Starting Monday, the internet-connected world was introduced to a new bug, colorfully named Heartbleed, that has exposed about two-thirds of web servers — and probably about a quarter of all sites — to potential pilfering of sensitive, supposedly encrypted information: passwords, credit card numbers, etc. Google engineers discovered the bug last week in the OpenSSL encryption software, then quietly notified OpenSSL, which started secretly helping companies patch the bug before going public amid fears that hackers had discovered the hole, too.
How big of a deal is Heartbleed? "It's easily the worst vulnerability since mass-adoption of the internet," Matthew Prince, CEO of cybersecurity firm CloudFlare Inc., tells The Wall Street Journal. "It's going to be really bad."
How bad? "We don't know to what extent this flaw has been targeted by hackers, we are in the dark here about the extent of how it is been used," David Emm, senior security researcher at Kaspersky Lab, tells CNBC. "We can't quantify the scale of the damage."
So, what can you do about it? Unless you're an IT person at a bank or social media service or other websites that relies on OpenSSL encryption, not a whole lot. Those companies have to update their encryption — a process that involves more than just affixing the OpenSSL patch.
Once a vulnerable site is secure again, you should change your password. Seriously, change it. If a site hasn't fixed the encryption problem, changing your password is useless, or worse.
How can you tell? CNET has a list of popular sites and their Heartbleed status. And a company called LastPass has a useful tool where you can enter any website and it will tell you its vulnerability and advise you what to do. For more information about Heartbleed, here's a brief report from CNBC. Good luck. --Peter Weber
Stephen Colbert suggests some reasons Fox News gave Bill O'Reilly's a raise after his $32 million settlement
"We are, sadly, in the midst of a flurry of sexual assault and harassment allegations against some pretty big names in show biz — producers like Harvey Weinstein, directors like James Toback, even former reality show hosts," Stephen Colbert said on Monday's Late Show. But he wanted to talk about Bill O'Reilly and his sixth reported payout to settle sexual harassment claims, this one for $32 million. "Which is exactly the sort of thing you do when you're innocent," Colbert said, getting some comedic mileage out of the fact that O'Reilly's latest accuser, Liz Wiehl, appeared on an O'Reilly Factor segment called "Is It Legal?"
Colbert found O'Reilly's explanation for why he sent gay pornography to Wiehl a little suspect, and explained why. "But there's a twist," he added, noting that Fox News knew O'Reilly reached a settlement in January then gave him a raise in February, agreeing to a four-year, $25 million annual contract. "He got a $25 million payout?" Colbert asked. "What did Bill O'Reilly do to Bill O'Reilly?" He suggested that maybe Fox extended O'Reilly's contract because it meant that while he was on camera, "that was one hour a day they knew he's not groping somebody." Colbert wasn't much more impressed with Fox's actual reasoning, and you can watch his "fool me once..." takedown below. Peter Weber
On Monday, the Iditarod Trail Committee identified four-time champion Dallas Seavey as the musher whose dogs tested positive for a banned substance, the opioid pain reliever Tramadol, after initially declining to release his name, citing legal advice and a lack of proof of intent to dope. A group of 83 current and former competitors in the 1,000-mile Alaska dogsled race had demanded Monday morning that the committee identify the suspected musher within 72 hours, prompting an emergency meeting. After the meeting, the Iditarod organizers said they had decided to name Seavey due to the "level of unhealthy speculation involved in this matter."
In a video posted on Facebook Monday evening, Seavey denied giving banned drugs to his dogs and said he has withdrawn from the 2018 race, because he won't be "thrown under the bus." Seavey, 30, said he has "done absolutely nothing wrong" and doesn't care if he ever races again. He added that he would probably have been banned from the race anyway, citing the Iditarod Trail Committee's rule against mushers criticizing the race or its sponsors. This is the first case of banned substances found in dogs in the Iditarod's history. Peter Weber
George Clooney stepped into the long-running (presumably fake) feud between Matt Damon and Jimmy Kimmel on Monday's Kimmel Live, and he used his newborn twins as bait. "The babies are here," Clooney said. "Would you like to see them?" He called out his "manny," Damon, who proceeded to get the better of Kimmel in a volley of taunts. "You know what, George? I feel like you betrayed me in a way," Kimmel said, reasonably. And then Damon — who has been pretending to try to get on Kimmel's show for years — brought out the "twins," which are safe for work due to image-blurring. Watch below. Peter Weber
Bill O'Reilly is mad at The New York Times, his critics, and God over his sexual harassment troubles
Former Fox News star Bill O'Reilly is really angry and aggrieved about the New York Times report that he paid $32 million in January to settle claims that he repeatedly sexually harassed and engaged in "a nonconsensual sexual relationship" with a longtime Fox News analyst, six months before Fox News fired him for other, smaller sexual harassment payouts. "If they could literally kill me, they would," he said of his critics on his web-only series, No Spin News, on Monday, CNNMoney reports. Specifically, he is mad at the news media he says is trying to destroy him — probably now including former colleague Megyn Kelly — and he said he's also angry at God for letting this happen to him.
