Security researchers have uncovered a fatal flaw in a key safety feature for surfing the Web — the one that keeps your email, banking, shopping, passwords and communications private.
Here’s what you need to know.
What is it?
It’s called the Heartbleed bug, and it is essentially an information leak.
It starts with a hole in the software that the vast majority of websites on the Internet use to turn your personal information into strings of random numbers and letters. If you see a padlock image in the address bar, there’s a good chance that site is using the encryption software that was impacted by the Heartbleed bug.
What sites have been affected?
Click here to refer to a comprehensive list of patched sites from CNET.
Users can easily check if a site is secure by going to this website: http://filippo.io/Heartbleed/
What does it do?
Heartbleed allows outsiders to peek into the personal information that was supposed to be protected from snoopers.
The bug allows potential hackers to take advantage of a feature that computers use to see if they’re still online, known as a “heartbeat extension.” But a malicious heartbeat signal could force a computer to divulge secret information stored in its memory, including keys to an encryption tool that turns your credit card information and passwords into indecipherable code.
Once a hacker has the keys to the encryption software, it’s game over — usernames, passwords, bank information and all the other data that you thought were safe are potentially up for grabs. Making matters worse, the Heartbleed bug leaves no traces — you may never know when or if you’ve been hacked.
“You could watch traffic go back and forth,” said Wayne Jackson III, CEO of open source software company Sonatype. “This is a big deal. When you think about the consequences of having visibility into Amazon and Yahoo, that’s pretty scary.”
Who does this affect?
Most major websites are targets, because they rely on this program. A survey conducted by W3Techs show that 81% of sites run on web server programs Apache and Nginx, and both are vulnerable to the Heartbleed bug.
Many popular sites, including Amazon, Yahoo and OKCupid, use those encryption tools. Yahoo, Amazon and OKCupid have updated their websites with a fix for the bug, but many others have not patched their sites yet.
What can I do?
Not much, unfortunately — the websites themselves need to update to a new version of the encryption software to fix the bug. That’s why changing all your passwords right away isn’t a good idea. Websites are all racing to fix the issue, and if you act too quickly, you might change your password on a site that is still vulnerable.
Italian cryptographer Filippo Valsorda launched the “Heartbleed Test,” which purports to tell you if websites are still compromised.
With files from CNN
Microsoft is saying goodbye to Windows XP.
Although the operating system is more than 12 years old, and Windows XP computers haven’t been shipped since 2010, there are still millions of them in use. Gartner estimates that as much as 25 per cent of Windows PCs in the workplace are running XP. Consumers tend to be even slower in upgrading.
Why so many XP computers? XP’s successor, Vista, was unpopular, so many XP owners held off upgrading. In addition, many consumers are buying smartphones and tablet computers instead of upgrading old PCs.
Microsoft Corp. is pushing remaining XP owners to upgrade to a newer operating system, such as Windows 7 or 8. It will still be possible to use existing Windows XP computers after Microsoft retires it Tuesday, but that comes with risks.
Here’s a guide to the risks and your options.
Q. What happens on Tuesday?
A. That’s the day Windows XP reaches what Microsoft calls “end of support.”
XP made its debut in 2001 and retired from retail stores as boxed software in 2008. PC makers were allowed to sell computers with Windows XP for another two years.
In recent years, Microsoft hasn’t done much with XP beyond releasing updates on the second Tuesday of each month to fix newly discovered security flaws. This Tuesday is the last time Microsoft is doing that for XP, so any problems discovered after that won’t get fixed.
You’ll still be able to run XP computers and install past updates. If you need to reinstall XP from scratch, you can do so if you still have the discs that came with your computer.
Microsoft will still provide updates for its anti-malware software for XP until July 2015, but the company warns it will offer limited protection.
Q. How do I know if my computer is running XP?
A. This Microsoft site will check: http://amirunningxp.com. If you have XP, the site will go through your options.
Even if you don’t visit the website, you may still get a pop-up notification, depending on how your computer’s configured to check for Windows updates.
Q. If XP will still run, why do I need to upgrade?
A. A big reason is security. Hackers know Microsoft will no longer fix security flaws, so evil-doers have extra incentive to look for them. In addition, if a flaw is found for Windows 7 or 8, there’s a good chance a similar issue exists for XP as well. So when the fixes come out for Windows 7 or 8, hackers can go back to XP to look for an opening.
