What is Heartbleed and how do I make myself safe?

There's a good chance you have heard of Heartbleed. It has, after all, been causing the internet a great deal of heartache. This security cock-up has left a great portion of internet information unsecured.

On April 7, a fixed version of OpenSSL, which is where the issue lies, was released to seal up the security hole. It was also the time the issue was publicly disclosed and the full extent of the damage began to emerge.

Because the vulnerability is a problem at an internet level, Heartbleed has left vast swathes of private internet data prime for the pickings. Essentially the security keys used to keep your password and names you use to keep your data safe could be compromised by anyone with the know-how.

Large numbers of websites have been affected, including some of the biggest on the internet. So here's our guide to what Heartbleed is and how to protect against it.

Can I catch Heartbleed? 

No, even if you frequent some especially dark corners of the internet. Although widely reported as a virus or hack, Heartbleed is actually a vulnerability. Imagine the internet is a castle and SSL/TLS encryption is a part of the wall and moat around it used to keep out invaders. A mistake by a German software programmer basically left a small door open in the wall for invaders to get in.

Should I be concerned? 

Yes and no. Heartbleed makes it possible for people to extract sensitive data such as your name and password information thereby allowing them to impersonate you. It also means your personal internet life is open to other viewers, including (potentially) your bank account or credit card numbers.

A number of websites have already patched the OpenSSL vulnerability, but that is only half of the problem. You see, if somebody has managed to sneak into the internet castle through the aforementioned small door and has seen your password, no amount of security updates to a website will change that fact (unless the website forces a password reset, of course).

What precautions should I take? 

Website Mashable created a useful Heartbleed Hitlist. The list shows a number of the affected websites and the actions you need to take to be safe. The list is US-centric but it covers most of the major bases.

At worst you will need to reset your password so that anyone who knows your old password is no longer able to access your information. Facebook, for instance, requires a password change. Instagram, Twitter and Pinterest were also affected, while LinkedIn was okay because it never used 'the offending implementation of OpenSSL'. Some companies, such as Google, have advised a password change just to be on the safe side.

We would suggest you change any password where you have been advised to do so. It's a hassle, granted, but the alternative is somebody pretending to be you for criminal reasons.

There is, of course, little point in changing your password if the website involved is still yet to patch the problem. You will need to wait for confirmation before proceeding in this instance.

Can I safeguard against future vulnerabilities? 

Technically when a software programming error or bug hands 'hackers' the keys to personal data there is little you can do. But you can at least limit the damage by having different passwords for every internet service you use. If your password is the same for everything it only takes one password leak for you to be vulnerable.

Use multiple passwords and consider changing them every few months or so. Avoid storing passwords and/or sensitive data on a device without a passcode, just in case you lose the device or it gets stolen.

A number of websites use two-step authentication. Google, for instance, requires you to enter your email address and password and then a six-digit passcode that is texted to you. Access is only granted if you have the two steps of authentication. This will make you more secure.

You could also use any tool that allows you to logout of any and all devices, Facebook being one example. This will force you and anyone else to re-login, which will require your new password. Therefore, anyone who shouldn't be looking will be locked out.

Anything else? 

Most websites (affected or not) will have an official webpage, email or statement out there for the benefit of their users. A quick Google should bring up the spiel you need and any specific advice you should undertake to be safe. More information on the complexities of Heartbleed can be found on the official Heartbleed website.

Wirelessly Charging Your Gadgets

Wirelessly Charging Your Gadgets

Thanks to a new mobile device charging standard, it’s possible to keep your phone charged up without ever fumbling with the tiny microUSB charging cable again. Read on as we review the RAVPower wireless charger, show you how to set up a phone for wireless charging, and talk about how we went from skeptical to entirely in love with the whole wireless charging process.

Wireless Charging?

