InfoSec Handlers Diary Blog – OpenSSL CVE-2014-0160 Fixed

OpenSSL 1.0.1g has been released to fix “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server. This issue did not affect versions of OpenSSL prior to 1.0.1.” known as the Heartbleed Bug

via InfoSec Handlers Diary Blog – OpenSSL CVE-2014-0160 Fixed.

Cyber-attacks increase leads to jobs boom

As the number and sophistication of cyber-attacks increase, so too does the demand for people who can prevent such digital incursions. Cyber-security is having a jobs boom.But there aren’t enough people with the necessary skills to become the next generation of cyber-cops.According to the most recent US Bureau of Labor statistics, demand for graduate-level information security workers will rise by 37% in the next decade, more than twice the predicted rate of increase for the overall computer industry.

via BBC News – Cyber-attacks increase leads to jobs boom.

New authenticated encryption algorithm is resistant to multiple misuse

Nippon Telegraph and Telephone Corporation, Mitsubishi Electric Corporation and the University of Fukui have jointly developed an authenticated encryption algorithm offering robust resistance to multiple misuse.

via New authenticated encryption algorithm is resistant to multiple misuse.

What doxxing is, and why it matters

The term “dox” also spelt “doxx”, and short for “[dropping] documents” first came into vogue as a verb around a decade ago, referring to malicious hackers’ habit of collecting personal and private information, including home addresses and national identity numbers. The data are often released publicly against a person’s wishes. It is a practice frowned upon by users of Reddit, a popular online forum, and many others.

via The Economist explains: What doxxing is, and why it matters | The Economist.

ACM interview with Eugene H. Spafford

As a pioneering Internet security researcher and a well-known skeptic about achieving truly secure systems, are you optimistic about efforts to build a more secure network? No, I’m not. I see two problems associated with this approach. First, any significant network that is developed will need to accommodate existing (legacy) systems in some manner, and be operated by some of the same people we have now — there is simply too much invested in legacy systems. This will lead to participating organizations continuing to make poor choices about their priorities for security (and privacy). Many security problems come about because of user error, misconfiguration, poor patching, indirect attacks, and a failure to properly prioritize and fund appropriate safeguards — it isn’t only the design of the networks. A new set of network protocols and connections will not address the full range of issues.

via March 11, 2014: People of ACM: Eugene H. Spafford — Association for Computing Machinery.

Hackers take control of 300,000 home routers

A world-spanning network of hijacked home routers has been uncovered by security researchers. The network involves more than 300,000 routers in homes and small businesses that have been taken over through loopholes in their core software. Discovered by researchers at Team Cymru, the network is thought to be one of the biggest involving such devices.

via BBC News – Hackers take control of 300,000 home routers.

Automatic Exploit Generation – Communications of the ACM

Attackers commonly exploit buggy programs to break into computers. Security-critical bugs pave the way for attackers to install trojans, propagate worms, and use victim computers to send spam and launch denial-of-service attacks. A direct way, therefore, to make computers more secure is to find security-critical bugs before they are exploited by attackers.

via Automatic Exploit Generation | February 2014 | Communications of the ACM.

Contagious wi-fi virus created by Liverpool researchers

A computer virus that can spread via wi-fi like a “common cold” has been created by researchers in Liverpool. In densely populated areas with lots of wi-fi networks, the virus can go from network to network finding weaknesses. Once in control of a wi-fi access point, it leaves computers on the network extremely vulnerable.

via BBC News – ‘Contagious’ wi-fi virus created by Liverpool researchers.

French Team Invents Faster Code-Breaking Algorithm

A team of French mathematicians and computer scientists has made an important advancement in the field of algorithms for breaking cryptographic codes. In a certain class of problem, the new algorithm is able to efficiently solve the discrete logarithm problem that underlies several important types of modern cryptosystems.”Problem sizes, which did not seem even remotely accessible before, are now computable with reasonable resources,” says Emmanuel Thomé, a researcher at the French Institute for Research in Computer Science and Control INRIA and one of four researchers reporting the advance. However, he notes, the new algorithm poses no immediate threat to most existing cryptosystems, including the RSA-based cryptography used in credit cards and much of e-commerce.

via French Team Invents Faster Code-Breaking Algorithm | January 2014 | Communications of the ACM.


Chinese Internet Traffic Redirected to Small Wyoming Building

In one of the more bizarre twists in recent Internet memory, much of the Internet traffic in China was redirected to a mysterious company in Cheyenne, Wyo., on Tuesday.A large portion of China’s 500 million Internet users were unable to load websites ending in .com, .net or .org for nearly eight hours in most regions of China, according to Compuware, a Detroit-based technology company.The China Internet Network Information Center, a state-run agency that deals with Internet affairs, said it had traced the problem to the country’s domain name system. And one of China’s biggest antivirus software vendors, Qihoo 360 Technology, said the problems affected roughly three-quarters of the country’s domain name system servers.

via Chinese Internet Traffic Redirected to Small Wyoming Building –