News about cyber security. Researchers have discovered a bug that affects open ssl software, supposedly ensuring that the information stays private. With this, people who know about it can exploit the glitch to get access to private information, your passwords, your credit card information. Cory johnson and i spoke with dave chronister, the founder of parameter securities. We asked them what exactly happened here and why it took so long for security researchers to find this bug. The first point we should make is that it was found by google researchers and some researchers from a Company Called codenomicon. While the bug is tremendously powerful and important, theres also a fix available to it. Most large websites at this point have pushed out that fix. As you guys were discussing, this is a flaw in the Encryption Software used by two thirds of the worlds internet sites. It is opensource software, so that means it is communitycreated and communitydeveloped. The fact that this flaw has been around for two years raises some interesting questions about who knew about it before. Let me bring you in on this. Is this a victory for open source . Is it a failure of open source because so many people were using it because it was free . You know, i wouldnt even look at either one of those. One of the things we really have to understand is that the problem with these is that theyre out there all the time. It doesnt make you better or worse if it takes two years to find it. There are a lot of exploitable sets they havent found fixes for. However, i would say one of the nice things about the open source is you do have other people looking at the source code to be able to find this. However, like the previous commenters said, you dont know who else has seen this in the past two years that may have actually exploited it. Lets talk about what they actually see, jordan. You put together some good visuals of what the information looks like unencrypted. It is not obvious. I cant see my password ands in this information. You have to be quite skilled to interpret it, right . A researcher from the netherlands did some interesting stuff yesterday as soon as the disclosure came out very he was able to run some tests on popular websites. This is what looks like unencrypted. Yes, this is from yahoo s website. Yahoo has since fixed the problem. He was able to say, i can grab usernames and passwords from yahoo email. Yahoo , heres the problem, you should fix it. And they did. It looks like gibberish to the untrained eye, but within that is contained some valuable details. Which companies were vulnerable and when. The Biggest Tech Companies like google, facebook, amazon, seem to have avoided this. It is a great question. We dont really know the answer to it. Yahoo was vulnerable and didnt fix it until yesterday. Google and facebook said they are not vulnerable. What we dont know is if they were vulnerable before it was fixed or if they were never vulnerable in the first place. A lot of Large Organizations like banks were never vulnerable because they dont use opened ssl. Theres a wide range of Web Companies that were either vulnerable before and have been fixed or were never vulnerable in the first place. We just dont know the answer. Its interesting to me that the most threatening thing of all was the ability to see into any computers ram. Right, let me take a step back. I would not say that banks were not vulnerable, because you have to understand that ssl not only used on websites, but vpn and email. Atms, all of these used ssl. The question is, were they using a vulnerable version of that. To say that the fix has been put out, the fix has been put out by the open ssl foundation. In fact, i was on a flight last night. I was compiling at 10 p. M. To get your question, yes, you are actually looking at arbitrary data in the working ram. This is where the temporary data is held. One of the things to understand is this is arbitrary. I cant pick what sort of information i am getting. It is just handing me random data. That is where it gets good and bad. It could be from any Program Running on that server, but i cant pick and choose. So, jordan, what should we do . Should we change our passwords now . How do we know if our information was compromised . From this point, it is probably wise to change your password. The interesting part is it is probably less to protect yourself against criminal hackers. We dont have evidence of a new how to do this. It is more to protect yourself against Intelligence Services. This is been around for two years. The likelihood that Intelligence Services did not know about this is probably low. It is good internet hygiene to change your passwords. If you know that a site is fixed the bug. You might want to wait until they fix it, otherwise youre still disclosing it semipublic way. It is always Good Practice to change your passwords. That was Bloomberg News jordan robertson. Still to come, we are digging into how the comcastTime Warner Cable merger is affecting competition. More when we come back. This is the best of bloomberg west. Im emily chang. A hearing to talk about the proposed comcast Time Warner Cable merger. Comcast argued the Corporate Union was good for business, but is it . Our editoratlarge cory johnson and i spoke with visiting professor Susan Crawford very and author of captive audience. S\he wrote a piece in Bloomberg View entitled comcast pretends its merger plan is a gift to us. We asked her what she meant by that. They say there are semiPublic Interest benefits in this merger that it has to go through. Their job is to create an air of inevitability about this deal. The politics are now drifting against comcasts plan. It is not at all clear that the Public Interest concessions are claiming to be making are actually in the Public Interest in the long run. Theres a lot of interesting news today about the merger. Senator franken pointed out that the comcast savings are not