The surreal world that is the United States Intelligence Community has recently released a statement over the Heartbleed vulnerability as a rebuttal to an article from Bloomberg. The government's statement is as follows:

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.

There are a number of issues I'd like to point out from this (aka the bleedin' obvious)...

Tomorrow, March 7th 2014, is the scheduled IPO for Coupons.com, Inc. For those interested (or not), here's my 10 cents on why the SEC filing is a little on the conservative side (they always are). It says Coupons.com, Inc. has never been profitable since they began in 1998. While that's true, it isn't completely true. In another lifetime, Coupons.com was once profitable, under the brand name CouponNet, and I have every confidence that Coupons.com, Inc. will be profitable too.

20 years-ago, I registered a couple of domain names - Coupon.com and Coupons.com. In fact, I had to fight hard to register Coupons.com because, back in 1994, Network Solutions were only registering one domain name per applicant. After carefully explaining that coupons.com was the plural of coupon.com, and that Network Solutions would find themselves with an intellectual property dispute if they registered it to someone else, they reluctantly registered the domain name to me. In December of 1994, I put the first downloadable coupon on the web, which was for a British pub in the Los Angeles area (not exactly a surprise for those of you who know me).

Bruce Schneier says that the NSA is too big and powerful and that it's time to break up the agency:

Broadly speaking, three types of NSA surveillance programs were exposed by the documents released by Edward Snowden. And while the media tends to lump them together, understanding their differences is critical to understanding how to divide up the NSA's missions.

http://edition.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/index.ht…

In an earlier blog post, I covered the effect of the NSA on the attorney/client relationship. Now the American Bar Association has woken up and is taking the matter seriously. Apparently, it took the revelations that the NSA was spying on an American law firm in order for the ABA to put on their super hero cape and type up a letter.

Yes. You can fly with your guitar as carry-on. And it's the law. In 2012, President Obama signed into law the ‘‘FAA Modernization and Reform Act of 2012,’’ which, along with provisions for enhancing runway safety and easing restrictions on transporting lithium batteries, contains the following text:

SEC. 403. MUSICAL INSTRUMENTS.
(a) IN GENERAL—Subchapter I of chapter 417 is amended by adding at the end the following:

‘‘§ 41724. Musical instruments
‘‘(a) IN GENERAL—
‘‘(1) SMALL INSTRUMENTS AS CARRY-ON BAGGAGE.—An air carrier providing air transportation shall permit a passenger to carry a violin, guitar, or other musical instrument in the aircraft cabin, without charging the passenger a fee in addition to any standard fee that carrier may require for comparable carry-on baggage, if—

‘‘(A) the instrument can be stowed safely in a suitable baggage compartment in the aircraft cabin or under a passenger seat, in accordance with the requirements for carriage of carry-on baggage or cargo established by the Administrator; and

‘‘(B) there is space for such stowage at the time the passenger boards the aircraft.

On Monday, the Chaos Computer Club (CCC) and the International League for Human Rights (ILMR), have filed a criminal complaint with the Federal Prosecutor General's office. The complaint is directed against the German federal government, the presidents of the German secret services, namely Bundesnachrichtendienst, Militärischer Abschirmdienst, Bundesamt für Verfassungschutz, and others.

The Wattkins Universal PCB is one of the basic building blocks for building a guitar amplifier with up to four vacuum tubes. It supports most amp designs (it started out life as a Fender 5E3 Tweed Deluxe), including support for Paraphase, Cathodyne and Long Tail Pair phase inverter as well as Cathode or Fixed Bias. As well as the more common 12AX7 & EF86 pre-amp tubes, it also supports Russian pre-amp tubes such as 6N2P & 6J32P with the heaters on pins 4 & 5. Output tubes supported include 6V6, 6L6 and 5881.

How the "Internet of Things" is going to make your life simpler, easier, and more worry-free. I jest, of course... your home appliances will need cyber-security...

Over the December holidays, one of our researchers discovered proof of a much-theorized but we believe never before seen in the wild security breach.

You thought the news about banking apps was bad. Well, it's not just the banking apps...

The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

IOActive have just published a report covering the security of online banking apps for mobile devices. They found that:

• 90% of the apps they tested had security vulnerabilities.
• 70% of the apps offered no support at all for two-factor authentication.
  This is where a third token is used for extra security in addition to the user name and password. It could be a picture identification, a pin code, or one-time password sent via SMS (text message) to the user.
• 40% of the apps accepted any SSL certificate for secure HTTP traffic.
  This is a major issue as it completely invalidates the chain of trust between you and your bank, and allows anyone to misdirect you to a phishing site, for example while you are using an untrusted network such as a Wi-Fi hotspot. The magnitude of this issue is that you cannot detect this happening, and there's nothing you can do to stop it.