The critical security vulnerability in OpenSSL known commonly as Heartbleed continues to raise alarms, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users.
Learn more:
Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
Your new post is loading...
Your new post is loading...
Scoop.it!
The critical security vulnerability in OpenSSL known commonly as Heartbleed continues to raise alarms, with websites now warning that hackers have breached their systems by exploiting the bug, and stolen personal information about users. Learn more: No comment yet.
Sign up to comment
Scoop.it!
Längst hat die Heartbleed-Lücke auch mobile Geräte erreicht: Sicherheitsexperten von Trend Micro zufolge, verbinden sich rund 1.300 Android-Apps mit angreifbaren Servern - darunter auch 15 Banking-Apps. Learn more:
Gust MEES's insight:
Scoop.it!
The NSA denied a report claiming it was aware of and even exploited the "Heartbleed" online security flaw to gather critical intelligence. Learn more:
Gust MEES's insight:
Scoop.it!
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. Learn more:
Gust MEES's insight:
The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. Learn more:
Scoop.it!
The companies know what to do about Heartbleed now. Here's what you, as an individual, need to do now. . You should also clear out all your Web browsers' cache, cookies, and history. That's never a bad idea anyway. You don't want old memorized passwords walking into trouble at an untrustworthy site. To do this with the most popular browsers... Learn more:
Gust MEES's insight:
Gust MEES's curator insight,
April 11, 2014 10:16 AM
You should also clear out all your Web browsers' cache, cookies, and history. That's never a bad idea anyway. You don't want old memorized passwords walking into trouble at an untrustworthy site. To do this with the most popular browsers...
Scoop.it!
The Heartbleed bug is unusually worrisome because it could possibly be used by the NSA or other spy agencies to steal your usernames and passwords — for sensitive services like banking, ecommerce, and web-based email — as well as the private keys that vulnerable web sites use to encrypt your traffic to them. Either way, there are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website, and depending on how much logging companies do with their intrusion-detection systems, it may be possible to review activity retroactively to uncover any attacks going back over the last two years. Learn more:
Gust MEES's insight:
Either way, there are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website, and depending on how much logging companies do with their intrusion-detection systems, it may be possible to review activity retroactively to uncover any attacks going back over the last two years. So might hear in a couple of months more then, probably! Learn more:
Gust MEES's curator insight,
April 10, 2014 11:00 AM
Either way, there are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website, and depending on how much logging companies do with their intrusion-detection systems, it may be possible to review activity retroactively to uncover any attacks going back over the last two years. So might hear in a couple of months more then, probably!
Scoop.it!
Are you ready for the next massive vulnerability? It’s called Heartbleed and it could give hackers access to user passwords and even trick people into using fake versions of popular Web sites. Learn more:
Gust MEES's insight:
Scoop.it!
Gogo, the inflight Wi-Fi provider, is used by millions of airline passengers each year to stay connected while flying the friendly skies. But if you think the long arm of government surveillance doesn't have a vertical reach, think again. According to a letter Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users. “CALEA itself is a massive infringement on user’s rights,” says Peter Eckersley of the Electronic Frontier Foundation. “Having ISP’s [now] that say that CALEA isn’t enough, we’re going to be even more intrusive in what we collect on people is, honestly, scandalous.” Gogo provides inflight Wi-Fi and digital entertainment to Delta, American Airlines, Alaska Airlines, Virgin America, US Airways and others using a dedicated air-to-ground network that GoGo says it designed in consultation with law enforcement.
Gust MEES's insight:
“CALEA itself is a massive infringement on user’s rights,” says Peter Eckersley of the Electronic Frontier Foundation. “Having ISP’s [now] that say that CALEA isn’t enough, we’re going to be even more intrusive in what we collect on people is, honestly, scandalous.”
Scoop.it!
IT-Experten schlagen Alarm: Eine schwere Sicherheitslücke macht viele eigentlich besonders gesicherte Webseiten anfällig für Angriffe. Login-Daten und sensible Informationen sind in Gefahr, Nutzer sollten vorsichtshalber ihre Passwörter ändern. Learn more:
Gust MEES's insight:
Scoop.it!
An information disclosure vulnerability has been found, and promptly patched, in OpenSSL. Learn more:
Gust MEES's insight:
Scoop.it!
Security firm SensePost has unveiled its Snoopy drone, which can steal data from unsuspecting smartphone users, at the Black Hat security conference in Singapore. . The drone uses the company's software, which is installed on a computer attached to a drone. . That code can be used to hack smartphones and steal personal data - all without a user's knowledge. . It does this by exploiting handsets looking for a wireless signal. . He says he wants to "talk about this to bring awareness" of the security risks posed by such simple technologies to users. . His advice? Turn off the wireless network on your phone until you absolutely need to use it.
Gust MEES's insight:
Turn off the wireless network on your phone until you absolutely need to use it.
Scoop.it!
The Luxembourg newspapers and magasines have reserved a warm welcome to the 3rd CockpitCI Workshop in Luxembourg. The cyber security and the Critical Infrastructure dependability are considered as an important... Learn more:
Gust MEES's insight:
Scoop.it!
Jerry Irvine, Prescient Solutions CIO and a member of the National Cybersecurity Partnership, spoke with CIO.com about "Internet of Things" (IoT) security, the connected home, and why consumers and enterprise should be wary of both. Al Sacco: What exactly does the term "Internet of Things" mean to you? Jerry Irvine: It means the interconnectivity of things. It's not just the Internet in general, but the ability for devices, all types of devices, to communicate. They communicate across a publicly-accessible, unsecure Internet. Basically everything we have today is being configured for us to remotely control and manage it. And the infrastructure is the Internet. What do you think of first when you consider IoT? Truthfully, it's scary as hell. The Internet in and of itself is an insecure and highly-risky environment. It's like walking down an alley at night without the appropriate security measures.