Hackers have become more sophisticated, and lately they have been breaking into computers for financial gain rather than just pride. So the risk is greater than when Microsoft retired past systems such as Windows 95 and 98.
There are also performance issues. If you buy a new printer or scanner, it might not work on XP. Same goes for new software, particularly if it needs faster processors and more memory beyond what was standard in XP’s heyday. XP also lacks features that are common with newer operating systems, including energy-saving measures for laptops.
Q. What are my options for upgrading?
A. You can upgrade to Windows 7 or 8 by buying a disc. You will need to back up your files and have discs for any programs you may have installed, as upgrading requires completely wiping your hard drive and starting from scratch. Microsoft sells Windows 8 as an upgrade for $120; be sure to buy the DVD version and not the download. Retail sales of Windows 7 have ended, though you might be able to find leftover copies for sale online.
That said, it’s probably not worth the upgrade. Your XP computer is several years old and might not even meet the system requirements to upgrade. Use this tool to check: http://bit.ly/KkZERx .
Even if an upgrade is possible, the money is better spent toward a new computer. Microsoft says many PC makers are offering deals timed to XP’s retirement.
Be aware that either way, you may also need to buy new software, as older versions might not run on Windows 7 or 8. Microsoft, for instance, is also ending support for Office 2003 on Tuesday.
Q. My XP computer works fine and fits my needs —and I don’t want to spend money on an upgrade or a new machine. What should I do?
A. If despite the warnings, you are still running XP, here are a few things to do:
First, be sure to run all of Microsoft’s previously released updates, plus the last one on Tuesday.
Then think about what you really need the computer for. If you don’t need an Internet connection, unplug it. That will minimize the risk. Be careful about attaching USB storage drives, as that might introduce malicious software.
If you need the Internet, refrain from using email, Facebook and other communications channels through which malicious software might travel. Use a tablet, phone or another computer instead.
It’s also a good idea to lock down your computer by using a profile that lacks administrative rights. That will make it harder to install anything new, including malicious software.
Mikko Hypponen of F-Secure suggests removing older software applications you no longer use. The less you have running, the less vulnerability you’ll have.
Gartner fellow Neil MacDonald says XP computers on corporate networks have more options, including using XP only for crucial software that won’t run on more up-to-date systems and accessing a virtual desktop remotely for email, Web and other modern tasks. He says companies can also pay Microsoft for customized fixes beyond Tuesday, but that gets expensive.
Q. Why is Microsoft doing this?
A. As technology improves, it makes less sense to support something designed a PC generation or two ago. The company’s resources are better spent on making newer products better.
Apple does this, too, with its OS X system for Mac computers, though it doesn’t announce end dates for older versions as Microsoft does. Unlike Microsoft, Apple now offers upgrades for free.
Q. Don’t ATMs, retail payment systems, medical devices and other gadgets also run XP? What are my options?
A. Check with the manufacturer. MacDonald says there are two types of XP for so-called embedded systems, one of which will receive support until January 2016.
Microsoft blog post: http://bit.ly/1kmVCaQ
XP checker and options: http://amirunningxp.com
Windows 8 upgrade: http://bit.ly/1mQBzCe
Other upgrade resources:
With files from Anick Jesdanun, The Associated Press
A special weather statement is in effect for the GTA, warning of heavy rain from a disturbance moving up from the Gulf coast.
The showers should start late Monday afternoon around 4 p.m. or 5 p.m. and the steadier rain will happen after 7 p.m. That rain will stay around overnight and through the morning on Tuesday before tapering to showers. The rainfall will total about 20 millimetres.
