Skip to main content

EFFector - Volume 27, Issue 7 - Heartbleed

EFFector! Electronic Frontier Foundation

In our 659th issue:

Heartbleed: Yes It's Really That Bad

Security researchers this week disclosed details about a major weakness in the basic architecture of the Web. Heartbleed exploits a critical flaw in OpenSSL, which is used to secure hundreds of thousands of websites including major sites like Instagram, Yahoo, and Google. This security exploit allows an attacker to obtain sensitive information like logins and passwords, as well as session cookies and possibly SSL keys that encrypt all traffic on a site. EFF has been tracking this issue closely, and we’ve put together guides for how systems administrators and website operators can take immediate action to secure their systems. We've also analyzed logs that seem to indicate intelligence agencies have exploited the vulnerability. We’ll have more on Heartbleed in the coming days; watch the EFF Twitter account for updates.

Students & Community Activists: Start Organizing for Digital Rights Locally

EFF has unveiled new tools to help student and community activists engage in campaigns to defend digital rights. Our exciting new resources include a mailing list, media tips, graphics, handy one page issue sheets, and more, so it's easy for you to take part, no matter how much organizing experience you have. EFF is also traveling across the country to help engage organizers, with a special focus on campus activism. Together, we're going to make history.

Why Fusion Centers Matter: FAQ

Fusion centers are state and local intelligence hubs that feed unconstitutionally collected intelligence information from local law enforcement to federal agencies like the FBI and DOJ. These centers also send intelligence information collected by federal agencies down to local law enforcement--including, potentially, unminimized NSA data. Fusion centers are known to promote racial profiling and political oppression, while wasting taxpayer money and churning out useless "intelligence." But change might be on the horizon: one locality has already passed regulations limiting fusion centers.

EFF Updates

The Patent Reform We Need to See from the Senate

Senate debates on patent reform seem to be missing the core issues that need to be addressed. Patent reform must address patent quality, protect end-users of technology from being targeted, increase transparency of patent ownership, and crack down on misleading demand letters that allege patent infringement. We also want to see reform of patent lawsuits, including heightened pleading standards for patent lawsuits, an end to discovery abuse, and fee shifting that discourages patent trolls from frivolous lawsuits. We need to tell the Senate that the time for reform is now.

Reforming Terms of Service: Microsoft Changes Its Policy on Access to User Data

In mid-March, we wrote about Microsoft conducting a warrantless search of a blogger's Hotmail account as part of an internal investigation into the alleged theft of Microsoft trade secrets. After our post, we were pleased to hear that Microsoft would be reforming its terms of service so that they will now seek a warrant in such cases. Microsoft has also proposed a project that will bring together EFF, Center for Democracy, technology companies, and other privacy advocates to address this problem industry-wide.

The Trials and Tribulations of Secure Free Software for the European Parliament

In the light of revelations about NSA and GCHQ spying that has targeted European leaders, the European Parliament has discussed shifting to DebianParl, a version of Linux intended for parliaments that would offer increased security. This would be a positive step but would require some significant shifts with the participation of the Parliament's IT department.

An NSA "Reform Bill" of the Intelligence Community, Written by the Intelligence Community, and for the Intelligence Community

Representatives Mike Rogers and Dutch Ruppersberger, two of the NSA's biggest defenders, have introduced an NSA "reform" bill that, in some ways, really just makes mass collection easier. The only genuine positive change in this bill is that it ends the government collection of all Americans' calling records using Section 215 of the Patriot Act. However, the bill also creates an new, ill-defined process that potentially enables even more collection. The problems with this bill come as no surprise, and it is clear that bills such as the USA FREEDOM Act are far superior.

Bringing Transparency and Democracy to the US Trade Representative

Leaks are no substitute for integral transparency, something sorely lacking for the United States Trade Representative. The negotiation of the Trans-Pacific Partnership (TPP) and the more recent Transatlantic Trade and Investment Partnership (TTIP, or TAFTA) have made this issue crystal clear. The USTR is attempting to create public policy without the public. There appear to be substantive problems with TPP and TTIP, and there has been a strong push for transparency.

