Security Update

http://heartbleed.com/

Because Heartbleed, of course. Our site hasn’t been compromised by nefarious villains just yet, but you should change your password anyway. I mean — why not, right?

We also did some spring cleaning with our new site and cleared out old orders and non-customer user accounts. You don’t need an account to do anything here, by the way. But if you do want to track your orders in our shop, you can, by creating an account when you check out.

Please know though, that we DO NOT monitor changed addresses in your online account for magazine delivery. If you move, you MUST change your address by emailing kolla@blueskiesmag.com, or writing us a letter, or giving us your new info through the form here: Change My Address.

If you want to know more about heartbleed, here are some good resources:

  • What is Heartbleed, anyway? source: engadget
  • The Heartbleed Bug source: the people who discovered it
  • Explain it like I’m 5: What is Heartbleed and what should I do to protect myself? source: reddit

    Let’s say that you and a friend are passing notes in class. You want those notes to be totally private, so you and your friend come up with a secret code that only the two of you know. Every note you pass is written in code, and even if your teacher grabbed every single one of them, he wouldn’t be able to figure out what they said. That’s a very ELI5 version of encryption.

    But now let’s imagine that every time your friend opens that note in class, your teacher can see a tiny chunk of it – maybe only a few letters or numbers. And let’s say that because your code is so complicated, your friend has another piece of paper on his desk (called the “key”) that he can reference to actually translate from the coded note to plain text. Now, your friend is really stealthy, so he does his absolute best to hide the “key” under his desk so that nobody but him can see it.

    Heartbleed is the equivalent of your teacher having super vision that allows him to see tiny bits of both the notes you pass AND the piece of paper that tells your friend how to translate the message – even though your friend is doing his best to hide everything. Your teacher can only catch the tiniest glimpse of those things, but after enough time, he can piece together big chunks of your notes but also (perhaps) the entire “key” that your friend uses to translate your messages.

    If your teacher writes down everything he sees – both messages and the “key” – for long enough, he can eventually crack the code and read every single note that you have ever passed to your friend using that “key”. It’s important to note that your teacher would REALLY have to put a lot of effort into this in the “real world” of the internet, because you and your friend would be among billions of pairs of kids in class passing notes. But it’s still possible, because your teacher has lots of eyes.

    (In this example, you are you, and your friend is your bank or something – and the note you’re passing contains your Social Security number, date of birth, bank account number, and list of your fears)

  


What do you think?