OpenSSL 1.0.1g has been released to fix “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server. This issue did not affect versions of OpenSSL prior to 1.0.1.” known as the Heartbleed Bug
As the number and sophistication of cyber-attacks increase, so too does the demand for people who can prevent such digital incursions. Cyber-security is having a jobs boom.But there aren’t enough people with the necessary skills to become the next generation of cyber-cops.According to the most recent US Bureau of Labor statistics, demand for graduate-level information security workers will rise by 37% in the next decade, more than twice the predicted rate of increase for the overall computer industry.
Nippon Telegraph and Telephone Corporation, Mitsubishi Electric Corporation and the University of Fukui have jointly developed an authenticated encryption algorithm offering robust resistance to multiple misuse.
The term “dox” also spelt “doxx”, and short for “[dropping] documents” first came into vogue as a verb around a decade ago, referring to malicious hackers’ habit of collecting personal and private information, including home addresses and national identity numbers. The data are often released publicly against a person’s wishes. It is a practice frowned upon by users of Reddit, a popular online forum, and many others.
As a pioneering Internet security researcher and a well-known skeptic about achieving truly secure systems, are you optimistic about efforts to build a more secure network? No, I’m not. I see two problems associated with this approach. First, any significant network that is developed will need to accommodate existing (legacy) systems in some manner, and be operated by some of the same people we have now — there is simply too much invested in legacy systems. This will lead to participating organizations continuing to make poor choices about their priorities for security (and privacy). Many security problems come about because of user error, misconfiguration, poor patching, indirect attacks, and a failure to properly prioritize and fund appropriate safeguards — it isn’t only the design of the networks. A new set of network protocols and connections will not address the full range of issues.
A world-spanning network of hijacked home routers has been uncovered by security researchers. The network involves more than 300,000 routers in homes and small businesses that have been taken over through loopholes in their core software. Discovered by researchers at Team Cymru, the network is thought to be one of the biggest involving such devices.
Attackers commonly exploit buggy programs to break into computers. Security-critical bugs pave the way for attackers to install trojans, propagate worms, and use victim computers to send spam and launch denial-of-service attacks. A direct way, therefore, to make computers more secure is to find security-critical bugs before they are exploited by attackers.
A computer virus that can spread via wi-fi like a “common cold” has been created by researchers in Liverpool. In densely populated areas with lots of wi-fi networks, the virus can go from network to network finding weaknesses. Once in control of a wi-fi access point, it leaves computers on the network extremely vulnerable.
A team of French mathematicians and computer scientists has made an important advancement in the field of algorithms for breaking cryptographic codes. In a certain class of problem, the new algorithm is able to efficiently solve the discrete logarithm problem that underlies several important types of modern cryptosystems.”Problem sizes, which did not seem even remotely accessible before, are now computable with reasonable resources,” says Emmanuel Thomé, a researcher at the French Institute for Research in Computer Science and Control INRIA and one of four researchers reporting the advance. However, he notes, the new algorithm poses no immediate threat to most existing cryptosystems, including the RSA-based cryptography used in credit cards and much of e-commerce.
In one of the more bizarre twists in recent Internet memory, much of the Internet traffic in China was redirected to a mysterious company in Cheyenne, Wyo., on Tuesday.A large portion of China’s 500 million Internet users were unable to load websites ending in .com, .net or .org for nearly eight hours in most regions of China, according to Compuware, a Detroit-based technology company.The China Internet Network Information Center, a state-run agency that deals with Internet affairs, said it had traced the problem to the country’s domain name system. And one of China’s biggest antivirus software vendors, Qihoo 360 Technology, said the problems affected roughly three-quarters of the country’s domain name system servers.