Philippines: Inching Toward Censorship

Philippines' Cybercrime Prevention Act criminalizes a broad swath of behavior on the internet, including anonymous online criticism. Activists have protested this draconian law, and the Philippine Supreme Court ruled that parts of the act are unconstitutional. Unfortunately, much of the law was left untouched, and it appears to be part of a move in the Phillipines towards internet censorship.

Court Orders Government Not to Destroy Evidence in EFF Cases Against the NSA

In an emergency hearing last month, the government tried to argue that it should not be required to preserve evidence of dragnet collection of all call records. While we believe the case can go forward without evidence of each individual being surveilled, we also can’t allow the government to simultaneously insist the evidence is necessary and destroy that evidence. On March 21st, the court ruled in our favor.

There Are Lots of Legit Reasons to Look at Pornography: New Restrictions on NIH Grants Are Unscientific And Possibly Illegal

A new mandate forces researchers who rely on National Institute of Health funding to place anti-pornography filters on their computer networks. It's clear that essential scientific research is hindered by this restriction.

EFF to Receive 10% of HOPE X Ticket Proceeds

Throughout April, the Electronic Frontier Foundation will receive 10% of ticket proceeds for HOPE X, the tenth biennial Hackers On Planet Earth conference founded by 2600 Magazine.

miniLinks

Edward Snowden: US government spied on human rights workers

In live testimony via video, Edward Snowden told the Council of Europe that the NSA deliberately spied on groups like Amnesty International and Human Rights Watch.

Bay of Tweets: USAID's boneheaded idea to secretly make a “Cuban Twitter”

USAID's "ZunZuneo",a social media project aimed at creating social change in Cuba, has justified the cries of authoritarian governments that their online critics are "foreign agents."

Reuters: NSA infiltrated RSA security more deeply than thought -- study:

Academic researchers have discovered a new tool the NSA may have used to undermine RSA encryption.

Supported by Members

Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.

Please consider becoming an EFF member today.

Donate Today

Administrivia

Editor: Rainey Reitman, Activism Director
editor@eff.org

EFFector is a publication of the Electronic Frontier Foundation.
eff.org

Membership & donation queries: membership@eff.org

General EFF, legal, policy, or online resources queries: info@eff.org

Reproduction of this publication in electronic media is encouraged. MiniLinks do not necessarily represent the views of EFF.

Back issues of EFFector

Change your email address

This newsletter is printed from 100% recycled electrons.

EFF appreciates your support and respects your privacy. Privacy Policy.

Join EFF!
Members make it possible for EFF to fight for your rights. Become a member today.

Announcements

Raising Old Fourth Amendment Challenges to New Technologies

EFF Staff Attorney Hanni Fakhoury will be the keynote speaker at the Southern California Association of Law Libraries 2014 Institute on Privacy.
April 11, 2014 - 1:00pm
Ventura, CA

NSA Spying, Threats to Privacy, and Your Rights Online & ISU CryptoParty!

EFF's April Glaser joins a panel with the Digital Freedom Group at Iowa State University with distinguished scholars from multiple departments. The event examines the NSA's illegal spying, the future of journalism, and the importance and paired challenges of adopting privacy tools online.
April 15, 2014
Ames, IA

Techno-Activism Third Mondays (TA3M)

Techno-Activism Third Mondays (TA3M) are informal meetups that occur on the same date in many cities worldwide. It is designed to connect techno-activists and hacktivists who work on or with circumvention tools, and/or are interested in anti-censorship and anti-surveillance technology. Currently, TA3M are held in New York, Washington, DC, Amsterdam, Portland, Tokyo, and more.
April 21, 2014
San Francisco, CA

Advancing Technology and the Fourth Amendment

EFF Staff Attorney Hanni Fakhoury will discuss a variety of topics on electronic surveillance at the 2014 Roll-Zapata Criminal Law Seminar hosted by the Tucson Federal Bar Association.
April 25, 2014
Tucson, AZ

Scraping Content: the CFAA, DMCA, and Terms of Use

EFF Staff Attorney Hanni Fakhoury will speak on a panel at the Media Law Resource Center's 2014 Legal Frontiers in Digital Media conference talking about the use of the CFAA to go after data scrapers.
May 15, 2014
Mountain View, CA

EFF on
twitter facebook google plus identica
JavaScript license information