Newsletter 01: Introduction & Heartbleed

Below is the first newsletter edition broadcast to a few family & friends on 28 May 2014. More details about this project are available here, including a simple sign up form if you’re interested.


What is this?

This simple newsletter is an attempt to ensure close family and friends have relevant technology related news with specific focus on emerging issues of data security and privacy. There have been numerous recent issues in this space and this is simply trying to ensure everyone around me has the necessary information to protect themselves.

I apologise if you would rather not receive such emails, and if so either get in touch or unsubscribe via the link at the bottom of this email. You can also contact me through the usual channels if you want future editions of this newsletter sent to a different email address.

Heartbleed

Heartbleed is the name now associated with a significant and far-reaching vulnerability. This issue has been widely covered in the news already so this section will try to address the most important aspects you should be aware of.

Background:

This issue compromises the security that underpins how data is securely transferred between yourself and any online service you use. This issue has existed for at least 2 years and there is strong evidence that it may have been actively exploited by some to gather data that otherwise should have been completely secure and safe. Essentially, the secure padlock icon in the browser we're all used to, or the way apps on smartphones and tablets download data (email, Facebook, etc.), wasn't as secure as originally thought. All major online service providers have since updated their systems to remove this vulnerability.

Suggested action:

Change your passwords across all online services you use.

A more pragmatic and less daunting plan might be to change passwords for services that hold valuable data, such as your email provider (Gmail, Hotmail, etc.), Amazon, eBay, PayPal, Facebook, LinkedIn, Skype, and your smartphone app store.

For those technically minded and want to know more, take a look at the results from a challenge set up by internet services provider Cloud Flare to understand exactly what information could be compromised by exploiting the Heartbleed issue. It's not pretty. This video is also recommended if you want to know more about the internal mechanics of this vulnerability.

eBay data breach

Late edit: Unrelated to Heartbleed, on 21st May eBay announced a breach of their customer data, and they're recommending everyone change their password immediately. It's also worth ensuring that your PayPal and eBay accounts don't share the same passwords.

Next editions

There is a range of topics lined up for subsequent editions, including some tips for using strong and unique passwords, and using 2 step authentication to add additional data protection.

Please get in touch if there are specific areas you'd like to know more about.

What do you think?

Any and all feedback is most welcome. Also, you can direct anyone who you feel might benefit from this newsletter to the sign up form.



// Issue #1. Published: 28 May 2014 //