Gust MEES's insight:
|
Scoop.it!
Up to 50 million Android devices could be vulnerable to Heartbleed attack. Here's how to check yoursMillions of Android smartphones and tablets are at risk of being attacked via the Heartbleed bug, more than a week after the security vulnerability was first made public. So, the obvious question you should be considering is, are you running Jellybean 4.1.1 on your Android devices? Here’s how you can check:
read more in the article... Learn more:
Gust MEES's insight:
So, the obvious question you should be considering is, are you running Jellybean 4.1.1 on your Android devices? Here’s how you can check:
read more in the article...
Scoop.it!
Canadian authorities reveal that social insurance numbers for 900 taxpayers were stolen before Heartbleed Bug was fixed. Learn more:
Gust MEES's insight:
Learn more:
Scoop.it!
"Heartbleed" ist eine der größten Sicherheitslücken in der Geschichte des Internets - und der US-Geheimdienst NSA hat diese offenbar ausgenutzt. Laut Nachrichtenagentur Bloomberg soll der US-Geheimdienst schon lange davon gewusst haben. Learn more:
Gust MEES's insight:
Scoop.it!
All the extended coverage of the Heartbleed flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica. . All the extended coverage of the flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our previous blog entry has shown, a sizable number of domains are affected by this vulnerability. Learn more: .
Gust MEES's insight:
All the extended coverage of the Heartbleed flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica. . All the extended coverage of the flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our previous blog entry has shown, a sizable number of domains are affected by this vulnerability. Learn more:
Gust MEES's curator insight,
April 11, 2014 11:47 AM
All the extended coverage of the Heartbleed flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica. . All the extended coverage of the flaw begs the question, “Are mobile devices affected by this?” The short answer: yes. . Mobile apps, like it or not, are just as vulnerable to the Heartbleed Bug as websites are because apps often connect to servers and web services to complete various functions. As our previous blog entry has shown, a sizable number of domains are affected by this vulnerability. .
Scoop.it!
Heartbleed: A look at which companies have issued a security patch to fix the Heartbleed bug. Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. . Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure. Learn more:
Gust MEES's insight:
Gust MEES's curator insight,
April 11, 2014 10:05 AM
Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. . Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.
Scoop.it!
A lot of folks are going around at the moment telling the public to change all of their passwords in response to the serious Heartbleed internet security bug. Learn more:
Scoop.it!
Lundi soir, une faille importante était annoncée au sein d'OpenSSL. Comme nous l'avions évoqué hier, celle-ci pourrait avoir des conséquences assez graves, mais... Learn more:
Gust MEES's insight:
Scoop.it!
Over the last couple of days, you may have heard about the rather ominous sounding Heartbleed bug -- a bug that affected hundreds of millions of websites, exposing usernames, passwords, encryption keys, and other sensitive data. This bug went undiscovered for two years, meaning it's highly likely that some of your data was exposed, and may have been scooped up by enterprising hackers -- and unfortunately, given the nature of this bug, there's almost nothing you can do about. Learn more:
Gust MEES's insight:
Scoop.it!
Fixes for the highly dangerous OpenSSL Heartbleed security hole are arriving now. Update your servers ASAP. Learn more:
Gust MEES's insight:
Scoop.it!
Security researchers at Incapsula discovered a DDoS attack on a video site that used a persistent XSS vulnerability and malicious Javascript.
Gust MEES's insight:
Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic.
Scoop.it!
The country's considering an overhaul of privacy laws that could make it illegal to record private conversations or activities without consent via Google Glass or similar wearable technologies.
Gust MEES's insight:
I agree completely with such a law! Privacy is a human right and needs to get protected!
Scoop.it!
Dans le cadre du projet Européen CockpitCI «Cybersecurity on SCADA: risk prediction, analysis and reaction tools for Critical Infrastructure», itrust consulting et CREOS, sous le patronage du ministre de l’Économie et du … Aujourd’hui, les infrastructures critiques, comme les réseaux électriques, d’eau, de gaz, ne sont pas à l’abri des menaces de piratages informatiques. Le projet de recherche européen CockpitCI, démarré il y a deux ans, vise à concevoir un cadre et des outils permettant de détecter, d’analyser et d’échanger en temps réel des informations sur des cyberattaques, afin d’en évaluer les risques et d’éviter les effets redoutés de domino. Les expérimentations (Aurora experiment) et récentes attaques (Stuxnet, Duqu, Red October) ont montré que les différents réseaux et les systèmes industriels de contrôle sous-jacents (souvent appelé SCADA, acronyme pour Supervisory Control And Data Acquisition) sont potentiellement menacés et que seules une vigilance et une supervision accrue et globale permettront de mettre en sécurité ces infrastructures indispensables au bon fonctionnement des institutions et de secteurs vitaux européens. Il est donc essentiel que les opérateurs puissent rapidement identifier les risques potentiels à la qualité de service, afin de mettre en place des mesures de prévention et de confinement d’une attaque.
Gust MEES's insight:
Il est donc essentiel que les opérateurs puissent rapidement identifier les risques potentiels à la qualité de service, afin de mettre en place des mesures de prévention et de confinement d’une attaque.
Gust MEES's curator insight,
March 26, 2014 1:43 PM
Il est donc essentiel que les opérateurs puissent rapidement identifier les risques potentiels à la qualité de service, afin de mettre en place des mesures de prévention et de confinement d’une attaque. |
Learn more: