Mandiant: Hackers Broke In Using Heartbleed ⇢

Mandiant’s customer (un-named) and, I’m certain, thousands of others, have everything to lose by waiting. Patch your OpenSSL now.

Mandiant’s hacker appeared to take advantage of a delay between Heartbleed’s announcement last Monday and before Internet companies began plugging the hole later in the week.

Beginning last Tuesday, the hackers began attacking a piece of OpenSSL-based networking equipment at the unnamed client, Mandiant said. Through Heartbleed, they obtained encryption keys that allowed them to bypass two kinds of safeguards–virtual private network software and requests for multi-factor identification.

Red Hat Linux Containers: Not Just Recycled Ideas ⇢

A good discussion of advantages and the approach being taken by Docker and Red Hat to lightweight containers.

And containers promise to fit more seamlessly into a DevOps world than virtual machines do. Containers can provide an automated way for the components to receive patches and updates — without a system administrator’s intervention. …

That’s one reason why Paul Cormier, Red Hat’s president of products and technologies, at the Red Hat Summit this week, called containers an emerging technology “that will drive the future.”

The Lies Edward Snowden Tells ⇢

Excellent article that justifiably takes Snowden to task for participating in the recent Russian parody of an ‘open interview’ w/ Vladimir Putin, and then trying to redeem himself in an editorial, claiming to have drawn attention to Vlad’s ‘evasive’ answers.

Yet even in print and in English, Snowden is participating in and lending his support to a massive lie. Russian journalists will not “revisit” (as he puts it) the truthfulness of Putin’s answers. Russian journalists who do that end up dead, in at least 56 cases since 1992. Anna Politkovskaya, the journalist who pressed Putin hardest, was shot dead in her own apartment building in 2006, after years of repeated arrests, threats, and in one case, attempted poisoning.

As for “civil society”: Snowden is writing at a time when Russian forces have invaded and conquered Crimea. Russian-backed forces have attacked and abducted journalists on the peninsula and shut down independent news outlets. People who have resisted the annexation have disappeared, then reappeared dead, bearing signs of torture. To write about Russia as a normal state, in which normal methods exist for discovering and discussing truth, is to share culpability for a lie—and a lie that, at this very moment, is shattering the peace and security of all of Europe.

…Snowden’s op-ed occupies a fine place in the history of fellow-traveling toadying. …

A good summary of Bruce Schneier’s recent presentation at SOURCE Boston.

Data is a by-product of the information society and socialization, Schneier told attendees. It has become easier to do things online, and the very act of doing something using technology results in data. For example, he described how an IM conversation was data—for its content, but also by virtue of the fact that it happened. Details about when it happened, who the conversation was with, the geographic locations of the participants, and other such information is part of the conversation’s metadata.

“Metadata is us,” Schneier said, noting that the government claiming they are collecting “only” metadata downplays just how much insights can be gleaned from the information.

Metadata is far easier to store, search, and analyze, than actual content, and actually has far more value to an intelligence agency, Schneier said. Law enforcement tracking a terror network don’t necessarily need the actual conversations, but rather information about who is talking to who. “Metadata is fundamentally surveillance data,” he said.

Data is currency, and consumers are willing to hand over their information in exchange for “free or convenience,” Schneier said. Companies such as Facebook and Google want the data so that they can sell more stuff. Users hand it over to play games, to get email, or some other benefit. “I like to think of this as a feudal model. At a most fundamental model, we are tenant farming for companies like Google. We are on their land producing data,” he said.

By handing the data over, users have an expectation of trust that Google, Facebook, and other data brokers will do the right thing with the personal data. However, this becomes a power play when governments get involved. Governments don’t need to collect the data themselves when corporations are already doing it.

- Surveillance is the Business Model of the Internet: Bruce Schneier | SecurityWeek.Com


Heartbleed and the Nature of Open Source

Misconceptions about Open Source software abound. This article takes on three of the most pervasive:

  • Linus’ Law
  • The myth of professional development and maintenance for OS
  • The relative ‘freedom’ of bugs in OS
The now infamous Heartbleed bug found in the openSSL library, sent some shockwaves down the software industry. It also revealed some misconceptions about Open Source software that many people assume are common sense but are not necessarily true.



Maintained by Rich Miller (@rhm2k) to capture and collect information about 21st Century ICT, and a staging area for the Cumulations blog at

Ask me anything