One lesson of the Heartbleed bug is that the US needs to stop running Internet security like a Wikipedia volunteer project
The Heartbleed computer security bug is many things: a catastrophic
tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.
The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software — in this case a program called OpenSSL that ensures that your connection to a website is encrypted — are four core programmers, only one of whom calls it a full-time job.
In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations. The programmers have to rely on consulting gigs to pay for their work. "There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work," says Steve Marquess, who raises money for the project.
Is it any wonder that this Heartbleed bug slipped through the cracks?
Dan Kaminsky, a security researcher who saved the Internet from a similarly fundamental flaw back in 2008, says that Heartbleed shows that it's time to get "serious about figuring out what software has become Critical Infrastructure to the global economy, and dedicating genuine resources to supporting that code."
The Obama Administration has said it is doing just that with its national cybersecurity initiative, which establishes guidelines for strengthening the defense of our technological infrastructure — but it does not provide funding for the implementation of those guidelines.
Instead, the National Security Agency, which has responsibility to protect U.S. infrastructure, has worked to weaken encryption standards. And so private websites — such as Facebook and Google, which were affected by Heartbleed — often use open-source tools such as OpenSSL, where the code is publicly available and can be verified to be free of NSA backdoors.
The federal government spent at least $65 billion between 2006 and 2012 to secure its own networks, according to a February report from the Senate Homeland Security and Government Affairs Committee. And many critical parts of the private sector — such as nuclear reactors and banking — follow sector-specific cybersecurity regulations.
But private industry has also failed to fund its critical tools. As cryptographer Matthew Green says, "Maybe in the midst of patching their servers, some of the big companies that use OpenSSL will think of tossing them some real no-strings-attached funding so they can keep doing their job."
In the meantime, the rest of us are left with the unfortunate job of changing all our passwords, which may have been stolen from websites that were using the broken encryption standard. It's unclear whether the bug was exploited by criminals or intelligence agencies. (The NSA says it didn't know about it.)
It's worth noting, however, that the risk of your passwords being stolen is still lower than the risk of your passwords being hacked from a website that failed to protect them properly. Criminals have so many ways to obtain your information these days — by sending you a fake email from your bank or hacking into a retailer's unguarded database — that it's unclear how many would have gone through the trouble of exploiting this encryption flaw.
The problem is that if your passwords were hacked by the Heartbleed bug, the hack would leave no trace. And so, unfortunately, it's still a good idea to assume that your passwords might have been stolen.
So, you need to change them. If you're like me, you have way too many passwords. So I suggest starting with the most important ones — your email passwords. Anyone who gains control of your email can click "forgot password" on your other accounts and get a new password emailed to them. As a result, email passwords are the key to the rest of your accounts. After email, I'd suggest changing banking and social media account passwords.
But before you change your passwords, you need to check if the website has patched their site. You can test whether a site has been patched by typing the URL here. (Look for the green highlighted " Now Safe" result.)
If the site has been patched, then change your password. If the site has not been patched, wait until it has been patched before you change your password.
A reminder about how to make passwords: Forget all the password advice you've been given about using symbols and not writing down your passwords. There are only two things that matter: Don't reuse passwords across websites and the longer the password, the better.
I suggest using password management software, such as 1Password or LastPass, to generate the vast majority of your passwords. And for email, banking and your password to your password manager, I suggest a method of picking random words from the Dictionary called Diceware. If that seems too hard, just make your password super long — at least 30 or 40 characters long, if possible.
Unless the Nifty manages to go higher than today's high, the market will remain listless
Indian markets opened Tuesday higher after a long weekend to move immediately into the negative. Unlike most Asian indices, which closed in the positive, Indian markets shrugged off positive news from the US, where jump in retail sales since 2012 added to optimism about the recovery in the US economy.
The BSE 30-share Sensex opened at 22,698 while NSE 50-share Nifty opened at 6,793. In the few minutes of trading in the positive, both Sensex and Nifty hit their respective day’s high at 22,737 and 6,813, respectively. Sensex hit a low of 22,416 and closed at 22,485 (down 144 points or 0.64%) while Nifty hit a low of 6,712 and closed at 6,733 (down 43 points or 0.64%). The NSE recorded a volume of 80.87 crore shares.
Except for IT (1.93%), FMCG (0.23%) and Consumption (0.03%) all the other indices on the NSE closed in the negative. The top five losers were Realty (3.01%), Metal (2.76%), Finance (2.23%), PSU Bank (2.21%) and Bank Nifty (2.03%).
Of the 50 stocks on the Nifty, 12 ended in the green. The top five gainers were United Spirits (11.62%), TCS (4.18%), Wipro (3.94%), Hero MotoCorp (2.39%) and HCL Technologies (1.74%). The top five losers were DLF (6.41%), Hindalco (5.26%), Jindal Steel (4.48%), Bank of Baroda (3.68%) and IDFC (3.44%).
Of the 1,553 companies on the NSE, 617 closed in the green, 869 closed in the red while 67 closed flat.
The market was looking ahead for the wholesale price index (WPI) inflation data and consumer price index (CPI) inflation data for March 2014, which came higher.