going to be passed on to consumers. Is that kind of thing typically made in a merger . Concession to consumers that prices will come down . They have this obligation to prove to the fcc that this merger is affirmatively in the Public Interest. What theyre saying is, whatever were going to do is not going to add up into Lower Consumer prices. It is more efficient for them to drive down the pricing of programming and get Everything Else they buy at much lower prices, but no particular consumer benefit. Yes, they have an obligation to show that the Public Interest is served by this merger. As far as i can tell, theyre not making that case for strongly. And yet the hearing today showed that theyre going to have a tougher sell than potentially they thought they might. What is the case that this doesnt get approved . Theyre going to take this merger extraordinarily seriously. David cohen keeps saying we dont compete in any geographical area. That is like the five families saying we have made peace. The cable organizations a long time ago divided up the nation among themselves. That gives them enormous gathered power over every other element of the media ecosystem, everything from programming to devices, and particularly for highspeed internet access. It is about even at this point. Well see a very long series of hearings and meetings going on at the fcc and the department of justice. Did you just compare the Cable Companies to the mafia . They have clustered their systems, and they never enter each others footprints. Now, comcast uses that as a plus for the merger. No competition will be reduced by the fact that this merger happens. When they merged with nbcu, they said that would be ok because no competition would be reduced because comcast was not in programming. It is almost as if no possible merger involving comcast could ever harm the consumer interest. Susan, where do the apples and googles fit into this debate . Their futures are in many ways dependent on the good graces of the Cable Companies. For highspeed internet access, the Cable Companies of america are dominant. For about 77 of americans, their only choice for highspeed internet net access is the cable monopoly. Comcast is saying theyre afraid of google and apple and facebook and the others. The fact is, they are frenemies at best. Theyre all working together for constantly higher price. Comcast has the wiring into peoples home. That is the official gatekeeping function that gives comcast its enormous power. Susan, in your book you make a pretty convincing argument that monopoly law as it is written does not really understand how these systems work in this new era and that the geographic comparison does not work. What is the right way to interpret monopoly law as it applies to this, without having to change a law . Comcast has such enormous buying power with this merger. It will be buying all the programming it is setting prices for. It will be buying all the devices that consumers have in their homes. That power has not been examined by the antitrust laws as strenuously as horizontal merger rules have heard comcast is going to be shaping entire markets. Everyone is going to have to do things their way if this merger goes through. I know the department of justice will be looking at this very closely from that perspective. Fcc hasnt even broader interest. They need to find out whether it is affirmatively in the Public Interest. Quickly, susan. Is there any precedent for this type of merger . What should we look out for some indication about how this might play out . We should really think back to the days of ma belle. These Cable Companies have as much power as the old at t did over telephony. There being allowed to vertically integrate all kinds of markets. They are absolutely without any oversight or competition. We have a lot of work to do. The company should be on an entirely different trajectory at this point. That was Susan Crawford. Biz stone has a new documentary documenting his rise in Silicon Valley after twitter. That is coming up next. Welcome back, im emily chang. This is the best of bloomberg west. Biz stone is the founder of twitter and also a cofounder of jelly. He is the author of a new book. The book chronicles his move to Silicon Valley and offers advice to budding entrepreneurs. I sat down with stone and asked him why he decided to write this book. I started over a decade ago. I was invited to teach at what they call a master class at oxford, which is just a fancy term for a lecture. Miraculously the invited me back. I started doing that every year. Then, the groups started inviting me to lecture at other schools. Something Pretty Amazing happened. I found that everyone from High School Students to ceos would come up to me afterwards and say, you know that thing you said about creativity or that thing you said about your perspective on opportunity really resonated with me. I thought to myself, that is a wide group of people to come up to me afterwards and said he say they loved it. Someone suggested writing a book recently and i thought well, ill just turn the lecture into a book and i dont have lecture anymore. But once you read a book than people want you to tell them even more. I wrote it basically because his lecture was honed over a decade. People are finding value in it. I thought it was worthwhile. The audience was quite broad, as you said. What do you want people to take away, what is the main thing . Well, my view of the world is hallucinogenic layup very operational. I would like people to take away from this book the hard learned lessons that i share. If it is only one thing they take away, it is hopefully some of the chapters on creativity and the idea that everyone is creative, not just artists. Everyone is creative. We have creativity is a renewable resource. I would like people to take away from this fresh perspective on the idea of giving back. So many people just do it wrong. They think