Most of the information that I have seen on the heartbleed vulnerability is fear, uncertainty and doubt.  There is no shortage of companies with a sales pitch or "experts" who don't really know which end of the cord to plug into the wall..... most with a strong opinion telling us what to worry about.


Take a deep breath.  Here are some things that will help you relax.  I'd like to debunk some of the myths of heartbleed.

Myth 1: Most of the Internet is vulnerable!  No.  

Actually Microsoft products, sites that have upgraded SSL, sites that don't encrypt traffic, sites that do encrypt traffic but don't use OpenSSL,...  by far most of the Internet --  are not affected.  See the status of the top 100 sites at:
 
Note that Yahoo.com has now been fixed.
 

Myth 2:  Change your password immediately!  Perhaps. 
 
It won't help if the site you want to go to has had no vulnerability or if they haven't yet patched the OpenSSL vulnerability.  You can check to see what the situation is using the sitehttps://lastpass.com/heartbleed/ (mouseover to check the link to make sure it goes where you think it does.)  Despite being from a company that is using the Heartbleed for advertising this site has a useful evaluator.  It can tell you what sites like google.com are OK but has a misleading warning on sites with no SSL vulnerability like wali.org.  
 

Myth 3:  Criminals have been harvesting our passwords using this vulnerability!  False.  
 
If that were true there would have been an obvious spike in credit card fraud, black market listing of email accounts and passwords.  No large scale exploitation is obvious.
 

Myth 4:  Our computers will be invaded soon!  Of course not.  
 
Hey, it is a vulnerability that only affects secure websites, etc.  It has nothing to do with someone invading my computer....  Unless it allows someone to discover that all my passwords are the same and they are the name of my dog Fido (oops, shouldn't let that information out).
 

Myth 5:  When heartbleed is fixed our risks will go down!  Keep dreaming.  
 
The major attack vectors in use today are phishing emails and malicious code on websites.  They are in fact the major risk in the current heartbleed situation.  Have you received an email from "yourbank.com" saying to "click here" to fix this problem?  Watch out.
 

Fact:  Using a password manager to have a different complex password for each site is always a good idea.  Maybe this is the time to start.  The one that I use and recommend is free from http://sourceforge.net/projects/keepass/?source=directory
 

These tips are aimed at taking headaches out of computer operation.  I recommend stuff that I use.  The goal is to prevent disasters without the usual fear/uncertainty/doubt that some folks spread.  
 
 
If you have questions, contacts us at This email address is being protected from spambots. You need JavaScript enabled to view it..
 

For many who know our friend and Artemus Consulting Group Associate Jim Cotsana, he has thrown his talents and passion "to the dogs". We say that with a great deal of admiration for Jim as he has found an important niche in the world of the SPCA. Jim, a long time lover of dogs, and now owner of two adopted Black Labs, has become a major volunteer with the SPCA. After a 26 year career with the CIA and much of that time as a significant part of the Agency's Counterterrorism Center, Jim has found a new passion in concern for animals. He has no reluctence in turning down various private and government contract offers and is now enjoying retirement back home in New Hampshire. His latest recognition is a feature article in "FIDO Friendly" Spring Edition, pg 82. This will give you a good view of how passion can redirect your retirement years with satisfaction and a smile on your face. And finally, he has volunteered to raise funds for the SPCA...and we know he has the skills to "influence" donors.

INSA white paper addresses need to augment periodic reinvestigation through continuous monitoring and evaluation

ARLINGTON, VA (March 6, 2014) – The Intelligence and National Security Alliance (INSA) today released the Security Reform Policy Council (SPRC) white paper, “Leveraging Emerging Technologies in the Security Clearance Process.”  Recent security breaches highlight the need for reform to improve on the periodic reinvestigation (PR) process and the immediate demand for fundamental and beneficial improvements to the overall security clearance process. The INSA white paper encourages government and industry to work together...

CLICK here TO READ MORE...


It has happened...the book "Spy Sites of New York City" co-authored by Bob Wallace, former CIA Director of  the Office of Technical Service and Keith Melton, internationally recognized intelligence historian, has interactive maps that are now available based on Google Maps' "My Places" platform. (To access the map go to http://goo.gl/m6iZXP)

Silent and unseen intelligence wars have raged on the clandestine batlefield of New York City since the American Revolution. Lovers of New York can now experience the city's secret history by downloading the new Google Maps-based tool. The map offers a comprehensive interactive guide of New York City espionage. All aspects of covert activity are featured, including assassination, sabatoge, operational sites, commercial covers, homes, and safe houses.  This is NYC as seen through the eyes of the villians and heroes of the clandestine world. From dead drops to dining, the map pinpoints the exact addresses where spies worked, lived, played and died. 

The book and maps are designed for school children, tourists, history buffs and New Yorkers who love their city and the many would be slueths who are ready for a New York City ADVENTURE! Bring laptops or sit at your desktop for this exciting experience. (the tool will expand to smart phones and tablets as "My Places" further migrates to mobile)