Before we even dive into reviewing the actual unit and showing you how to use it, let’s talk about how it works. While we’re reviewing a specific wireless charger, the charger (and all others like it) use the Qi wireless power interface developed and backed by the Wireless Power Consortium. To be clear, this isn’t a gimmick from one company, it’s a new and officially adopted standard for wireless device charging.

To use the technology you need a Qi charger and a Qi-enabled device (some newer devices come Qi-enabled, others require a $10-15 add-on to retrofit them for Qi-charging). The Qi wireless charging system works by pairing two planar coils of wire and linking them via magnetism; the energy is transferred between the units using the principle of magnetic induction.

The base unit has a wire coil in it that is magnetically energized and radiates this energy a few centimeters above the unit. When a mobile device with a matching planar coil using the Qi standard is placed atop the charging mat, the two systems communicate and then the energy output from the base is increased from the lower device-detecting level to the higher device-charging level. The coil in the device absorbs the magnetic energy and the microcircuit attached to the coil converts the magnetic energy to electrical energy and recharges the battery.

The output of the coil in the device is carefully controlled to match the output of the traditional wall charger the device would use and then it is stepped down accordingly. In other words, if the transformer for your phone is designed for 5v delivered at 1A from the wall charger and then stepped down to 700mA before it reaches the battery, that’s exactly what a compatible Qi charger will provide.

If you’re interested in learning more about the technical specifications of the Qi charging system, definitely check out the Wikipedia entry for Qi – Inductive Power Standard and visit the Wireless Power Consortium where you can read everything from an introductory guide to the power schematic sheets.

Setting Up Your Device for Qi-based Charging

If you have a newer smartphone or tablet with built-in Qi charging, there’s no setup necessary. In industry lingo, these phones are known as “Qi Integrated” devices, but the manufacturer might simply bill them as “wireless charging built-in” or the like in order to provide a more consumer friendly description.

Google’s Nexus 4, 5 (phones), and 7 (tablet), for example, all come with built-in Qi charging, no modification necessary. A simple search engine query for your phone model and “Qi charging” should reveal whether your phone has it built-in or not.

As of this review, however, there are far more “Qi Ready” than “Qi Integrated” phones, so you’ll likely need to add a charging coil to your phone. Qi Ready phones are phones that have secondary battery contact points where the Qi add-on or another power source can be attached to the device. The device we paired with the RAVPower charging unit, the Samsung Galaxy SIII, is a Qi Ready phone and, as such, it’s perfect to show how simple the Qi upgrade process is.

In the photograph above, you can see the phone in the center, with the back cover removed (at left) and the SainSonic-brand Qi add-on (at right). To be clear, you will need to purchase an add-on module designed specifically for your device, as the placement of the contact points on Qi Ready devices is not part of the standard and each device needs a matching coil module. Search for your phone model and “Qi charger” to find a matching module.

Attaching the module is extremely simple. Let’s look at a closeup of the underside of the module:

Those little gold contacts attach to the contact points on the back of the naked SIII unit. Here’s what the module looks like laid on the back of the SIII but not completely seated (so you can see the on-phone contact points and how they fit together with the module):

The module had a small amount of double-sided adhesive near the contact points, but we found the adhesive wasn’t even necessary. The contacts fit neatly into the indentations on the back of the phone:

Then, once you replace the back of the case the contacts are even more firmly pressed together:

We’ve included a photo of the phone reassembled to highlight how slender the add-on module is. The SIII has a verythin back case and we were concerned that either the module wouldn’t fit or it would distort the case. If you run your fingers down the case you can, in fact, feel a very slight bulge, but the bulge isn’t visible and doesn’t appear to have in anyway distorted the plastic or created any points where the back doesn’t firmly connect with the body of the phone.

Now that we’ve prepped the phone for wireless charging let’s take a look at the wireless charger itself.

Using the RAVPower Qi Travel Charger

We’re pairing the now-Qi-enabled phone with the RAVPower Qi Travel Charger, a $30 overnight bag/pocket friendly Qi wireless charger.

While we were a bit apprehensive about the small size of the unit (it’s the same width as the SIII but only half the length) because we were worried the phone would fall off or the charging unit and the coil in the phone would fail to line up properly, our concerns were entirely unfounded.

The grey ring around the power logo in the center of the charger is non-skid rubber and the phone sits just fine on the device. If you’d prefer a charging pad that’s larger and completely supports your phone, however, you can pick up the travel unit’s beefier sibling of the RAVPower Qi Charging Pad for $36. The larger model offers a charging platform roughly the size of a 4×6 photo, which is quite spacious compared to the 3″ circle provided by the travel-size unit.

Once you’ve plugged the wireless charger into the wall (using the included USB wall transformer) or to an appropriately powered USB port on your computer, the rest is simple. Unlike other wireless standards you may be more familiar with like Bluetooth, there’s no pairing or identification required. All you need to do is set the Qi-enabled device on top of the charger like so:

That’s all there is to it. As soon as a Qi-enable reception coil is within the very small communication zone of the charger’s coil, the charger turns on and begins transmitting energy to the device.

You may have noticed that, unlike the first image in our review, the SIII now has a case on. One of the primary complaints consumers have regarding wireless charging is that thick cases separate the induction coil in the device too far away from the power coil in the base unit and the device fails to charge. Given that we keep this SIII in a pretty thick Otterbox case, we had a legitimate concern that as soon as we put the case back on we’d lose the ability to wirelessly charge.

While it’s possible a cheaper charger and a more powerful rated Qi battery module wouldn’t have been able to deal with the thickness of the Otterbox’s silicone and plastic case, both the RAVPower charger and the SainSonic-brand battery module we put in the SIII were up to the challenge. While your mileage will vary widely based on the thickness of your device’s case and the material it is made out of, starting with quality components goes a long way towards avoiding any case-related problems.

 The Good, The Bad, and The Verdict

It was easy to retrofit our phone, it was easy to set up, but is it worth using long term? Lets break it down.

The Good:

• Newer phones come Qi-enabled, older phones can be retrofitted for around $10.
• No more fumbling with the charging cord; no more concerns you’ll eventually turf your microUSB port after the 1,000+ plug in.
• Works as well as a regular wall charger, we were unable to measure any difference in battery charging between the RAVPower charger and the regular phone wall charger.
• Dead simple to use. Once set up you simply place the device on the base. Qi chargers and enabled devices are 100% cross compatible, so any Qi-enabled device will work on your charging base and in turn your enabled-device will work on your friend’s charging base.
• Concerns about the small size of the RAVPower travel charger’s base were unfounded; despite small footprint, it held large phones with no problem.

The Bad:

• $30-40 for a charging base is more than many people will be willing to pay for convenience.
• The induction-based power transfer the Qi charging standard is based on introduces heat. This isn’t a design flaw with the RAVPower unit mind you, but an unavoidable side effect of the wireless system at play. Increased heat has the potential to decrease, however minutely, the lifespan of your phone’s battery.
• The lithium-ion batteries found in phones and mobile devices do best when drained approximately 50% and then recharged. Frequent total discharges and frequent recharging when the battery has barely been depleted reduces battery life. It’s so easy to just “hang” the phone up onto the charging base like you’re putting a wired phone back on the cradle that it would be easy to tax your battery with lots of 90% to 100% charge cycles.

The Verdict: The Qi charging system is incredibly convenient and any apprehension we had about it (concerns it would be kludgy, gimmicky, or wouldn’t work with our phone case) have vanished. The RAVPower unit itself works wonderfully and any potential complaint we can lodge relates specifically to the standard itself and not the unit, specifically that the Qi wireless charging standard has the potentially to prematurely shorten the life of your battery. Still, given that a replacement battery for most phones is around $10 and it would take years of use for that extra heat and frequent charging to really put a dent in your battery life, the convenience of the wireless charging station completely wins out.