Explore top 10 tips to secure your open-source projects now. Read More
×In 2014, the cybersecurity community witnessed a critical OpenSSL vulnerability, “ Heartbleed ,” which changed how the world perceived digital security. It is considered to be among the most serious flaws in internet history. Heartbleed not only exposed the weaknesses in popular cryptographic protocols but also the potential repercussions of a small coding error. . Following the Heartbleed event, the cybersecurity landscape experienced a dramatic change as the emphasis shifted to fortifying security protocols and resolving the root causes of vulnerabilities. Several upgrades, improved code standards, stringent security audits, and a dedication to addressing identified vulnerabilities were the outcomes of this momentum. However, as with any constantly evolving technology, vulnerabilities continued to emerge in OpenSSL despite these efforts. The post-Heartbleed vulnerabilities remind us that security is an ongoing process, and we must remain vigilant, ensuring that security practices align with the latest security recommendations. The link for this article located at Security Boulevard is no longer available. . Following the Equifax breach, the landscape of digital security shifted dramatically, highlighting the critical need for persistent awareness.. OpenSSL Threats,Cybersecurity Trends,Code Vulnerabilities,Protocol Security. . Brittany Day
A couple times a year, maybe, you. The forever-popular first person PC shooter, CounterStrike, is a great example of this: there always seem to be CounterStrike hacks out there. To be clear, PC and other computer gamers, particularly those playing massively multiplayer online role-playing and other popular games (like Minecraft), are already exposed to significant threats targeting their machines. Attacks targeting the XBOX or PlayStation or Nintendo consoles, however, seem to be incredibly rare. Nintendo The link for this article located at Kaspersky is no longer available. . The forever-popular first person PC shooter, CounterStrike, is a great example of this: there always. couple, times, maybe, forever-popular, first, person, shooter, counterstrike. . LinuxSecurity.com Team
The Electronic Frontier Foundation (EFF) is warning that state agencies are probably able to routinely eavesdrop on SSL-encrypted internet connections. They refer to a draft research paper in which researchers Christopher Soghoian and Sid Stamm summarise the evidence for this supposition and describe a possible defensive strategy.. The two researchers are not able to provide any hard facts. They start by stating that many governments routinely compel companies to cooperate with surveillance measures. In the USA, the statute which allows companies to be compelled to assist with such measures is "remarkably broad". According to the researchers, these statutes have been used to, for example, compel a SatNav manufacturer to activate the built-in microphone in one of its devices in order to record conversations in a vehicle. VeriSign, the largest provider of SSL certificates, is, according to the paper, also involved in outsourcing telecommunications surveillance. They conclude that government agencies must therefore also be able to compel certification service providers such as VeriSign to issue arbitrary SSL certificates. In many countries, there are government certification authorities (CA) which are stored as trusted root instances in all of the common browsers. Internet Explorer, Firefox, Safari and Chrome blindly trust more than 100 root certificates, including certificates from VeriSign, Deutsche Telekom and network administration agency CNNIC, which is controlled by the Chinese government. If a web server presents a certificate signed by one of these bodies, the user is informed that the connection is trusted by means of a padlock symbol or a green address bar. But the SSL concept is based on the trustworthiness of CAs. Anyone with a copy of the secret key for a root certificate or a major CA's intermediate certificate can spoof SSL on the fly and eavesdrop on encrypted connections. The link for this article located at H Security is no longer available. . The two researchers are not able toprovide any hard facts. They start by stating that many governme. electronic, frontier, foundation, (eff), warning, state, agencies, probably, routine. . LinuxSecurity.com Team
As a hacker and organizer of Defcon, at event at which computer security vulnerabilities and exploits are routinely unveiled, Jeff Moss seemed an unusual choice when he was named to the Homeland Security Advisory Council in June.. But his background and lack of government experience brings a fresh, outsider's perspective to a public sector plagued by a fast-changing threat landscape, perpetual turf wars, and bureaucratic inertia. With National Cyber Security Awareness Month under way, CNET News discussed with Moss his new role, his thoughts on the national ID card debate, and how the government wants to use social media sites for public emergency alerts. This edited interview is the first of two parts. Part two will run on Monday. The link for this article located at CNET is no longer available. . Jeff Moss shares his insights about attending Defcon, focusing on the shifting dynamics of government involvement in cybersecurity as threats continue to evolve.. Cybersecurity Government Role Defcon Insights Threat Landscape. . Anthony Pell
In the US a 19-year-old phreaker (or phone phreak) has been sentenced to more than eleven years in prison because he placed numerous emergency calls resulting in the dispatch of special police units or SWAT teams (Special Weapons and Tactics). The SWAT teams arrived at the locations from which the calls were placed only to find sleeping families. Such incidents are increasingly common in the US, giving rise to the term swatting.. In his calls to the 911 emergency line, the now convicted culprit sent falsified caller ID numbers and claimed to have hostages in custody. To change the caller ID function, the phreaker is reported to have manipulated several telephone networks, including AT&T, Sprint and Verizon. When a security specialist at Verizon discovered his activities and sought to investigate further, the phone phreak is said to have threatened the employee and made harassing calls to his land line number, while making the caller ID function appear to show friends and co-workers as placing the calls. At that point, the employee contacted the FBI. The link for this article located at H Security is no longer available. . A 20-year-old is convicted for issuing fake distress signals, prompting tactical unit deployments and endangering public safety.. Phreaking, Swatting, Legal Ramifications, Law Enforcement, Cybersecurity. . LinuxSecurity.com Team
Malware targeting OpenOffice documents is spreading through multiple operating systems including Mac OS, Windows and Linux, according to Symantec. . According to the Symantec Security Response website, the worm is capable of infecting multiple operating system platforms and is spreading. The link for this article located at ZDNet is no longer available. . According to the Symantec Security Response website, the worm is capable of infecting multiple opera. malware, targeting, openoffice, documents, spreading, through, operating, systems. . LinuxSecurity.com Team
The practice of holding websites hostage under the threat of denial-of-service (DoS) attacks is declining, according to security researchers at Symantec. DoS attacks are carried out by botnet operators using armies of remotely controlled PCs to flood a site with traffic and information requests. The attacks can cause sites and web services to run slowly or shut down altogether. . Criminals use the attacks to extort money from organisations by launching a first DoS attack and then threatening to launch further attacks unless the company pays up. The tactic has recently drawn the attention of legislators, who passed laws last November allowing for tougher punishments for the crime. The link for this article located at vnunet.com is no longer available. . Malicious actors demand ransoms from firms via DDoS assaults, leading to stricter regulations aimed at combating this digital offense.. Denial of Service, Cybercrime, Botnet Attacks, Extortion Laws. . LinuxSecurity.com Team
It's becoming cheaper and easier to get hold of the tools needed to launch a cybercrime attack, security firm RSA claimed on Thursday. Jens Hinrichsen, the company's product marketing manager for fraud auction, said RSA had been monitoring the websites and ICQ channels where malicious hackers and cybercriminals interact. These sites allow participants to share feedback and even review each other's products. . Addressing an audience at the RSA Conference 2007 in San Francisco, Hinrichsen showed several screengrabs to illustrate that the prices being asked for hacking tools have been dropping, with many participants embracing volume discounts and other incentives. The link for this article located at ZDNet UK is no longer available. . Addressing an audience at the RSA Conference 2007 in San Francisco, Hinrichsen showed several screen. becoming, cheaper, easier, tools, needed, launch, cybercrime, attack. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.