Infosys Ltd, India's second largest software company reported a 25% jump in its fourth quarter net profit on higher revenues. For the quarter to end-March, Infosys’ net profit rose to Rs2,992 crore from Rs2,394 crore while total revenues, including sales, increased 23.1% to Rs12,875 crore, same period last year.
Infosys reported a 13% increase in its full year (FY14) net profit to Rs10,648 crore even as its total revenues, including sales grew 24.2% to Rs50,133 crore from Rs40,352 crore a year ago period.
Infosys has forecast revenue growth of 7% to 9% in dollar terms for the year ending 31 March 2015. The company has forecast revenue growth of 5.6% to 7.6% in rupee terms for FY 2015. The guidance in rupee terms is based on rupee dollar conversion rate of 60. The stock was among the top five gainers in Sensex 30 stocks.
Snapping its declining trend, inflation in March rose to a three-month high of 5.7% mainly on a spurt in the prices of food items such as potatoes, onions and fruits. Inflation in food items, based on the wholesale price index (WPI), shot up by 9.9% in March as against 8.12% in the previous month. Overall WPI inflation, which has been on the decline since December, dropped to a nine-month low of 4.68% in February.
The government revised upwards WPI inflation for January 2014 to 5.17%, from 5.05% reported on 14 February 2014. Build up inflation rate in the financial year so far was 5.7% compared to a buildup rate of 5.65% in the corresponding period of the previous year. Core inflation or non-food manufacturing inflation accelerated to a 12-month high of 3.5% in March 2014.
March CPI inflation rose to 8.31% on higher food prices. Food prices for consumers in March rose 9.10% from a year earlier, faster than February’s provisional 8.57% rise.
Rating agency Standard & Poor's (S&P) said on Tuesday that the direction and pace of policy reforms in India, more than which political party takes control after elections, will have a bearing on the sovereign rating. "An important factor is how fragmented the government will be. The more parties involved in the next coalition government, the more likely policies will be incoherent and less supportive of credit attributes," said Kim Eng Tan, sovereign credit analyst at S&P, in a statement. S&P has a BBB- rating on India with a negative outlook and has warned of the risks of a ratings downgrade in the absence of structural reforms, fiscal consolidation and if economic growth decelerates further.
US brokerage Bank of America-Merrill Lynch on Tuesday said it sees the first rate cut this fiscal only in March next, as inflation is expected to fall only by December end on a decline in commodity prices driven by the US Fed tapering. Accordingly, BofA-ML sees RBI cutting rates by 50 basis points in March next. The report forecasts the current account deficit to stabilise at 2.6% in FY15 and 2.5% in FY16 if the Brent crude stabilises at about USD 105 a barrel. BofA-ML expects the RBI to hold rupee at 60-65 levels if the dollar trades about 1.30 against the euro.
All the banking stocks and finance stocks in Sensex 30, namely, Axis Bank, HDFC, HDFC Bank, SBI, ICICI Bank, closed in the negative.
United Spirits (USL) closed in the top two gainers in BSE ‘A’ group. Diageo Plc, the world's largest distiller on Tuesday announced an open offer to raise its stake in the company to 54.78%, from current 28.78%. Diageo has announced an open offer to acquire additional up to 3.77 crore equity shares of USL, constituting 26% of the total fully diluted voting equity share capital of USL, at Rs3,030 per share. Diageo will shell Rs 11,448.92 crore for acquiring additional 26% stake in USL.
Except for Shanghai Composite (1.40%), Hang Seng (1.60%) and Seoul Composite (0.24%) all the other Asian indices closed in the positive. Straits Times (0.98%) was the top gainer.
China's broadest measure of credit fell 19% from a year earlier in March and money supply grew at the slowest pace since 2001, data from the People's Bank of China showed today. Aggregate financing was 2.07 trillion Yuan ($333 billion) from 2.55 trillion Yuan a year earlier. New Yuan loans were 1.05 trillion Yuan. M2, China's broadest measure of money supply, rose 12.1% in March from a year earlier.
European indices were trading marginally in the red US Futures were trading marginally in the green.
Overruling warnings from expert, the FFSAI allowed companies to increase caffeine level in energy drink to 320mg per litre from 145mg per litre. Anyone who drinks 700ml of energy drink is at high risk, warn experts
Yajurvedi Rao, an activist had filed a public interest litigation (PIL) against the Food Safety and Standards Authority of India (FSSAI) for permitting companies to increase caffeine content in energy drinks to 320mg per litre from 145mg per litre.
Quoting an official from a popular energy drink manufacturer, an article from Mumbai Mirror, says, "We manufacture drinks not to kill people. Rather, one will find more caffeine in coffee than in energy drinks. The complainant has no scientific backing to prove anything."
The part marked in red says, “Consumption of more than two cans in a day may be harmful to your health. Not to be used for pregnant women, breast feeders, children under the age of 16, people with heart disease, high blood pressure, diabetes, allergy to caffeine, and athletes during exercise."
Image Courtesy: Wikipedia.org
However, Dr Arvind Shenoy, senior chemical and consumer product researcher, discards the argument. He said, “It is important to note that if the vehicle of consumption for caffeine is coffee, then, one can tolerate caffeine levels even up to 642 mg per day. The situation becomes completely different when the medium of caffeine intake is an energy drink – where the side-effects start kicking in from levels of even 231 mg per day.”
