person to understand. If you’re a website administrator, there’s plenty of information on heartbleed. Please do your own research on heartbleed and test/patch your servers.
To go along with Computer Science Education Week (this week 12/9-12/15), everyone is encouraged to spend one hour learning to program.
If you’re an educator, hopefully you already have your students fully engaged in this effort. If you’re anyone else, I encourage YOU to accept the challenge, if you haven’t already – it’s way easier than you think.
Computers are ever more important to our society, and everyone should improve their literacy in this area.
Watch the video below, then turn off distractions, set a timer for one hour (or more), and click this link: http://code.org/learn
“Everybody in this country should learn how to program a computer.” – Steve Jobs