HP Security Research OSINT (OpenSource Intelligence) articles of interest--April 14, 2014

HP Security Research OSINT articles of interest

 

Articles around the Heartbleed bug

 

Schneier on Security - Heartbleed is a catastrophic bug in OpenSSL
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”

 

Man who introduced serious ‘Heartbleed’ security flaw denies he inserted it deliberately
The German software developer who introduced a security flaw into an encryption protocol used by millions of websites globally, says he did not insert it deliberately as some have suggested.
In what appears to be his first comments to the media since the bug was uncovered, Robin Seggelmann said how the bug made its way into live code could “Be explained pretty easily.”


Be Still My Breaking Heart
Heartbleed wasn’t fun.  It represents us moving from “attacks could happen” to “attacks have happened,” and that’s not necessarily a good thing.  The larger takeaway actually isn’t “This wouldn’t have happened if we didn’t add Ping,” the takeaway is “We can’t even add Ping, how the heck are we going to fix everything else?”

 

Behind the Scenes: The Crazy 72 Hours Leading Up to the Heartbleed Discovery
From Finland to Silicon Valley, a small team of bug hunters identified and prepared for the worst security flaw in Internet history. Today, Heartbleed is a household name—every person who uses the web is terrified of the security glitch. But David Chartier knew about it almost a week ago, before just about anyone else on the planet.

 

Heartbleed bug’s government impact may go far beyond Revenue Canada
A bold move to block the Canada Revenue Agency’s e-services amid worries about the massive security bug Heartbleed is but one “service disruption” to one artery of the internet. But potentially more troubling, according to cybersecurity specialists, are the other online government services likely vulnerable to hackers seeking to exploit the newly detected security flaw.

 

 

Additional articles of interest

When two-factor authentication is not enough
This is the story of a failed attempt to steal FastMail’s domains. We don’t publish all attempts on our security, but this one stands out for how much effort was put into the attack, and how far it went.

 

Kasperky Lab Report: Financial cyber threats in 2013

Read this report to learn more about the financial cyber threats in 2013.

 

Feds OK Businesses to Share Cyberthreat Info
The Obama administration has issued a policy statement that says businesses sharing cyberthreat information with one another are not violating antitrust laws.

 

Israeli Hackers Strike Back at Anonymous OpIsrael, Expose Participants with Their Own Webcams
An Israeli hacker team published on Tuesday images and personal details of members of the Anonymous hacker collective who participated in the OpIsrael attack against Israeli sites earlier this week, Israel’s Channel 2 reported.

 

#OpIsrael Birthday Campaign – Summary
The #OpIsrael Birthday campaign took place as scheduled on April 7 and involved thousands of participants from all over the Muslim world, from Indonesia in the East to Morocco in the West.

 

5-year-old Ocean Beach boy exposes Microsoft Xbox vulnerability
When 5-year-old Kristoffer Von Hassel is playing his Xbox, his feet don’t touch the ground. But something he did has made the smartest guys at Microsoft pay attention.

 

Whitehat hacker goes too far, gets raided by FBI, tells all
A whitehat hacker from the Baltimore suburbs went too far in his effort to drive home a point about a security vulnerability he reported to a client. Now he’s unemployed and telling all on reddit.

 

Protecting Point of Sale Devices from Targeted Attacks
Microsoft published a new paper focused on “Protecting Point of Sale Devices from Targeted Attacks.”  Given point of sale (POS) devices were the focus of many recent targeted attacks in the retail industry, we thought this guidance would be helpful. 

 

The mysterious disappearance of China’s elite hacking unit
The company that helped uncover major online security breaches from China last year says exposing the hackers had the effect of shutting them down—at least temporarily.

 

The Internet and the Constitution: A Selective Retrospective
Over the last two decades, the Internet and its associated innovations have rapidly altered the way people around the world communicate, distribute and access information, and live their daily lives. Courts have grappled with the legal implications of these changes, often struggling with the contours and characterization of the technology, as well as the application of constitutional provisions and principles.

 

In Syria, the internet has become just another battleground
President Assad’s Instagram account is one of the more surreal examples of the use of social networking in the Syrian war.

 

Garfield Garfield True, or the story behind Syrian Malware, .NET Trojans and Social Engineering
It’s been a while since the last massive Internet outage took down Syria’s backbone network (AS29386). More recently, however, Syria suffered yet another large-scale Internet black out that lasted for about seven hours. In contrast to previous incidents, where networking routes began to disappear gradually from border routing devices, this time a cut off fiber optic cable was deemed responsible for leaving most of the country off-line.

 

Modeling Mutual Influence Between Social Actions and Social Ties
In online social media, social action prediction and social tie discovery are two fundamental tasks for social network analysis. Traditionally, they were considered as separate tasks and solved independently. In this paper, we investigate the high correlation and mutual influence between social actions (i.e. user-behavior interactions) and social ties (i.e. user-user connections).

 

An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond
This white paper outlines a set of practical and pragmatic security considerations for organizations designing, developing and, testing Internet of things (IoT) devices and solutions. The purpose of this white paper is to provide practical advice for consideration as part of the product development lifecycle.

 

$50 million Carder.su thief pleads guilty
A key member of a gang that trafficked stolen and fake credit cards faces a long spell in jail after pleading guilty to federal racketeering charges.

 

The Carder.su indictment: United States v. Kilobit et. al.
Today the U.S. government unsealed its indictment against Fifty-Five members of the Carder.su carding forum. We wrote about Carder.su before on this blog, back in March 2009 when a rival gang was trying to call attention to Carder.su by sending out spam advertising the site. Today’s indictment shows the Carder.su guys performed over $50 Million in fraudulent charges!

 

Application Security the Etsy Way
Etsy is one of the Web’s biggest marketplaces. Its developers may be one of Web’s busiest teams.
Proudly, the vintage and homemade goods online store, will push code to production upwards of 50 times a day. And, according to Kenneth Lee, senior product security engineer, they do so with confidence they’re not going to break the site.

 

The information contained in this news feed is from publicly available sources. Avoid suspicious links and advertisements. These articles do not represent HP’s view or position on any of the topics below. This feed is provided as a news service only – it is not an official position by HP. The intent of this news feed is to share current events related to the cyber security industry within HP. 

Labels: HP| security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.