Information Security News
More than four weeks after the disclosure of the so-called Heartbleed bug found in a widely used cryptography package, slightly more or slightly less than half the systems affected by the catastrophic flaw remain vulnerable, according to two recently released estimates.
A scan performed last month by Errata Security CEO Rob Graham found 615,268 servers that indicated they were vulnerable to attacks that could steal passwords, other types of login credentials, and even the extremely sensitive private encryption keys that allow attackers to impersonate websites or monitor encrypted traffic. On Thursday, the number stood at 318,239. Graham said his scans counted only servers running vulnerable versions of the OpenSSL crypto library that enabled the "Heartbeat" feature where the critical flaw resides.
A separate scan using slightly different metrics arrived at an estimate that slightly less than half of the servers believed to be vulnerable in the days immediately following the Heartbleed disclosure remain susceptible. Using a tool the researcher yngve called TLS Prober, he found that 5.36 percent of all servers were vulnerable to Heartbleed as of April 11, four days after Heartbleed came to light. In a blog post published Wednesday, he said 2.33 percent of servers remained vulnerable. It's important to remember the results don't include the number of Heartbleed-vulnerable servers providing services such a virtual private networks or e-mail.
Steganography is the ancient practice of stashing secret text, images, or messages inside a different text, image, or message. It dates back to as early as the fifth century BC, when Spartan King Demaratus removed the wax from a writing tablet and wrote a message hidden on the wood underneath warning of an imminent invasion by Xerxes. Steganography was a common technique used by German spies in both World Wars. More recently, it has been used to conceal highly advanced espionage malware inside image files and stash secret al-Qaeda documents inside pornographic images.
Now steganography is going mainstream with a service that embeds hidden messages inside more or less ordinary Twitter messages. Users need only type the text they want others to see in one field and the hidden message in a separate field. The service, created by New Zealand-based developer Matthew Holloway, then spits out a tweetable message that fuses the two together in a way that's not noticeable to the human eye. Take the following tweet:
— Dan Goodin (@dangoodin001) May 8, 2014
Smaller cities look to compete in a growing InfoSec job market
Perhaps their story offers some foreshadowing, at least as far as the future of InfoSec in Indiana is concerned. "Attracting high-tech companies and employees to Indy is critical to our city's future," said Indianapolis Mayor Greg Ballard in a statement.
Posted by InfoSec News on May 08http://www.rawstory.com/rs/2014/05/07/report-texas-police-arrest-man-linked-to-target-data-breach/
Posted by InfoSec News on May 08http://www.theregister.co.uk/2014/05/07/4chan_bounty/
Posted by InfoSec News on May 08http://www.darkreading.com/threat-intelligence/why-threat-intelligence-is-like-teenage-sex/a/d-id/1235049
Posted by InfoSec News on May 08http://www.computerworld.com/s/article/9248166/Malware_infections_tripled_in_late_2013_Microsoft_finds
Posted by InfoSec News on May 08http://www.itpro.co.uk/data-leakage/22202/orange-confirms-details-of-13-million-customers-were-stolen