Illinois Social Media Law: #Heartbleed

Showing posts with label #Heartbleed. Show all posts

Monday, April 21, 2014

Attacker Exploits Hearbleed Bug in Attack

APRIL 18, 2014, 1:46 PM

Within 24 hours of the Heartbleed bug’s disclosure last week, an attacker used it to break into a major corporation, security experts said Friday.

Using Heartbleed, the name for a flaw in security that is used in a wide range of web servers and Internet-connected devices, the attacker was able to break into an employee’s encrypted virtual private network, or so-called VPN, session.

From there, the hacker or hackers used the Heartbleed bug about 1,000 times until successfully extracting information like passwords to get broader access to the victim’s network, said researchers at Mandiant, a cybersecurity firm.

http://bits.blogs.nytimes.com/2014/04/18/heartbleed-internet-security-flaw-used-in-attack/?_php=true&_type=blogs&_r=0

Wednesday, April 16, 2014

Heartbleed Hackers Steal Encryption Keys

By Jordan Robertson Apr 14, 2014 11:01 PM CT

9 Comments Email Print

Save

The crown jewel of secure websites is a single string of data - a very long jumble of letters and numbers and symbols that looks like gibberish. The Heartbleed bug allows hackers to crack it.

Security professionals demonstrated last weekend that the recently disclosedHeartbleed bug can be exploited to allow criminals and intelligence agencies to make off with one of the most sought-after prizes in hacking: the private keys that websites rely on to decrypt sensitive information, including passwords, banking details and health data
.

http://www.bloomberg.com/news/2014-04-14/heartbleed-hackers-steal-encryption-keys-in-threat-test.html

Top 10 in Law Blogs: Healthcare and Heartbleed, Conflict Minerals, Ghost Posting

Heartbleed continues to be a big topic on the LexBlog Network, as today Husch Blackwell attorneys chime in on mitigating risk in healthcare. Also, the D.C. Circuit struck down a key provision of the SEC’s conflict minerals rule, and we have some excellent commentary there. Total posts on the LexBlog Network today: 198.

Healthcare organizations can take steps to mitigate Heartbleed impact– Wakaba Tessier, Deborah Juhnke and Peter Enko of Husch Blackwell on the firm’s blog, Healthcare Law Insights
Happy Tax Day: How to Find Assets Using Tax Returns – Abby Wein of Charles Griffin Intelligence on their blog, The Divorce Asset Hunter
Another California Court Does Backflips to Thwart Arbitration and Elevate The Class-Action Device – Donald Falk and Archis A. Parasharami of Mayer Brown on the firm’s blog, Class Defense

http://kevin.lexblog.com/2014/04/15/top-10-in-law-blogs-healthcare-and-heartbleed-conflict-minerals-ghost-posting/

Tuesday, April 15, 2014

Top 10 in Law Blogs: China Trademarks, Heartbleed Vulnerability, NYC Asbestos Litigation

For some time, it took LexBlog Network authors some time to get writing on Heartbleed. Now, that may have been because they’ve so busy dealing with it—but either way, that isn’t the case anymore. It’s a big subject on LXBN, and we discussed it today on LXBN TV. Total posts on the LexBlog Network: 187.

http://kevin.lexblog.com/2014/04/14/top-10-in-law-blogs-china-trademarks-heartbleed-vulnerability-nyc-asbestos-litigation/

China Trademarks. Register Them In China Not Madrid. – Seattle lawyer Matthew Dresden of Harris Moure on the firm’s China Law Blog
FAQs Concerning the Legal Implications of the Heartbleed Vulnerability – Scott Koller, David Navetta, Mark Paulding and Boris Segalis on the InfoLawGroup blog
Facebook Entering the Electronic Money Arena – Birmingham attorney Brian Malcolm of Waller on the firm’s blog, The Banking Law Connection

Saturday, April 12, 2014

Mashable Explains: What Is the Heartbleed Encryption Bug?

BY MELISSA GOLDIN

Heartbleed, the bug being called one of the Internet's biggest security threats, has been around for two years — but it was only recently discovered. While many companies have released patches, your information is still vulnerable; but between our handy chart of which passwords you need to change and our explainer video, above, we've got you covered from all sides.

http://mashable.com/2014/04/11/mashable-explains-heartbleed-2/?utm_cid=mash-prod-email-topstories&utm_emailalert=daily&utm_source=newsletter&utm_medium=email&utm_campaign=daily

Friday, April 11, 2014

Report: NSA exploited Heartbleed for years

Brett Molina, USATODAY3:15 p.m. EDT April 11, 2014

The Heartbleed security flaw that exposes a vulnerability in encryption has reportedly extended its reach well beyond Web services.

According to Bloomberg, citing "two people familiar with the matter," the National Security Agency knew about Heartbleed for at least two years and used the hole in encryption technology to gather intelligence.

Bloomberg also says Vanee Vines, an NSA spokeswoman, did not provide comment.

This follows a separate Bloomberg report the security flaw impacts Android smartphones and tablets that run the 4.1.1 version of the Google operating system.

http://www.usatoday.com/story/tech/2014/04/11/heartbleed-cisco-juniper/7589759/

The Programmer Behind Heartbleed Speaks Out: It Was an Accident

IMAGE: MASHABLE COMPOSITE. ISTOCKPHOTO, DUNCAN1890

BY PETE PACHAL

The Internet bug known as Heartbleed was introduced to the world on New Year's Eve in December 2011. Now, one of the people involved is sharing his side of the story.

