Internet security experts are seriously concerned about an implementation problem with some versions of OpenSSL (a cryptographic library that powers Secure Sockets Layer or Transport Security Layer encryption). So what's OpenSSL? It's basically that little padlock symbol you see in your browser when visiting a secure website. And the problem with these secure sites is called "Heartbleed:"
Even if you've never heard of OpenSSL, it's probably a part of your life in one way or another — or, more likely, in many ways. The apps you use, the sites you visit; if they encrypt the data they send back and forth, there's a good chance they use OpenSSL to do it. The Apache web server that powers something like 50 percent of the internet's web sites, for example, utilizes OpenSSL.
Through a bug that security researchers have dubbed "Heartbleed," it seems that it's possible to trick almost any system running any version of OpenSSL from the past 2 years into revealing chunks of data sitting in its system memory.
Why that's bad: very, very sensitive data often sits in a server's system memory, including the keys it uses to encrypt and decrypt communication (read: usernames, passwords, credit cards, etc.) This means an attacker could quite feasibly get a server to spit out its secret keys, allowing them to read to any communication that they intercept like it wasn't encrypted it all. Armed with those keys, an attacker could also impersonate an otherwise secure site/server in a way that would fool many of your browser's built-in security checks. [TechCrunch]
This is a programming mistake, not a problem with the cryptography itself. Luckily, there are patches out already, and web companies are scrambling to bring their systems up to date. Here is more information, and here is a tool to test whether a server is vulnerable. Ryan Cooper
Pete Burns, the lead singer of the '80s band Dead or Alive who went on to appear on reality television shows, died Sunday after going into cardiac arrest, his management announced Monday. He was 57.
Burns was "one of our great true eccentrics, and such a big part of my life," Boy George said Monday. Burns got his start in the late 1970s as a member of the British goth band Nightmares, which morphed into Dead or Alive. The band released their first album, Sophisticated Boom Boom, in 1984, followed by Youthquake in 1985, which featured their biggest hit, "You Spin Me Round (Like a Record)." The song reached No. 1 on the U.K. charts and 11 on the Billboard Hot 100 in the U.S.
Known for his androgynous look, Burns once said in an interview that the "trouble is that people are all too ready to jump to conclusions about anybody who they think looks a bit strange," and that over the years, he had to learn "how to deal with people who refuse to take me seriously. That's where I learnt the blunt side of my character." Burns appeared on Britain's Celebrity Big Brother in 2006, and was open about the numerous cosmetic surgeries he underwent, telling the Daily Mail: "People redecorate their homes every few years, and I see this as no different. Changing my face is like buying a new sofa." Catherine Garcia
The ex-wife of former Subway pitchman Jared Fogle is suing the sandwich company, claiming that executives were told at least three times that he had sexually exploited children, but chose to ignore the information.
A lawsuit filed Monday by Kathleen McLaughlin alleges that Subway knew of Fogle's sexual interest in children yet continued to send him to company events where he interacted with kids. Last year, Fogle pleaded guilty to possession or distribution of child pornography and traveling across state lines to have commercial sex with a minor, and was sentenced to nearly 16 years in prison. McLaughlin says she was completely unaware of Fogle's actions, and if Subway had reported the allegations to police, she never would have married him in 2010. The pair have two small children, ages 3 and 5.
The suit claims that, among other incidents, in 2008, a franchise owner in Florida allegedly told former Subway CEO Jeff Moody that she had a deeply disturbing conversation with Fogle, in which he admitted he enjoyed having sex with minors. The suit says that Moody told her not to worry, because Fogle met someone, referring to McLaughlin, and "she is a teacher and he seems to love her very much, and we think she will keep him grounded." During a news conference Monday, McLaughlin told Fogle's victims she often prayed for them, and she "filed this lawsuit because I have questions," specifically what Subway knew about Fogle's "depravities" and for how long. She is also asking for an unspecified amount of damages, the Indianapolis Star reports. Catherine Garcia
Officials in Quetta, Pakistan, say that at least 59 people were killed late Monday after five or six armed militants stormed a police training college and went on the attack.
