Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
 Your new post is loading...
Your new post is loading...
Scoop.it!
From
www
Ein veralteter Verschlüsselungsmechanismus macht zahlreiche Webseiten angreifbar: Die Drown-Lücke soll Millionen Webseiten betreffen, darunter auch zahlreiche bekannte Adressen.
Learn more:
http://www.scoop.it/t/securite-pc-et-internet/?tag=OpenSSL
No comment yet.
Sign up to comment
Scoop.it!
Sur le site du projet OpenSSL, il est conseillé aux administrateurs de se tenir prêts à appliquer un correctif de sécurité très important, qui sera diffusé le 9 juillet. « Ce correctif sera diffusé le 9 juillet. Il va combler une faille de sécurité jugée hautement critique ». Voici ce qu’on peut lire dans l’annonce de la diffusion de ce futur patch, sur le site du projet OpenSSL.
Gust MEES's insight:
Sur le site du projet OpenSSL, il est conseillé aux administrateurs de se tenir prêts à appliquer un correctif de sécurité très important, qui sera diffusé le 9 juillet. « Ce correctif sera diffusé le 9 juillet. Il va combler une faille de sécurité jugée hautement critique ». Voici ce qu’on peut lire dans l’annonce de la diffusion de ce futur patch, sur le site du projet OpenSSL.
Scoop.it!
Anti-malware researchers have turned the tables on cyber criminals by using the Heartbleed bug to gain access to online forums where hackers congregate. Learn more: - http://www.scoop.it/t/securite-pc-et-internet/?tag=Heartbleed
Gust MEES's insight:
Scoop.it!
The critical security vulnerability in OpenSSL known commonly as Heartbleed continues to raise alarms, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users. Learn more:
Gust MEES's insight:
Scoop.it!
Längst hat die Heartbleed-Lücke auch mobile Geräte erreicht: Sicherheitsexperten von Trend Micro zufolge, verbinden sich rund 1.300 Android-Apps mit angreifbaren Servern - darunter auch 15 Banking-Apps. Learn more:
Gust MEES's insight:
Scoop.it!
White House officials: policy dates back to January 2014, during review process. President Barack Obama has explicitly decided that when any federal agency discovers a vulnerability in online security, the agency should come forward, rather than exploit it for intelligence purposes, according to The New York Times, citing unnamed “senior administration officials.” Learn more:
Gust MEES's insight:
President Barack Obama has explicitly decided that when any federal agency discovers a vulnerability in online security, the agency should come forward, rather than exploit it for intelligence purposes, according to The New York Times, citing unnamed “senior administration officials.” Learn more:
Scoop.it!
"Heartbleed" ist eine der größten Sicherheitslücken in der Geschichte des Internets - und der US-Geheimdienst NSA hat diese offenbar ausgenutzt. Laut Nachrichtenagentur Bloomberg soll der US-Geheimdienst schon lange davon gewusst haben. Learn more:
Gust MEES's insight:
Scoop.it!
All the extended coverage of the Heartbleed flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica. . All the extended coverage of the flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our previous blog entry has shown, a sizable number of domains are affected by this vulnerability. Learn more: .
Gust MEES's insight:
All the extended coverage of the Heartbleed flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica. . All the extended coverage of the flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our previous blog entry has shown, a sizable number of domains are affected by this vulnerability. Learn more:
Gust MEES's curator insight,
April 11, 2014 11:47 AM
All the extended coverage of the Heartbleed flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica. . All the extended coverage of the flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our previous blog entry has shown, a sizable number of domains are affected by this vulnerability. .
Scoop.it!
Heartbleed: A look at which companies have issued a security patch to fix the Heartbleed bug. Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. . Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure. Learn more:
Gust MEES's insight:
Gust MEES's curator insight,
April 11, 2014 10:05 AM
Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. . Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure. |
Scoop.it!
It feels like we just got over Heartbleed and there’s another branded exploit out there.
Learn more:
http://www.scoop.it/t/securite-pc-et-internet/?tag=OpenSSL
Gust MEES's insight:
It feels like we just got over Heartbleed and there’s another branded exploit out there.
Learn more:
http://www.scoop.it/t/securite-pc-et-internet/?tag=OpenSSL
Scoop.it!
