reports Archives

Tag: reports

Heart Attack? Fixes For More Critical Holes In OpenSSL

June 5, 2014 Paul Roberts

Just a month after a critical security hole in OpenSSL dubbed “Heartbleed” captured headlines around the globe, The OpenSSL Foundation has issued an other critical software update fixing six more security holes, two of them critical. The Foundation issued its update on Thursday, saying that current versions of OpenSSL contain vulnerabilities that could be used to carry out “man in the middle” (or MITM) attacks against OpenSSL clients and servers. SSL VPN (virtual private network) products are believed to be especially vulnerable. Users of OpenSSL versions 0.9.8, 1.0.0 and 1.0.1 are all advised to update immediately. According to information released by the OpenSSL Foundation, an attacker using a carefully crafted handshake can force the use of “weak keying material in OpenSSL SSL/TLS clients and servers.” That could lay the groundwork for man-in-the-middle attacks in which an attacker positions herself between a vulnerable client and server, decrypting and modifying traffic as it passes through the attacker’s […]

Survey: Consumers Growing Wary of Information Sharing

June 4, 2014 Paul Roberts

A survey by the business information service Lexis Nexis finds that consumers have grown more wary of programs that ask them to share data in exchange for improved services or other offerings. Editor’s note: LexisNexis has clarified that its survey was released in August, 2013, not October, 2013. The story has been corrected to reflect that information. – Paul 6/4/2014 The survey of 2,072 consumers, aged 21 to 74, was conducted in October 2013 by LexisNexis Risk Solutions. It found consumers were more wary of sharing information online, including at social networking and online banking sites than they were three years earlier. “Consumers are less comfortable with information sharing than three years ago,” the survey concluded. The survey was released in concert with Telematics Detroit 2014, a conference focused on information systems used in vehicles. It was designed to measure consumers’ awareness of- and interest in so-called “use based insurance” (or UBI) – sometimes referred […]

Report: Hell is Unpatched Systems

June 2, 2014 Paul Roberts

One of the ‘subplots’ of the Internet of Things revolution concerns embedded devices. Specifically: the tendency of embedded devices to be either loosely managed or – in some cases – unmanageable. The future holds the promise of more, not fewer of these. That’s the gist of a piece I wrote for InfoWorld, and that you can read here. In short: we’re already seeing the beginning of a shift on the threat landscape. While attacks against traditional endpoints (like Windows desktops, laptops and servers) are still the norm, there are more stories each day about cyber criminal groups and malicious actors who are compromising non-standard endpoints like home wifi routers. In March, for example, the security consultancy Team Cymru identified a botnet consisting of some 300,000 compromised home routers and other in-home devices. The virus called “TheMoon” was also identified spreading between vulnerable home routers and other embedded devices. The […]

This Week In Security: Ebay’s School of Hard Knocks

June 1, 2014 Paul Roberts

It’s the end of another busy week in the security world. As we’re wont to do at The Security Ledger, we had DUO Security Evangelist Mark Stanislav in to the deluxe Security Ledger Studios to talk about the events of the week. On the agenda this week: the continued fallout from the hack of online auction giant eBay. The company ran into a thicket of criticism this week for the breach and its botched response. Despite knowing about the security breach for weeks, eBay seemed unprepared for the fallout once the news became public. Beyond its statements to the press, the company hadn’t taken steps to streamline the (inevitable) flood of customers who wanted to update their password. In fact, more than a day after the news broke, eBay still hadn’t made mention of it on their home page. What lessons can we learn from the breach at online auction […]

iPhone and iPad Hijacking: What You Need To Know

May 28, 2014 Paul Roberts

The past 24 hours has seen a spate of stories warning about a spate of ‘ransomware’ attacks on iPhones and iPads – especially in the the UK and Australia. According to the reports, compromised devices are locked and owners are instructed to email a ransom (variously: $100, $50, €100) to one “Oleg Pliss” to have their devices unlocked. These attacks aren’t really news. In fact, the Oleg Pliss scam appears to have been circulating for close to six months. However, it’s worthwhile reviewing what we do (and don’t) know about these latest attacks on mobile devices. Accordingly, Security Ledger has put together a short FAQ that tells you what you need to know about the latest mobile scam, and to dispel some of the rumors floating around in the Internet ether. What’s Going On? According to news reports and complaints on Apple Support forums, owners of iPhones and iPads are having their devices locked. […]