WARNING: Heartbleed is a Silent Stalker

HeartbleedThe Internet has been reeling for the past couple of days after a very serious and widespread vulnerability called Heartbleed reared its ugly head. The Heartbleed threat might finally be all over the news tonight, as this security threat bursts out of IT backrooms and becomes public knowledge that could possibly impact millions. But most organizations have been flying under the radar, rather than warning their users to stay clear of their login pages.

TL;DR Skip straight to the bottom to see what you should do to protect yourself. Rule #1, stay logged out of sensitive sites until you see a clear advisory that the site’s been secured.

Heartbleed is an SSL exploit that could be potentially have already affected up to 2/3rds of web servers, and an undetermined number of mailservers. The result is that financial transactions, medical info, personal data, pictures, passwords, attachments, chats and pretty much everything the world has entrusted to the OpenSSL encryption library (ie. those HTTP:// URLS) has been vulnerable for almost 2 years on many servers.

Unfortunately the standard practices for corporate secrecy and IT security can also impact consumer awareness and security as well. Since people’s first instinct is to login and reset their passwords…Regardless of whether the organization has made public disclosure, and announced that their sites have been properly patched.

The first thing you need to know about Heartbleed is that any server that uses vulnerable versions of OpenSSL to secure its connections (via the https:// protocol) have been vulnerable, for up to the last two years! Some people are starting to suspect that this back-door was placed on purpose to enable government agency spying. We can decide for ourselves if this theory is plausible based on prior actions.

The second thing to know is that you should NOT reset any passwords on any suspected sites until you can be fully assured that their systems have been properly updated and re-secured. This means that the standard approach to such security issues, where everything is on a need to know basis, will need to be broken-open to the public so that we can all be assured that our passwords can be safely reset on any site that has been vulnerable.

This kind of open disclosure of potential risk is often very difficult for many types of organizations, and that’s the real problem here. Since the standard operating procedure stands in the way of real damage control, and instead favours  the “reputation management” need that can supersede the real security risks to Consumers. Many organizations would prefer to respond to issues on a reactive basis, rather than throw the floodgates open to admitting fallibility.

Continue reading

Advertisements

BlackBerry surge shows how media can pump price – as FP Editors suggest that the Pentagon made a massive commitment to company’s devices?

BlackBerry's Back

Bloomberg’s got BlackBerry’s back. It’s nice to see the Financial Post getting behind beleaguered BlackBerry Ltd. However they seem to have missed a some key details in their desire to get on the bandwagon…

Their story (from Bloomberg) conveniently avoided several key points of information, in order to present a positive spin on some news that barely even related to BlackBerry.

First, the new DoD DISA system was built by Fixmo (and is NOT based in BES/BB10 features) and it’s been designed to support 300,000 devices. (not just the current 81,200 indicated).

It also doesn’t state that this system is NOT being built around BlackBerry’s BES network either.

In fact, this system is being built around Fixmo’s MDM solutions, and is clearly open to new Android or Apple devices as well!

So the only bone fide BB angle in all this news is that the existing 80,000 BB’s in the DoD will also be allowed onto the new system…ALONG WITH Android & IOS devices !

Evidently, this is why there’s NO ACTUAL MENTION of BB10 devices in the Bloomberg and Financial Post articles, and the included picture is of an older phone? This is clearly a pump-piece from Bloomberg, that FP also ran with.

The impressive 98% figure being bandied in the lede is also QUITE mis-representative, since it only applied to the current ratio of (80,000) BB devices in the launch phase, where well over 2/3rds of the forthcoming devices aren’t accounted for yet.

So at what point can we call journalism, that depends on highly selective reporting and slanted intent what it really is?

Anybody who knew the full story around this DoD news could tell that this Bloomberg piece was yellow.
Surprisingly the editors at FP didn’t question the slanted motives either.

Perhaps due diligence only applies to basic fact checking, of the surface numbers, and not what they appear to represent. Or maybe FP simply defers to Bloomberg on that basic principal of journalism as well?

Financial Post | Business

BlackBerry Ltd. shares surged as the U.S. Defense Department said its smartphones will be the primary device supported on a new network, showing that rivals are finding it difficult to unseat the longtime government supplier.

About 80,000 BlackBerrys will start being hooked up to the department’s management system at the end of this month, the Defense Information Systems Agency said in a statement last week. The network will also include 1,800 phones and tablets based on Apple Inc.’s iOS software and Google Inc.’s Android operating system.

BlackBerry rose as much as 12%. It was trading 8.1% higher at $9.82 at 11:35 a.m. in New York. The company’s Canadian shares had already jumped 8.2% yesterday in Toronto while U.S. exchanges were closed for Martin Luther King Jr. Day. After tumbling 37% last year, the U.S. shares had gained 22% this year through Jan. 17.

[related_links /]

The Waterloo, Ontario-based company is…

View original post 327 more words