"You know, am I mad at God? Yeah, I'm mad at him," O'Reilly said. "I wish I had more protection. I wish this stuff didn't happen. I can't explain it to you. Yeah, I'm mad at him." He has consistently denied sexually harassing and assaulting women, but he has not denied the $32 million settlement. "If I die tomorrow and I get an opportunity," O'Reilly said on his show, "I'll say, 'Why'd you guys work me over like that? Didn't [you] know my children were going to be punished? And they're innocent.'" As CNN's Anderson Cooper notes below, O'Reilly often brings up his children when confronted with sexual misconduct allegations. You can watch Brian Stelter's recap of the latest O'Reilly saga, plus hear O'Reilly curse out The New York Times, in the video below. Peter Weber
— Brian Stelter (@brianstelter) October 24, 2017
Trevor Noah may have no idea what it means to call someone an "empty barrel," but he's sure of one thing: White House Chief of Staff John Kelly needs to apologize to Rep. Frederica Wilson (D-Fla.) after he "successfully maligned" the congresswoman last week.
When Kelly replaced Reince Priebus over the summer, it was an appointment widely praised, with pundits calling him "a force for good." This sounded extreme — "It's not the Death Star, everyone in there is supposed to be a force for good," Noah said on Monday's Daily Show — but the retired four-star general was well-respected and seemed likely to be able to control President Trump. That's why it came as a surprise when he "put his credibility on the line" last week and defended Trump after Wilson said she heard Trump's "insensitive" remarks to Myeshia Johnson, the widow of Sgt. La David Johnson, who was killed earlier this month in Niger.
"He didn't just step into the fight, he started throwing punches," Noah said. Kelly ridiculed Wilson for listening to Trump's phone call, even though he also heard the conversation since he was next to Trump, and then attacked Wilson's character, calling her an "empty barrel." "Where I come from, you don't call someone an empty barrel, because no one knows what that means," Noah joked. Kelly also claimed Wilson bragged about securing funding for an FBI building in Florida, but video later released by a local newspaper showed she spent her time saluting law enforcement. People believed him, though, because "John Kelly would never say anything that wasn't true — or so we thought," Noah said. Now, it's time for him to make things right with Wilson, a former educator and founder of the 5,000 Role Models of Excellence Project. "She's not an empty barrel," Noah said. "She's someone who deserves an apology." Catherine Garcia
The Environmental Protection Agency is hiring 12 new security agents to add to Administrator Scott Pruitt's already unprecedented around-the-clock security detail, CNN reported Monday night, citing "sources with knowledge of the situation" and help-wanted ads. The new agents will cost the agency at least $2 million a year in salaries, plus training, equipment, vehicles, travel, and other expenses. CNN said it has withheld details about the size of Pruitt's security detail, but Talking Points Memo says the dozen additional agents will bring his guard count to 30 agents.
No previous EPA chief has requested or received 24/7 protection, EPA assistant inspector general Patrick Sullivan told CNN, but "the EPA is a lightening rod," and Pruitt has received "four to five times the number of threats" as his predecessor, Gina McCarthy. "We get threats from both sides of the spectrum," he added. McCarthy had a total of five guards, mostly for travel outside Washington.
Pruitt is also much more secretive than former EPA chiefs, installing a sound-proof phone booth ($25,000) in his office and security access card systems in and around his office ($15,780), and keeping cleaning crews out of his office during non-working hours. "It's unclear if Pruitt and his staff are guarding against outside threats, internal leakers, or both," CNN says. "EPA sources have described Pruitt as distrustful of career staffers at the agency."
Reps. Peter DeFazio (D-Ore.) and Grace Napolitano (D-Calif.) have asked the EPA inspector general if "taxpayer funds are being misused," noting that Pruitt's security bill "during his first quarter as EPA administrator is nearly double what the two previous administrators spent on security over that same timeframe," and that's before the new agents. Pruitt has also notched at least $58,000 in chartered and government flights, all while planning to cut the agency budget by 30 percent. Peter Weber
Two times a day, Harvey Djerf, 95, sets off for a walk around his Plymouth, Minnesota, neighborhood, covering almost a mile. If he gets tired, it's not a problem — his neighbors have put chairs on their lawns so he always has a place to rest.
The World War II veteran and retired biology teacher has been walking in this neighborhood for 64 years, and he said his fellow residents have noticed that as he gets older he has to stop more to catch his breath. "It's a wonderful experience and it's a social experience, and I get to know the neighbors and they get to know me," he told CBS News.
Djerf said his wife of 69 years, who had a stroke and is in an assisted living facility, always told him he was "antsy," and he admits he "can't sit still," which is why he never misses a walk. He's hoping that by watching him stroll by, his neighbors will be motivated to put their walking shoes on, too. Catherine Garcia