they should wait until they are comfortable and older and moneyed and then they should really, if you get started early with volunteering and donating five dollars, the impact you have over your lifetime is so much greater. I talk about the compound interest of all truism. Just a lot of inspirational aphorisms and funny stories. Speaking of money, you dont sugarcoat how broke you are in the early days, like living in your moms basement with your girlfriend. Youre living in an apartment somewhere and could not even buy a bed. What drove you then and what i what drives you now that you do have money . There was always a belief in my future self. Future biz is going to be smarter and figure things out. I just wont worry about it right now. What drove me really, the work that i was doing, was engaging to me. I always found something that i was really excited about doing, like when i started my first design studio, and that led to learning web design. That led to my first foray into being an entrepreneur with an early social blogging network. I really believed in the idea of democratization of information and was excited to work at blogger. Money didnt matter because it was more of a mission. The mission drove me, is the short answer. Does the Mission Still drive you . Yes, especially with jelly. With jelly, i left twitter on a daytoday basis a few years ago and that gave me space to kind of look at things from a higher level, get philosophical about this amazingly connected world we are living in now. I asked myself, what is the true promise of a connected society. Yes, there is somebody waiting to play letterpress with me right now. I couldnt help but think the true promise of a connected societys people helping one another. In a way, jelly is a platform for doing just that. I feel like i cant go wrong working on this. How has it been a few months into being the ceo for the first time . It is so great. I have learned so much from being on the sidelines and being what i like to call being an oscarwinning supporting actor to so many great guys. Now youre the lead. Yes, and i have such wonderful support from a team. Theyre also great, and i listen to them. I tend to pick up traits when i like them. It is really a fantastic thing growing into this role, playing a mentor. Who do you go to for vitamin who do you go to for advice when you need it . I go to jack dorsey and evan williams. I go to dick costolo. Jack hast been serving as my executive coach at this point. He has grown so much in the last four years, it is unbelievable. We meet every wednesday socially in between. For specific questions very specific questions. I asked him what he would do in this situation. Sometimes a specific and sometimes very highlevel. It is just a walk and talk. Sometimes we just joke around. Is interesting because nick felton spoke about twitter really questions a lot of the assumptions about the founding of twitter and what we already knew. He says jack is more of a marketing genius. How do you respond to that . Jack is very talented at marketing. Look at square. It is just taking off. What about products . Hes great at product. Jack is an artist at heart. He thinks very abstractly about product. Maybe that is where the confusion lies, because when he first described square to me, and i invested in it, which i am very glad about, he talked about payments. Why payments . He said payments are a form of social interaction. We do it every single day. We look another person in the eye and we give them money for coffee. This is a social transaction. I saw the light. Hes taking that thing were been doing for centuries and making it into an experience, and a beautiful experience of a beautiful product. You have your own telling in here about the founding of twitter. Its almost like setting the record straight. I lived it is what i saw. You seem to have done such a great job of maintaining relationships with everyone. You said one of the problems you saw early on was that maybe evan and jack to not talk enough. Do they do more now, are they better now . I meet with them all the time. We get the boys together and play and all that stuff to jack and i meet up socially. I forced them to communicate because i had a Birthday Party and they both had to come. That is the glue. The thing is, theyre so similar. They both are very quiet and softspoken and speak when spoken to. Without me in the middle, it would just be like two guys. Who should play you guys in a tv show . My interview with twitter cofounder biz stone. Coming up, i speak with dropbox ceo drew houston and find out about the second chapter. You are watching the best of bloomberg west. I am emily chang. Dropbox is announcing a new board member, condoleezza rice, and a new photo app called carousel. The best thing about it, it doesnt take up Storage Space on your phone because the photos are stored in dropbox. I caught up with him at a recent event and asked him why photo sharing needs a new app. Carousel is all your photos, your entire life in your pocket wherever you go. It is great to have your photos in your phone, but you dont have the photos from your phone, what about your computer and all these other places . We bring it all together into this place and organize it for you so you see this timeline of your life. It is completely private. And then there are a couple things i could get into. Easy sharing. It is so hard to get all your photos together. So hard to share them. You go on a trip or you go to a wedding. We all but each other to send the photos. It is like cleaning your attic. It is easy to share your photos publicly, but privately it is different. We dont do it. This is the answer to that question. What if you could make something that is so easy that you could text a thousand photos in the second . That is what carousel does. This is part of chapter two of dropbox, as you call it. What all is in chapter two . We thought about what people are putti