Image via snoopsmaus

Most of the coverage of the Heartbleed bug has focused on the security problems for websites, but there’s another avenue of attack now being exploited by hackers: the Virtual Private Network (VPN) systems used by many large and small businesses.

Security firm Mandiant reports that it is has observed a Heartbleed attack occurring “in the wild.” The attack targeted a Virtual Private Network service at an unnamed organization, gaining access to its internal corporate network — and it shows that hackers are finding the parts of the internet are least likely to have been updated to protect against Heartbleed.

The attack worked like this. When a user logs into a VPN service, it issues a “session token,” a temporary credential that is supposed to prove that a user has already been authenticated. By stealing the authentication token from the server’s memory, the attacker can impersonate the legitimate user and hijack her connection to the server, gaining access to the organization’s internal network.

This disastrous security hole in OpenSSL may have more effect on these kinds of semi-closed systems than on easily upgraded web servers, because the people who use VPNs and other types of networking applications and devices may not even realize they’re relying on the buggy versions of OpenSSL, and it may be difficult (or even impossible in some cases) to update the software.

But web servers are still a big problem as well; the Washington Post’s Brian Fung points out that we may be seeing some large scale disruptions of the Internet in the not too distant future: Heartbleed Is About to Get Worse, and It Will Slow the Internet to a Crawl.

Estimates of the severity of the bug’s damage have mounted almost daily since researchers announced the discovery of Heartbleed last week. What initially seemed like an inconvenient matter of changing passwords for protection now appears much more serious. New revelations suggest that skilled hackers can use the bug to create fake Web sites that mimic legitimate ones to trick consumers into handing over valuable personal information.

The sheer scale of the work required to fix this aspect of the bug — which makes it possible to steal the “security certificates” that verify that a Web site is authentic — could overwhelm the systems designed to keep the Internet trustworthy.

“Imagine if we found out all at once that all the doors everybody uses are all vulnerable — they can all get broken into,” said Jason Healey, a cybersecurity scholar at the Washington-based Atlantic Council. “The kinds of bad things it enables is largely limited only by the imagination of the bad guys.”

Please note! We got out in front of the rush to revoke/reissue our SSL certificates right away, the day the bug was announced, so Little Green Footballs is not vulnerable to the problem described in the Washington Post article.

This is telling. Greenwald associate Trevor Timm compares people who think Edward Snowden works with Russia to 9/11 Truthers, and is immediately swarmed with outraged comments from his fans who are 9/11 Truthers.

Trevor Timm vs 9/11 Truth

Let’s face it — if Edward Snowden’s appearance at Vladimir Putin’s propaganda puppet show yesterday was supposed to improve his image in the US by showing him “questioning” Putin about mass surveillance, it was a miserable failure. Even many of Snowden’s stongest defenders were appalled at that display.

So it should come as no surprise that today, the axis of Snowden is spinning like crazy to try to undo some of that damage — and extend the propaganda opportunity by propping up Snowden as a false dissident. See: Vladimir Putin Must Be Called to Account on Surveillance Just Like Obama | Edward Snowden.

Yes, “just like Obama.” Snowden (or whoever actually wrote this — see below) apparently sees no difference between the two leaders at all.

Putin’s response was remarkably similar to Barack Obama’s initial, sweeping denials of the scope of the NSA’s domestic surveillance programs, before that position was later shown to be both untrue and indefensible.

Snowden’s point in this article is to boast about his bravery and the sacrifices he’s made, and call on Russian journalists to follow up on his ground-breaking work.

When this event comes around next year, I hope we’ll see more questions on surveillance programs and other controversial policies. But we don’t have to wait until then. For example, journalists might ask for clarification as to how millions of individuals’ communications are not being intercepted, analysed or stored, when, at least on a technical level, the systems that are in place must do precisely that in order to function. They might ask whether the social media companies reporting that they have received bulk collection requests from the Russian government are telling the truth.

Sure, Russian journalists might ask those questions. And they might also be murdered for asking those questions.

