Starting Monday, the internet-connected world was introduced to a new bug, colorfully named Heartbleed, that has exposed about two-thirds of web servers — and probably about a quarter of all sites — to potential pilfering of sensitive, supposedly encrypted information: passwords, credit card numbers, etc. Google engineers discovered the bug last week in the OpenSSL encryption software, then quietly notified OpenSSL, which started secretly helping companies patch the bug before going public amid fears that hackers had discovered the hole, too.
How big of a deal is Heartbleed? "It's easily the worst vulnerability since mass-adoption of the internet," Matthew Prince, CEO of cybersecurity firm CloudFlare Inc., tells The Wall Street Journal. "It's going to be really bad."
How bad? "We don't know to what extent this flaw has been targeted by hackers, we are in the dark here about the extent of how it is been used," David Emm, senior security researcher at Kaspersky Lab, tells CNBC. "We can't quantify the scale of the damage."
So, what can you do about it? Unless you're an IT person at a bank or social media service or other websites that relies on OpenSSL encryption, not a whole lot. Those companies have to update their encryption — a process that involves more than just affixing the OpenSSL patch.
Once a vulnerable site is secure again, you should change your password. Seriously, change it. If a site hasn't fixed the encryption problem, changing your password is useless, or worse.
How can you tell? CNET has a list of popular sites and their Heartbleed status. And a company called LastPass has a useful tool where you can enter any website and it will tell you its vulnerability and advise you what to do. For more information about Heartbleed, here's a brief report from CNBC. Good luck. --Peter Weber
After a settlement deal fell apart, four survivors of the 2012 Aurora movie theater shooting are left having to pay the Cinemark chain at least $700,000.
The Los Angeles Times on Tuesday shared the story of a group of 41 plaintiffs, including survivors and relatives of victims, who were told by a federal judge overseeing their case against the owners of the Century Aurora 16 multiplex that they should settle, within 24 hours. As the judge explained, another group of survivors had filed a state lawsuit, and a jury decided Cinemark could not have foreseen the shooting, which left 12 dead and more than 70 injured during a showing of The Dark Knight Rises. Because of that, the judge said he would most likely also find the chain not liable for the shooting.
As plaintiff Marcus Weaver told the Times, the group had to decide if they were willing to accept $150,000 split among 41 plaintiffs. He didn't think it was enough, but was thrilled the company was going to have to take new measures to protect guests. They also knew if they rejected the deal and the case moved forward, under Colorado law they would be responsible for Cinemark's court fees. As Cinemark drafted a press release announcing the settlement, one unnamed plaintiff rejected the deal, because they wanted more money. Weaver and 36 other plaintiffs quickly removed themselves from the suit, but four stayed on, and the judge ruled the next day in favor of Cinemark. The state court case cost $699,000, and the federal case is expected to be more.
Several plaintiffs and attorneys told the Times they were upset with how the state case was handled, and some federal plaintiffs were so suspicious of the weak case that rumors started to spread that Cinemark was actually behind it and wanted it to fail. Weaver, who married and had a child after the shooting, told the Times he is trying to move on with his life, but he can't shake what happened with the federal case. "Theaters aren't any safer," he said. "It's almost like everything was for naught." Catherine Garcia
Detectives from the Los Angeles Police Department were sent to singer Chris Brown's home in the Tarzana neighborhood early Tuesday morning after a woman called 911 and said he pulled a gun on her, police said.
The call came in at around 3 a.m., and investigators have been at the scene ever since. In an Instagram video, Brown said he would stay put until they had a search warrant, and hours later, he left the house at about 2:30 p.m. to talk with an officer, CBS Los Angeles reports. TMZ says police retrieved at least one gun, other weapons, and drugs from the home. Brown has not been arrested.
TMZ says it spoke with the woman who called the police, identified as Miss California Regional 2016 Baylee Curran. Curran told TMZ she had spent time with Brown previously, and was at his home with a friend. He found her admiring a piece of jewelry, she said, and got angry, cursing at her and then pointing a gun. Curran said she asked for her cell phone, but members of Brown's entourage wouldn't let her have it unless she signed a non-disclosure agreement. She refused, she said, and left. Catherine Garcia
A report by the Department of Defense's inspector general published Tuesday concluded that Pentagon officials largely failed to discipline department employees for the inappropriate use of government credit cards at strip clubs and casinos. "DoD management did not take appropriate action when notified that cardholders potentially misused their travel card at casinos and adult entertainment establishments," the report said. "Specifically, DoD management and travel card officials did not perform adequate reviews for the cardholders reviewed and did not take action to eliminate additional misuse."
In total, the report estimated that there were "nearly $100,000 in expenses at strip clubs and 'adult entertainment establishments' and almost $1 [million] at casinos," The Guardian noted. Moreover, 22 employees reportedly received reimbursements totaling $8,544 for costs incurred at casinos or "adult entertainment establishments."
The Islamic State's Amaq news outlet reported Tuesday that ISIS spokesman Abu Muhammad al-Adnani had been killed in the Syrian city of Aleppo, where he was inspecting military operations. Adnani, considered the terrorist group's second-in-command, encouraged attacks against Westerners and was believed to be in charge of ISIS's "external operations division," which managed recruitment and organized attacks.
The cause of Adnani's death has yet to be determined. The New York Times reports that in Aleppo, ISIS is under attack by American-backed Syrian and Kurdish rebels in addition to "Turkish, American, and Russian airstrikes,"
The Centers for Disease Control and Prevention's latest report on Zika out Tuesday revealed the virus may also cause hearing loss in infants born to infected mothers. A study of about 70 babies with microcephaly in Brazil found that about 6 percent suffered from hearing loss, caused by damage to either the inner ear or the nerve connecting the ear and the brain. Researchers were unable to find any other likely cause of hearing loss, leading the CDC to advise that hearing loss may be another of the health problems caused by the mosquito-borne illness.
Zika has primarily been linked to microcephaly, a birth defect characterized by an unusually small head and an underdeveloped brain. Recently, researchers have also linked Zika to "vision problems and joint deformities," Reuters reported.
Trump Model Management has allegedly profited from illegally using foreigners as models before they were able to secure U.S. work visas, a Mother Jones investigation has found. Trump Model Management would reportedly go as far as to coach girls on how to lie to immigration officials in order to use tourist visas to get into New York, Mother Jones says, despite the fact that such visas do not permit foreigners to work in the United States.
"When you're stuck at immigration, say that you're coming as a tourist. If they go through your luggage and they find your portfolio, tell them that you're going there to look for an agent," one model, "Kate," who spoke anonymously with Mother Jones, recalled being instructed. Another model, "Anna," said she remembered a Trump agency representative telling her to lie on her customs form about where she was going to live and was told, "If they ask you any questions, [say] you're just here for meetings."
Republican nominee Donald Trump has made it a central point in his campaign to prevent foreign workers from being employed illegally in the U.S., and said he would end the H-1B visa program — a program, it just so happens, that Trump Model Management apparently used frequently. "He doesn't like the face of a Mexican or a Muslim," Kate told Mother Jones, "but because these [models] are beautiful girls, it's okay?"
Trump owns 85 percent of Trump Model Management, which he founded in 1995. He has even hand-picked models to sign; Melania Trump briefly worked for the agency in the 1990s. Trump Model Management did not comment to Mother Jones, while Trump campaign spokeswoman Hope Hicks said the issue "has nothing to do with me or the campaign" when questioned.
"[Trump] doesn't want to let anyone into the U.S. anymore," Kate said. "Meanwhile, behind everyone's back, he's bringing in all of these girls from all over the world and they're working illegally." Read the entire investigation at Mother Jones. Jeva Lange
The Germanwings co-pilot who locked the captain out of the cockpit in order to intentionally fly the aircraft into the side of a mountain last year had experienced notable difficulties during training, but was promoted anyway, The Associated Press reports. FBI interviews with Andreas Lubitz's flight instructors reveal that Lubitz failed two tests, including once due to a "situational awareness issue," likely meaning he got distracted by something and stopped paying close attention to the plane. Matthias Kippenberg, the president and CEO of the Airline Training Center Arizona, told the FBI the failure wasn't in itself noteworthy because students are able to retake their tests.
Lubitz was "not an ace pilot," one of his instructors, Juergen Theerkorn said. Lubitz also struggled to divide his attention between instruments on the plane, or concentrate on what was happening outside the aircraft, another instructor said. Lubitz was supposed to begin flight school in Arizona in September 2009, but due to a "long illness," he did not begin until September 2010. German authorities turned down his applications for a pilot medical certificate twice before July 2009 due to his history of depression, a technicality his school apparently hadn't checked.
The flight instructors "admit [Lubitz] failed a check ride due to a loss of situational awareness, which may very well have been caused by the very same anxiety and severe depression which were symptoms of his mental health disorder," Brian Alexander, an attorney representing the families of 150 people who died in the crash, told The Associated Press. Jeva Lange