Ask Leo! #492 – Heartbleed, Panic, Moore’s Law and more…

*** Survey

WOW!

I was blown away by the number of people responding to my survey last week. I'm very grateful to you for taking the time.

The response was so overwhelming that it might take me just a little longer to synthesize the results. I will absolutely report back here - and it may be in the form of another short survey to make sure I interpret things correctly.

Again, thank you very much.

image

*** Featured

Why do I need to change passwords after HeartBleed?

You may have noticed that I didn't jump on the HeartBleed bandwagon last week. I'm not a particularly reactive person, I'm not prone to panicking, and I felt that there was simply too much that wasn't known about the ramifications of the security issue.

Now that things have settled down a little, it's time to take a calmer look at what happened, to learn what you need to do, and to answer the most common question about HeartBleed: why?

But first things first: it's not on your machine. In fact, it doesn't affect your machine at all. This is all about the servers that you access on the internet.

Continue Reading: Why do I need to change passwords after HeartBleed?
http://askleo.com/?p=14055

*** Answercast

Answercast #153 - Upgrading XP, Moore's Law, NTLDR, ISO, tracking texts and more...

Are you worried that someone can buy software to hack your cellphone, or that upgrading your XP machine is hard? Trying to find Windows ISO files, or a missing NTLDR? Curious about Moore's Law! All that and more in this Answercast from Ask Leo!

Listen
Listen Now!
(Includes the raw transcript on which the articles below were based.)

Is there software that allows someone to track my emails and texts?
The bad guys can do anything they want to your computer if they can gain access.

Continue reading: Is there software that allows someone to track my emails and texts?
http://askleo.com?p=14043

Whats the best way to upgrade from Windows XP to Windows 7?
A clean install is going to get you a cleaner operating system.

Continue reading: Whats the best way to upgrade from Windows XP to Windows 7?
http://askleo.com?p=14025

What does NTLDR is missing mean?
You're missing your boot loader. This may mean serious hardware problems... or perhaps just something forgetful on your part!

Continue reading: What does NTLDR is missing mean?
http://askleo.com?p=14031

Can I use Windows 8 ISO files I found on the internet?
It's becoming more and more difficult to buy a computer with installation media. Fortunately there is a solution to not having install discs.

Continue reading: Can I use Windows 8 ISO files I found on the internet?
http://askleo.com?p=14047

Can I delete old updates?
It all really boils down to how updates are applied. Some you can delete, others you should not. I'll review the different types.

Continue reading: Can I delete old updates?
http://askleo.com?p=14051

Is Moore's Law over?
CPUs may not be getting faster as quickly as they once did, but Moore's law isn't really about speed; it's about circuitry. We're still improving in many other ways.

Continue reading: Is Moore's Law over?
http://askleo.com?p=14053

*** Our Sponsor

Saved! Backing Up with Macrium Reflect
Prepare for the worst - Bounce back from the inevitable

How to back up, step by step,
using Leo's recommended backup software.
Learn how to use it and never lose data again!

Companion videos and digital formats included.
Saved! Backing Up with Macrium Reflect

*** Last Issue's Articles

*** Featured Reader Comments

Is Microsoft Security Essentials supported on XP or not?

Phil Cowan writes:

On my XP, not only did I get the nonsupport message, but my machine started hanging. Would boot up, but not allow the mouse to do its work. My tech guy removed MSE and it works fine. He said a friend of his had the same problem last night. Is Microsoft doing something to deliberately sabotage XP?

Leo writes:

I don't believe in conspiracy theories, so no, Microsoft isn't doing this deliberately. Considering that MSE works just fine on many, if not most, other Windows XP installations, it's more likely that there's something unique about your situation. Not that MSE might not be to blame, but I'd blame a bug or other configuration issue over a corporate conspiracy any day.

Why can't online services tell me what my password is?

David Maxwell writes:

If I have understood correctly, (and I found your explanation brilliantly clear), every one of the major thefts of passwords which have been publicised over the years, (as well as the Heartbleed thefts), are actually a manifestation of the fact that the host is maintaining the actual passwords on their servers. If they were storing only the hash, the hackers could not steal them. This speaks volumes to the security services of the major sites we all subscribe to.

Leo writes:

This is not quite correct.

First, most major thefts have not been "of passwords". They've been of account databases with hashed passwords. Nonetheless, common best practice after such a theft - even without passwords - is to encourage people to change their passwords "just in case". (Obviously if the theft was truly "of passwords", then yes, those were bad security setups. But as I said, if you read the accounts closely more are not.)

Second, the situation is more complex than I got into. (Remember, the question was only why a service couldn't tell you your password.) It can sometimes be possible to use tables of hashed passwords to break into accounts 1) if the hash is done "poorly", and 2) if poor passwords are used. I think someone else mentioned rainbow tables - compute, off-line, the hashes for all possible 8 character passwords, then just look up the hash to find the password. There are techniques to make this more secure both on the server (do hashes properly) and in your control (longer passwords being the one in your control).

Finally, poor password choice remains a serious issue. Very often simply knowing the account login ID, which is stored clearly in the database, and then just trying the top 1000 most popular passwords (slowly, over a few days on a distributed botnet) will break in to an alarming number of accounts.

*** Leo's Blog

Why I rarely panic

As I watched the HeartBleed issue unfold over the past couple of weeks, I kept looking around at all of the media reports that seemed to indicate that the end of the world (or at least the internet) was upon us. I kept feeling like I was supposed to be panicking.

But I didn't.

And neither the world nor the internet came to an end.

It's not in my nature to panic. That's just the kinda guy that I am. While I think panic is occasionally called for, it does more harm than good more often than not.

Continue Reading: Why I rarely panic
http://askleo.com/?p=14069

Facebook - YouTube - Google+ - Twitter

*** Leo's Books

Saved! - Backing Up with Macrium Reflect Saved! - Backing Up with Windows 7 Backup The Ask Leo! Guide to Routine Maintenance Backing Up 101 Maintaining Windows XP - A Practical Guide

*** Administration

Need more help with or have questions about the newsletter? Check out the newsletter administration page.

Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at http://newsletter.askleo.com for their own FREE subscription!

Newsletter contents Copyright © 2013,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC