Heartbleed incident reminds us nothing is really protected
Questions on finding out about Heartbleed vulnerability; fears outage damaged tax software; copying messages to new Outlook 2013
Special to The Seattle Times
Q: With respect to the Heartbleed vulnerability, how can anyone really know whether the sites we go to have been updated?
I basically do all my banking and bill paying online, Facebook occasionally and most of my online shopping is through Amazon.com, eBay and a few sites I (hope I) can trust!
How in the world is anyone supposed to really know what sites are bad, when surfing is a daily part of researching things on the Internet? Any suggestions?
— Maxine Davies, Everett
A: For those who don’t know, Heartbleed is a vulnerability in OpenSSL, which is widely used on secure Web servers.
So if you’ve put credit-card numbers or other sensitive information on a website, you have good reason to want to know if that site has installed the patch that was issued in early April, and to know if the site was vulnerable before that patch.
Here are two links you can use:
LastPass — https://lastpass.com/heartbleed — will let you check whether a specified site was vulnerable in the past.
Heartbleed Test — https://filippo.io/Heartbleed/ — will show you whether the specified site is currently vulnerable.
But the more significant thing about the Heartbleed incident is that it reminds us that nothing is really protected. What other pieces of supposedly secure code have as yet undetected vulnerabilities?
Q: I prepared my federal income tax on H&R Block software, then submitted it by E-File, which was accepted. I later received another tax document that required my form to be amended.
Meanwhile, my computer blacked out from battery failure caused by an electrician failing to plug it back in after replacing the socket. When the computer was up and running I attempted to amend the tax, but I found many random changes to data entries. I believe the tax software was damaged by the outage.
This is very serious since it involves the IRS. I believe that H&R Block should be made aware of this software sensitivity.
— Carol D. Greene
A: Were you working with H&R Block’s online tax preparation (via the Web) or was this using software you installed on your computer?
If this is about software and data on your computer, it doesn’t really have anything to do with H&R Block. Power failures can result in corrupted disk drives, which can mean corrupted programs and data.
If this is a problem with Block’s online tax software, I do suggest that you contact H&R Block.
Q: I decided to move from Outlook Express to Outlook 2013 when I upgraded to a new Windows 8.1 computer. To my surprise, however, I can’t find a way to copy my messages to the new Outlook 2013 client. There must be a way, yes?
— CT, West Seattle
A: There is, but it can take a few steps.
I’m guessing you’re running the 64-bit version of Outlook 2013, and you can’t import messages directly from Outlook Express. The easiest way to get around this problem is to install the 32-bit version of Outlook to the old computer and then import the Outlook Express messages.
To do so, in Outlook, click on the File menu and then on Import and Export. Next, select “Import Internet Mail and Addresses,” then select Outlook Express. Finally, click on Import Mail.
Once you’ve gotten the mail into Outlook, export the messages to a PST file, which you can then copy to the new computer and import into the 64-bit version of Outlook 2013.
And before you ask, no, I have no idea why Microsoft couldn’t figure a way to make the 64-bit version of Outlook capable of importing the Outlook Express mail directly.
Questions for Patrick Marshall may be sent by email to firstname.lastname@example.org or email@example.com, or by mail at Q&A/Technology, The Seattle Times, P.O. Box 70, Seattle, WA 98111. More columns at www.seattletimes.com/