Headline »

The HeartBleed Vulnerability: The Next Step for Users

April 10, 2014 – 11:59 AM |

On Monday, April 7, 2014, the information security community received news about a vulnerability in the OpenSSL (Open Secure Socket Layers) cryptographic library called the “Heartbleed” bug that can allow hackers the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the software.

Read the full story »
General Security

Information about general information security issues.

Hack
Privacy

Information about items pertaining to information privacy

Windows Security

Information about items pertaining to Windows Security

Mobile Security

Information about items pertaining to mobile security

General Security, Vulnerability »

The “Heartbleed Bug” 101

April 17, 2014 – 1:33 PM |

What is the “Heartbleed Bug”?

Heartbleed bug is a vulnerability in the popular OpenSSL (Open Secure Socket Layers) cryptographic library that allows hackers the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the software. OpenSSL provides the valuable service of keeping user information safe during web transmission, the Heartbleed bug is a memory leak in the software that allows that information to be captured in a readable format when is should be encrypted.
How/When did it start?

Earlier releases of the OpenSSL software is fine, but the in the March 2012 release of OpenSSL 1.0.1 is where the vulnerability was introduced which equates to two years.

 

Why is it such a threat?

The Heartland bug is a threat because it allows a malicious individual the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the affected OpenSSL software. This accumulates to two-thirds of all websites on the Internet since March of 2012. Furthermore, companies do not know if their users were affected by the OpenSLL vulnerability because exploitation of the bug does not leave any traces a malicious activity occurred.

 

How does it affect internet users?

It affects internet users due to the compromise of their online IDs to popular sites such as LinkedIn, Gmail and Yahoo to name a few. This will allow the malicious individual to use those accounts to further malicious acts. Also, with credit card information also one of the information that can be retrieved, there is a high chance for fraudulent activities.

 

What steps should users take to protect themselves?

First check to see if the site you visited were one of the affected sites, also when going to a site, check to see if the patches were installed on that site. Once you have identified the site as being patch and safe, changing your password is the next step. If you change your password before the site owner has applied the patch you should consider yourself still compromised. Lastly, do not reuse your password across other online accounts, if you do, you have created in a digital skeleton key that can be used to access your other online accounts.

 

Anything else people need to know about this issue?

Users should consider their information compromised if they have used one of the affected sites, with that said, they should monitor and read notices from the sites they visit. In addition, they should be aware of potential phishing scams since the malicious individual may have some personal information about you. Be sure to visit well known and reputable sites and lastly, since credit card information may have been compromised, check your banks records for any irregular activities.

What and When Did NSA Know About Heartbleed Bug?

April 16, 2014 – 9:55 AM |

What and When Did NSA Know About Heartbleed Bug?

2nd Annual HackMiami 2014 Hackers Conference in Miami Beach, FL

April 15, 2014 – 2:51 PM |

It’s that time of year again, the 2nd annual HackMiami Conference is approaching, taking place May 9 – 11, 2014 at the Holiday Inn Oceanfront Hotel on Miami Beach, FL. Last year landed in Rolling Stone, who the hell knows what’s gonna happen this year.

Cuckoo Malware Analysis by Digit Oktavianto and Iqbal Muhardianto: A Review

April 8, 2014 – 12:48 PM |

I had the opportunity to review and conduct some interesting hands-on examples from Packt Publishing’s “Cuckoo Malware Analysis” by Digit Oktavianto and Iqbal Muhardianto. This book was divided into five intuitive chapters consisting of:

Windows XP Support Ending, What does that mean to you?

April 4, 2014 – 12:33 PM |

Support for Microsoft’s popular operating system, Windows XP will end on April 8, 2014, 12 years after it was introduced to PC users.

The Anatomy of Deception Based Attacks: How to Secure Against Today’s Major Threat

March 13, 2014 – 12:39 PM |

The Anatomy of Deception Based Attacks: How to Secure Against Today’s Major Threat

Microsoft Ending Support for Windows XP and Office 2003

March 12, 2014 – 12:47 PM |

Microsoft Ending Support for Windows XP and Office 2003

SANS 2014 Salary Survey is open and we need your input before April 1st

March 5, 2014 – 12:43 PM |

SANS is resurrecting its salary survey! Our 2008 survey was the most widely read paper for several years in the highly-trafficked SANS reading room.