Environment Canada’s special weather statement is in effect for:
- City of Toronto
- Windsor – Essex – Chatham-Kent
- Sarnia – Lambton
- London – Middlesex
- Simcoe – Delhi – Norfolk
- Dunnville – Caledonia – Haldimand
- Oxford – Brant
- City of Hamilton
- Halton – Peel
- York – Durham
- Huron – Perth
- Waterloo – Wellington
- Dufferin – Innisfil
- Grey – Bruce
- Barrie – Orillia – Midland
- Peterborough – Kawartha Lakes
- Bancroft – Bon Echo Park
- Brockville – Leeds and Grenville
- City of Ottawa
- Prescott and Russell
- Cornwall – Morrisburg
- Smiths Falls – Lanark – Sharbot Lake
- Parry Sound – Muskoka
- Renfrew – Pembroke – Barry’s Bay
- Burk’s Falls – Bayfield Inlet.
See below for your morning weather webcast:
With files from Jill Taylor, 680News.com
Actor Mickey Rooney, the pint-sized screen dynamo of the 1930s and 1940s best known for his boy-next-door role in the Andy Hardy movies, died on Sunday at 93, Hollywood industry trade papers Variety and Hollywood Reporter reported.
Rooney, who was one of the biggest box office stars of the movies’ studio era, had been ill for some time, TMZ said. It did not give a cause of death and a spokesman was not immediately available for comment.
Rooney, who spent almost his entire life in show business, teamed up with Judy Garland in the 1939 movie musical Babes in Arms. He also starred with Elizabeth Taylor in 1944′s National Velvet, which launched Taylor’s career.
Rooney was best known for his role as Andy Hardy, the popular all-American teenager, which he portrayed in about 20 movies.
Rooney was married eight times, the first time to screen beauty Ava Gardner. Asked once if he would marry all his eight wives again, he said, “Absolutely. I loved every one of them.”
Hosting a brunch this spring? Whether you’re having a few friends over on the weekend or the whole extended family is coming by for Easter, we’ve gathered together some of our fave brunch recipes that’ll have everyone asking for seconds.
Yummy twists on family favourites:
We’re regularly craving classic brunch dishes, from eggs and bacon, to fluffy pancakes. If your guests love the standards, too, try some of our creative twists on traditional recipes! These egg & toast tartlets from Claire Tansey are a fun way to eat your omega-3s, and they pair perfectly with her maple-fennel bacon.
For the pancake lovers, why not try adding cocoa powder to make thesechocolate pancakes with strawberry sauce? Mairlyn Smith sure knows how to make a dish that appeals to the chocoholics in the house (and it uses whole wheat flour to boost up the nutritional value, too!).
If you want to sneak some vitamin-rich veggies into a super easy brunch dish, this sweet potato French toast from Ceri Marsh and Laura Keogh is exactly what you’re looking for. Cut it into easily-dippable strips and your kids will gobble this up instantly!
Fancy dishes to impress your guests:
Want to really wow your guests? Whether you’re looking for a savoury dish or a sweet one, brunch is one of our favourite times to experiment with more intricate recipes — or recipes that seem really impressive, but aren’t actually too complex to put together! This goat cheese soufflé with smoked salmon from Claire Tansey is a perfect example of a dish that looks way more difficult than it actually is. You don’t have to be a trained chef to make your own soufflé!
Think you can only poach your eggs in water? Think again! Our chefs have two elegant alternatives for you. Adults will love these Chardonnay-poached eggs from Jason Parsons, while the whole family will drool over Randy Feltis’ maple syrup-poached eggs served over stuffed French toast!
Not much of an egg fanatic? Switch out your eggs for seafood in this scallops Benedict from Jason Parsons!
If you’re looking for something sweet, look no further than this homemade crepe recipe with macerated berries. These crepes are easy to personalize with your fave ingredients, and we especially love them with fresh, mixed berries.
If you want to get some extra zzz’s before your guests arrive, why not make your entrée the night before? This asparagus and cheese strata from Mairlyn Smith needs to rest in the fridge for at least 8 hours before you serve it, so that the bread can soak up all of the delicious egg mixture.
Tarts are a great make-ahead option and we love the seasonal flavours in this spring onion & goat cheese tart. You can also make this recipe even easier by using pre-baked pie shells instead of puff pastry.
We love a good quiche, and this crustless mushroom and broccoli quiche from Dr. Joey Shulman is a yummy, healthier option! Serve this with a side salad or fresh fruit for a lighter meal.
What’s your go-to brunch recipe? Share your faves in the comments!
With files from Suzanne Gardner, Cityline.ca
Photo credit: Roberto Caruso