Changing Your Password Won’t Rid You Of Heartbleed; Awareness Will!

20140412-180738.jpg

Good news is the open-source SSL encryption software the bug affects has already been updated with a new, secure version.
Friday, April 11, 2014: Even as the highly toxic Heartbleed bug leaves countless databases all over the globe open and exposed, you might be considering changing your password as the one clear choice for saving all that is left of the online you. However, take note, simply changing your password won’t do you any good. Shocked? Panicked? Well, don’t be! There’s a way out, it’s called keeping your eyes and ears opened!

The Heartbleed bug has left quite a few of your favourite websites (including Google, Flickr and Steam) running for cover, however, the bug in question is a tough cookie to crack: simply changing the password is not enough to get rid of the same. What makes it so lethal and hard to remove is the fact that Heartbleed isn’t your everyday database leak or a list of plaintext logins but a flaw in one of the web’s most prevalent security protocols. While updating your password might be ideal in all probability, until the time affected websites patch their servers to block the exploit, password changes won’t just be enough.

Good news is the open-source SSL encryption software the bug affects has already been updated with a new, secure version. Websites only need to upgrade hereon to the latest version of Open-SSL to protect their users. Companies like Google have already done the same, while others are following suite. Users must be aware of which websites were vulnerable and check them to see if they’re patched, safe and sound. It must be noted that GitHub and Mashable have compiled lists of popular websites, services and social networks, much to the relief of the users, noting if they were affected and in some cases, even if they’ve been patched.

The newly discovered Heartbleed Bug affects some older versions of common internet encryption software. Upon infection, the Bug could lets hackers get hold of both a website’s secure content as well as the encryption keys that protect that content. An attacker could both obtain your private and supposed secure information from a given website in the aftermath as also impersonate the same. The Bug has been in the wild for almost two years now, claim researchers. Therefore, the probability that some of the online data is already at risk cannot be negated. Although an updated software has been built to counter the Bug, many believe the scale of it could leave significant amount of data open to theft for a long time to come before full recovery.

Saurabh Singh, EFYTIMES News Network

The Heartbleed Hit List

The Heartbleed Hit List: The Passwords You Need to Change Right Now

20140410-150906.jpg

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

But it hasn’t always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We’ve rounded up their responses below.

SEE ALSO: How to Protect Yourself From the Heartbleed Bug

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you’ll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

Although changing your password regularly is always good practice, if a site or service hasn’t yet patched the problem, your information will still be vulnerable.

Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you’ll need to change the password everywhere. It’s not a good idea to use the same password across multiple sites, anyway.

We’ll keep updating the list as new information comes in.

Social Networks Affected

India Reported The Most Valid Bugs @Facebook Bug Bounty 2013

20140406-181954.jpg

Facebook received a total of 14,763 submissions in 2013, up 246 per cent from the previous year.

Saturday, April 05, 2014: Social networking giant, Facebook has revealed some statistics about its bug bounty program 2013, and it has come to light that India reported the largest number of bugs under the program last year. India accounts for roughly over 93 million Facebook users and successfully reported the most valid bugs, 136, with payouts averaging $1,353.

Facebook received a total of 14,763 submissions in 2013, up 246 per cent from the previous year, of which 687 bugs were found to be valid and eligible to receive rewards. Every submission was reviewed individually by a security engineer. Of the bugs reported, nearly 6 percent were categorised as high-severity. “India contributed the largest number of valid bugs at 136, with an average reward of $1,353 (Rs 80,000 approximately). The US reported 92 issues and averaged $2,272 (approximately Rs 1,35,000) in rewards,” Facebook quoted in a post.

Meanwhile, researchers in Russia earned the highest average amount per report in 2013, $3,961. It reported a total of 38 bugs. “We’ve paid over $2 million since we got started in 2011, and in 2013 we paid out $1.5 million to 330 researchers across the globe.” said Facebook. Most of the bugs reported were those discovered in non-core properties. “2014 is looking good so far. The volume of high-severity issues is down, and we’re hearing from researchers that it’s tougher to find good bugs,” Facebook added.

Original Article

Get Set For Internet Download Speed Of 1.4 Terabits Per Second

20140330-212801.jpg

Earlier, tests on faster methods of transmitting data have been conducted using the complex laser technology, but this is the first test conducted in real world conditions, outside the testing labs.

Friday, January 24, 2014 [Original Article]: In what can be termed as the biggest breakthrough in the world of internet, scientists in UK have achieved fastest ever broadband speed of 1.4 terabits per second. This speed is enough to transfer 44 high-definition movies at once.

This test was conducted in London by British Telecom and French networking equipment company Alcatel-Lucent jointly, where they achieved the high speeds of 1.4 terabits per second, or 1,83,501Mbps, on the existing fibre network in London. This breakthrough is of high importance for the internet service providers, as it facilitates sending of greater amount of information through existing broadband infrastructure. All this can happen without costly infrastructure upgrades.

Earlier, tests on faster methods of transmitting data have been conducted using the complex laser technology, but this is the first test conducted in real world conditions, outside the testing labs. This test of fast internet was conducted in October and November last year, on a line from BT Tower in central London and the company’s research campus near Ipswich.

Kevin Drury, optical marketing leader, Alcatel-Lucent, said that this development would reduce the space between lanes on a busy motorway, providing for more lanes of traffic to flow in the same area. In simple terms, this innovation would result in streaming of video via a large, wide lane while accessing standard web pages would need only a small part of the fibre’s capacity.

State-Sponsored Hacking Attacks Targeting Top News Organizations

20140328-140720.jpg

from the tip-of-the-iceberg dept.
An anonymous reader writes

Security engineers from Google have found that 21 out of the top 25 news organizations have been targeted by cyberattacks that are likely state-sponsored. We’ve heard about some high profile attacks on news sites, but Google actively tracks the countries that are launching these attacks, and even hosts email services for many of the news organizations. ‘Huntley said Chinese hackers recently gained access to a major Western news organization, which he declined to identify, via a fake questionnaire emailed to staff. Most such attacks involve carefully crafted emails carrying malware or directing users to a website crafted to trick them into giving up credentials. Marquis-Boire said that while such attacks were nothing new, their research showed that the number of attacks on media organizations and journalists that went unreported was significantly higher than those made public.’

Passwords and New Jobs…

If you have a Facebook, Twitter, or any other social networking account, can you be asked for you account and its password?  Short answer, YES they can ask but you do not have to give it up…I imagine that depends upon how badly you need the job, also.  This does seem to be the big rave on the news, other than the Obama-Care challenge.

There is software that companies tend to use to sift through the internet to find out if anyone is talking bad about their company AND people have been fired for talking bad about the company that they worked for (note the operative term “worked”).  You have an obligation to not denigrate the company you work for and many of them have policies that reflect such a thing.  If you cross the line you should be held accountable…if only it were a perfect world where everyone was held to the same standard!  But anyway…

You have a right to privacy and there are certain lines that should not be crossed.  While on Facebook, I had posted the article “Should Companies be allowed to ask for your Facebook Password?” by Tuan C. Nguyen.  Someone answered with a comment essentially saying that if a company did ask for my password I could not work for them because they acting unethically (they want their passwords to be secure, but want yours?) and it would be a security violation of password sharing which is frowned upon in the IT community.  And he is definitely right…one of the first things you are taught is security & protection.

Until the next exciting adventure!

 

References:

http://www.smartplanet.com/blog/thinking-tech/should-companies-be-allowed-to-ask-for-your-facebook-password/10872?tag=nl.e660