Programmer Robin Seggelmann says he wrote the code for the part of OpenSSL that led to Heartbleed. But it was an accident. He submitted the code to the OpenSSL project and other members reviewed it. Seggelmann later added another piece of code for a new feature, which the members then added. It was this added feature that introduced the bug.

http://mashable.com/2014/04/10/heartbleed-programmer/?utm_content=feature_img&utm_cid=mash-prod-email-topstories&utm_emailalert=daily&utm_source=newsletter&utm_medium=email&utm_campaign=daily

Thursday, April 10, 2014

First Glance: Legal Implications of the Heartbleed OpenSSL Bug?

How to Protect Yourself From the Heartbleed Bug

IMAGE: ISTOCKPHOTO, TOMACCO

BY SAMANTHA MURPHY KELLY

An encryption flaw called the Heartbleed bug that has exposed a collection of popular websites — from Airbnb and Yahoo to NASA and OKCupid — could be one of the biggest security threats the Internet has ever seen. If you have logged into any of the affected sites over the past two years, your account information could be compromised, allowing cybercriminals to snap up your credit card information or steal your passwords.

You're likely affected either directly or indirectly by the bug, which was found by a member of Google's security team and a software firm named Codenomicon.The bad news: There's not a lot you can do about it now. It's the responsibility of Internet companies to update their servers to deal with Heartbleed, and once they do, you can take action (see below).

http://mashable.com/2014/04/09/heartbleed-what-to-do/?utm_cid=mash-prod-email-velocity-alert&utm_source=newsletter&utm_medium=email&utm_campaign=velocity&utm_emailalert=viral

The Heartbleed Hit List: The Passwords You Need to Change Right Now

It's time to update your passwords to various sites affected by the Heartbleed bug.

IMAGE: MASHABLE COMPOSITE. ISTOCKPHOTO, SOBERP

BY MASHABLE TEAM

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

But it hasn't always been clear which sites have been affected. Mashablereached out to various companies included on a long list of websites that could potentially have the flaw. Below, we've rounded up the responses from some of the most popular social, email, banking and commerce sites on the web.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_content=feature_title&utm_cid=mash-prod-email-topstories&utm_emailalert=daily&utm_source=newsletter&utm_medium=email&utm_campaign=daily

REAL ISLAM !!!

And slay them wherever you come upon them, and expel them from where they expelled you; persecution is more grievous than slaying. But fight them not by the Holy Mosque until they should fight you there; then, if they fight you, slay them — such is the recompense of unbelievers, but if they give over, surely Allah is All-forgiving, All-compassionate. Fight them, till there is no persecution and the religion is Allah’s; then if they give over, there shall be no enmity save for evildoers. (Quran 2:191-193)

Men are the managers of the affairs of women for that Allah has preferred in bounty one of them over another, and for that they have expended of their property. Righteous women are therefore obedient, guarding the secret for Allah’s guarding. And those you fear may be rebellious admonish; banish them to their couches, and beat them. (Quran 4:34)

They wish that you should disbelieve as they disbelieve, and then you would be equal; therefore take not to yourselves friends of them, until they emigrate in the way of Allah; then, if they turn their backs, take them, and slay them wherever you find them; take not to yourselves any one of them as friend or helper. (Quran 4:89)

This is the recompense of those who fight against Allah and His Messenger, and hasten about the earth, to do corruption there: they shall be slaughtered, or crucified, or their hands and feet shall alternately be struck off; or they shall be banished from the land. That is a degradation for them in this world; and in the world to come awaits them a mighty chastisement. (Quran 5:33)

When thy Lord was revealing to the angels, ˜I am with you; so confirm the believers. I shall cast into the unbelievers’ hearts terror; so smite above the necks, and smite every finger of them! (Quran 8:12)

Make ready for them whatever force and strings of horses you can, to strike terror in the enemy of Allah and your enemy, and others besides them that you know not; Allah knows them. And whatsoever you expend in the way of Allah shall be repaid you in full; you will not be wronged. (Quran 8:60)

Then, when the sacred months are drawn away, slay the idolaters wherever you find them, and take them, and confine them, and lie in wait for them at every place of ambush. But if they repent, and perform the prayer, and pay the alms, then let them go their way; Allah is All-forgiving, All-compassionate. (Quran 9:5)

Fight those who believe not in Allah and the Last Day and do not forbid what Allah and His Messenger have forbidden — such men as practise not the religion of truth, being of those who have been given the Book — until they pay the tribute out of hand and have been humbled. (Quran 9:29)

Allah has bought from the believers their selves and their possessions against the gift of Paradise; they fight in the way of Allah; they kill, and are killed; that is a promise binding upon Allah in the Torah, and the Gospel, and the Koran; and who fulfils his covenant truer than Allah? So rejoice in the bargain you have made with Him; that is the mighty triumph. (Quran 9:111)

O believers, fight the unbelievers who are near to you; and let them find in you a harshness; and know that Allah is with the godfearing. (Quran 9:123)

When you meet the unbelievers, smite their necks, then, when you have made wide slaughter among them, tie fast the bonds; then set them free, either by grace or ransom, till the war lays down its loads. So it shall be; and if Allah had willed, He would have avenged Himself upon them; but that He may try some of you by means of others. And those who are slain in the way of Allah, He will not send their works astray. (Quran 47:4)

Vote Trump 2016 !