Tech News

What is Heartbleed?

By: Robert Carter | Published on 5/10/14

Image Curtsey of Heartbleed.com We have been getting many calls about Heartbleed, and what people and business can do about it. The simple answer is Not much. If you are using another persons website then you are there mercy to update there OpenSSH install and revoke and issue new SSL certificates with new private keys. If you are a business you need to check if your site was vulnerable then follow those instructions.

The danger of Heratbleed is that it has provided a method to have a Target like breach of security keys and in turn access to your data. Once an attacker has the private keys to a site they can use man in the middle attacks and send you to there site without you even knowing. This could be your bank or just a retail store you shop at on line but the consequences are the same your credit card numbers could be stolen and even your identity. That is why as a community we need to fix this issue asap and work together to stop it form happening again.

For those interested in learning more we have linked some great resources below.

XKCD Description
Bruce Schneier's Explanation
Brian Krebs Explanation
Jupiter Broadcasting's Explanation
Steve Gibson's Explanation


Image Courtesy of HeartBleed.com

Target's Big Credit Card Mess

By: Robert Carter | Published on 4/15/14

Image Curtsey of TheGuardian.com Have you checked your bank statement lately? We sure have! Target and a few other large retail outlets had there credit card databases stolen in one of the largest leeks of all time. Everyone should be watching very closely for any unknown charges on there credit cards and debit cards. The breach seems to have started sometime in early November of 2013 with a group probing the Target network. This went on for almost 3 months before the FBI informed Target that it had been breached.

During the attack most if not all Credit card and debit card data including pin numbers was syphoned off. But why didn't Target know about the attack? From all reports it seems that Target was simply negligent in responding to internal monitors that were telling them of suspicious activity on their network. But two other big blunders should not be over looked. First they had there POS system accessible form the Internet and not properly segregated off from the rest of the internal network. Second is they were using Windows XP Embedded which is not and never has been a good choice for these kinds of computers. Simply put if you application is Java based there is no reason to be running on Windows. Its just a good way to open yourself up for attacks.

For those interested in learning more we have linked some great resources below:

Bloomberg Business Week Breakdown
Bruce Schneier's Breakdown
Brian Krebs' Breakdown
The Guardian's Breakdown
Jupiter Broadcasting Breakdown
Jupiter Broadcasting Breakdown

Image Courtesy of The Guardian