Pat High, rest in peace

Dear Friends in Christ,

It is with deep sadness that we share news of Pat High’s death this morning.  She died at home at about 5:00 a.m.

Please keep Bishop High and their children, Allison, Leslie and Rayford B., and their grandchildren in your prayers.

Details about service arrangements and other plans for the celebration of Pat’s life will be forthcoming soon.

We trust in God’s mercy at this tender time, knowing that Pat is resting in peace and rising in glory.

Faithfully,

Janet Waggoner
Canon to the Ordinary / Transition Ministry Officer
Episcopal Diocese of Fort Worth

Women of the Passion to be heard at St. Luke’s, Fort Worth

St. Luke’s in the Meadow Episcopal Church, Fort Worth, invites the public to a worship service featuring Women of the Passion, A Journey to the Cross at 5 pm Sunday, March 15. Women from Scripture narrate the story of Christ’s Passion, and station by station, the congregation will accompany Jesus in the traditional 14 Stations of the Cross. Composer, musician, and singer Ana Hernandez will lead short musical reflections and responses at each station during the worship service.

Readers will give voice to the women who tell the story. Three meditations are encounters with Jesus narrated by the woman who anoints him, the maid of the High Priest Caiphas, and the wife of Pilate. Women who bear witness at the stations include the woman with a flow of blood, the bent-over woman, the widow with her mite, the woman taken in adultery, the Syrophoenician woman, Mary Magdalene, and Mary, the mother of Jesus.

The meditations and the Stations of the Cross in Women of the Passion, a Journey to the Cross were written in 1996 by Katie Sherrod, diocesan director of communication. They have been used in services and retreats in more than 80 dioceses of The Episcopal Church.

In 2014, Sherrod commissioned Hernandez to compose music to accompany the versicles and responses for each of the Stations; this will be the first time that music will be used. St. Luke’s is delighted to welcome Hernandez.

The service, which will last slightly more than an hour, will be in the church sanctuary at 4301 Meadowbrook Drive, Fort Worth.

ana-hernandez

Episcopal Diocese of Fort Worth Responds to the Heartbleed Bug

There has been much in the news recently about the discovery of an internet security issue known as “Heartbleed,” a serious vulnerability that affects almost every site, service, and application connected to the internet.

A solution to the problem was created almost immediately by the people who discovered it, and the fix was released publicly along with the announcement of the problem.

The diocesan communications team has analyzed diocesan internet activity and found there is no evidence of any data compromises or breaches of security.

However, in order to be totally safe, all people with email or other accounts through the diocese are required to change their passwords immediately. This includes all people with an edfw.org email account. 

To change your password on your edfw.org account, click on your email address at the upper right hand corner of your mailbox page.

 

Click on “account” in the box that appears.

 

Then click on “security” and then on “change password.”

 

There is no evidence that PayPal was vulnerable to this bug. No one’s credit card or other payment information is at risk through the diocesan PayPal account.

Based on news reports of responses to this problem, here are suggestions and recommendations for individuals and parishes.

For more information about the this bug in particular and the nature of internet security, we have prepared a more detailed and in-depth explanation which can be found here.

 

The communication team is working to fully upgrade all of the software which powers our website, even though we don’t think any of it is directly vulnerable to the bug. This may cause some downtime or delays in service for the next few days.

 

Bishop High to stay through 2015

At its April 7, 2014, meeting, the Standing Committee of the Episcopal Diocese of Fort Worth asked the Rt. Rev. Rayford B. High, Jr. to stay on as provisional bishop through 2015, and he agreed.

“We are all very happy about this,” said Elinor Normand, president of the Standing Committee. “We really appreciate how he is helping us to grow as a diocese and to stay focused on our mission and ministry.”

Bishop High, retired bishop suffragan of the Episcopal Diocese of Texas, was elected at the 2012 Diocesan Convention in Stephenville. He and his wife, Pat, have been married 49 years. They have three children and six grandchildren.

Heartbleed Bug – Answers, Information, and Advice from the Episcopal Diocese of Fort Worth

You may have heard on the news or in other media about a recent internet-security vulnerability known as “Heartbleed.”

The Episcopal Diocese of Fort Worth does not have the capability or the desire to become a tech-support provider or a primary source of internet-security information.

However, we are taking several actions with our own applications in order to secure them against this vulnerability, and we feel it may be helpful to provide information about what we are doing and why, and what you may need to do as well.

You should consider this message as a piece of friendly advice, just like when your parish office reminds you to change your clocks twice a year. It represents our best understanding of the problem and how it might affect you, but we are not a tech company or a support hotline.

 

 


What is Heartbleed?

Heartbleed is a security vulnerability.

Heartbleed is not a virus, a program, or a specific attack that has taken place. It is a coding bug that may allow for a security breech.

To put it simply:

When servers (computers) on the internet transmit information to each other, that information is encyrpted. There are a number of different programs and utilities that are used for that encryption.

The bug affects one of the more popular ones, and allows third-party entities to see data as it is being transmitted from one computer to another.

 

What is the effect of this bug, in practical terms?

It is possible that personal or private information has been leaked or compromised.