Witnesses heard gunfire and explosions throughout the five hour ordeal at Baluchistan Police College, and hundreds of trainees were evacuated. It's believed that four of the militants have been killed, and dozens of people, including police recruits, were injured during the attack and have been hospitalized. Baluchistan provincial home minister Mir Sarfaraz Ahmed Bugti said the army and Frontier Corps rushed to the college to fight the militants. No organization has claimed responsibility yet for the attack. Catherine Garcia
On Monday, Islamic State militants took control of Rutba, a town of 20,000 people in Iraq's western Anbar province that controls the road from Baghdad to Jordan and Syria.
They overran the mayor's office, executed at least five people, and fanned across several neighborhoods, Al Jazeera reports. Rutba is a "very strategic town," Al Jazeera's Imran Khan says, and this is "seen as a significant victory. The fact that they lost this town is very significant."
The town's capture took place as more than 400 miles away Iraqi forces, Kurdish peshmerga troops, and others continued to make their way to Mosul, Iraq's second-largest city and the last ISIS stronghold in the country. Soldiers spent Monday fighting in two villages near Mosul, passing out food and water to residents after the battles were over. On Sunday, the U.S.-led coalition announced it was behind six airstrikes near Mosul, which destroyed 19 ISIS fighting positions, 17 vehicles, artillery, and tunnels. Catherine Garcia
With two weeks to go until the election, a new CNN/ORC poll released Monday shows Hillary Clinton leading Donald Trump by 5 points.
Among likely voters, Clinton is ahead with 49 percent compared to Trump's 44 percent, followed by Libertarian Gary Johnson with 3 percent and the Green Party's Jill Stein with 2 percent. When the third-party candidates are removed, Clinton's margin increases to 51 percent to Trump's 45 percent.
Looking at voters under the age of 45, Clinton is at 53 percent, up from 47 percent in the last CNN/ORC poll. She is ahead of Trump in every age group except among those 50-64, who back Trump by 4 points. Clinton also leads Trump among women, 53 percent to 41 percent, while Trump has a narrow lead among men, 48 percent to 45 percent. The poll was conducted over the phone Oct. 20-23 among a random sample of 1,017 adults, with 779 determined to be likely voters. The margin of sampling error for results among the sample of likely voters is plus or minus 3.5 percentage points. Catherine Garcia
At least five armed militants attacked a police training college near Quetta, Pakistan, on Monday, leaving at least 250 cadets and staff trapped. The New York Times reported "heavy exchanges of gunfire between the attackers and the security forces," and dozens of people are reported injured, including police recruits, though the full count is unclear. Army commandos are reportedly in the process of clearing the training college's premises.
Nawab Sanaullah Zehri, the chief minister of the Baluchistan Province, of which Quetta is the capital city, said there had been "intelligence reports three to four days back that terrorists [or] suicide bombers planned to target Quetta." "Security was already on high alert, and maybe that is why they have targeted the police training center on the outskirts of the city," Zehri said. The training college is located about nine miles outside of Quetta.
No group has yet claimed responsibility for the attack. Back in August, 88 people were killed by two targeted bomb attacks in Quetta. Becca Stanek
A Montgomery County judge ruled Monday that former Pennsylvania Attorney General Kathleen Kane will serve up to 23 months in prison and eight years of probation for leaking documents about a political rival. Kane, who was the first Democrat to be elected as Pennsylvania's top prosecutor, resigned in August, the day after she was convicted of two felony counts of perjury and seven misdemeanor charges.
Kane's downfall began when she sparked a feud with prosecutor Frank Fina, her predecessor as Pennsylvania's attorney general. After an article ran in the Philadelphia Inquirer detailing an investigation by Fina into politicians caught accepting bribes, Kane "vowed to wage 'war'" with him, CNN reported. To retaliate for the article, Kane leaked confidential grand jury documents to a reporter about a corruption case Fina was involved with before leaving office; she later lied under oath about doing so.
"This case is about ego — the ego of a politician consumed with her image from day one," Judge Wendy Demchick-Alloy said, per The Associated Press. "This case is about retaliation and revenge against perceived enemies who this defendant ... felt had embarrassed her in the press."
Kane was once considered a rising star in Pennsylvania's Democratic circuit. Her defense had argued a prison sentence was unnecessary given she had already lost her job and suffered irreparable harm to her reputation. She is in custody, and her bail is set at $75,000; she was sentenced to a minimum 10 months behind bars. Becca Stanek