Noch immer sind über 300.000 Server über die OpenSSL-Lücke Heartbleed angreifbar. Die Anzahl der ungeschützten Rechner verringert sich nur langsam.
Gust MEES's insight:
Noch immer sind über 300.000 Server über die OpenSSL-Lücke Heartbleed angreifbar. Die Anzahl der ungeschützten Rechner verringert sich nur langsam.
Scoop.it!
Un chercheur indique que près de 320 000 serveurs sont encore vulnérables à la faille Heartbleed. Pour trouver ce chiffre, il a scanné des millions de serveurs sur le port 443 qui est utilisé pour les communications TLS/SSL. A la découverte de la faille, plus de 600 000 serveurs étaient exposés. Robert Graham reste prudent sur ce chiffre de 320 000 en indiquant qu’il existe d’autres tests que le port 443 et qu’il peut donc y avoir plus de serveurs vulnérables. Learn more: - http://www.scoop.it/t/securite-pc-et-internet/?tag=Heartbleed
Gust MEES's insight:
Pour trouver ce chiffre, il a scanné des millions de serveurs sur le port 443 qui est utilisé pour les communications TLS/SSL. A la découverte de la faille, plus de 600 000 serveurs étaient exposés. Robert Graham reste prudent sur ce chiffre de 320 000 en indiquant qu’il existe d’autres tests que le port 443 et qu’il peut donc y avoir plus de serveurs vulnérables. Learn more: - http://www.scoop.it/t/securite-pc-et-internet/?tag=Heartbleed
Scoop.it!
Up to 50 million Android devices could be vulnerable to Heartbleed attack. Here's how to check yours
Millions of Android smartphones and tablets are at risk of being attacked via the Heartbleed bug, more than a week after the security vulnerability was first made public. So, the obvious question you should be considering is, are you running Jellybean 4.1.1 on your Android devices? Here’s how you can check:
read more in the article... Learn more:
Gust MEES's insight:
So, the obvious question you should be considering is, are you running Jellybean 4.1.1 on your Android devices? Here’s how you can check:
read more in the article...
Scoop.it!
Canadian authorities reveal that social insurance numbers for 900 taxpayers were stolen before Heartbleed Bug was fixed. Learn more:
Gust MEES's insight:
Learn more:
Scoop.it!
The NSA denied a report claiming it was aware of and even exploited the "Heartbleed" online security flaw to gather critical intelligence. Learn more:
Gust MEES's insight:
Scoop.it!
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. Learn more:
Gust MEES's insight:
The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. Learn more:
Scoop.it!
The companies know what to do about Heartbleed now. Here's what you, as an individual, need to do now. . You should also clear out all your Web browsers' cache, cookies, and history. That's never a bad idea anyway. You don't want old memorized passwords walking into trouble at an untrustworthy site. To do this with the most popular browsers... Learn more:
Gust MEES's insight:
Gust MEES's curator insight,
April 11, 2014 10:16 AM
You should also clear out all your Web browsers' cache, cookies, and history. That's never a bad idea anyway. You don't want old memorized passwords walking into trouble at an untrustworthy site. To do this with the most popular browsers...
Scoop.it!
The Heartbleed bug is unusually worrisome because it could possibly be used by the NSA or other spy agencies to steal your usernames and passwords — for sensitive services like banking, ecommerce, and web-based email — as well as the private keys that vulnerable web sites use to encrypt your traffic to them. Either way, there are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website, and depending on how much logging companies do with their intrusion-detection systems, it may be possible to review activity retroactively to uncover any attacks going back over the last two years. Learn more:
Gust MEES's insight:
Either way, there are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website, and depending on how much logging companies do with their intrusion-detection systems, it may be possible to review activity retroactively to uncover any attacks going back over the last two years. So might hear in a couple of months more then, probably! Learn more:
Gust MEES's curator insight,
April 10, 2014 11:00 AM
Either way, there are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website, and depending on how much logging companies do with their intrusion-detection systems, it may be possible to review activity retroactively to uncover any attacks going back over the last two years. So might hear in a couple of months more then, probably! |
Learn more:
http://www.scoop.it/t/securite-pc-et-internet/?tag=OpenSSL