Almost any type of information that has been saved, stored, or transmitted on the internet is potentially at risk, including:

  • login credentials (usernames and passwords)
  • email contents
  • financial information
  • credit card numbers

Even information in systems NOT affected might be vulnerable, because of our personal email habits.

FOR EXAMPLE: There is no evidence that the PayPal service is vulnerable. However, if you have ever emailed your PayPal login credentials to another person, it is possible that those credentials have been compromised, because someone may have seen that email. This is a very common problem, as we all tend to email personal login credentials to various web services.

 

Has my data been compromised?

There is no way to know. You should assume that it has.

 

What is the risk to me if my personal information has been compromised?

It’s helpful to understand how cyber-criminals use this information, as that helps one to understand why you might not know that your data has been compromised

People tend to imagine a Hollywood-like scenario where a nefarious “hacker” breaks into specific accounts or particular computers. Unless you are a person of interest to the NSA or the Russian Mafia, that is VERY UNLIKELY.

The reality is much more mundane.

Automated computer programs (often controlled by organized crime syndicates) run massive attempts to gain information that is valuable. You can imagine this like a mining operation, digging up raw data. (The Heartbleed bug is a problem at this point, as it provides easy access to information that normally would be encrypted.)

After the data has been mined, it is packaged up and sold in blocks to anyone who wants to buy it (usually other organized crime syndicates). At that point it is used in all sorts of ways. Typically, it is simple theft: access to bank accounts allows criminals to steal money, access to credit card information allows criminals to spend money directly. Information such as email addresses is sold to spammers (those BUY VIAGRA emails you get all the time), and some credentials are recycled back for use in attempting to get more information.

A lot of the information mined by these operations is bad data. Much of it is malformed or just wrong. There is also a time lag between the initial mining of data and someone finally attempting to use it to steal actual money from an actual person. And even then, not all compromised data gets used. (Criminals are not any more efficient than any other people).

All of this means that it is possible someone could gain access to (for example) your email account credentials, but there might not be any attempts to break into your email account for days or even weeks. (By which point, hopefully you have changed your email password.)

It’s also good to realize that “personal” non-financial information, while potentially vulnerable, is not usually valuable to the type of people and organizations that mine this data. These people are looking for cash, or ways to expand their ability to get cash. They are not looking to find out who you gossiped about, what your employment plans are, or what your recent health crisis is about. Information you would tell your accountant is at risk. Information you would tell your therapist is irrelevant.

 

Has the bug been fixed?

However, the fix has to be implemented.

You can imagine it this way: someone has invented a better lock for your front door, but it doesn’t help you unless you install the new lock in your house.

Most major providers of internet services (websites, online stores, banks, email providers) have already implemented the fix. There are likely to be some stragglers out there, but any big-name service you use has probably already fixed the issue.

You can see lists of affected sites, and their current status:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

 

Do I need to do anything personally with my computer or software to implement the bug fix?

Probably not, and if you are affected you likely know about it already.

 

Do I need to do anything at all because of this bug?

Yes.

As stated above, you should assume that your data has been compromised. You should change the passwords for all accounts for all services you use online.

All of them.

Help and guidance concerning secure passwords can be found:

http://en.support.wordpress.com/selecting-a-strong-password/

http://windows.microsoft.com/en-us/windows-vista/tips-for-creating-a-strong-password

http://www.pcmag.com/article2/0,2817,2368484,00.asp

Additionally, you should check on the status of any financial accounts which may be accessible from the web. Change your passwords and follow any advice from any service providers.

Finally, it is a good idea to do periodic online security audits. Since most of us do not do these as regularly as we should, now might be a good time, regardless of any actual threat from this bug.

Information about doing a personal online security audit can be found:

http://nlcblogs.nebraska.gov/nelearns/2013/08/01/thing-70-online-security-audit/

 

Was the Episcopal Diocese of Fort Worth vulnerable?

EDFW email and several other productivity applications (Calendar, shared documents, etc) are provided by Google, which seems to have been affected. (Now fixed.)

Our website runs on a popular shared hosting provider which may have been affected. Additionally, we use Github to manage our source code, and that service seems to have been affected. (Now fixed.)

We send large-group emails and other information via a service called MailChimp, which seems to have been affected. (Now fixed.)

We use several social media services (Facebook, Twitter, etc). Some of these seem to have been affected, and others not. Even if compromised, none of these present any real security concern. (The ones affected have been fixed.)

We use PayPal for our credit card processing. PayPal was not vulnerable.

 

I have recently used my Credit Card to pay for something on EDFW website. Is my Credit Card information at risk?

Not from that.

We use PayPal for our credit card processing. PayPal was not vulnerable, and so has not been directly affected.

We are taking steps to make sure our PayPal account is not vulnerable to secondary attacks (from people gaining access via information gained in another compromised service).

However – there is no reason to believe that any credit card information from individual’s using one of our payment forms has been compromised. (Even if someone gained direct access to our PayPal account, they would not have access to the Credit Card information from people who have paid money to us.)

 

What Episcopal Diocese of Fort Worth data might have been compromised?

It’s hard to know.

As mentioned above, email contents and account credentials are a possibility.

