August 20, 2019

Archives for April 17, 2014

Five Things to Know About Heartbleed

heartbleedThe news media has been abuzz with talk of the Heartbleed bug, a recently discovered vulnerability to commonly used security software. Here are answers to some common questions about Heartbleed.

1. What is Heartbleed?

Heartbleed is a vulnerability to OpenSSL, a widely used encryption program. The vulnerability was inadvertently created while trying to fix a different bug. Although the Heartbleed vulnerability has been present in OpenSSL for two years, it was only recently discovered. The vulnerability created by Heartbleed could allow hackers to steal passwords, credit card data, or Social Security numbers from websites, home routers, smartphones running older Android operating systems, and other web-connected devices.

2. Which websites were affected?

Many commonly used websites use OpenSSL, including Facebook, Google, Gmail, YouTube, Yahoo, and Wikipedia. A website called LastPass has a handy Heartbleed checker, where you can enter a URL and see if it is vulnerable or safe. Another website, Mashable, created a “Heartbleed Hit-List” compiling vulnerability info for many sites.

3. Which websites were not affected?

Fortunately, most banking websites use more stringent security measures, so they were not affected by Heartbleed. Websites that were not affected include Amazon, AOL, Bank of America, Chase, LinkedIn, Hotmail, Outlook, PayPal, U.S. Bank, and Wells Fargo, among others. The CBA and CLE websites also were not compromised; neither uses OpenSSL.

4. What can I do to protect my information?

Most of the affected websites have issued patches by now. If the website was not vulnerable, you do not need to do anything (except keep up with regular password changes). If the website was vulnerable but has now been patched, change your password immediately. Secure passwords contain combinations of letters, numbers, and special characters, and should not be names, birthdates, or any other easily discoverable information. It is advisable to use different passwords for each website you frequent; websites like LastPass can help you keep track of these as well.

5. What about confidential client information?

Hopefully, most confidential client information would not have been vulnerable to Heartbleed. Aaron Street of The Lawyerist wrote a great article called “Heartbleed: What Lawyers and Law Firms Need to Know” that explains why client information is probably not susceptible. He also addresses the important question of safety in the cloud, particularly after Heartbleed and the Target data breach last fall.

As technology advances and its use becomes more widespread, safety breaches like Heartbleed will become more common. Heartbleed is a reminder that internet safety is important for everyone.

Tenth Circuit: District Court Does Not Err by Referring to Sentencing Guidelines

The Tenth Circuit Court of Appeals issued its opinion in United States v. Grigsby on Tuesday, April 15, 2014.

Defendant Grigsby pled guilty to eight counts of sexual exploitation of a nine-year-old child for the purpose of producing visual depictions, one count of possessing with intent to view child pornography, and one count of being a felon in possession of a firearm, and was sentenced to 260 years in prison. He appealed his 260-year sentence imposed pursuant to the child pornography production guideline, U.S.S.G. § 2G2.1. Defendant contended that the guideline is “defective” because it routinely generates offense levels that result in a recommended guideline sentence in excess of the statutory maximum, and fails to distinguish between levels of culpability by establishing enhancements for conduct present in most cases and thus undeserving of punishment beyond the core offense.

Based on a total offense level of 43 and a criminal history category of II, Defendant’s initial guideline imprisonment range under the 2012 version of the Guidelines was life. But because the statutory maximum sentence of 260 years was less than life, U.S.S.G. § 5G1.2(b) established the former term as the recommended guideline sentence. Following that recommendation, the district court sentenced Defendant to 260 years imprisonment. In deciding Defendant’s sentence was sufficient but not greater than necessary to meet the sentencing factors identified in § 3553(a)(2), the court referred to the emotional damage Defendant caused his victim, the antisocial behavior Defendant had engaged in over the course of his life, and the public’s need for protection from Defendant.

A district court does not err by deferring to the Guidelines where the sentence imposed is justified in light of the factors set forth in 18 U.S.C. § 3553(a). The Tenth Circuit affirmed Defendant’s sentence.

