On this episode we talk about everything you need to know about the SSL bug, ‘Heartbleed’ and Google’s project Ara.
At the beginning of the week the people at OpenSSL made an announcement about an open bug called ‘Heartbleed’. An emergency patch was immediately put out. OpenSSL is very widely used by many major service providers such as Amazon, Yahoo, Facebook and more. Many of these services were affected by the bug.
It was discovered by a Google researcher, Neel Mehta. The bug allows an attacker to pull 64k of data randomly from the servers working memory. That may not sound like a major issue but the attacker can continue to request the data as many times as they like.
Very important information such as the servers encryption keys are stored in the working memory and if an attacker got access to this information they could potentially access any data going through the server. Although the patch is already out there it takes time to implement it across all servers and if any of the encryption keys were compromised a hacker could still have access to the server traffic for months after. The solution is to reset the encryption keys but this is a slow and expensive process.
You can check if your website is affected by using: filippo.io/Heartbleed/, however it does show up some false negatives.
Google Project Ara
Google is one of many companies who have been working on modular smartphones. This week they released their MDK (Module Developer Kit) for people who are interested in making their own modular phone based on Google’s designs.
The MDK highlights a number of different screen layouts, module layouts as well as what could be added in different modules. The idea is that it will use a metal endoskeleton and all of the modules will slide in and be held in place by special EMP (electro-permanent magnets) which have a low powered and a high powered state. Power is only required to change them from one state to another.
The big question about this radical new idea is if consumers will take an interest. Most average consumers don’t want to have to think about what processor they want or how much RAM they want. However, they might be interested in certain aspects such as the type of camera and how much storage there is. The first Project Ara phones are said to be coming next year and it will be very interesting to see. You can find out more information at: projectara.com