Tag: cyber security

Posted on

Heartbleed Busts Into 500+ servers worldwide

“Heartbleed” Wounds 500 Serversb2ap3_thumbnail_Heartbleed.jpg

 

The latest serious Internet threat named ‘Heartbleed’ has hit over 500 servers, all using OpenSSL web encryption tech. The chief research officer, Mikko Hypponen, at software security maker F-Secure located in Helsinki, Finland, says users can do virtually nothing about it. Instead, server administrators must fix the problem that spreads through cookies. So anyone who has used Yahoo over the past several days, for example, has probably had their passwords and perhaps their credit card and banking information, scrapped into the coffers of some hacks in cyber space. http://www.reuters.com/article/2014/04/09/us-cybersecurity-internet-bug-idUSBREA3804U20140409

 

What should you do? According to CNET security experts, several steps are required to ensure password and financial security, in light of Heartbleed attacks worldwide. First, don’t log in to any service that has been attacked. http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/

 

HFS analysts ask: So, who or what has been attacked? HFS answer: No one really knows for sure, although some services like Yahoo admit they were infested and have taken steps to fix the problem. Yahoo apparently is still fixing things, so log in today might need to be reconsidered. But how about all those other services? Google insists it was ahead of the Heartbleed problem from the start. Along with Facebook and Twitter. Do you believe them?

 

Other steps can be taken once the server of your email or social net has made some changes known mostly by IT administrators. For example, create new passwords for important accounts like banks and highly used email. Also, when unsure of what precautions your local IT administrator might have take, make inquiries through their customer complaint process. http://www.businessinsider.com/heartbleed-bug-explainer-2014-4

 

 

Maybe Heartbleed will be put down soon enough. HFS wonders about the larger issue: Can Internet activity ever be truly safe? Should all of us rethink the worldwide dependency on digital reality? Is the primitive lifestyle returning for more than a few? What do you think?

Posted on

More NSA Treachery Discovered By Academics

 

b2ap3_thumbnail_Snowdenites.jpg

NSA Worse Than Previously Thought

 

Just when many believe the US National Security Agency (NSA) could not reach any lower in world judgment about NSA ethics, another report came out today shedding new light on NSA treachery and double dealing. https://www.commondreams.org/headline/2014/01/30-1

 

Most in the cyber security field have heard already about how RSA, a well-respected pioneer of cyber security through development of encryption tech, had developed a now-useless cryptology for NSA that became the default software used by most commercial computer programs. That cryptology used software into which NSA software engineers placed a backdoor, enabling NSA to hack the majority of computer programs and related communications worldwide just a few years ago. http://www.newsweek.com/exclusive-nsa-infiltrated-rsa-security-more-deeply-thought-study-238906

 

Now the picture looks worse. Several professors from different universities, including from John Hopkins, Wisconsin, and Illinois, discovered additional NSA tools in the RSA program that accelerated the hacking efficiency by a factor of more than 10,000. That means NSA had no real challenge getting around all RSA security measures very rapidly to decipher all Internet traffic of those using that predominant RSA program. http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331

 

Based on HFS surveys and analysis, many today find the behavior of Edward Snowden, who disclosed and continues disclosing to the world data he illegally took from the NSA while working there as a contractor, committed unforgivable treason against his nation. At the same time, those surveyed hold the NSA equally at fault for NSA’s deceptive, abusive, illegal spying domestically and abroad. Combining the bad behavior of both Snowden and NSA, the US has lost credibility in the hearts and minds of its allies, leaving open the door to its competitors for control of the Internet.

 

 

What do you think?

Posted on

Should You or I Use Dropbox or Similar Online Cyber Storage Services? Is it safe yet?

b2ap3_thumbnail_Dropbox.jpgToday’s Cyber Reality Raises Questions; Is It Safe Yet?

The statements shown below came today in email from an online digital storage service called Dropbox which I have used only to an extremely small degree.  I found the terms interesting for what they do not say and for the aspirations expressly stated, more than what they say on the surface.  On balance the Dropbox statements leave me wondering about many questions.  For example, what are the laws (North American, Euro, Asian, South American, African, etc.) that provide for privacy and how might they be improved? 

Do you wonder as I do about privacy, government intrusion with or without legal authority, and protection of innocent users?  What might you and I do to act more defensively or wisely in today’s cyber reality?  Or am I foolishly worried about nothing?

 

Dropbox’s Government Data Requests Principles

We understand that when you entrust us with your digital life, you expect us to keep your stuff safe. Like most online services, we sometimes receive requests from governments seeking information about our users. These principles describe how we deal with the requests we receive and how we’ll work to try to change the laws to make them more protective of your privacy.

Be transparent:  Online services should be allowed to report the exact number of government data requests received, the number of accounts affected by those requests, and the laws used to justify the requests. We’ll continue to advocate for the right to provide this important information. Learn more.

Fight blanket requests:  Government data requests should be limited to specific people and investigations. We’ll resist requests directed to large groups of people or that seek information unrelated to a specific investigation. Learn more.

Protect all users:  Laws authorizing governments to request user data from online services shouldn’t treat people differently based on their citizenship or where they live. We’ll work hard to reform these laws. Learn more.

 

Provide trusted services:  Governments should never install backdoors into online services or compromise infrastructure to obtain user data. We’ll continue to work to protect our systems and to change laws to make it clear that this type of activity is illegal. Learn more.