Tenth Circuit: Unpublished Opinions, 4/17/2014

On Thursday, April 17, 2014, the Tenth Circuit Court of Appeals issued no published opinion and one unpublished opinion.

May v. State of Kansas

Case summaries are not provided for unpublished opinions. However, published opinions are summarized and provided by Legal Connection.

SB 14-182: Revising Requirements for Minutes and Recording of Meetings of Boards of Education of School Districts While in Executive Session

On April 4, 2014, Sen. Mary Hodge introduced SB 14-182 – Concerning Procedures Governing Discussions by Boards of Education of School Districts while Meeting in Executive Session. This summary is published here courtesy of the Colorado Bar Association’s e-Legislative Report.

Under current law, the minutes of a meeting of a local public body during which an executive session is held are required to reflect the topic of the discussion at the executive session. In the case of a meeting of a local board of education (board) during which an executive session is held, the bill additionally requires the minutes to reflect the amount of time each topic was discussed while the board was meeting in executive session. The bill requires the minutes along with the amount of time each topic was discussed to be posted on the web site of the board not later than 10 business days following the meeting at which the minutes are approved by the board. If the board of education does not maintain a web site, the minutes must be published in the same manner as the board regularly provides public notice. The bill requires the board to comply with all other requirements pertaining to the holding of a meeting in executive session.

The bill further requires the record of an executive session of a board that is electronically recorded, including the actual electronic recording, to be retained for at least 24 months after the date of the executive session.

The bill is assigned to the Education Committee; the bill is scheduled for committee review on Wednesday, April 16 “Upon Adjournment.”

SB 14-181: Prohibiting the Use of Automated Vehicle Identification Systems for Traffic Law Enforcement

On April 4, 2014, Sen. Scott Renfroe introduced SB 14-181 – Concerning the Elimination of the Use of Automated Vehicle Identification Systems for Traffic Law Enforcement. This summary is published here courtesy of the Colorado Bar Association’s e-Legislative Report.

The bill repeals the authorization for the state, a county, a city and county, or a municipality to use automated vehicle identification systems to identify violators of traffic regulations and issue citations based on photographic evidence, and creates a prohibition on such activity.

The bill repeals the authorization for the department of safety to use an automated vehicle identification system to detect speeding violations within a highway maintenance, repair, or construction zone.

The bill is assigned to the State, Veterans, & Military Affairs Committee; the bill is scheduled for committee review on Monday, April 14 at 1:30 p.m.

Since this summary, the State, Veterans, & Military Affairs Committee referred the bill, amended, to the Senate Committee of the Whole.

SB 14-179: Creating a Flood Debris Cleanup Grant Account to Aid Watershed Cleanup Following September 2013 Flood

On April 1, 2014, Sen. Jeanne Nicholson introduced SB 14-179 – Concerning the Creation of a Flood Debris Cleanup Grant Account to Facilitate Watershed Cleanup Efforts in Areas Affected by the September 2013 Flood, and, in Connection Therewith, Making an Appropriation. This summary is published here courtesy of the Colorado Bar Association’s e-Legislative Report.

In response to the September 2013 flood, as introduced, the bill creates a flood debris cleanup grant account in the flood and drought response fund for the purpose of allowing the Colorado water conservation board to make grants to help pay the costs of watershed cleanup in areas affected by the flood. The bill makes a statutory appropriation of $5,000,000 to the board for implementation of the grant program. The appropriation and the special account are both subject to automatic repeal on July 1, 2015.

On April 8, Local Government Committee amended the bill and sent it to the Appropriations Committee; on Friday, April 11, the Appropriations Committee amended the bill and sent it to the Senate 2nd Reading Consent calendar.

Since this summary, the bill passed the Senate on Second and Third Readings, with amendments on Second Reading. The bill was introduced in the House and assigned to the Local Government Committee.