In short, this means one can tolerate caffeine up 642mg per day from coffee but with energy drink, the concoction becomes dangerous even at a level of 231mg per day. Remember, the FSSAI had allowed the level in energy drink to be increased to 320mg per litre. In other words, anyone who drinks around 700ml of an energy drink is at high risk and may suffer from side effects.
Rao had also filed applications under the Right to Information (RTI) Act to procure information. As per one such reply received by him, during 2009, Food and Drug Administration (FDA) seized stocks of Red Bull Energy drink. After testing, the FDA found that the energy drink contained 200mg per litre caffeine, more than the permitted level. After that the judicial magistrate at Alibaug directed the authorities to destroy the stock seized from the energy drink company.
Similarly, in July 2011, the Centre of Science and Environment (CSE) had conducted a study on energy drink brands in India, like Red Bull and Cloud 9. The study found that 44% of the samples had caffeine levels higher than the limit of 145 mg per litre back then. The study showed that Red Bull, Coca Cola’s Burn and Monster energy drink had two times more caffeine than Prevention of Food Adulteration Act, 1954 (PFA)
(Special report and energy report card)
According to Wikipedia.org , excessive consumption of energy drinks may induce mild to moderate euphoria primarily caused by stimulant properties of caffeine and may also induce agitation, anxiety, irritability and insomnia. Consumption of a single energy drink will not lead to excessive caffeine intake, but consumption of two or more drinks in a single day can. Adverse effects associated with caffeine consumption in amounts greater than 400 mg include nervousness, irritability, sleeplessness, increased urination, abnormal heart rhythms (arrhythmia), and dyspepsia.
In the US, energy drinks have been linked with reports of nausea, abnormal heart rhythms and emergency room visits. The drinks may cause seizures due to the "crash" following the energy high that occurs after consumption. Caffeine dosage is not required to be on the product label for food in the United States, unlike drugs, but some advocates are urging the FDA to change this practice, Wikipedia says.
Energy drink manufacturer in India wanted the FSSAI to increase caffeine limit to 320 mg per litre, which they claimed was safe and average for daily consumption. Counter-arguing on this claim, experts warned them against this decision, as the new limit would mean highly excessive amounts of caffeine. Standards for energy drinks clearly mention side effects of caffeine overdose, but the FSSAI still went ahead and increased the caffeine content limit. FSSAI not only failed to take any action against the violators of the PFA, but also issued the new standards in their favour.
(Standards of energy drinks)
After increasing the maximum caffeine limit in energy drinks, FSSAI also laid down new standards, which state that “Energy drinks in India will have to strip off their “energy” tag and instead be renamed as “caffeinated beverages”. Such beverages must also carry a safety warning for consumers stating that such drinks are not recommended for “children, pregnant or lactating women, and persons sensitive to caffeine and sportsperson”, and “no more than two cans per day”.
While FSSAI laid down some generic regulations for energy drink companies, they failed to take into account the side effects this caffeine consumption can have on youth as well as adults alike. In November 2010, the University of Texas Medical School at Houston reported that energy drinks contain more caffeine than a strong cup of coffee, and that the caffeine combined with other ingredients (sometimes not reported correctly on labels) such as guarana, taurine, other herbs, vitamins and minerals may interact.
Dr Shenoy says, “Studies show that 30 milligrams or less of caffeine can alter self-reports of mood and affect behaviour and 100 mg per day can lead to physical dependence and withdrawal symptoms upon abstinence. Caffeine withdrawal, or lack of consumption of the daily caffeine limit is equally harmful for people. The potential for caffeine withdrawal to cause clinically significant distress or impairment malfunctioning is reflected by the inclusion of caffeine withdrawal as an official diagnosis in ICD-10 (World Health Organization) and as a proposed diagnosis in DSM-IV (American Psychiatric Association). Although most research on withdrawal has been performed with adults, there is also evidence that children experience withdrawal effects during caffeine abstinence”.
Market research firm Euromonitor calculated that the global energy drink market was worth $3.8 billion in 1999 and this value grew to $27.5 billion in 2013. According to Wikipedia, during 2000 the US energy drink market was worth $350 million and data from the Packaged Facts company shows that the industry grew by 60% between 2008 and 2012 in the US—by 2012 total US sales were over $12.5 Billion. Red Bull and Monster were the two best-selling brands in 2012, accounting for nearly 80% of US energy drink sales, and the energy shot market is worth over $1 billion in 2014.
The energy drink Red Bull did not get market approval in France after the death of an 18-year-old Irish athlete, Ross Cooney, who died within hours after playing a basketball game and consuming four cans of the product. This market approval was challenged in the European Court of Justice in 2004, and consequently lifted. Norway did not allow Red Bull for a time, although this has recently been revoked. The UK investigated the drink, but only issued a warning against its consumption by children and pregnant women.
Considering the widespread sale and popularity of energy drinks such a drastic measure taken by the FSSAI will have a severe negative impact on consumers from India.