Heartbleed, Part III

An Ongoing Threat

Chad Kahl

April 18, 2014 - Posted by Chad Kahl to Threat Intelligence

W00t! It's trilogy time! Some stories warrant a trilogy, like Christopher Nolan's Dark Knight Trilogy or Star Wars Episodes IV to VI. Others, not so much... yeah, I'm looking at you Karate Kid II and III.

I think the Heartbleed bug in OpenSSL warrants the additional coverage. Only time will tell, I suppose.

For those of you just joining us, part one is the blog "'Heartbleed Bug' in OpenSSL Puts Data at Risk", where I covered what the vulnerability is and how to remediate it with the information that was available shortly after the release.

To recap: we are dealing with a single vulnerability in the OpenSSL library that was exploitable for over two years. It exploits a missing bounds check in the heartbeat function, which is normally used to notify a server the client is still active. The result is a leak in system memory, up to and including the private key for the SSL certificate. Bad News Bears,... read more >

#FollowFriday Top News of the Week: The Never-Ending Stories – NSA, Target, XP and Heartbleed; What Next?

Travis Anderson

April 18, 2014 - Posted by Travis Anderson to Security News

Certain stories have the ability to captivate the world for great lengths of time. Stuxnet had all eyes on it back in 2010. Flame in 2012. Even Windows XP had an incredible run in the lime light and that had nothing (yet) to do with a breach. Just in the last few months, we’ve got NSA, Target, Heartbleed and now all eyes could be focused on the latest from the Michael’s data breach. It’s a never-ending carousel, but before we dive into the Michael’s data breach, let’s be fair to Heartbleed and not look beyond this week’s updates.

One of the first Heartbleed stories that I read this week came from CSO’s Steve Ragan. Per Ragan’s story, the first victim, the Canada Revenue... read more >

Heartbleed, Part Deux

A Brief Impact Analysis

Robert (RJ) Jeffries

April 17, 2014 - Posted by Robert (RJ) Jeffries to Threat Intelligence

If you missed out on all the fun last week, there’s an issue with OpenSSL called "Heartbleed" which allows an attacker to interrogate vulnerable servers and force them to divulge sensitive information resident in server memory. Additionally, sensitive information extracted by leveraging this vulnerability can also allow an attacker to perform what is known as a man-in-the-middle attack and expose encrypted data in transit. Luckily, the announcement of the vulnerability came with a patch included.

So this is as simple as installing a new patch right?

Well, yes and no. Even with a patch, solid patch management programs are not as commonplace as we might like.

One of the key findings in our recent NTT Group 2014 Global Threat Intelligence Report (GTIR) was that over half the vulnerabilities detected... read more >

File Integrity Monitoring (FIM)

Going Beyond Compliance

Jeremy Nichols

April 15, 2014 - Posted by Jeremy Nichols to Security Insight

File integrity monitoring (FIM) is the process of validating files, folders and registry settings against a known baseline to understand when and what changes occur. Many people view this as simply a requirement for compliance; however, FIM is a greatly underutilized tool in information security. It can provide insight into changes which may be key to detecting and stopping incorrect or unauthorized changes and threats.

FIM systems start with a known-good baseline.

The most common implementation of a FIM system is a client-server configuration. Administrators have both agent-based and agentless endpoint solutions available to them. These make comparisons against baseline information to notify the server of changes on the monitored systems. Any deviation from the baseline (addition, deletion or change) is logged for further review. Combining FIM with an appropriate change control process helps administrators easily identify unauthorized actions.

... read more >

#FollowFriday Top News of the Week: The Only Thing That Could Trump XP End of Life, Heartbleed

Travis Anderson

April 11, 2014 - Posted by Travis Anderson to Security News

On Monday, the Heartbleed firestorm commenced with an article written by Ars Technica’s Dan Goodin. Titled, “Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping,” Goodin opens his article by painting the grim picture of how pervasive the Heartbleed bug is and how embedded it is in the foundation of the Internet as we know it. As it turns out, Heartbleed affects approximately two-thirds of Web servers and exposes end-users to eavesdropping by any threat actor who could be interested in passwords, banking information or pretty much any other associated sensitive data.

Goodin writes in his story, “The researchers, who work at Google and software security firm Codenomicon, said even after vulnerable websites install the OpenSSL patch, they may still remain vulnerable to attacks.”... read more >

Cooking with Botnets

Is "Thingamageddon" an Imminent Threat?

Don Gray

April 10, 2014 - Posted by Don Gray to Security Insight


In a recent article on www.darkreading.com, Matthew J Schwartz writes about the "Thingularity" that some security experts fear is about to be upon us.

The "Thingularity" or, perhaps more appropriately "Thingamageddon", refers to the push to create an "Internet of Things" (IoT seems to be the TLA for those so inclined) where all sorts of appliances and devices that were never previously connected to the Internet suddenly are.

But as the article discusses, the danger lies in the IoT becoming an Internet of "Thingbots". There have already been demonstrations and evidence of connected devices like media centers, refrigerators and TVs becoming bots used to send spam and participate in attacks.

Technology has a history of demonstrating that we CAN do something, often (always?) before we perhaps SHOULD do something. Call me... read more >

“Heartbleed Bug” in OpenSSL Puts Data at Risk

Chad Kahl

April 08, 2014 - Posted by Chad Kahl to Threat Intelligence

As OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet, most users come into contact with it on a regular basis. Unfortunately, a serious vulnerability in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520), deemed the “Heartbleed Bug” was discovered on Monday. The official CVE reference to this bug is CVE-2014-0160. This weakness allows attackers to steal the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as Web, email, instant messaging (IM) and some virtual private networks (VPNs).

This vulnerability was first placed in the OpenSSL code during December 2011 and was released into the... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)