It should be pointed out, because Glenn Greenwald isn’t going to admit it, that there’s a disclaimer at the bottom of this piece revealing what’s really going on here:

Edward Snowden wrote for the Guardian through the Freedom of the Press Foundation

Who is the “Freedom of the Press Foundation?” Well, the Guardian doesn’t mention it for some reason, but it just happens to be a front group for, yes, you guessed it, the Mighty Glenn Greenwald. This is basically a press release, courtesy of Mother Russia, for the Snowden-Greenwald project.

And of course, today Greenwald praised the bravery and integrity of the piece he (at the very least) helped Snowden put together.

Writing an op-ed criticizing Putin's response while needing asylum is as brave an act as the initial whistleblowing, & shows same integrity

— Glenn Greenwald (@ggreenwald) April 18, 2014

Greenwald associate Trevor Timm says the Snowden op-ed is “all his words.”

@jeremyduns Yes, the reason was I didn't see it. We sent it to the guardian for him, but they are all his words.

— Trevor Timm (@trevortimm) April 18, 2014

Also see:
The Lies Edward Snowden Tells

YouTube

Some straight-up white people folk music, with a dry North Dakota edge to it, from Tom Brosseau, a true original.

Tom Brosseau possesses one of the most arresting voices in folk music today. Many people who hear him sing, without knowing his name or face, assume the voice belongs to a woman, as he hovers somewhere around the countertenor range, with an unusually pure tone.

The beauty of Brosseau’s voice is magnified in this Tiny Desk Concert by the spare accompaniment of two acoustic guitars. Brosseau is on rhythm, accompanied by Sean Watkins. Watkins, who also plays and sings with Nickel Creek, produced and plays on Brosseau’s new album, Grass Punks.

Brosseau is unabashedly sentimental and earnest. It informs his plainspoken story-songs, which find beauty and light in heartfelt themes of love and yearning. But Brosseau also possesses a wry sense of humor; you can hear as much in “Cradle Your Device,” a playful take-down of modern technology. The next song he performs, “Stuck on the Roof Again,” tells a true story about the octogenarian newspaper columnist Marilyn Hagerty, who got stuck on the roof of her home in Grand Forks, N.D., after a heavy snowstorm.

Brosseau closes his set with “Today Is a Bright New Day,” a wistful reflection on lost love and the belief that no matter our past disappointments or missteps, the future is full of hope and opportunity. —ROBIN HILTON

Set List

“Cradle Your Device”
“Stuck On The Roof Again”
“Today Is A Bright New Day”

Credits

Producers: Denise DeBelius, Robin Hilton; Audio Engineer: Kevin Wait; Videographers: Denise DeBelius, Gabriella Garcia-Pardo, Olivia Merrion; photo by Jim Tuttle/NPR

Nearly 100 people in the last five years have been murdered by active users of the leading racist website, Stormfront, according to a report released today by the SPLC’s Intelligence Project.

Registered Stormfront users have been disproportionately responsible for some of the most lethal hate crimes and mass killings since the web forum became the first hate site on the Internet in 1995, a month before the Oklahoma City bombing. The report found that hate killings by Stormfront members began to accelerate rapidly in early 2009, when Barack Obama took office as the nation’s first black president.

A similar racist web forum, Vanguard News Network (VNN), was used by neo-Nazi and former Klan leader Frazier Glenn Miller, who has been charged with the Sunday murder of three people he mistakenly believed were Jews in Overland Park, Kan. Miller, who apparently changed his last name in recent years to Cross, logged more than 12,000 posts on VNN, whose slogan is, “No Jews, Just Right.”

“Stormfront is the murder capital of the racist Internet,” said Heidi Beirich, report author and Intelligence Project director. “It has been a magnet for the deadly and deranged. And VNN is almost as bad.”

More: SPLC Report: Users of Leading White Supremacist Web Forum Responsible for Many Deadly Hate Crimes, Mass Killings