The Heartbleed bug is everywhere, so it is nice to understand it a little. xkcd has drawn it, but a few words might help to interpret his comic. The “heartbeat” option allows a computer to check that it still has a connection to a server. The computer sends a message, for example “asdfgh” that the server repeats back to acknowledge that it is there. Now, the bug allows tricking the server by telling it that the message sent is much longer than it really is, for example saying that the message “asdfgh” is 64 000 characters. Then the server does not stop after “asdfgh,” but continues with further 63 994 characters from its memory. Since many people use one server, these extra characters may contain usernames and passwords that other people have entered. The heart bleeds.
More information and advice about how to protect oneself at Vox or thousands of other places.
Surveillance gets a bad rap these days, but here is another perspective, stated clearly for once: Stuart Armstrong writing in the Aeon magazine spells out what the benefits of total surveillance might be. Summary: less crime, fewer resources spent on police and military, prevent pandemics and terrorists, help disaster response, provide data for research, practical applications, more global trust. (And he duly notes: “these potential benefits aren’t the whole story on mass surveillance.”)
Confused about debates about cybersecurity? A series of posts by Henry Farrell at the Monkey Cage blog seems a good place to start. First out, the importance of recognising that the two main sides have different points of view on what “security” means:
[C]ybersecurity is riven by disagreements over what security is in the first place. Is it a technical problem (which could be solved by computer system administrators, working alone or quietly coordinating with each other)? Or is it a national security problem (which requires a large scale collective effort, organized by the U.S. government, to defend against existential threats to the homeland)?