There is no evidence that any personal financial information (credit card numbers) has been vulnerable.

Moreover, there is no direct evidence of any specific attacks or data leaks related to Heartbleed.

We recognize that people use email for a great deal of personal communication, and that church-related email accounts are often used to send and receive email of extremely personal or delicate information.

As mentioned above, even if a malicious attacker were to gain access to your personal email, that is not the type of information which they are looking for or can use. To make an analogy: a pickpocket is not interested in the love letter you keep in your purse, just the cash.

You should take all due precautions to secure your login credentials and account information, especially finance-related, but there is no need to be concerned at this time about leaks of private, sensitive, or personally embarrassing information or any other issues related to pastoral care.

 

What action is the Episcopal Diocese of Fort Worth taking?

We have upgraded all of the software that powers our website, even software we do not believe it has been directly affected.

We are changing login and verification credentials for our services, and our instructing users of our services to do the same.

 

What should parish administrative staff do?

The issues identified above are essentially the same at the parish level as they are at the diocesan level. If you are responsible for managing your parish’s website, email, or other online services, you should make sure they are upgraded and up to date. You should also change your own login and account credentials for all services and encourage others to do the same.

 


 

Simplified summary FAQ

 

What’s going on?

The internet is a bunch of computers that talk to each other.

Computers run software programs to enable them to talk to each other.

A bug in one of those programs made it possible for people to eavesdrop.

The bug has been fixed.

 

How bad is it?

The bug was very widespread.

However, that does not mean that every at-risk computer has been violated.

(If all the locks on all the front doors in the world suddenly stopped working, not every house would be burglarized.)

 

What should I do?

Change all your passwords.

 

 

Are there any cartoons that can help me understand what is going on?

Yes there are!

http://xkcd.com/1354/

http://xkcd.com/1353/


 

For more complete technical details, visit the Heartbleed website published by the discoverers of the problem:

http://heartbleed.com

Episcopal Parties File Motion to Stay Mandate In Anticipation of Appeal to U.S. Supreme Court

On March 25, 2014, the loyal Episcopalians of the Episcopal Diocese of Fort Worth filed a motion requesting the Texas Supreme Court to stay its mandate in anticipation of an appeal to the United States Supreme Court.

A copy of the motion is HERE:
Emergency Motion to Recall and Stay Issuance of Mandate or to Stay Enforcement of Mandate

A copy of the Episcopal Parties’ reply to the breakaway faction’s response is HERE:
Reply in Support of Motion to Stay Mandate

On Friday, March 21, 2014, the Texas Supreme Court denied the loyal Episcopalians’ motion for rehearing and issued its mandate, returning the case back to the trial court for further proceedings consistent with the Court’s August 30, 2013 opinion. The Court took the same action in the Masterson case from the Diocese of Northwest Texas. Those motions for rehearing raised the important question of whether a state court can switch to the “neutral principles” approach for church property cases, and then apply that new doctrine to undo agreements made within a church before those new rules were in place. The loyal Episcopalians’ motions showed that for more than a hundred years, courts and churches have understood Texas to be a “deference” state – and have relied on that law to protect their religious rights. The Episcopal parties argued that changing the rules of the game after the dispute erupted was a violation of the First Amendment’s guarantees.

Given the Texas Supreme Court’s denials, the Episcopal parties now have a right to petition the United States Supreme Court to hear the case. This petition will raise important constitutional issues, including but not limited to:

  1. the constitutionality of applying the neutral principles approach retroactively to arrangements made within a church under the deference doctrine,
  2. the continued viability of the neutral principles approach over the deference approach in light of recent U.S. Supreme Court decisions, and
  3. the split among state courts as to whether an express-trust canon in a church’s governing documents trumps contrary state law.

No recent case has presented these issues so squarely or with such straightforward facts.

Petitions for writ of certiorari in this matter are due on or before June 19, 2014.

Under the Texas Rules of Appellate Procedure and the Court’s inherent powers, parties are entitled to ask the Texas Supreme Court to “stay” or postpone sending the parties back for more litigation in the trial court “pending the United States Supreme Court’s disposition of a petition for writ of certiorari.” Tex. R. App. P. 18.2. The loyal Episcopalians have asked the Texas Supreme Court to do just that. If the Texas Supreme Court denies this request, the parties are entitled to ask the U.S. Supreme Court for the same relief. The alternative – forcing the parties to litigate under neutral principles in the trial court while appealing that standard in the U.S. Supreme Court – would cause unnecessary, wasteful, and costly duplication should the U.S. Supreme Court take the case now.

As the breakaway faction continues to use courts and corporations to try to take Church property it swore to protect for the Church – property it received from the Church only by promising to use it solely for the Church – the Episcopal Parties are heartened by the U.S. Supreme Court’s recent reflection that the deference line of church property cases “radiates a spirit of freedom for religious organizations, an independence from secular control or manipulation – in short, power to decide for themselves, free from state interference, matters of church government as well as those of faith and doctrine.” Hosanna-Tabor Evangelical Lutheran Church & School v. E.E.O.C., 132 S. Ct. 694, 704 (2012) (citations and modifications omitted).