Heartbleed, the vulnerability which is the result of a coding error in the widely used OpenSSL encryption library has been hogging all the headline over the past few days, and rightly so, it represents a a huge risk to information security for consumers and businesses alike.
You could be forgiven though given the majority of the coverage, for believing that as long as you waited for affected websites to update and subsequently changed your passwords that you would be covered. Wrong, Heartbleed is more death by a thousand cuts than major cardio-vascular event. It’s certainly true that by far the most widespread immediate risk, certainly in terms of numbers of potentially impacted individuals, is in the exposure of sensitive information by vulnerable web servers, information that could include passwords and session cookies, but even once this initial wave of patching is done the residual risk will be enormous.
A blog post over at bitcoin.org alerts currency holders using an Android wallet to a serious underlying vulnerability that could leave their wallets open to would be thieves.
The blog post says only that “an underlying component of Android” contains the flaws that leave Android bitcoin wallet holders at risk of pilfering. However bitcoin wallet app developer Mike Hearn posted to the bitcoin developer mailing list that the exact component is the Android implementation of the Java class SecureRandom. Continue reading →
Cyber espionage from an insider’s perspective. See how a group of persistent attackers break through corporate security, explore the network at will and make off with the gold. This video is based on the true story of how a global corporation was hacked, costing the victim more than $60 million.