Meetup’s Service Outage

March 3, 2014 – 7:16 PM |

Our website and our apps are widely accessible. Unfortunately Meetup is still not available in all locations. We made substantial changes to our infrastructure in order to end the attack. It takes a while for changes of this size to be distributed across the Internet, and that happens over time.

EC-Council Update: 2/25/14 07:00

February 26, 2014 – 1:36 AM |

DNS Propagation is still in process around the world however major DNS providers have updated to the new data. With respect to our release yesterday, our Internal Response team has been closely monitoring our third party vendors.

New free online software security training courses

February 25, 2014 – 4:13 PM |

The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods.

EC-Council Statement to Recent Security Breach

February 25, 2014 – 9:49 AM |

On February 22nd, 2014 at approximately 8PM EST, the domain www.eccouncil.org was redirected to an ISP in Finland. Immediately EC Council’s Internal Security Response team initiated a comprehensive investigation.

EC-Council Site Hacked, But There is a Bigger Issue Now…

February 24, 2014 – 11:41 AM | 2 Comments

Over the weekend, and as of today at 11:00am EST, EC-Council, the organization famous for administering the Certified Ethical Hacker (CEH) as well as the Computer Hacking Forensics Investigator (CHFI) got hacked by an individual who claims to be a “certified unethical software security professional” going by the alias Eugene Belford. Eugene Belford was actually a character in the movie “Hackers” which came out in 1995 directed by Iain Softley as well as staring Angelina Jolie.

EC-COUNCIL Website has been Hacked, Snowden’s Passport on the Site

February 22, 2014 – 8:15 PM |

EC-COUNCIL Website has been Hacked, Snowden’s Passport on the Site

Cybersecurity Agreement Signed in Rockville, Maryland

February 19, 2014 – 4:04 PM |

Cybersecurity Agreement Signed in Rockville, Maryland

Security Today 2014 (formerly GovSec West)

February 15, 2014 – 11:07 PM |

Security Today 2014 (formerly GovSec West)

Yahoo Email Account Passwords Stolen

January 31, 2014 – 11:46 AM |

Usernames and passwords of some of Yahoo’s email customers have been stolen and used to gather personal information about people those Yahoo mail users have recently corresponded with, the company said Thursday.

Katie Couric: What is “Revenge Porn” and who posts it online? with Mario Armstrong

January 30, 2014 – 4:19 PM |
Katie Couric: What is “Revenge Porn” and who posts it online? with Mario ArmstrongPlay

Katie Couric: What is “Revenge Porn” and who posts it online? with Mario Armstrong

SANS 2014 – Orlando, FL – April 5 – 14

January 28, 2014 – 12:43 PM |

SANS will be back in Orlando at Disney for SANS 2014 with more than 40 courses, evening talks and activities, and vendor events. Please plan to attend on April 5-14 at the Walt Disney World Dolphin with our top-rated instructors and a full SANS Training Event experience. SANS 2014 is one of our biggest events where you will learn how to protect yourself and your organization; register now!

Full Video of President Obama’s Speech on NSA Surveillance

January 17, 2014 – 2:18 PM |

Full Video of President Obama’s Speech on NSA Surveillance

A First Look at the Target Intrusion, Malware

January 17, 2014 – 12:04 PM |
A First Look at the Target Intrusion, Malware

A First Look at the Target Intrusion, Malware

Full Text of President Obama’s Speech on NSA Surveillance

January 17, 2014 – 11:46 AM |

Full Text of Obama’s Speech on NSA Surveillance

Watch Live: President Obama Speech on NSA Surveillance Program [Livestream]

January 17, 2014 – 11:17 AM |

Watch Live: President Obama Speech on NSA Surveillance Program [Livestream]