losasso.co


  1. Go white boy go.

  2. Surviving a little Heartbleed

    You have heard about it on the news. People in your office are mentioning it. But lets face it, Heartbleed isn’t making a lot of sense to most people. Writing about something as technical as a code vulnerability in an openSSL standard in a way that most people can understand is difficult. Hopefully I can provide a little clarity to some of you without getting lost in the weeds.

    First, lets start here. If you want to read some great technical writing about Heartbleed give it a try. GigaOm has it covered.

    For those of you who want the 10,000 foot view of the problem; along with a list of solutions to what you can do to fix it; I will do what I can. Lets start by saying that if you have used the internet in the past 2 years, and if you have any web accounts (banking, facebook, email, whatever), you have been part of the vulnerability. Servers need to talk to each other. OpenSSL was writen as a secure way for this to happen. Heartbleed is a vulnerability in that standard that can lead to sensitive information being passed between servers by accident. Think of it like this: Did you ever play Marco/Pollo in the pool? Pretend 2 servers are doing that. One calls out “Marco” the other answers “Pollo” over and over. This is a way for each server to know where the other is located and verify that server is still online. Heartbleed would be like a server yelling “Marco” and another replying “Pollo and oh by the way, here is Johnny’s password and Jannie’s credit card number”. Think of it as internet Tourettes Syndrom. Got it? Good. Lets move on.

    What fo you need to do to fix the problem? Well the first thing is do not panic. Stop with your ranting about how insecure the internet is and how your never using it again. Don’t be a rube. 90% of identity theft still occurs in person. Ecommerce is still the most secure transaction you can participate in today. If you are reacting like a crazy person, stop reading right here as the rest of this is above your pay grade. Second, realize that this is an easy fix. You need to do 2 things and only 2 things. First, as you go to your differing web accounts verify that the openSSL vulnerability has been patched. You can find this info pretty easily on the company main page, trust me, everyone is looking for it. If it HAS NOT been fixed, do nothing until it has. Don’t log in. Don’t use it. Consider contacting the site and asking when the hole will be patched. If it HAS been fixed, simply log in and change your password. Thats it. Your finished. Safe and sound. Now a word about passwords.

    The reason this is such an issue is because of your passwords.The vast majority of you use symplistic and easy to guess words, names and phrases. Look at this list of the most popular passwords. Add this to the ability to social engineer things like childrens names and aniversaries, and most people are completely vulnerable. I know it is difficult, but it is imperitive that you use a different password for each site using a minimum of 12 charecters; a mix of upper and lower case letters, symbols and numbers. The easiest way to do this is to invest in software like Last Pass or 1Password (this is the service I swear by). The software stores your passwords locally and securly. It also generates passwords you can use on any site. Plus they include browser extentions that prefill your log in and password for you. It is worth looking into. You can never be too safe.

    Remember that the vulnerability from Heartbleed is based on human error in the code. The good news was that it was hiding in plain sight the entire time. It does not look like it was exploited on any major level. This kid of thing happens. But if you are diligent you can mitigate the damage. Take the time and develop iron clad passwords. Use 2 factor authentication when available. Anything to help secure the process. The internet is a great thing if you take the time to understand how it works.

  3. Happy Hump Day

    Happy Hump Day

    (via theclearlydope)

  4. Whittling Baby Carrots or Shaking My Fist at the Weather

    Well I am back on track this week. Sure, it’s only tuesday you say, but I managed to get through St. Patricks day with zero green beer and only pale corn beef and cabbage. So that is what we call a win in my book.

    The weather is back in my doghouse today. It was nearly 70 degrees yesterday. Now it is going to be 35 for soccer practice tonight. Poor kids. Seriously, lets make with the spring already.

    Todays think you should know is about those cute little baby carrots you buy in the grocery store. Watch the video to see how they are made. Than realize that you are being suckered in by marketing and buy organic farm to table carrots (they taste better anyway).

  5. Here is a bluegrass cover of Metallica - Enter Sandman. This is as good of a reason to post as any.

    This has been a rough month. I haven been mostly failing on all counts when it comes to the resolutions. But nothing I can’t recover from. I think this is the first year I can remember where the winter has actually caused me to be depressed. I am just ready for summer. Ready for yard work and soccer games and t ball practice … Ready for all of it.

    I need a good book to read about motivation. Any suggestions?

    (via laughingsquid)

  6. How about this to break up the monotony of your Thursday?

    Trailer. Sin City. Yes.

  7. Joe Biden and Amy Poehler might be my favorite thing.

    (via latenightseth)

  8. laughingsquid:

‘So Long, Egon’, A Touching ‘Ghostbusters’ Comic Tribute to the Late Harold Ramis by Ash Vickers

This is so perfect.

RIP Harold Ramis
  9. And now the World Premier of the Trailer for Guardians of the Galaxy

    What do we think about this boys and girls? Is it everything we expected in all of its campy glory?

  10. 15 seconds of glorious Guardians of the Galaxy teasing goodness.

    You had me at Racoon with a machine gun.